Update GitHub Actions workflows. (#1298) #326
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt | |
env: | |
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e | |
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 | |
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 | |
AWS_REGION: us-west-2 | |
AZURE_LOCATION: westus | |
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} | |
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected] | |
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci | |
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci | |
GOOGLE_PROJECT: pulumi-ci-gcp-provider | |
GOOGLE_PROJECT_NUMBER: "895284651812" | |
GOOGLE_REGION: us-central1 | |
GOOGLE_ZONE: us-central1-a | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | |
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
PULUMI_API: https://api.pulumi-staging.io | |
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
PYPI_USERNAME: __token__ | |
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} | |
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} | |
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} | |
TF_APPEND_USER_AGENT: pulumi | |
jobs: | |
prerequisites: | |
uses: ./.github/workflows/prerequisites.yml | |
secrets: inherit | |
with: | |
default_branch: ${{ github.event.repository.default_branch }} | |
is_pr: ${{ github.event_name == 'pull_request' }} | |
is_automated: ${{ github.actor == 'dependabot[bot]' }} | |
build_provider: | |
uses: ./.github/workflows/build_provider.yml | |
needs: prerequisites | |
secrets: inherit | |
with: | |
version: ${{ needs.prerequisites.outputs.version }} | |
build_sdk: | |
name: build_sdk | |
needs: prerequisites | |
uses: ./.github/workflows/build_sdk.yml | |
secrets: inherit | |
with: | |
version: ${{ needs.prerequisites.outputs.version }} | |
generate_coverage_data: | |
continue-on-error: true | |
env: | |
COVERAGE_OUTPUT_DIR: ${{ secrets.COVERAGE_OUTPUT_DIR }} | |
name: generate_coverage_data | |
needs: prerequisites | |
runs-on: ubuntu-latest | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 | |
with: | |
tool-cache: false | |
swap-storage: false | |
- name: Checkout Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} | |
aws-region: us-west-2 | |
aws-secret-access-key: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} | |
- name: Setup tools | |
uses: ./.github/actions/setup-tools | |
with: | |
tools: pulumictl, pulumicli, go, schema-tools | |
- name: Echo Coverage Output Dir | |
run: 'echo "Coverage output directory: ${{ env.COVERAGE_OUTPUT_DIR }}"' | |
- name: Generate Coverage Data | |
run: PULUMI_MISSING_DOCS_ERROR=true make tfgen | |
- name: Summarize Provider Coverage Results | |
run: cat ${{ env.COVERAGE_OUTPUT_DIR }}/shortSummary.txt | |
- name: Upload coverage data to S3 | |
run: >- | |
summaryName="${PROVIDER}_summary_$(date +"%Y-%m-%d_%H-%M-%S").json" | |
s3FullURI="s3://${{ secrets.S3_COVERAGE_BUCKET_NAME }}/summaries/${summaryName}" | |
aws s3 cp "${{ env.COVERAGE_OUTPUT_DIR }}/summary.json" "${s3FullURI}" --acl bucket-owner-full-control | |
lint: | |
name: lint | |
uses: ./.github/workflows/lint.yml | |
secrets: inherit | |
license_check: | |
name: License Check | |
uses: ./.github/workflows/license.yml | |
secrets: inherit | |
publish: | |
name: publish | |
permissions: | |
contents: write | |
needs: | |
- prerequisites | |
- build_provider | |
- test | |
- license_check | |
uses: ./.github/workflows/publish.yml | |
secrets: inherit | |
with: | |
version: ${{ needs.prerequisites.outputs.version }} | |
isPrerelease: true | |
skipGoSdk: true | |
skipJavaSdk: true | |
tag_release_if_labeled_needs_release: | |
name: Tag release if labeled as needs-release | |
needs: publish | |
runs-on: ubuntu-latest | |
steps: | |
- name: check if this commit needs release | |
if: ${{ env.RELEASE_BOT_ENDPOINT != '' }} | |
uses: pulumi/action-release-by-pr-label@main | |
with: | |
command: "release-if-needed" | |
repo: ${{ github.repository }} | |
commit: ${{ github.sha }} | |
slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} | |
env: | |
RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} | |
RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
test: | |
name: test | |
needs: | |
- prerequisites | |
- build_provider | |
- build_sdk | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
env: | |
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- name: Setup tools | |
uses: ./.github/actions/setup-tools | |
with: | |
tools: pulumictl, pulumicli, ${{ matrix.language }} | |
- name: Prepare local workspace | |
run: make prepare_local_workspace | |
- name: Download bin | |
uses: ./.github/actions/download-bin | |
- name: Download SDK | |
uses: ./.github/actions/download-sdk | |
with: | |
language: ${{ matrix.language }} | |
- name: Restore makefile progress | |
run: make --touch provider schema build_${{ matrix.language }} | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
- name: Install Python deps | |
if: matrix.language == 'python' | |
run: |- | |
pip3 install virtualenv==20.0.23 | |
pip3 install pipenv | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: ${{ env.AWS_REGION }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 7200 | |
role-session-name: docker@githubActions | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
- name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
with: | |
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} | |
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER | |
}}/locations/global/workloadIdentityPools/${{ | |
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ | |
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} | |
- name: Setup gcloud auth | |
uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 | |
with: | |
install_components: gke-gcloud-auth-plugin | |
- name: Login to Google Cloud Registry | |
run: gcloud --quiet auth configure-docker | |
- name: Install dependencies | |
run: make install_${{ matrix.language}}_sdk | |
- name: Install gotestfmt | |
uses: GoTestTools/gotestfmt-action@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
version: v2.5.0 | |
- name: Setup SSH key | |
uses: webfactory/[email protected] | |
with: | |
ssh-private-key: ${{ secrets.PRIVATE_SSH_KEY_FOR_DIGITALOCEAN }} | |
- name: Run tests | |
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 | |
strategy: | |
fail-fast: false | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
name: master | |
on: | |
workflow_dispatch: {} | |
push: | |
branches: | |
- master | |
paths-ignore: | |
- "**.md" | |
tags-ignore: | |
- v* | |
- sdk/* | |
- "**" |