Skip to content

Update GitHub Actions workflows. #168

Update GitHub Actions workflows.

Update GitHub Actions workflows. #168

# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
env:
PROVIDER: ns1
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
DOTNETVERSION: |
6.0.x
3.1.301
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOVERSION: 1.21.x
JAVAVERSION: "11"
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NODEVERSION: 16.x
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NS1_APIKEY: ${{ secrets.NS1_APIKEY }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
PYTHONVERSION: "3.9"
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
TF_APPEND_USER_AGENT: pulumi
TRAVIS_OS_NAME: linux
jobs:
build_sdk:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
name: build_sdk
needs: prerequisites
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
ref: ${{ env.PR_COMMIT_SHA }}
- name: Checkout Scripts Repo
uses: actions/checkout@v3
with:
path: ci-scripts
repository: pulumi/scripts
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go
uses: actions/setup-go@v4
with:
cache-dependency-path: |
sdk/go.sum
go-version: 1.21.x
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/action-install-pulumi-cli@v2
- name: Setup Node
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@v1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@v3
with:
cache: gradle
distribution: temurin
java-version: ${{ env.JAVAVERSION }}
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
with:
gradle-version: "7.6"
- name: Download provider + tfgen binaries
uses: actions/download-artifact@v2
with:
name: ${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: Untar provider binaries
run: >-
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin
find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \;
- name: Install plugins
run: make install_plugins
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Set PACKAGE_VERSION to Env
run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >>
"$GITHUB_ENV"
- name: Build SDK
run: make build_${{ matrix.language }}
- name: Check worktree clean
run: ./ci-scripts/ci/check-worktree-is-clean
- name: Compress SDK folder
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
- name: Upload artifacts
uses: actions/upload-artifact@v2
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
retention-days: 30
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@v3
with:
author_name: Failure in building ${{ matrix.language }} sdk
fields: repo,commit,author,action
status: ${{ job.status }}
strategy:
fail-fast: true
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
comment-notification:
if: github.event_name == 'repository_dispatch'
name: comment-notification
runs-on: ubuntu-latest
steps:
- id: run-url
name: Create URL to the run output
run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT"
- name: Update with Result
uses: peter-evans/create-or-update-comment@v1
with:
body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}"
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
token: ${{ secrets.PULUMI_BOT_TOKEN }}
lint:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
name: lint
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
ref: ${{ env.PR_COMMIT_SHA }}
- name: disarm go:embed directives to enable lint
run: |
git grep -l 'go:embed' -- provider | xargs sed -i 's/go:embed/ goembed/g'
- name: prepare upstream
continue-on-error: true
run: make upstream
- name: Install go
uses: actions/setup-go@v4
with:
# The versions of golangci-lint and setup-go here cross-depend and need to update together.
go-version: 1.21
# Either this action or golangci-lint needs to disable the cache
cache: false
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.54.1
working-directory: provider
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@v3
with:
author_name: Failure in linting provider
fields: repo,commit,author,action
status: ${{ job.status }}
prerequisites:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
name: prerequisites
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
ref: ${{ env.PR_COMMIT_SHA }}
- name: Checkout Scripts Repo
uses: actions/checkout@v3
with:
path: ci-scripts
repository: pulumi/scripts
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go
uses: actions/setup-go@v4
with:
cache-dependency-path: |
sdk/go.sum
go-version: 1.21.x
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/action-install-pulumi-cli@v2
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/[email protected]
with:
repo: pulumi/schema-tools
- name: Build tfgen & provider binaries
run: make provider
- if: github.event_name == 'pull_request'
name: Check Schema is Valid
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
{
echo "SCHEMA_CHANGES<<$EOF";
schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json;
echo "$EOF";
} >> "$GITHUB_ENV"
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@v2
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
comment_tag: schemaCheck
message: >+
### Does the PR have any schema changes?
${{ env.SCHEMA_CHANGES }}
Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes.
- name: Tar provider binaries
run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace }}/bin/ pulumi-resource-${{ env.PROVIDER }}
pulumi-tfgen-${{ env.PROVIDER }}
- name: Upload artifacts
uses: actions/upload-artifact@v2
with:
name: ${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin/provider.tar.gz
retention-days: 30
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@v3
with:
author_name: Failure in building provider prerequisites
fields: repo,commit,author,action
status: ${{ job.status }}
sentinel:
name: sentinel
# We would like to be able to specify `sentinel` as the only required job for this
# workflow. To do that, we need `sentinel` to succeed only when it is safe to
# merge and fail in all other cases.
#
# We can't use the default `if: success()`, since GitHub interprets a skipped job as a
# success, and by default a dependee job failing will skip a dependent job. That means
# if a test step fails, then it will skip `sentinel` so GitHub will register
# `sentinel` as succeeded.
#
# GitHub documents `jobs.result` as:
#
# The result of a job in the reusable workflow. Possible values are success,
# failure, cancelled, or skipped.
#
# GitHub documents `cancelled()` as:
#
# Returns true if the workflow was canceled.
#
# Combining these terms gives us an intuitive definition of success:
#
# We have succeeded when no dependent workflow has failed and the job was
# not cancelled.
#
if: (github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository) &&
! cancelled()
needs:
- test
- lint
runs-on: ubuntu-latest
steps:
- name: Workflow is not a success
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped')
run: exit 1
- name: Workflow is a success
run: echo "🎉🎈🎉🎈🎉"
test:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
name: test
needs: build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
ref: ${{ env.PR_COMMIT_SHA }}
- name: Checkout Scripts Repo
uses: actions/checkout@v3
with:
path: ci-scripts
repository: pulumi/scripts
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go
uses: actions/setup-go@v4
with:
cache-dependency-path: |
sdk/go.sum
go-version: 1.21.x
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/action-install-pulumi-cli@v2
- name: Setup Node
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@v1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@v3
with:
cache: gradle
distribution: temurin
java-version: ${{ env.JAVAVERSION }}
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
with:
gradle-version: "7.6"
- name: Download provider + tfgen binaries
uses: actions/download-artifact@v2
with:
name: ${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: Untar provider binaries
run: >-
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin
find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \;
- run: dotnet nuget add source ${{ github.workspace }}/nuget
- name: Download SDK
uses: actions/download-artifact@v2
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress SDK folder
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{
github.workspace }}/sdk/${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Python deps
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.4.0
- name: Run tests
run: cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{
matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@v3
with:
author_name: Failure in running ${{ matrix.language }} tests
fields: repo,commit,author,action
status: ${{ job.status }}
strategy:
fail-fast: false
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
name: run-acceptance-tests
on:
pull_request:
branches:
- master
paths-ignore:
- CHANGELOG.md
repository_dispatch:
types:
- run-acceptance-tests-command