Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Extract reusable publish workflow (#1007)
- Combine release, prerelease and main into a single workflow with
minimal options.
- This enables verifying all releases except Go on main. We can't verify
Go because we don't release Go because that would clutter the git
history with tags.
## Prerelease -> Release differences
Here's a diff between `prerelease.yml` and `release.yml` before the
change. The observed changes are:
1. Extra `IS_PRERELEASE: true` env var
2. Optional extra `create_docs_build` job in `release.yml`.
3. Customised goreleaser args
4. `enableMacosRunner` is disabled for pre-release.
5. Workflow name and tags filters.
```diff
4d3
< IS_PRERELEASE: true
22a22,40
> #{{ if .Config.publishRegistry -}}#
> create_docs_build:
> name: create_docs_build
> needs: publish_go_sdk
> runs-on: #{{ .Config.runner.default }}#
> steps:
> - name: Dispatch Metadata build
> uses: peter-evans/repository-dispatch@v3
> with:
> token: ${{ secrets.PULUMI_BOT_TOKEN }}
> repository: pulumi/registry
> event-type: resource-provider
> client-payload: |-
> {
> "project": "${{ github.repository }}",
> "project-shortname": "#{{ .Config.provider }}#",
> "ref": "${{ github.ref_name }}"
> }
> #{{ end -}}#
79,80c97
< args: -p #{{ .Config.parallel }}# -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout
< #{{ .Config.timeout }}#m0s
---
> args: -p #{{ .Config.parallel }}# release --rm-dist --timeout #{{ .Config.timeout }}#m0s
138a156,176
>
> clean_up_release_labels:
> name: Clean up release labels
> #{{ if .Config.publishRegistry -}}#
> needs: create_docs_build
> #{{ else }}#
> needs: tag_sdk
> #{{- end }}#
> runs-on: #{{ .Config.runner.default }}#
> steps:
> - name: Checkout Repo
> uses: actions/checkout@v4
> - name: Clean up release labels
> uses: pulumi/action-release-by-pr-label@main
> with:
> command: "clean-up-release-labels"
> repo: ${{ github.repository }}
> commit: ${{ github.sha }}
> env:
> GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
>
255,256c293
< # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release.
< enableMacosRunner: false
---
> enableMacosRunner: true
258c295
< name: prerelease
---
> name: release
262c299,300
< - v*.*.*-**
---
> - v*.*.*
> - "!v*.*.*-**"
```
## Main -> Prerelease differences
Diff summary:
1. `IS_PRERELEASE` was not set for main.
2. `generate_coverage_data` is only run on main - this is not part of
the publish workflow and remains unchanged.
3. `tag_release_if_labeled_needs_release` in only in main - this will
remain unchanged.
4. `publish_go_sdk` was not in main - we will skip this in the publish
workflow.
5. `verify-release` was not in main - we can add this but skip go on
main as we're not publishing it.
6. The triggers & workflow name vary.
```diff
3a4
> IS_PRERELEASE: true
22,63d22
< generate_coverage_data:
< continue-on-error: true
< env:
< COVERAGE_OUTPUT_DIR: ${{ secrets.COVERAGE_OUTPUT_DIR }}
< name: generate_coverage_data
< needs: prerequisites
< runs-on: #{{ .Config.runner.default }}#
< steps:
< - name: Free Disk Space (Ubuntu)
< uses: jlumbroso/[email protected]
< with:
< tool-cache: false
< swap-storage: false
< - name: Checkout Repo
< uses: #{{ .Config.actionVersions.checkout }}#
< #{{- if .Config.checkoutSubmodules }}#
< with:
< submodules: #{{ .Config.checkoutSubmodules }}#
< #{{- end }}#
< - name: Configure AWS Credentials
< uses: #{{ .Config.actionVersions.configureAwsCredentials }}#
< with:
< aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }}
< aws-region: us-west-2
< aws-secret-access-key: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }}
< - name: Setup tools
< uses: ./.github/actions/setup-tools
< with:
< tools: pulumictl, pulumicli, go, schema-tools
< - name: Echo Coverage Output Dir
< run: 'echo "Coverage output directory: ${{ env.COVERAGE_OUTPUT_DIR }}"'
< - name: Generate Coverage Data
< run: PULUMI_MISSING_DOCS_ERROR=true make tfgen
< - name: Summarize Provider Coverage Results
< run: cat ${{ env.COVERAGE_OUTPUT_DIR }}/shortSummary.txt
< - name: Upload coverage data to S3
< run: >-
< summaryName="${PROVIDER}_summary_$(date +"%Y-%m-%d_%H-%M-%S").json"
<
< s3FullURI="s3://${{ secrets.S3_COVERAGE_BUCKET_NAME }}/summaries/${summaryName}"
<
< aws s3 cp "${{ env.COVERAGE_OUTPUT_DIR }}/summary.json" "${s3FullURI}" --acl bucket-owner-full-control
123d81
<
146,149c104,108
<
< tag_release_if_labeled_needs_release:
< name: Tag release if labeled as needs-release
< needs: publish_sdk
---
> publish_go_sdk:
> name: publish_go_sdk
> needs:
> - prerequisites
> - publish_sdk
152,153c111,113
< - name: check if this commit needs release
< uses: pulumi/action-release-by-pr-label@main
---
> - name: Checkout Repo
> uses: #{{ .Config.actionVersions.checkout }}#
> #{{- if .Config.checkoutSubmodules }}#
155,163c115,138
< command: "release-if-needed"
< repo: ${{ github.repository }}
< commit: ${{ github.sha }}
< slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }}
< env:
< RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
< RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
< GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
<
---
> submodules: #{{ .Config.checkoutSubmodules }}#
> #{{- end }}#
> - name: Download Go SDK
> uses: actions/download-artifact@v4
> with:
> name: go-sdk.tar.gz
> path: ${{ github.workspace }}/sdk/
> - name: Uncompress Go SDK
> run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C
> ${{ github.workspace }}/sdk/go
> shell: bash
> - uses: pulumi/publish-go-sdk-action@v1
> with:
> repository: ${{ github.repository }}
> base-ref: ${{ github.sha }}
> source: sdk
> path: sdk
> version: ${{ needs.prerequisites.outputs.version }}
> additive: false
> # Avoid including other language SDKs & artifacts in the commit
> files: |
> go.*
> go/**
> !*.tar.gz
269c244,258
< name: #{{ .Config.providerDefaultBranch }}#
---
> verify-release:
> name: verify-release
> needs:
> - prerequisites
> - publish
> - publish_sdk
> - publish_go_sdk
> uses: ./.github/workflows/verify-release.yml
> secrets: inherit
> with:
> providerVersion: ${{ needs.prerequisites.outputs.version }}
> # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release.
> enableMacosRunner: false
>
> name: prerelease
272,279c261,262
< branches:
< - #{{ .Config.providerDefaultBranch }}#
< paths-ignore:
< - "**.md"
< tags-ignore:
< - v*
< - sdk/*
< - "**"
---
> tags:
> - v*.*.*-**
```- Loading branch information
1 parent
59792d5
commit 5721995