Update GitHub Actions workflows. #224
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt | |
env: | |
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
LOCAL_TOKEN: ${{ secrets.LOCAL_TOKEN }} | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | |
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
PULUMI_API: https://api.pulumi-staging.io | |
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
PYPI_USERNAME: __token__ | |
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} | |
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} | |
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
TF_APPEND_USER_AGENT: pulumi | |
# This should cancel any previous runs of the same workflow on the same branch which are still running. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build_sdk: | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
name: build_sdk | |
needs: prerequisites | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
- uses: pulumi/provider-version-action@v1 | |
with: | |
set-env: 'PROVIDER_VERSION' | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21.x" | |
cache-dependency-path: | | |
sdk/go.sum | |
- name: Cache examples generation | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.pulumi/examples-cache | |
key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
tag: v0.0.46 | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
with: | |
pulumi-version: "^3" | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "20.x" | |
registry-url: https://registry.npmjs.org | |
- name: Setup DotNet | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: "6.0.x" | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11.8" | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
cache: gradle | |
distribution: temurin | |
java-version: "11" | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v3 | |
with: | |
gradle-version: "7.6" | |
- name: Download provider + tfgen binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: local-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: Untar provider binaries | |
run: >- | |
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace}}/bin | |
find ${{ github.workspace }} -name "pulumi-*-local" -print -exec chmod +x {} \; | |
- name: Install plugins | |
run: make install_plugins | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
- name: Build SDK | |
run: make build_${{ matrix.language }} | |
- name: Check worktree clean | |
uses: pulumi/git-status-check-action@v1 | |
with: | |
allowed-changes: | | |
sdk/**/pulumi-plugin.json | |
sdk/dotnet/Pulumi.*.csproj | |
sdk/go/**/pulumiUtilities.go | |
sdk/nodejs/package.json | |
sdk/python/pyproject.toml | |
- name: Compress SDK folder | |
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz | |
retention-days: 30 | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in building ${{ matrix.language }} sdk | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
strategy: | |
fail-fast: true | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
comment-notification: | |
if: github.event_name == 'repository_dispatch' | |
name: comment-notification | |
runs-on: ubuntu-latest | |
steps: | |
- id: run-url | |
name: Create URL to the run output | |
run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" | |
- name: Update with Result | |
uses: peter-evans/create-or-update-comment@v1 | |
with: | |
body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" | |
issue-number: ${{ github.event.client_payload.github.payload.issue.number }} | |
repository: ${{ github.event.client_payload.github.payload.repository.full_name }} | |
token: ${{ secrets.PULUMI_BOT_TOKEN }} | |
lint: | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
name: lint | |
uses: ./.github/workflows/lint.yml | |
secrets: inherit | |
prerequisites: | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
name: prerequisites | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- uses: pulumi/provider-version-action@v1 | |
with: | |
set-env: 'PROVIDER_VERSION' | |
- name: Cache examples generation | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.pulumi/examples-cache | |
key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} | |
- name: Prepare upstream code | |
run: make upstream | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21.x" | |
cache-dependency-path: | | |
provider/*.sum | |
upstream/*.sum | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
tag: v0.0.46 | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
with: | |
pulumi-version: "^3" | |
- if: github.event_name == 'pull_request' | |
name: Install Schema Tools | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: pulumi/schema-tools | |
- name: Build schema generator binary | |
run: make tfgen_build_only | |
- name: Install plugins | |
run: make install_plugins | |
- name: Generate schema | |
run: make tfgen_no_deps | |
- name: Build provider binary | |
run: make provider_no_deps | |
- name: Unit-test provider code | |
run: make test_provider | |
- if: github.event_name == 'pull_request' | |
name: Check Schema is Valid | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
{ | |
echo "SCHEMA_CHANGES<<$EOF"; | |
schema-tools compare -p local -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-local/schema.json; | |
echo "$EOF"; | |
} >> "$GITHUB_ENV" | |
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' | |
name: Comment on PR with Details of Schema Check | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
comment_tag: schemaCheck | |
message: >+ | |
${{ env.SCHEMA_CHANGES }} | |
Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes. | |
- name: Tar provider binaries | |
run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace }}/bin/ pulumi-resource-local | |
pulumi-tfgen-local | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: local-provider.tar.gz | |
path: ${{ github.workspace }}/bin/provider.tar.gz | |
retention-days: 30 | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in building provider prerequisites | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
sentinel: | |
name: sentinel | |
# We would like to be able to specify `sentinel` as the only required job for this | |
# workflow. To do that, we need `sentinel` to succeed only when it is safe to | |
# merge and fail in all other cases. | |
# | |
# We can't use the default `if: success()`, since GitHub interprets a skipped job as a | |
# success, and by default a dependee job failing will skip a dependent job. That means | |
# if a test step fails, then it will skip `sentinel` so GitHub will register | |
# `sentinel` as succeeded. | |
# | |
# GitHub documents `jobs.result` as: | |
# | |
# The result of a job in the reusable workflow. Possible values are success, | |
# failure, cancelled, or skipped. | |
# | |
# GitHub documents `cancelled()` as: | |
# | |
# Returns true if the workflow was canceled. | |
# | |
# Combining these terms gives us an intuitive definition of success: | |
# | |
# We have succeeded when no dependent workflow has failed and the job was | |
# not cancelled. | |
# | |
if: (github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository) && | |
! cancelled() | |
needs: | |
- test | |
- license_check | |
- lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Workflow is not a success | |
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') | |
run: exit 1 | |
- uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 | |
with: | |
authToken: ${{secrets.GITHUB_TOKEN}} | |
# Write an explicit status check called "Sentinel" which will only pass if this code really runs. | |
# Once rolled out, we can make this the only required check for PRs, | |
# then remove the old conditionals on this job and remove the previous step. | |
context: 'Sentinel' | |
description: 'All required checks passed' | |
state: 'success' | |
# Write to the PR commit SHA if it's available as we don't want the merge commit sha, | |
# otherwise use the current SHA for any other type of build. | |
sha: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Workflow is a success | |
run: echo "πππππ" | |
test: | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
name: test | |
needs: build_sdk | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
- uses: pulumi/provider-version-action@v1 | |
with: | |
set-env: 'PROVIDER_VERSION' | |
- name: Checkout p/examples | |
if: matrix.testTarget == 'pulumiExamples' | |
uses: actions/checkout@v4 | |
with: | |
repository: pulumi/examples | |
path: p-examples | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21.x" | |
cache-dependency-path: | | |
sdk/go.sum | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
tag: v0.0.46 | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
with: | |
pulumi-version: "^3" | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "20.x" | |
registry-url: https://registry.npmjs.org | |
- name: Setup DotNet | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: "6.0.x" | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11.8" | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
cache: gradle | |
distribution: temurin | |
java-version: "11" | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v3 | |
with: | |
gradle-version: "7.6" | |
- name: Download provider + tfgen binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: local-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: Untar provider binaries | |
run: >- | |
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace}}/bin | |
find ${{ github.workspace }} -name "pulumi-*-local" -print -exec chmod +x {} \; | |
- run: dotnet nuget add source ${{ github.workspace }}/nuget | |
- name: Download SDK | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress SDK folder | |
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ | |
github.workspace }}/sdk/${{ matrix.language }} | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
- name: Install Python deps | |
run: |- | |
pip3 install virtualenv==20.0.23 | |
pip3 install pipenv | |
- name: Install dependencies | |
run: make install_${{ matrix.language}}_sdk | |
- name: Install gotestfmt | |
uses: GoTestTools/gotestfmt-action@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
version: v2.5.0 | |
- name: Run tests | |
if: matrix.testTarget == 'local' | |
run: cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ | |
matrix.language }} -skip TestPulumiExamples -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
- if: failure() && github.event_name == 'push' && matrix.testTarget == 'local' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in running ${{ matrix.language }} tests | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
- name: Run pulumi/examples tests | |
if: matrix.testTarget == 'pulumiExamples' | |
run: cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ | |
matrix.language }} -run TestPulumiExamples -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
strategy: | |
fail-fast: false | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
testTarget: [local] | |
license_check: | |
name: License Check | |
uses: ./.github/workflows/license.yml | |
secrets: inherit | |
name: run-acceptance-tests | |
on: | |
pull_request: | |
paths-ignore: | |
- CHANGELOG.md | |
repository_dispatch: | |
types: | |
- run-acceptance-tests-command |