diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml new file mode 100644 index 00000000..bebe838a --- /dev/null +++ b/.github/workflows/build_provider.yml @@ -0,0 +1,53 @@ +name: "Build Provider" + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: Version of the provider to build + +jobs: + build_provider: + name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }} + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ inputs.version }} + strategy: + fail-fast: true + matrix: + platform: + - os: linux + arch: amd64 + - os: linux + arch: arm64 + - os: darwin + arch: amd64 + - os: darwin + arch: arm64 + - os: windows + arch: amd64 + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, go + - name: Download schema-embed.json + uses: actions/download-artifact@v4 + with: + name: schema-embed.json + path: provider/cmd/pulumi-resource-xyz/schema-embed.json + - name: Prepare for build + # This installs plugins and prepares upstream + run: make upstream + - name: Build & package provider + run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: pulumi-resource-xyz-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + path: bin/pulumi-resource-xyz-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + retention-days: 30 diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 89a8369a..c6438b91 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -28,6 +28,13 @@ jobs: is_pr: ${{ github.event_name == 'pull_request' }} is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: name: build_sdk needs: prerequisites @@ -87,6 +94,7 @@ jobs: name: publish needs: - prerequisites + - build_provider - test - license_check uses: ./.github/workflows/publish.yml diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index e9a7784d..b45e848d 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -29,6 +29,13 @@ jobs: is_pr: ${{ github.event_name == 'pull_request' }} is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: name: build_sdk needs: prerequisites @@ -50,6 +57,7 @@ jobs: name: publish needs: - prerequisites + - build_provider - test - license_check uses: ./.github/workflows/publish.yml diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 97c3608a..3504a605 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -95,3 +95,10 @@ jobs: - name: Upload bin uses: ./.github/actions/upload-bin + + - name: Upload schema-embed.json + uses: actions/upload-artifact@v4 + with: + name: schema-embed.json + path: provider/cmd/pulumi-resource-xyz/schema-embed.json + retention-days: 30 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index dba35107..f6e2e205 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -47,19 +47,12 @@ jobs: - name: Validate skipGoSdk if: inputs.skipGoSdk && inputs.isPrerelease == false run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - name: Checkout Repo uses: actions/checkout@v4 - name: Setup tools uses: ./.github/actions/setup-tools with: - tools: pulumictl, pulumicli, go + tools: pulumictl, pulumicli, go, schema-tools - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: @@ -70,25 +63,44 @@ jobs: role-external-id: upload-pulumi-release role-session-name: xyz@githubActions role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser + - name: Create dist directory + run: mkdir -p dist + - name: Download provider assets + uses: actions/download-artifact@v4 + with: + pattern: pulumi-resource-xyz-v${{ inputs.version }}-* + path: dist + # Don't create a directory for each artifact + merge-multiple: true + - name: Calculate checksums + working-directory: dist + run: shasum ./*.tar.gz > pulumi-xyz_${{ inputs.version }}_checksums.txt + - name: Get Schema Change Summary + id: schema-summary + shell: bash + run: | + # Get latest stable release. Return only first column from result (tag). + LAST_VERSION=$(gh release view --repo pulumi/pulumi-xyz --json tagName -q .tagName) + { + echo 'summary<> "$GITHUB_OUTPUT" + - name: Upload Provider Binaries + run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive + - name: Create GH Release + uses: softprops/action-gh-release@v1 if: inputs.isPrerelease == false - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ inputs.version }} - PROVIDER_VERSION: ${{ inputs.version }} with: - args: -p 3 release --rm-dist --timeout 60m0s - version: latest - - name: Run GoReleaser (prerelease) - if: inputs.isPrerelease == true - uses: goreleaser/goreleaser-action@v5 + tag_name: v${{ inputs.version }} + prerelease: ${{ inputs.isPrerelease }} + # We keep pre-releases as drafts so they're not visible until we manually publish them. + draft: ${{ inputs.isPrerelease }} + body: ${{ steps.schema-summary.outputs.summary }} + generate_release_notes: true + files: dist/* env: - GORELEASER_CURRENT_TAG: v${{ inputs.version }} - PROVIDER_VERSION: ${{ inputs.version }} - with: - args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 60m0s - version: latest + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} publish_sdk: name: publish_sdk diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f8b53da9..8c706911 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,6 +28,13 @@ jobs: is_pr: ${{ github.event_name == 'pull_request' }} is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: name: build_sdk needs: prerequisites @@ -49,6 +56,7 @@ jobs: name: publish needs: - prerequisites + - build_provider - test - license_check uses: ./.github/workflows/publish.yml diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 597f6a10..1b1f1d4e 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -36,6 +36,13 @@ jobs: is_pr: ${{ github.event_name == 'pull_request' }} is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository diff --git a/Makefile b/Makefile index 9bde1bce..02f26dc0 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,11 @@ PROVIDER_VERSION ?= 1.0.0-alpha.0+dev # Use this normalised version everywhere rather than the raw input to ensure consistency. VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version "$(PROVIDER_VERSION)") +LDFLAGS_PROJ_VERSION=-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC) +LDFLAGS_UPSTREAM_VERSION= +LDFLAGS_EXTRAS= +LDFLAGS=$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_UPSTREAM_VERSION) $(LDFLAGS_EXTRAS) + development: install_plugins provider build_sdks install_sdks build: install_plugins provider build_sdks install_sdks @@ -129,7 +134,7 @@ lint_provider.fix: # `cmd/pulumi-resource-xyz/schema.json` is valid and up to date. # To create a release ready binary, you should use `make provider`. provider_no_deps: - (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)) + (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "$(LDFLAGS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)) provider: tfgen provider_no_deps @@ -156,7 +161,7 @@ tfgen_no_deps: tfgen_build_only (cd provider && VERSION=$(VERSION_GENERIC) go generate cmd/$(PROVIDER)/main.go) tfgen_build_only: - (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(TFGEN) -ldflags "-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(TFGEN)) + (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(TFGEN) -ldflags "$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_EXTRAS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(TFGEN)) upstream: ifneq ("$(wildcard upstream)","") @@ -198,3 +203,40 @@ debug_tfgen: dlv --listen=:2345 --headless=true --api-version=2 exec $(WORKING_DIR)/bin/$(TFGEN) -- schema --out provider/cmd/$(PROVIDER) .PHONY: development build build_sdks install_go_sdk install_java_sdk install_python_sdk install_sdks only_build build_dotnet build_go build_java build_nodejs build_python clean cleanup help install_dotnet_sdk install_nodejs_sdk install_plugins lint_provider provider provider_no_deps test tfgen upstream upstream.finalize upstream.rebase ci-mgmt test_provider debug_tfgen tfgen_build_only + +# Provider cross-platform build & packaging + +# These targets assume that the schema-embed.json exists - it's generated by tfgen. +# We disable CGO to ensure that the binary is statically linked. +bin/linux-amd64/$(PROVIDER): TARGET := linux-amd64 +bin/linux-arm64/$(PROVIDER): TARGET := linux-arm64 +bin/darwin-amd64/$(PROVIDER): TARGET := darwin-amd64 +bin/darwin-arm64/$(PROVIDER): TARGET := darwin-arm64 +bin/windows-amd64/$(PROVIDER).exe: TARGET := windows-amd64 +bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: provider/cmd/$(PROVIDER)/schema-embed.json + @# check the TARGET is set + test $(TARGET) + cd provider && \ + export GOOS=$$(echo "$(TARGET)" | cut -d "-" -f 1) && \ + export GOARCH=$$(echo "$(TARGET)" | cut -d "-" -f 2) && \ + export CGO_ENABLED=0 && \ + go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)" + +bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz: bin/darwin-arm64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz: bin/windows-amd64/$(PROVIDER).exe +bin/$(PROVIDER)-v$(VERSION_GENERIC)-%.tar.gz: + @mkdir -p dist + @# $< is the last dependency (the binary path from above) e.g. bin/linux-amd64/pulumi-resource-xyz + @# $@ is the current target e.g. bin/pulumi-resource-xyz-v1.2.3-linux-amd64.tar.gz + tar --gzip -cf $@ README.md LICENSE -C $$(dirname $<) . + +provider_dist-linux-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz +provider_dist-linux-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz +provider_dist-darwin-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz +provider_dist-darwin-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz +provider_dist-windows-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz +provider_dist: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 +.PHONY: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 provider_dist