Update GitHub Actions workflows. (#4101) #736
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt | |
| env: | |
| AWS_REGION: us-west-2 | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | |
| OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }} | |
| PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
| PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| PULUMI_API: https://api.pulumi-staging.io | |
| PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
| PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
| PULUMI_MISSING_DOCS_ERROR: true | |
| PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
| PYPI_USERNAME: __token__ | |
| SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} | |
| SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} | |
| SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| TF_APPEND_USER_AGENT: pulumi | |
| jobs: | |
| prerequisites: | |
| uses: ./.github/workflows/prerequisites.yml | |
| secrets: inherit | |
| with: | |
| default_branch: ${{ github.event.repository.default_branch }} | |
| is_pr: ${{ github.event_name == 'pull_request' }} | |
| is_automated: ${{ github.actor == 'dependabot[bot]' }} | |
| build_sdk: | |
| name: build_sdk | |
| needs: prerequisites | |
| uses: ./.github/workflows/build_sdk.yml | |
| secrets: inherit | |
| with: | |
| version: ${{ needs.prerequisites.outputs.version }} | |
| generate_coverage_data: | |
| continue-on-error: true | |
| env: | |
| COVERAGE_OUTPUT_DIR: ${{ secrets.COVERAGE_OUTPUT_DIR }} | |
| name: generate_coverage_data | |
| needs: prerequisites | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/[email protected] | |
| with: | |
| tool-cache: false | |
| swap-storage: false | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} | |
| aws-region: us-west-2 | |
| aws-secret-access-key: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21.x" | |
| cache-dependency-path: | | |
| sdk/go.sum | |
| - name: Install pulumictl | |
| uses: jaxxstorm/[email protected] | |
| with: | |
| tag: v0.0.46 | |
| repo: pulumi/pulumictl | |
| - name: Install Pulumi CLI | |
| uses: pulumi/actions@v5 | |
| with: | |
| pulumi-version: "dev" | |
| - if: github.event_name == 'pull_request' | |
| name: Install Schema Tools | |
| uses: jaxxstorm/[email protected] | |
| with: | |
| repo: pulumi/schema-tools | |
| - name: Echo Coverage Output Dir | |
| run: 'echo "Coverage output directory: ${{ env.COVERAGE_OUTPUT_DIR }}"' | |
| - name: Generate Coverage Data | |
| run: PULUMI_MISSING_DOCS_ERROR=true make tfgen | |
| - name: Summarize Provider Coverage Results | |
| run: cat ${{ env.COVERAGE_OUTPUT_DIR }}/shortSummary.txt | |
| - name: Upload coverage data to S3 | |
| run: >- | |
| summaryName="${PROVIDER}_summary_$(date +"%Y-%m-%d_%H-%M-%S").json" | |
| s3FullURI="s3://${{ secrets.S3_COVERAGE_BUCKET_NAME }}/summaries/${summaryName}" | |
| aws s3 cp "${{ env.COVERAGE_OUTPUT_DIR }}/summary.json" "${s3FullURI}" --acl bucket-owner-full-control | |
| license_check: | |
| name: License Check | |
| uses: ./.github/workflows/license.yml | |
| secrets: inherit | |
| publish: | |
| name: publish | |
| needs: | |
| - prerequisites | |
| - test | |
| - license_check | |
| - go_test_shim | |
| - provider_test | |
| - test_oidc | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/[email protected] | |
| with: | |
| # this might remove tools that are actually needed, | |
| # if set to "true" but frees about 6 GB | |
| tool-cache: false | |
| swap-storage: false | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21.x" | |
| cache-dependency-path: | | |
| sdk/go.sum | |
| - name: Install pulumictl | |
| uses: jaxxstorm/[email protected] | |
| with: | |
| tag: v0.0.46 | |
| repo: pulumi/pulumictl | |
| - name: Install Pulumi CLI | |
| uses: pulumi/actions@v5 | |
| with: | |
| pulumi-version: "dev" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-region: us-east-2 | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-duration-seconds: 7200 | |
| role-external-id: upload-pulumi-release | |
| role-session-name: aws@githubActions | |
| role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| env: | |
| GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} | |
| PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} | |
| with: | |
| args: -p 1 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout | |
| 150m0s | |
| version: latest | |
| - if: failure() && github.event_name == 'push' | |
| name: Notify Slack | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| author_name: Failure in publishing binaries | |
| fields: repo,commit,author,action | |
| status: ${{ job.status }} | |
| publish_sdk: | |
| name: publish_sdk | |
| needs: | |
| - prerequisites | |
| - publish | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Publish SDKs | |
| uses: pulumi/[email protected] | |
| with: | |
| sdk: all | |
| version: ${{ needs.prerequisites.outputs.version }} | |
| dotnet-version: "6.0.x" | |
| java-version: "11" | |
| node-version: "20.x" | |
| python-version: "3.11.8" | |
| - env: | |
| SLACK_CHANNEL: provider-upgrade-publish-status | |
| SLACK_COLOR: "#FF0000" | |
| SLACK_ICON_EMOJI: ":taco:" | |
| SLACK_MESSAGE: "Publish failed :x:" | |
| SLACK_TITLE: ${{ github.event.repository.name }} upgrade result | |
| SLACK_USERNAME: provider-bot | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| if: failure() | |
| name: Send Publish Failure To Slack | |
| uses: rtCamp/action-slack-notify@v2 | |
| tag_release_if_labeled_needs_release: | |
| name: Tag release if labeled as needs-release | |
| needs: publish_sdk | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: check if this commit needs release | |
| uses: pulumi/action-release-by-pr-label@main | |
| with: | |
| command: "release-if-needed" | |
| repo: ${{ github.repository }} | |
| commit: ${{ github.sha }} | |
| slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} | |
| env: | |
| RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} | |
| RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| test: | |
| name: test | |
| needs: | |
| - prerequisites | |
| - build_sdk | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| env: | |
| PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} | |
| steps: | |
| # Run as first step so we don't delete things that have just been installed | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be | |
| with: | |
| tool-cache: false | |
| swap-storage: false | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21.x" | |
| cache-dependency-path: | | |
| sdk/go.sum | |
| - name: Install pulumictl | |
| uses: jaxxstorm/[email protected] | |
| with: | |
| tag: v0.0.46 | |
| repo: pulumi/pulumictl | |
| - name: Install Pulumi CLI | |
| uses: pulumi/actions@v5 | |
| with: | |
| pulumi-version: "dev" | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20.x" | |
| registry-url: https://registry.npmjs.org | |
| - name: Setup DotNet | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: "6.0.x" | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11.8" | |
| - name: Setup Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| cache: gradle | |
| distribution: temurin | |
| java-version: "11" | |
| - name: Setup Gradle | |
| uses: gradle/gradle-build-action@v3 | |
| with: | |
| gradle-version: "7.6" | |
| - name: Download provider + tfgen binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: aws-provider.tar.gz | |
| path: ${{ github.workspace }}/bin | |
| - name: Untar provider binaries | |
| run: >- | |
| tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
| github.workspace}}/bin | |
| find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; | |
| - run: dotnet nuget add source ${{ github.workspace }}/nuget | |
| - name: Download SDK | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ matrix.language }}-sdk.tar.gz | |
| path: ${{ github.workspace}}/sdk/ | |
| - name: Uncompress SDK folder | |
| run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ | |
| github.workspace }}/sdk/${{ matrix.language }} | |
| - name: Update path | |
| run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
| - name: Install Python deps | |
| run: |- | |
| pip3 install virtualenv==20.0.23 | |
| pip3 install pipenv | |
| - name: Install dependencies | |
| run: make install_${{ matrix.language}}_sdk | |
| - name: Install gotestfmt | |
| uses: GoTestTools/gotestfmt-action@v2 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| version: v2.5.0 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-duration-seconds: 3600 | |
| role-session-name: aws@githubActions | |
| role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
| - name: Make upstream | |
| run: make upstream | |
| - name: Run tests | |
| run: cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ | |
| matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| - if: failure() && github.event_name == 'push' | |
| name: Notify Slack | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| author_name: Failure in running ${{ matrix.language }} tests | |
| fields: repo,commit,author,action | |
| status: ${{ job.status }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: | |
| - nodejs | |
| - python | |
| - dotnet | |
| - go | |
| - java | |
| go_test_shim: | |
| name: Run test of provider shim | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ env.PR_COMMIT_SHA }} | |
| submodules: true | |
| - uses: pulumi/provider-version-action@v1 | |
| with: | |
| set-env: PROVIDER_VERSION | |
| - name: Setup tools | |
| uses: ./.github/actions/setup-tools | |
| with: | |
| tools: pulumictl, pulumi, go | |
| - name: Make upstream | |
| run: make upstream | |
| - name: go test | |
| run: | | |
| cd upstream | |
| go get github.com/hashicorp/[email protected] | |
| cd shim | |
| go test -v -coverprofile="coverage.txt" . | |
| - env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| name: Upload coverage reports to Codecov | |
| uses: codecov/codecov-action@v4 | |
| timeout-minutes: 60 | |
| provider_test: | |
| name: provider_test | |
| needs: build_sdk | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/free-disk-space@main | |
| with: | |
| swap-storage: false | |
| tool-cache: false | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ env.PR_COMMIT_SHA }} | |
| submodules: true | |
| - uses: pulumi/provider-version-action@v1 | |
| with: | |
| set-env: PROVIDER_VERSION | |
| - name: Setup tools | |
| uses: ./.github/actions/setup-tools | |
| with: | |
| tools: pulumictl, pulumi, go, node, dotnet, python, java | |
| - name: Make upstream | |
| run: make upstream | |
| - name: Download provider + tfgen binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: aws-provider.tar.gz | |
| path: ${{ github.workspace }}/bin | |
| - name: Untar provider binaries | |
| run: |- | |
| tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin | |
| find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; | |
| - run: dotnet nuget add source ${{ github.workspace }}/nuget | |
| - name: Download SDK | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ matrix.language }}-sdk.tar.gz | |
| path: ${{ github.workspace}}/sdk/ | |
| - name: Uncompress SDK folder | |
| run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ matrix.language }} | |
| - name: Update path | |
| run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
| - name: Install Python deps | |
| run: |- | |
| pip3 install virtualenv==20.0.23 | |
| pip3 install pipenv | |
| - name: Install dependencies | |
| run: make install_${{ matrix.language}}_sdk | |
| - name: Install gotestfmt | |
| uses: GoTestTools/gotestfmt-action@v2 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| version: v2.5.0 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-duration-seconds: 3600 | |
| role-session-name: aws@githubActions | |
| role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
| - name: Run provider tests | |
| run: | | |
| cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| - if: failure() && github.event_name == 'push' | |
| name: Notify Slack | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| author_name: Failure in running ${{ matrix.language }} provider tests | |
| fields: repo,commit,author,action | |
| status: ${{ job.status }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: | |
| - nodejs | |
| - python | |
| - dotnet | |
| - go | |
| - java | |
| test_oidc: | |
| name: test_oidc | |
| needs: build_sdk | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/free-disk-space@main | |
| with: | |
| dotnet: ${{ matrix.language != 'dotnet' }} | |
| swap-storage: false | |
| tool-cache: false | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ env.PR_COMMIT_SHA }} | |
| submodules: true | |
| - uses: pulumi/provider-version-action@v1 | |
| with: | |
| set-env: PROVIDER_VERSION | |
| - name: Setup tools | |
| uses: ./.github/actions/setup-tools | |
| with: | |
| tools: pulumictl, pulumi, go, node | |
| - name: Download provider + tfgen binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: aws-provider.tar.gz | |
| path: ${{ github.workspace }}/bin | |
| - name: Untar provider binaries | |
| run: |- | |
| tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin | |
| find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; | |
| - name: Download SDK | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ matrix.language }}-sdk.tar.gz | |
| path: ${{ github.workspace}}/sdk/ | |
| - name: Uncompress SDK folder | |
| run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ matrix.language }} | |
| - name: Update path | |
| run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
| - name: Install dependencies | |
| run: make install_${{ matrix.language}}_sdk | |
| - name: Install gotestfmt | |
| uses: GoTestTools/gotestfmt-action@v2 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| version: v2.4.0 | |
| - name: Make upstream | |
| run: make upstream | |
| - name: Run selected tests with manual web identity/OIDC auth | |
| run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| - name: Configure AWS Credentials for OIDC | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-duration-seconds: 3600 | |
| role-session-name: aws@githubActions | |
| role-to-assume: ${{ secrets.OIDC_ROLE_ARN }} | |
| unset-current-credentials: true | |
| - name: Run selected tests with configure-aws-credentials web identity/OIDC auth | |
| run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| - if: failure() && github.event_name == 'push' | |
| name: Notify Slack | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| author_name: Failure in running ${{ matrix.language }} tests | |
| fields: repo,commit,author,action | |
| status: ${{ job.status }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: | |
| - nodejs | |
| name: master | |
| on: | |
| push: | |
| branches: | |
| - master | |
| paths-ignore: | |
| - "**.md" | |
| tags-ignore: | |
| - v* | |
| - sdk/* | |
| - "**" |