Skip to content

Update GitHub Actions workflows. (#2681) #597

Update GitHub Actions workflows. (#2681)

Update GitHub Actions workflows. (#2681) #597

Workflow file for this run

# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PULUMI_MISSING_DOCS_ERROR: "true"
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
PYPI_USERNAME: __token__
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
TF_APPEND_USER_AGENT: pulumi
jobs:
prerequisites:
uses: ./.github/workflows/prerequisites.yml
secrets: inherit
with:
default_branch: ${{ github.event.repository.default_branch }}
is_pr: ${{ github.event_name == 'pull_request' }}
is_automated: ${{ github.actor == 'dependabot[bot]' }}
build_provider:
uses: ./.github/workflows/build_provider.yml
needs: prerequisites
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}
build_sdk:
name: build_sdk
needs: prerequisites
uses: ./.github/workflows/build_sdk.yml
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}
generate_coverage_data:
continue-on-error: true
env:
COVERAGE_OUTPUT_DIR: ${{ secrets.COVERAGE_OUTPUT_DIR }}
name: generate_coverage_data
needs: prerequisites
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@v1.3.1
with:
tool-cache: false
swap-storage: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }}
aws-region: us-west-2
aws-secret-access-key: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }}
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, go, schema-tools
- name: Echo Coverage Output Dir
run: 'echo "Coverage output directory: ${{ env.COVERAGE_OUTPUT_DIR }}"'
- name: Generate Coverage Data
run: PULUMI_MISSING_DOCS_ERROR=true make tfgen
- name: Summarize Provider Coverage Results
run: cat ${{ env.COVERAGE_OUTPUT_DIR }}/shortSummary.txt
- name: Upload coverage data to S3
run: >-
summaryName="${PROVIDER}_summary_$(date +"%Y-%m-%d_%H-%M-%S").json"
s3FullURI="s3://${{ secrets.S3_COVERAGE_BUCKET_NAME }}/summaries/${summaryName}"
aws s3 cp "${{ env.COVERAGE_OUTPUT_DIR }}/summary.json" "${s3FullURI}" --acl bucket-owner-full-control
lint:
name: lint
uses: ./.github/workflows/lint.yml
secrets: inherit
license_check:
name: License Check
uses: ./.github/workflows/license.yml
secrets: inherit
publish:
name: publish
permissions:
contents: write
needs:
- prerequisites
- build_provider
- test
- license_check
uses: ./.github/workflows/publish.yml
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}
isPrerelease: true
skipGoSdk: true
tag_release_if_labeled_needs_release:
name: Tag release if labeled as needs-release
needs: publish
runs-on: ubuntu-latest
steps:
- name: check if this commit needs release
if: ${{ env.RELEASE_BOT_ENDPOINT != '' }}
uses: pulumi/action-release-by-pr-label@main
with:
command: "release-if-needed"
repo: ${{ github.repository }}
commit: ${{ github.sha }}
slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }}
env:
RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
test:
name: test
needs:
- prerequisites
- build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
env:
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, ${{ matrix.language }}
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download bin
uses: ./.github/actions/download-bin
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Restore makefile progress
uses: actions/download-artifact@v4
with:
name: build_${{ matrix.language }}.make
path: .make
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Python deps
if: matrix.language == 'python'
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@v2
with:
install_components: gke-gcloud-auth-plugin
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.5.0
- name: make upstream
run: |
make upstream
- name: Run provider tests
run: |
cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- name: Run tests
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4
strategy:
fail-fast: false
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
name: master
on:
workflow_dispatch: {}
push:
branches:
- master
paths-ignore:
- "**.md"
tags-ignore:
- v*
- sdk/*
- "**"