Update GitHub Actions workflows. (#373) #180
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt | |
env: | |
PROVIDER: kong | |
DOTNETVERSION: | | |
6.0.x | |
3.1.301 | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GOVERSION: 1.21.x | |
GRADLEVERSION: "7.6" | |
JAVAVERSION: "11" | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NODEVERSION: 20.x | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | |
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
PULUMI_API: https://api.pulumi-staging.io | |
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
PYPI_USERNAME: __token__ | |
PYTHONVERSION: 3.11.8 | |
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} | |
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} | |
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
TF_APPEND_USER_AGENT: pulumi | |
TRAVIS_OS_NAME: linux | |
jobs: | |
build_sdk: | |
name: build_sdk | |
needs: prerequisites | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v4 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
ref: deca2c5c6015ad7aaea6f572a1c2b198ca323592 | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
cache-dependency-path: | | |
sdk/go.sum | |
go-version: 1.21.x | |
- name: Cache examples generation | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.pulumi/examples-cache | |
key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.11.0 | |
with: | |
tag: v0.0.46 | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
with: | |
pulumi-version: ^3 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODEVERSION }} | |
registry-url: https://registry.npmjs.org | |
- name: Setup DotNet | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: ${{ env.DOTNETVERSION }} | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHONVERSION }} | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
cache: gradle | |
distribution: temurin | |
java-version: ${{ env.JAVAVERSION }} | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v3 | |
with: | |
gradle-version: ${{ env.GRADLEVERSION }} | |
- name: Download provider + tfgen binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ env.PROVIDER }}-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: Untar provider binaries | |
run: >- | |
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace}}/bin | |
find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; | |
- name: Install plugins | |
run: make install_plugins | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
- name: Set PACKAGE_VERSION to Env | |
run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >> | |
"$GITHUB_ENV" | |
- name: Build SDK | |
run: make build_${{ matrix.language }} | |
- name: Check worktree clean | |
run: ./ci-scripts/ci/check-worktree-is-clean | |
- name: Compress SDK folder | |
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz | |
retention-days: 30 | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in building ${{ matrix.language }} sdk | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
strategy: | |
fail-fast: true | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
generate_coverage_data: | |
continue-on-error: true | |
env: | |
COVERAGE_OUTPUT_DIR: ${{ secrets.COVERAGE_OUTPUT_DIR }} | |
name: generate_coverage_data | |
needs: prerequisites | |
runs-on: ubuntu-latest | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@v1.3.1 | |
with: | |
tool-cache: false | |
swap-storage: false | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} | |
aws-region: us-west-2 | |
aws-secret-access-key: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v4 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
ref: deca2c5c6015ad7aaea6f572a1c2b198ca323592 | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
cache-dependency-path: | | |
sdk/go.sum | |
go-version: 1.21.x | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.11.0 | |
with: | |
tag: v0.0.46 | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
with: | |
pulumi-version: ^3 | |
- if: github.event_name == 'pull_request' | |
name: Install Schema Tools | |
uses: jaxxstorm/action-install-gh-release@v1.11.0 | |
with: | |
repo: pulumi/schema-tools | |
- name: Echo Coverage Output Dir | |
run: 'echo "Coverage output directory: ${{ env.COVERAGE_OUTPUT_DIR }}"' | |
- name: Generate Coverage Data | |
run: PULUMI_MISSING_DOCS_ERROR=true make tfgen | |
- name: Summarize Provider Coverage Results | |
run: cat ${{ env.COVERAGE_OUTPUT_DIR }}/shortSummary.txt | |
- name: Upload coverage data to S3 | |
run: >- | |
summaryName="${PROVIDER}_summary_$(date +"%Y-%m-%d_%H-%M-%S").json" | |
s3FullURI="s3://${{ secrets.S3_COVERAGE_BUCKET_NAME }}/summaries/${summaryName}" | |
aws s3 cp "${{ env.COVERAGE_OUTPUT_DIR }}/summary.json" "${s3FullURI}" --acl bucket-owner-full-control | |
lint: | |
name: lint | |
uses: ./.github/workflows/lint.yml | |
secrets: inherit | |
license_check: | |
name: License Check | |
uses: ./.github/workflows/license.yml | |
secrets: inherit | |
prerequisites: | |
name: prerequisites | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Cache examples generation | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.pulumi/examples-cache | |
key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v4 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
ref: deca2c5c6015ad7aaea6f572a1c2b198ca323592 | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Prepare upstream code | |
run: make upstream | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.21.x | |
cache-dependency-path: | | |
provider/*.sum | |
upstream/*.sum | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.11.0 | |
with: | |
tag: v0.0.46 | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
with: | |
pulumi-version: ^3 | |
- if: github.event_name == 'pull_request' | |
name: Install Schema Tools | |
uses: jaxxstorm/action-install-gh-release@v1.11.0 | |
with: | |
repo: pulumi/schema-tools | |
- name: Build schema generator binary | |
run: make tfgen_build_only | |
- name: Install plugins | |
run: make install_plugins | |
- name: Generate schema | |
run: make tfgen_no_deps | |
- name: Build provider binary | |
run: make provider_no_deps | |
- name: Unit-test provider code | |
run: make test_provider | |
- if: github.event_name == 'pull_request' | |
name: Check Schema is Valid | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
{ | |
echo "SCHEMA_CHANGES<<$EOF"; | |
schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json; | |
echo "$EOF"; | |
} >> "$GITHUB_ENV" | |
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' | |
name: Comment on PR with Details of Schema Check | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
comment_tag: schemaCheck | |
message: >+ | |
${{ env.SCHEMA_CHANGES }} | |
Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes. | |
- if: github.event_name == 'pull_request' | |
name: Check Configuration section | |
run: | | |
sed -n '/## Configuration/,$p' README.md | sed -n '/## Reference/q;p' >> config_section.txt | |
jq -r '.config | select(.variables) | .variables | keys[]' < provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> keys.txt | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
{ | |
echo "MISSING_CONFIG<<$EOF"; | |
xargs -I {} sh -c "grep -q {} config_section.txt || echo \\\`{}\\\` not found in Configuration section" < keys.txt | |
echo "$EOF"; | |
} >> "$GITHUB_ENV" | |
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' | |
name: Comment on PR with Details of Configuration check | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
comment_tag: configurationCheck | |
message: >+ | |
### Is README.md missing any configuration options? | |
${{ env.MISSING_CONFIG || 'No missing config!' }} | |
${{ env.MISSING_CONFIG && 'Please add a description for each of these options to `README.md`.' }} | |
${{ env.MISSING_CONFIG && 'Details about them can be found in either the upstream docs or `schema.json`.' }} | |
- name: Tar provider binaries | |
run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace }}/bin/ pulumi-resource-${{ env.PROVIDER }} | |
pulumi-tfgen-${{ env.PROVIDER }} | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.PROVIDER }}-provider.tar.gz | |
path: ${{ github.workspace }}/bin/provider.tar.gz | |
retention-days: 30 | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in building provider prerequisites | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
publish: | |
name: publish | |
needs: | |
- test | |
- license_check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@v1.3.1 | |
with: | |
# this might remove tools that are actually needed, | |
# if set to "true" but frees about 6 GB | |
tool-cache: false | |
swap-storage: false | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
cache-dependency-path: | | |
sdk/go.sum | |
go-version: 1.21.x | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.11.0 | |
with: | |
tag: v0.0.46 | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
with: | |
pulumi-version: ^3 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: us-east-2 | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 7200 | |
role-external-id: upload-pulumi-release | |
role-session-name: ${{ env.PROVIDER }}@githubActions | |
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} | |
- name: Set PreRelease Version | |
run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)" >> "$GITHUB_ENV" | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v5 | |
with: | |
args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout | |
60m0s | |
version: latest | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in publishing binaries | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
publish_sdk: | |
name: publish_sdk | |
needs: publish | |
runs-on: ubuntu-latest | |
steps: | |
- name: Publish SDKs | |
uses: pulumi/pulumi-package-publisher@v0.0.14 | |
with: | |
sdk: all | |
- env: | |
SLACK_CHANNEL: provider-upgrade-publish-status | |
SLACK_COLOR: "#FF0000" | |
SLACK_ICON_EMOJI: ":taco:" | |
SLACK_MESSAGE: "Publish failed :x:" | |
SLACK_TITLE: ${{ github.event.repository.name }} upgrade result | |
SLACK_USERNAME: provider-bot | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} | |
if: failure() | |
name: Send Publish Failure To Slack | |
uses: rtCamp/action-slack-notify@v2 | |
tag_release_if_labeled_needs_release: | |
name: Tag release if labeled as needs-release | |
needs: publish_sdk | |
runs-on: ubuntu-latest | |
steps: | |
- name: check if this commit needs release | |
uses: pulumi/action-release-by-pr-label@main | |
with: | |
command: "release-if-needed" | |
repo: ${{ github.repository }} | |
commit: ${{ github.sha }} | |
slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} | |
env: | |
RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} | |
RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
test: | |
name: test | |
needs: build_sdk | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v4 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
ref: deca2c5c6015ad7aaea6f572a1c2b198ca323592 | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
cache-dependency-path: | | |
sdk/go.sum | |
go-version: 1.21.x | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.11.0 | |
with: | |
tag: v0.0.46 | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
with: | |
pulumi-version: ^3 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODEVERSION }} | |
registry-url: https://registry.npmjs.org | |
- name: Setup DotNet | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: ${{ env.DOTNETVERSION }} | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHONVERSION }} | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
cache: gradle | |
distribution: temurin | |
java-version: ${{ env.JAVAVERSION }} | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v3 | |
with: | |
gradle-version: ${{ env.GRADLEVERSION }} | |
- name: Download provider + tfgen binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ env.PROVIDER }}-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: Untar provider binaries | |
run: >- | |
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace}}/bin | |
find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; | |
- run: dotnet nuget add source ${{ github.workspace }}/nuget | |
- name: Download SDK | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress SDK folder | |
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ | |
github.workspace }}/sdk/${{ matrix.language }} | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
- name: Install Python deps | |
run: |- | |
pip3 install virtualenv==20.0.23 | |
pip3 install pipenv | |
- name: Run docker compose | |
run: docker compose -f testing/docker-compose.yml up --build -d | |
- name: Install dependencies | |
run: make install_${{ matrix.language}}_sdk | |
- name: Install gotestfmt | |
uses: GoTestTools/gotestfmt-action@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
version: v2.5.0 | |
- name: Run tests | |
run: cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ | |
matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in running ${{ matrix.language }} tests | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
strategy: | |
fail-fast: false | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
name: master | |
on: | |
push: | |
branches: | |
- master | |
paths-ignore: | |
- "**.md" | |
tags-ignore: | |
- v* | |
- sdk/* | |
- "**" |