Update GitHub Actions workflows. (#541) #218
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | |
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
PULUMI_API: https://api.pulumi-staging.io | |
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
PYPI_USERNAME: __token__ | |
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} | |
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} | |
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
TF_APPEND_USER_AGENT: pulumi | |
VAULT_DEV_ROOT_TOKEN_ID: root | |
jobs: | |
build_sdk: | |
name: build_sdk | |
needs: prerequisites | |
uses: ./.github/workflows/build_sdk.yml | |
secrets: inherit | |
generate_coverage_data: | |
continue-on-error: true | |
env: | |
COVERAGE_OUTPUT_DIR: ${{ secrets.COVERAGE_OUTPUT_DIR }} | |
name: generate_coverage_data | |
needs: prerequisites | |
runs-on: ubuntu-latest | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/[email protected] | |
with: | |
tool-cache: false | |
swap-storage: false | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} | |
aws-region: us-west-2 | |
aws-secret-access-key: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21.x" | |
cache-dependency-path: | | |
sdk/go.sum | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
tag: v0.0.46 | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
with: | |
pulumi-version: "dev" | |
- if: github.event_name == 'pull_request' | |
name: Install Schema Tools | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: pulumi/schema-tools | |
- name: Echo Coverage Output Dir | |
run: 'echo "Coverage output directory: ${{ env.COVERAGE_OUTPUT_DIR }}"' | |
- name: Generate Coverage Data | |
run: PULUMI_MISSING_DOCS_ERROR=true make tfgen | |
- name: Summarize Provider Coverage Results | |
run: cat ${{ env.COVERAGE_OUTPUT_DIR }}/shortSummary.txt | |
- name: Upload coverage data to S3 | |
run: >- | |
summaryName="${PROVIDER}_summary_$(date +"%Y-%m-%d_%H-%M-%S").json" | |
s3FullURI="s3://${{ secrets.S3_COVERAGE_BUCKET_NAME }}/summaries/${summaryName}" | |
aws s3 cp "${{ env.COVERAGE_OUTPUT_DIR }}/summary.json" "${s3FullURI}" --acl bucket-owner-full-control | |
lint: | |
name: lint | |
uses: ./.github/workflows/lint.yml | |
secrets: inherit | |
license_check: | |
name: License Check | |
uses: ./.github/workflows/license.yml | |
secrets: inherit | |
prerequisites: | |
uses: ./.github/workflows/prerequisites.yml | |
secrets: inherit | |
with: | |
default_branch: ${{ github.event.repository.default_branch }} | |
is_pr: ${{ github.event_name == 'pull_request' }} | |
is_automated: ${{ github.actor == 'dependabot[bot]' }} | |
publish: | |
name: publish | |
needs: | |
- test | |
- license_check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/[email protected] | |
with: | |
# this might remove tools that are actually needed, | |
# if set to "true" but frees about 6 GB | |
tool-cache: false | |
swap-storage: false | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21.x" | |
cache-dependency-path: | | |
sdk/go.sum | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
tag: v0.0.46 | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
with: | |
pulumi-version: "dev" | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: us-east-2 | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 7200 | |
role-external-id: upload-pulumi-release | |
role-session-name: vault@githubActions | |
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} | |
- id: version | |
uses: pulumi/provider-version-action@v1 | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v5 | |
env: | |
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} | |
PROVIDER_VERSION: ${{ steps.version.outputs.version }} | |
with: | |
args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout | |
60m0s | |
version: latest | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in publishing binaries | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
publish_sdk: | |
name: publish_sdk | |
needs: publish | |
runs-on: ubuntu-latest | |
steps: | |
- id: version | |
uses: pulumi/provider-version-action@v1 | |
- name: Publish SDKs | |
uses: pulumi/[email protected] | |
with: | |
sdk: all | |
version: ${{ steps.version.outputs.version }} | |
dotnet-version: "6.0.x" | |
java-version: "11" | |
node-version: "20.x" | |
python-version: "3.11.8" | |
- env: | |
SLACK_CHANNEL: provider-upgrade-publish-status | |
SLACK_COLOR: "#FF0000" | |
SLACK_ICON_EMOJI: ":taco:" | |
SLACK_MESSAGE: "Publish failed :x:" | |
SLACK_TITLE: ${{ github.event.repository.name }} upgrade result | |
SLACK_USERNAME: provider-bot | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} | |
if: failure() | |
name: Send Publish Failure To Slack | |
uses: rtCamp/action-slack-notify@v2 | |
tag_release_if_labeled_needs_release: | |
name: Tag release if labeled as needs-release | |
needs: publish_sdk | |
runs-on: ubuntu-latest | |
steps: | |
- name: check if this commit needs release | |
uses: pulumi/action-release-by-pr-label@main | |
with: | |
command: "release-if-needed" | |
repo: ${{ github.repository }} | |
commit: ${{ github.sha }} | |
slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} | |
env: | |
RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} | |
RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
test: | |
name: test | |
needs: build_sdk | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- uses: pulumi/provider-version-action@v1 | |
with: | |
set-env: 'PROVIDER_VERSION' | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21.x" | |
cache-dependency-path: | | |
sdk/go.sum | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
tag: v0.0.46 | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
with: | |
pulumi-version: "dev" | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "20.x" | |
registry-url: https://registry.npmjs.org | |
- name: Setup DotNet | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: "6.0.x" | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11.8" | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
cache: gradle | |
distribution: temurin | |
java-version: "11" | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v3 | |
with: | |
gradle-version: "7.6" | |
- name: Download provider + tfgen binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: vault-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: Untar provider binaries | |
run: >- | |
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace}}/bin | |
find ${{ github.workspace }} -name "pulumi-*-vault" -print -exec chmod +x {} \; | |
- run: dotnet nuget add source ${{ github.workspace }}/nuget | |
- name: Download SDK | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress SDK folder | |
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ | |
github.workspace }}/sdk/${{ matrix.language }} | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
- name: Install Python deps | |
run: |- | |
pip3 install virtualenv==20.0.23 | |
pip3 install pipenv | |
- name: Run docker compose | |
run: docker compose -f testing/docker-compose.yml up --build -d | |
- name: Install dependencies | |
run: make install_${{ matrix.language}}_sdk | |
- name: Install gotestfmt | |
uses: GoTestTools/gotestfmt-action@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
version: v2.5.0 | |
- name: make upstream | |
run: | | |
make upstream | |
- name: Run provider tests | |
run: | | |
cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
- name: Run tests | |
run: cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ | |
matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in running ${{ matrix.language }} tests | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
strategy: | |
fail-fast: false | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
name: master | |
on: | |
push: | |
branches: | |
- master | |
paths-ignore: | |
- "**.md" | |
tags-ignore: | |
- v* | |
- sdk/* | |
- "**" |