diff --git a/.github/ISSUE_TEMPLATE/0-ecosystem-providers.md b/.github/ISSUE_TEMPLATE/0-ecosystem-providers.md index 6448787dff..75ff233e61 100644 --- a/.github/ISSUE_TEMPLATE/0-ecosystem-providers.md +++ b/.github/ISSUE_TEMPLATE/0-ecosystem-providers.md @@ -23,6 +23,7 @@ assignees: '' - [ ] [kubernetes-cert-manager](https://github.com/pulumi/pulumi-kubernetes-cert-manager) - [ ] [kubernetes-ingress-nginx](https://github.com/pulumi/pulumi-kubernetes-ingress-nginx) - [ ] [kubernetes-coredns](https://github.com/pulumi/pulumi-kubernetes-coredns) +- [ ] [pulumistack](https://github.com/pulumi/pulumi-pulumistack) ## Bridged Providers diff --git a/native-provider-ci/providers/pulumistack/config.yaml b/native-provider-ci/providers/pulumistack/config.yaml new file mode 100644 index 0000000000..1b6faed1ee --- /dev/null +++ b/native-provider-ci/providers/pulumistack/config.yaml @@ -0,0 +1,4 @@ +provider: pulumistack +major-version: 0 +defaultBranch: master +hasGenBinary: false diff --git a/native-provider-ci/providers/pulumistack/repo/.github/workflows/build.yml b/native-provider-ci/providers/pulumistack/repo/.github/workflows/build.yml new file mode 100644 index 0000000000..01a3d9a08e --- /dev/null +++ b/native-provider-ci/providers/pulumistack/repo/.github/workflows/build.yml @@ -0,0 +1,585 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: build +on: + push: + branches: + - master + - main + - feature-** + paths-ignore: + - CHANGELOG.md + tags-ignore: + - v* + - sdk/* + - "**" + workflow_dispatch: {} +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: pulumistack + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 20.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" +jobs: + prerequisites: + runs-on: ubuntu-latest + name: prerequisites + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - if: github.event_name == 'pull_request' + name: Install Schema Tools + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/schema-tools + - name: Build codegen binaries + run: make codegen + - if: github.event_name == 'pull_request' + name: Check Schema is Valid + run: >- + echo 'SCHEMA_CHANGES<> $GITHUB_ENV + + schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV + + echo 'EOF' >> $GITHUB_ENV + env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + - if: github.event_name == 'pull_request' + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + message: | + ${{ env.SCHEMA_CHANGES }} + comment-tag: schemaCheck + github-token: ${{ secrets.GITHUB_TOKEN }} + - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && + github.actor == 'pulumi-bot' + name: Add label if no breaking changes + uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 + with: + labels: impact/no-changelog-required + number: ${{ github.event.issue.number }} + github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Build Provider + run: make provider + - name: Check worktree clean + id: worktreeClean + uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 + with: + allowed-changes: |- + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} + - run: git status --porcelain + - name: Tar provider binaries + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} + - name: Upload artifacts + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + - name: Test Provider Library + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in building provider prerequisites + fields: repo,commit,author,action + status: ${{ job.status }} + build_sdks: + needs: prerequisites + runs-on: pulumi-ubuntu-8core + strategy: + fail-fast: ${{ ! contains(github.actor, 'renovate') }} + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: build_sdks + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Generate SDK + run: make ${{ matrix.language }}_sdk + - name: Check worktree clean + id: worktreeClean + uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 + with: + allowed-changes: |- + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} + - run: git status --porcelain + - name: Tar SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + retention-days: 30 + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure while building SDKs + fields: repo,commit,author,action + status: ${{ job.status }} + test: + runs-on: pulumi-ubuntu-8core + needs: + - build_sdks + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: test + permissions: + contents: read + id-token: write + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Download SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: UnTar SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ + github.workspace}}/sdk/${{ matrix.language}} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + - name: Install Node dependencies + run: yarn global add typescript + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + version: v2.5.0 + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run tests + run: >- + set -euo pipefail + + cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in SDK tests + fields: repo,commit,author,action + status: ${{ job.status }} + publish: + runs-on: ubuntu-latest + needs: test + name: publish + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Clear GitHub Actions Ubuntu runner disk space + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 + with: + tool-cache: false + dotnet: false + android: true + haskell: true + swap-storage: true + large-packages: false + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-external-id: upload-pulumi-release + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 + env: + GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} + with: + args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s + version: latest + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in publishing binaries + fields: repo,commit,author,action + status: ${{ job.status }} + publish_sdk: + runs-on: ubuntu-latest + needs: publish + name: publish_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Checkout Scripts Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + path: ci-scripts + repository: pulumi/scripts + - run: echo "ci-scripts" >> .git/info/exclude + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Download python SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: python-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress python SDK + run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C + ${{github.workspace}}/sdk/python + - name: Download dotnet SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: dotnet-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress dotnet SDK + run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C + ${{github.workspace}}/sdk/dotnet + - name: Download nodejs SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress nodejs SDK + run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C + ${{github.workspace}}/sdk/nodejs + - name: Install Twine + run: python -m pip install twine==5.0.0 + - name: Publish SDKs + run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + PYPI_PUBLISH_ARTIFACTS: all + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in publishing SDK + fields: repo,commit,author,action + status: ${{ job.status }} + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + persist-credentials: false + ref: ${{ env.PR_COMMIT_SHA }} + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Disarm go:embed directives to enable linters that compile source code + run: git grep -l 'go:embed' -- provider | xargs --no-run-if-empty sed -i + 's/go:embed/ goembed/g' + - name: golangci-lint provider pkg + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 + with: + version: ${{ env.GOLANGCI_LINT_VERSION }} + args: -c ../.golangci.yml + working-directory: provider + name: lint + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository diff --git a/native-provider-ci/providers/pulumistack/repo/.github/workflows/command-dispatch.yml b/native-provider-ci/providers/pulumistack/repo/.github/workflows/command-dispatch.yml new file mode 100644 index 0000000000..e1bba70a35 --- /dev/null +++ b/native-provider-ci/providers/pulumistack/repo/.github/workflows/command-dispatch.yml @@ -0,0 +1,51 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: command-dispatch +on: + issue_comment: + types: + - created + - edited +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: pulumistack + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 20.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" +jobs: + command-dispatch-for-testing: + runs-on: ubuntu-latest + name: command-dispatch-for-testing + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4.0.0 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + reaction-token: ${{ secrets.GITHUB_TOKEN }} + commands: run-acceptance-tests + permission: write + issue-type: pull-request + repository: pulumi/pulumi-pulumistack + if: ${{ github.event.issue.pull_request }} diff --git a/native-provider-ci/providers/pulumistack/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/pulumistack/repo/.github/workflows/prerelease.yml new file mode 100644 index 0000000000..87e325d415 --- /dev/null +++ b/native-provider-ci/providers/pulumistack/repo/.github/workflows/prerelease.yml @@ -0,0 +1,637 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: prerelease +on: + push: + tags: + - v*.*.*-** +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: pulumistack + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 20.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" + IS_PRERELEASE: true +jobs: + prerequisites: + runs-on: ubuntu-latest + name: prerequisites + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - if: github.event_name == 'pull_request' + name: Install Schema Tools + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/schema-tools + - name: Build codegen binaries + run: make codegen + - if: github.event_name == 'pull_request' + name: Check Schema is Valid + run: >- + echo 'SCHEMA_CHANGES<> $GITHUB_ENV + + schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV + + echo 'EOF' >> $GITHUB_ENV + env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + - if: github.event_name == 'pull_request' + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + message: | + ${{ env.SCHEMA_CHANGES }} + comment-tag: schemaCheck + github-token: ${{ secrets.GITHUB_TOKEN }} + - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && + github.actor == 'pulumi-bot' + name: Add label if no breaking changes + uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 + with: + labels: impact/no-changelog-required + number: ${{ github.event.issue.number }} + github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Build Provider + run: make provider + - name: Check worktree clean + id: worktreeClean + uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 + with: + allowed-changes: |- + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} + - run: git status --porcelain + - name: Tar provider binaries + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} + - name: Upload artifacts + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + - name: Test Provider Library + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in building provider prerequisites + fields: repo,commit,author,action + status: ${{ job.status }} + build_sdks: + needs: prerequisites + runs-on: pulumi-ubuntu-8core + strategy: + fail-fast: ${{ ! contains(github.actor, 'renovate') }} + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: build_sdks + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Generate SDK + run: make ${{ matrix.language }}_sdk + - name: Check worktree clean + id: worktreeClean + uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 + with: + allowed-changes: |- + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} + - run: git status --porcelain + - name: Tar SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure while building SDKs + fields: repo,commit,author,action + status: ${{ job.status }} + test: + runs-on: pulumi-ubuntu-8core + needs: + - build_sdks + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: test + permissions: + contents: read + id-token: write + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Download SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: UnTar SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ + github.workspace}}/sdk/${{ matrix.language}} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + - name: Install Node dependencies + run: yarn global add typescript + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + version: v2.5.0 + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run tests + run: >- + set -euo pipefail + + cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in SDK tests + fields: repo,commit,author,action + status: ${{ job.status }} + publish: + runs-on: ubuntu-latest + needs: test + name: publish + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Clear GitHub Actions Ubuntu runner disk space + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 + with: + tool-cache: false + dotnet: false + android: true + haskell: true + swap-storage: true + large-packages: false + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-external-id: upload-pulumi-release + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 + env: + GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} + with: + args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s + version: latest + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in publishing binaries + fields: repo,commit,author,action + status: ${{ job.status }} + publish_sdk: + runs-on: ubuntu-latest + needs: publish + name: publish_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Checkout Scripts Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + path: ci-scripts + repository: pulumi/scripts + - run: echo "ci-scripts" >> .git/info/exclude + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Download python SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: python-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress python SDK + run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C + ${{github.workspace}}/sdk/python + - name: Download dotnet SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: dotnet-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress dotnet SDK + run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C + ${{github.workspace}}/sdk/dotnet + - name: Download nodejs SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress nodejs SDK + run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C + ${{github.workspace}}/sdk/nodejs + - name: Install Twine + run: python -m pip install twine==5.0.0 + - name: Publish SDKs + run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + PYPI_PUBLISH_ARTIFACTS: all + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in publishing SDK + fields: repo,commit,author,action + status: ${{ job.status }} + publish_java_sdk: + runs-on: ubuntu-latest + continue-on-error: true + needs: publish + name: publish_java_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Java + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download java SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: java-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress java SDK + run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C + ${{github.workspace}}/sdk/java + - name: Publish Java SDK + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + env: + PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }} + with: + arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository + build-root-directory: ./sdk/java + gradle-version: 7.4.1 + publish_go_sdk: + runs-on: ubuntu-latest + name: publish-go-sdk + needs: publish_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Download go SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: go-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress go SDK + run: tar -zxf ${{github.workspace}}/sdk/go.tar.gz -C + ${{github.workspace}}/sdk/go + - name: Publish Go SDK + uses: pulumi/publish-go-sdk-action@v1 + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ steps.version.outputs.version }} + additive: false + files: |- + go.* + go/** + !*.tar.gz diff --git a/native-provider-ci/providers/pulumistack/repo/.github/workflows/pull-request.yml b/native-provider-ci/providers/pulumistack/repo/.github/workflows/pull-request.yml new file mode 100644 index 0000000000..c36df697b8 --- /dev/null +++ b/native-provider-ci/providers/pulumistack/repo/.github/workflows/pull-request.yml @@ -0,0 +1,48 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: pull-request +on: + pull_request_target: {} +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: pulumistack + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 20.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" +jobs: + comment-on-pr: + runs-on: ubuntu-latest + name: comment-on-pr + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - name: Comment PR + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + message: > + PR is now waiting for a maintainer to run the acceptance tests. + + **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR + github-token: ${{ secrets.GITHUB_TOKEN }} + if: github.event.pull_request.head.repo.full_name != github.repository diff --git a/native-provider-ci/providers/pulumistack/repo/.github/workflows/release.yml b/native-provider-ci/providers/pulumistack/repo/.github/workflows/release.yml new file mode 100644 index 0000000000..be4b83922b --- /dev/null +++ b/native-provider-ci/providers/pulumistack/repo/.github/workflows/release.yml @@ -0,0 +1,651 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: release +on: + push: + tags: + - v*.*.* + - "!v*.*.*-**" +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: pulumistack + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 20.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" +jobs: + prerequisites: + runs-on: ubuntu-latest + name: prerequisites + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - if: github.event_name == 'pull_request' + name: Install Schema Tools + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/schema-tools + - name: Build codegen binaries + run: make codegen + - if: github.event_name == 'pull_request' + name: Check Schema is Valid + run: >- + echo 'SCHEMA_CHANGES<> $GITHUB_ENV + + schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV + + echo 'EOF' >> $GITHUB_ENV + env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + - if: github.event_name == 'pull_request' + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + message: | + ${{ env.SCHEMA_CHANGES }} + comment-tag: schemaCheck + github-token: ${{ secrets.GITHUB_TOKEN }} + - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && + github.actor == 'pulumi-bot' + name: Add label if no breaking changes + uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 + with: + labels: impact/no-changelog-required + number: ${{ github.event.issue.number }} + github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Build Provider + run: make provider + - name: Check worktree clean + id: worktreeClean + uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 + with: + allowed-changes: |- + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} + - run: git status --porcelain + - name: Tar provider binaries + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} + - name: Upload artifacts + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + - name: Test Provider Library + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in building provider prerequisites + fields: repo,commit,author,action + status: ${{ job.status }} + build_sdks: + needs: prerequisites + runs-on: pulumi-ubuntu-8core + strategy: + fail-fast: ${{ ! contains(github.actor, 'renovate') }} + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: build_sdks + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Generate SDK + run: make ${{ matrix.language }}_sdk + - name: Check worktree clean + id: worktreeClean + uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 + with: + allowed-changes: |- + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} + - run: git status --porcelain + - name: Tar SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure while building SDKs + fields: repo,commit,author,action + status: ${{ job.status }} + test: + runs-on: pulumi-ubuntu-8core + needs: + - build_sdks + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: test + permissions: + contents: read + id-token: write + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Download SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: UnTar SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ + github.workspace}}/sdk/${{ matrix.language}} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + - name: Install Node dependencies + run: yarn global add typescript + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + version: v2.5.0 + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run tests + run: >- + set -euo pipefail + + cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in SDK tests + fields: repo,commit,author,action + status: ${{ job.status }} + publish: + runs-on: ubuntu-latest + needs: test + name: publish + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Clear GitHub Actions Ubuntu runner disk space + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 + with: + tool-cache: false + dotnet: false + android: true + haskell: true + swap-storage: true + large-packages: false + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-external-id: upload-pulumi-release + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 + env: + GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} + with: + args: -p 3 release --clean --timeout 60m0s + version: latest + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in publishing binaries + fields: repo,commit,author,action + status: ${{ job.status }} + publish_sdk: + runs-on: ubuntu-latest + needs: publish + name: publish_sdks + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Checkout Scripts Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + path: ci-scripts + repository: pulumi/scripts + - run: echo "ci-scripts" >> .git/info/exclude + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Download python SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: python-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress python SDK + run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C + ${{github.workspace}}/sdk/python + - name: Download dotnet SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: dotnet-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress dotnet SDK + run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C + ${{github.workspace}}/sdk/dotnet + - name: Download nodejs SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress nodejs SDK + run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C + ${{github.workspace}}/sdk/nodejs + - name: Install Twine + run: python -m pip install twine==5.0.0 + - name: Publish SDKs + run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + PYPI_PUBLISH_ARTIFACTS: all + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in publishing SDK + fields: repo,commit,author,action + status: ${{ job.status }} + publish_java_sdk: + runs-on: ubuntu-latest + continue-on-error: true + needs: publish + name: publish_java_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Java + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download java SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: java-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress java SDK + run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C + ${{github.workspace}}/sdk/java + - name: Publish Java SDK + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + env: + PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }} + with: + arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository + build-root-directory: ./sdk/java + gradle-version: 7.4.1 + publish_go_sdk: + runs-on: ubuntu-latest + name: publish-go-sdk + needs: publish_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Download go SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: go-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress go SDK + run: tar -zxf ${{github.workspace}}/sdk/go.tar.gz -C + ${{github.workspace}}/sdk/go + - name: Publish Go SDK + uses: pulumi/publish-go-sdk-action@v1 + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ steps.version.outputs.version }} + additive: false + files: |- + go.* + go/** + !*.tar.gz + dispatch_docs_build: + runs-on: ubuntu-latest + needs: publish_go_sdk + steps: + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Dispatch Event + run: pulumictl create docs-build pulumi-${{ env.PROVIDER }} + ${GITHUB_REF#refs/tags/} + env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + name: dispatch_docs_build diff --git a/native-provider-ci/providers/pulumistack/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/pulumistack/repo/.github/workflows/run-acceptance-tests.yml new file mode 100644 index 0000000000..573a5ca365 --- /dev/null +++ b/native-provider-ci/providers/pulumistack/repo/.github/workflows/run-acceptance-tests.yml @@ -0,0 +1,490 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: run-acceptance-tests +on: + repository_dispatch: + types: + - run-acceptance-tests-command + pull_request: + paths-ignore: + - CHANGELOG.md + workflow_dispatch: {} +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: pulumistack + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 20.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} +jobs: + comment-notification: + runs-on: ubuntu-latest + name: comment-notification + steps: + - name: Create URL to the run output + id: vars + run: echo + run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID + >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}" + if: github.event_name == 'repository_dispatch' + prerequisites: + runs-on: ubuntu-latest + name: prerequisites + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + persist-credentials: false + ref: ${{ env.PR_COMMIT_SHA }} + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - if: github.event_name == 'pull_request' + name: Install Schema Tools + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/schema-tools + - name: Build codegen binaries + run: make codegen + - if: github.event_name == 'pull_request' + name: Check Schema is Valid + run: >- + echo 'SCHEMA_CHANGES<> $GITHUB_ENV + + schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV + + echo 'EOF' >> $GITHUB_ENV + env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + - if: github.event_name == 'pull_request' + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + message: | + ${{ env.SCHEMA_CHANGES }} + comment-tag: schemaCheck + github-token: ${{ secrets.GITHUB_TOKEN }} + - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && + github.actor == 'pulumi-bot' + name: Add label if no breaking changes + uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 + with: + labels: impact/no-changelog-required + number: ${{ github.event.issue.number }} + github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Build Provider + run: make provider + - name: Check worktree clean + id: worktreeClean + uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 + with: + allowed-changes: |- + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} + - run: git status --porcelain + - name: Tar provider binaries + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} + - name: Upload artifacts + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + - name: Test Provider Library + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in building provider prerequisites + fields: repo,commit,author,action + status: ${{ job.status }} + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + build_sdks: + needs: prerequisites + runs-on: pulumi-ubuntu-8core + strategy: + fail-fast: ${{ ! contains(github.actor, 'renovate') }} + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: build_sdks + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + persist-credentials: false + ref: ${{ env.PR_COMMIT_SHA }} + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Generate SDK + run: make ${{ matrix.language }}_sdk + - name: Check worktree clean + id: worktreeClean + uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 + with: + allowed-changes: |- + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} + - run: git status --porcelain + - name: Tar SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + retention-days: 30 + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure while building SDKs + fields: repo,commit,author,action + status: ${{ job.status }} + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + test: + runs-on: pulumi-ubuntu-8core + needs: + - build_sdks + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: test + permissions: + contents: read + id-token: write + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + persist-credentials: false + ref: ${{ env.PR_COMMIT_SHA }} + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Download SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: UnTar SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ + github.workspace}}/sdk/${{ matrix.language}} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + - name: Install Node dependencies + run: yarn global add typescript + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + version: v2.5.0 + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run tests + run: >- + set -euo pipefail + + cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 + with: + author_name: Failure in SDK tests + fields: repo,commit,author,action + status: ${{ job.status }} + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + sentinel: + runs-on: ubuntu-latest + name: sentinel + steps: + - name: Mark workflow as successful + uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 + with: + authToken: ${{ secrets.GITHUB_TOKEN }} + context: Sentinel + state: success + description: Sentinel checks passed + sha: ${{ github.event.pull_request.head.sha || github.sha }} + permissions: + statuses: write + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + needs: + - test + - prerequisites + - lint + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + persist-credentials: false + ref: ${{ env.PR_COMMIT_SHA }} + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Disarm go:embed directives to enable linters that compile source code + run: git grep -l 'go:embed' -- provider | xargs --no-run-if-empty sed -i + 's/go:embed/ goembed/g' + - name: golangci-lint provider pkg + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 + with: + version: ${{ env.GOLANGCI_LINT_VERSION }} + args: -c ../.golangci.yml + working-directory: provider + name: lint + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository diff --git a/native-provider-ci/providers/pulumistack/repo/.github/workflows/weekly-pulumi-update.yml b/native-provider-ci/providers/pulumistack/repo/.github/workflows/weekly-pulumi-update.yml new file mode 100644 index 0000000000..c77c3ade35 --- /dev/null +++ b/native-provider-ci/providers/pulumistack/repo/.github/workflows/weekly-pulumi-update.yml @@ -0,0 +1,120 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: weekly-pulumi-update +on: + schedule: + - cron: 35 12 * * 4 + workflow_dispatch: {} +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: pulumistack + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 20.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" +jobs: + weekly-pulumi-update: + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + - name: Install Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0 + - name: Setup DotNet + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Node + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Update Pulumi/Pulumi + id: gomod + run: >- + git config --local user.email 'bot@pulumi.com' + + git config --local user.name 'pulumi-bot' + + git checkout -b update-pulumi/${{ github.run_id }}-${{ github.run_number }} + + for MODFILE in $(find . -name go.mod); do pushd $(dirname $MODFILE); go get github.com/pulumi/pulumi/pkg/v3 github.com/pulumi/pulumi/sdk/v3; go mod tidy; popd; done + + gh repo view pulumi/pulumi --json latestRelease --jq .latestRelease.tagName | sed 's/^v//' > .pulumi.version + + git update-index -q --refresh + + if ! git diff-files --quiet; then echo changes=1 >> "$GITHUB_OUTPUT"; fi + - name: Provider with Pulumi Upgrade + if: steps.gomod.outputs.changes != 0 + run: >- + make codegen && make local_generate + + git add sdk/nodejs + + git commit -m "Regenerating Node.js SDK based on updated modules" || echo "ignore commit failure, may be empty" + + git add sdk/python + + git commit -m "Regenerating Python SDK based on updated modules" || echo "ignore commit failure, may be empty" + + git add sdk/dotnet + + git commit -m "Regenerating .NET SDK based on updated modules" || echo "ignore commit failure, may be empty" + + git add sdk/go* + + git commit -m "Regenerating Go SDK based on updated modules" || echo "ignore commit failure, may be empty" + + git add sdk/java* + + git commit -m "Regenerating Java SDK based on updated modules" || echo "ignore commit failure, may be empty" + + git add . + + git commit -m "Updated modules" || echo "ignore commit failure, may be empty" + + git push origin update-pulumi/${{ github.run_id }}-${{ github.run_number }} + - name: Create PR + id: create-pr + if: steps.gomod.outputs.changes != 0 + run: | + ver=$(cat .pulumi.version) + msg="Automated upgrade: bump pulumi/pulumi to ${ver}" + gh pr create -t "$msg" -b "$msg" -B master + env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + name: weekly-pulumi-update diff --git a/native-provider-ci/providers/pulumistack/repo/.goreleaser.prerelease.yml b/native-provider-ci/providers/pulumistack/repo/.goreleaser.prerelease.yml new file mode 100644 index 0000000000..614faa81c7 --- /dev/null +++ b/native-provider-ci/providers/pulumistack/repo/.goreleaser.prerelease.yml @@ -0,0 +1,38 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +project_name: pulumi-pulumistack +builds: +- dir: provider + env: + - CGO_ENABLED=0 + - GO111MODULE=on + goos: + - darwin + - windows + - linux + goarch: + - amd64 + - arm64 + ignore: [] + main: ./cmd/pulumi-resource-pulumistack/ + ldflags: + - -s + - -w + - -X github.com/pulumi/pulumi-pulumistack/provider/pkg/version.Version={{.Tag}} + binary: pulumi-resource-pulumistack +archives: +- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}" + id: archive +snapshot: + name_template: "{{ .Tag }}-SNAPSHOT" +changelog: + skip: true +release: + disable: true +blobs: +- provider: s3 + region: us-west-2 + bucket: get.pulumi.com + folder: releases/plugins/ + ids: + - archive diff --git a/native-provider-ci/providers/pulumistack/repo/.goreleaser.yml b/native-provider-ci/providers/pulumistack/repo/.goreleaser.yml new file mode 100644 index 0000000000..b0c9fd3ce3 --- /dev/null +++ b/native-provider-ci/providers/pulumistack/repo/.goreleaser.yml @@ -0,0 +1,38 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +project_name: pulumi-pulumistack +builds: +- dir: provider + env: + - CGO_ENABLED=0 + - GO111MODULE=on + goos: + - darwin + - windows + - linux + goarch: + - amd64 + - arm64 + ignore: [] + main: ./cmd/pulumi-resource-pulumistack/ + ldflags: + - -s + - -w + - -X github.com/pulumi/pulumi-pulumistack/provider/pkg/version.Version={{.Tag}} + binary: pulumi-resource-pulumistack +archives: +- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}" + id: archive +snapshot: + name_template: "{{ .Tag }}-SNAPSHOT" +changelog: + skip: true +release: + disable: false +blobs: +- provider: s3 + region: us-west-2 + bucket: get.pulumi.com + folder: releases/plugins/ + ids: + - archive diff --git a/native-provider-ci/providers/pulumistack/repo/CODE-OF-CONDUCT.md b/native-provider-ci/providers/pulumistack/repo/CODE-OF-CONDUCT.md new file mode 100644 index 0000000000..995e13c009 --- /dev/null +++ b/native-provider-ci/providers/pulumistack/repo/CODE-OF-CONDUCT.md @@ -0,0 +1,80 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of experience, +education, socio-economic status, nationality, personal appearance, race, +religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members +* Contribute in a positive and constructive way + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Community Guidelines +* Be clear and stay on topic. Communicating with strangers on the Internet can make it hard to convey or read tone, and sarcasm is frequently misunderstood. Try to use clear language, and think about how the other person will receive it. +* Don’t cross-post the same thing in multiple GitHub Discussion topics or multiple Slack channels. This can make it difficult for people answering your questions and creates "scrollback spam". +* Public discussion is preferred to private. Avoid using Slack DMs for questions, and instead share them in public Slack channels or GitHub Discussion threads. This allows a larger audience to both share their knowledge as well as learn from your question or issue. If you're having a problem, chances are someone else is having a similar problem. Learning in public is a community contribution. +* Minimize notifications to other community members. Avoid tagging other community members in Slack messages or Discussion threads, unless you are replying to something specific. Community members are here to help each other, but are not "on call" for support, and we expect everyone to try to minimize "notification fatigue". If your issue is time-sensitive or critical, use methods like support@pulumi.com instead. + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, GitHub Discussions posts, +and other contributions that are not aligned to this Code of Conduct, or to ban +temporarily or permanently any contributor for other behaviors that they deem +inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces (including the Community Slack +and GitHub Discussions forums) and in public spaces when an individual is representing the +project or its community. Examples of representing a project or community include +using an official project e-mail address, posting via an official social media account, +or acting as an appointed representative at an online or offline event. Representation +of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at code-of-conduct@pulumi.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org diff --git a/native-provider-ci/src/steps.ts b/native-provider-ci/src/steps.ts index 6db4a8d019..e684b3baac 100644 --- a/native-provider-ci/src/steps.ts +++ b/native-provider-ci/src/steps.ts @@ -403,8 +403,8 @@ export function BuildCodegenBinaries(provider: string): Step { }; } -export function BuildSDKs(provider: string): Step { - if (provider === "command" || provider === "kubernetes") { +export function BuildSDKs(provider: string, hasGenBinary: boolean): Step { + if (hasGenBinary === false || provider === "kubernetes") { return {}; } return { @@ -712,8 +712,8 @@ export function InitializeSubModules(submodules?: boolean): Step { return {}; } -export function BuildSchema(provider: string): Step { - if (provider === "command") { +export function BuildSchema(provider: string, hasGenBinary: boolean): Step { + if (hasGenBinary === false) { return {}; } if (provider === "kubernetes") { @@ -759,8 +759,8 @@ export function RestoreBinaryPerms(provider: string, job: string): Step { }; } -export function GenerateSDKs(provider: string): Step { - if (provider === "command" || provider === "kubernetes") { +export function GenerateSDKs(provider: string, hasGenBinary: boolean): Step { + if (hasGenBinary === false || provider === "kubernetes") { return { name: "Generate SDK", run: "make ${{ matrix.language }}_sdk", diff --git a/native-provider-ci/src/workflows.ts b/native-provider-ci/src/workflows.ts index 3146efe905..cf58713f24 100644 --- a/native-provider-ci/src/workflows.ts +++ b/native-provider-ci/src/workflows.ts @@ -460,8 +460,8 @@ export class BuildSdkJob implements NormalJob { steps.RestoreBinaryPerms(opts.provider, name), steps.CodegenDuringSDKBuild(opts.provider), steps.InitializeSubModules(opts.submodules), - steps.GenerateSDKs(opts.provider), - steps.BuildSDKs(opts.provider), + steps.GenerateSDKs(opts.provider, opts.hasGenBinary), + steps.BuildSDKs(opts.provider, opts.hasGenBinary), steps.CheckCleanWorkTree(), steps.CommitSDKChangesForRenovate(), steps.Porcelain(), @@ -511,7 +511,7 @@ export class PrerequisitesJob implements NormalJob { steps.PrepareOpenAPIFile(opts.provider), steps.InitializeSubModules(opts.submodules), steps.BuildCodegenBinaries(opts.provider), - steps.BuildSchema(opts.provider), + steps.BuildSchema(opts.provider, opts.hasGenBinary), steps.MakeKubernetesProvider(opts.provider), steps.CheckSchemaChanges(opts.provider), steps.CommentSchemaChangesOnPR(opts.provider),