Remove unused sshPrivateKey config #401
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test Provider CI | |
on: | |
pull_request: | |
branches: | |
- master | |
merge_group: {} | |
workflow_dispatch: {} | |
env: | |
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
test: | |
name: Verify against testdata | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
- name: Install golangci-lint | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6 | |
with: | |
working-directory: provider-ci | |
- name: Configure git | |
# Set the default branch to silence the warnings about the default branch name changing | |
# The branch doesn't matter here because it's only used for a temp repo for actionlint | |
run: git config --global init.defaultBranch master | |
- name: Build & test | |
run: cd provider-ci && make all | |
- name: Check worktree clean | |
uses: pulumi/git-status-check-action@v1 | |
deploy: | |
uses: ./.github/workflows/update-workflows.yml | |
secrets: inherit | |
with: | |
bridged: true | |
provider_name: xyz | |
automerge: ${{ github.event_name == 'merge_group' }} | |
downstream_test: true | |
skip_closing_prs: true | |
caller_workflow: "pull-request" | |
downstream: | |
name: Test xyz | |
timeout-minutes: 240 | |
runs-on: ubuntu-latest | |
needs: deploy | |
if: needs.deploy.outputs.pull_request_created == 'true' | |
env: | |
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} | |
strategy: | |
fail-fast: false | |
steps: | |
- name: Await PR opened for pulumi-xyz | |
run: | | |
echo Await PR opened for pulumi-xyz | |
until gh search prs --repo pulumi/pulumi-xyz --match body "This PR was automatically generated by the pull-request workflow in the pulumi/ci-mgmt repo, from commit ${{ github.sha }}." --json url | grep url; do sleep 30; done; | |
- name: Find PR number | |
id: pr_number | |
run: | | |
number=$(gh search prs --repo pulumi/pulumi-xyz --match body "This PR was automatically generated by the pull-request workflow in the pulumi/ci-mgmt repo, from commit ${{ github.sha }}." --json number --jq '.[0].number') | |
echo "PR number is $number" | |
echo "number=${number}" >> "${GITHUB_OUTPUT}" | |
- name: Add needs-release label | |
if: github.event_name == 'merge_group' | |
run: gh pr edit --repo "pulumi/pulumi-xyz" "${{ steps.pr_number.outputs.number }}" --add-label "needs-release/patch" | |
- name: Await first checks started | |
# Wait for at least 3 checks to be started before we start waiting for them to finish. | |
# There's a couple of quick checks like comment notification and changelog which are started before the PR checks. | |
run: while [[ $(gh pr checks --repo "pulumi/pulumi-xyz" "${{ steps.pr_number.outputs.number }}" | wc -l) -le 2 ]]; do sleep 1; done | |
- name: Await PR codegen tests succeed. | |
run: gh pr checks --repo "pulumi/pulumi-xyz" "${{ steps.pr_number.outputs.number }}" --watch --fail-fast | |
outputs: | |
pr_number: ${{ steps.pr_number.outputs.number }} | |
downstream_release: | |
name: Release xyz | |
timeout-minutes: 240 | |
runs-on: ubuntu-latest | |
needs: downstream | |
if: github.event_name == 'merge_group' | |
steps: | |
- name: Await PR merged | |
run: while [[ $(gh pr view --repo "pulumi/pulumi-xyz" "${{ needs.downstream.outputs.pr_number }}" --json "state" --jq ".state") == "OPEN" ]]; do sleep 1; done | |
timeout-minutes: 5 | |
- name: Get merge commit | |
id: merge_commit | |
run: | | |
merge_commit_oid=$(gh pr view --repo "pulumi/pulumi-xyz" "${{ needs.downstream.outputs.pr_number }}" --json "mergeCommit" --jq ".mergeCommit.oid") | |
if [[ -z "${merge_commit_oid}" ]]; then | |
echo "Failed to get merge commit" | |
exit 1 | |
fi | |
echo "Merge commit oid is ${merge_commit_oid}" | |
echo "oid=${merge_commit_oid}" >> "${GITHUB_OUTPUT}" | |
- name: Await main build start | |
id: main_build | |
run: | | |
until (gh run list --repo "pulumi/pulumi-xyz" --workflow main --json headSha | grep -q "${{ steps.merge_commit.outputs.oid }}"); do sleep 1; done | |
database_id=$(gh run list --repo "pulumi/pulumi-xyz" --workflow main --json "number,headSha,databaseId" | jq '.[] | select(.headSha == "${{ steps.merge_commit.outputs.oid }}") | .databaseId') | |
echo "Main build started with database id ${database_id}" | |
echo "id=${database_id}" >> "${GITHUB_OUTPUT}" | |
timeout-minutes: 5 | |
- name: Await main build success | |
run: gh run watch --repo "pulumi/pulumi-xyz" "${{ steps.main_build.outputs.id }}" --exit-status | |
- name: Get tag for release | |
id: release_tag | |
timeout-minutes: 5 | |
run: | | |
until (git ls-remote --tags "https://github.com/pulumi/pulumi-xyz.git" | grep -q "${{ steps.merge_commit.outputs.oid }}"); do sleep 1; done | |
# Also handle annotated tags in the format refs/tags/v0.1.0^{} | |
tag=$(git ls-remote --tags "https://github.com/pulumi/pulumi-xyz.git" | grep "${{ steps.merge_commit.outputs.oid }}" | cut -d '/' -f 3 | sed -E 's/\^\{\}$//') | |
echo "Tag for release is ${tag}" | |
echo "tag=${tag}" >> "${GITHUB_OUTPUT}" | |
- name: Wait for release workflow run | |
id: release_workflow | |
timeout-minutes: 5 | |
run: | | |
until (gh run list --repo "pulumi/pulumi-xyz" --workflow release --branch "${{ steps.release_tag.outputs.tag }}" --json headBranch | grep -q "${{ steps.release_tag.outputs.tag }}"); do sleep 1; done | |
database_id=$(gh run list --repo "pulumi/pulumi-xyz" --workflow release --branch "${{ steps.release_tag.outputs.tag }}" --json "databaseId" --jq '.[0].databaseId') | |
echo "Release workflow started with id ${database_id}" | |
echo "id=${database_id}" >> "${GITHUB_OUTPUT}" | |
- name: Await release workflow success | |
run: gh run watch --repo "pulumi/pulumi-xyz" "${{ steps.release_workflow.outputs.id }}" --exit-status |