Skip to content

Update first-party Pulumi dependencies #386

Update first-party Pulumi dependencies

Update first-party Pulumi dependencies #386

name: Test Provider CI
on:
pull_request:
branches:
- master
merge_group: {}
workflow_dispatch: {}
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
name: Verify against testdata
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Install golangci-lint
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6
with:
working-directory: provider-ci
- name: Configure git
# Set the default branch to silence the warnings about the default branch name changing
# The branch doesn't matter here because it's only used for a temp repo for actionlint
run: git config --global init.defaultBranch master
- name: Build & test
run: cd provider-ci && make all
- name: Check worktree clean
uses: pulumi/git-status-check-action@v1
deploy:
uses: ./.github/workflows/update-workflows.yml
secrets: inherit
with:
bridged: true
provider_name: xyz
automerge: ${{ github.event_name == 'merge_group' }}
downstream_test: true
skip_closing_prs: true
caller_workflow: "pull-request"
downstream:
name: Test xyz
timeout-minutes: 240
runs-on: ubuntu-latest
needs: deploy
if: needs.deploy.outputs.pull_request_created == 'true'
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
strategy:
fail-fast: false
steps:
- name: Await PR opened for pulumi-xyz
run: |
echo Await PR opened for pulumi-xyz
until gh search prs --repo pulumi/pulumi-xyz --match body "This PR was automatically generated by the pull-request workflow in the pulumi/ci-mgmt repo, from commit ${{ github.sha }}." --json url | grep url; do sleep 30; done;
- name: Find PR number
id: pr_number
run: |
number=$(gh search prs --repo pulumi/pulumi-xyz --match body "This PR was automatically generated by the pull-request workflow in the pulumi/ci-mgmt repo, from commit ${{ github.sha }}." --json number --jq '.[0].number')
echo "PR number is $number"
echo "number=${number}" >> "${GITHUB_OUTPUT}"
- name: Add needs-release label
if: github.event_name == 'merge_group'
run: gh pr edit --repo "pulumi/pulumi-xyz" "${{ steps.pr_number.outputs.number }}" --add-label "needs-release/patch"
- name: Await first checks started
# Wait for at least 3 checks to be started before we start waiting for them to finish.
# There's a couple of quick checks like comment notification and changelog which are started before the PR checks.
run: while [[ $(gh pr checks --repo "pulumi/pulumi-xyz" "${{ steps.pr_number.outputs.number }}" | wc -l) -le 2 ]]; do sleep 1; done
- name: Await PR codegen tests succeed.
run: gh pr checks --repo "pulumi/pulumi-xyz" "${{ steps.pr_number.outputs.number }}" --watch --fail-fast
outputs:
pr_number: ${{ steps.pr_number.outputs.number }}
downstream_release:
name: Release xyz
timeout-minutes: 240
runs-on: ubuntu-latest
needs: downstream
if: github.event_name == 'merge_group'
steps:
- name: Await PR merged
run: while [[ $(gh pr view --repo "pulumi/pulumi-xyz" "${{ needs.downstream.outputs.pr_number }}" --json "state" --jq ".state") == "OPEN" ]]; do sleep 1; done
timeout-minutes: 5
- name: Get merge commit
id: merge_commit
run: |
merge_commit_oid=$(gh pr view --repo "pulumi/pulumi-xyz" "${{ needs.downstream.outputs.pr_number }}" --json "mergeCommit" --jq ".mergeCommit.oid")
if [[ -z "${merge_commit_oid}" ]]; then
echo "Failed to get merge commit"
exit 1
fi
echo "Merge commit oid is ${merge_commit_oid}"
echo "oid=${merge_commit_oid}" >> "${GITHUB_OUTPUT}"
- name: Await main build start
id: main_build
run: |
until (gh run list --repo "pulumi/pulumi-xyz" --workflow main --json headSha | grep -q "${{ steps.merge_commit.outputs.oid }}"); do sleep 1; done
database_id=$(gh run list --repo "pulumi/pulumi-xyz" --workflow main --json "number,headSha,databaseId" | jq '.[] | select(.headSha == "${{ steps.merge_commit.outputs.oid }}") | .databaseId')
echo "Main build started with database id ${database_id}"
echo "id=${database_id}" >> "${GITHUB_OUTPUT}"
timeout-minutes: 5
- name: Await main build success
run: gh run watch --repo "pulumi/pulumi-xyz" "${{ steps.main_build.outputs.id }}" --exit-status
- name: Get tag for release
id: release_tag
timeout-minutes: 5
run: |
until (git ls-remote --tags "https://github.com/pulumi/pulumi-xyz.git" | grep -q "${{ steps.merge_commit.outputs.oid }}"); do sleep 1; done
# Also handle annotated tags in the format refs/tags/v0.1.0^{}
tag=$(git ls-remote --tags "https://github.com/pulumi/pulumi-xyz.git" | grep "${{ steps.merge_commit.outputs.oid }}" | cut -d '/' -f 3 | sed -E 's/\^\{\}$//')
echo "Tag for release is ${tag}"
echo "tag=${tag}" >> "${GITHUB_OUTPUT}"
- name: Wait for release workflow run
id: release_workflow
timeout-minutes: 5
run: |
until (gh run list --repo "pulumi/pulumi-xyz" --workflow release --branch "${{ steps.release_tag.outputs.tag }}" --json headBranch | grep -q "${{ steps.release_tag.outputs.tag }}"); do sleep 1; done
database_id=$(gh run list --repo "pulumi/pulumi-xyz" --workflow release --branch "${{ steps.release_tag.outputs.tag }}" --json "databaseId" --jq '.[0].databaseId')
echo "Release workflow started with id ${database_id}"
echo "id=${database_id}" >> "${GITHUB_OUTPUT}"
- name: Await release workflow success
run: gh run watch --repo "pulumi/pulumi-xyz" "${{ steps.release_workflow.outputs.id }}" --exit-status