From 57219950805273c97b591da6e009acfbf6a74430 Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 28 Jun 2024 19:22:06 +0100 Subject: [PATCH] Extract reusable publish workflow (#1007) - Combine release, prerelease and main into a single workflow with minimal options. - This enables verifying all releases except Go on main. We can't verify Go because we don't release Go because that would clutter the git history with tags. ## Prerelease -> Release differences Here's a diff between `prerelease.yml` and `release.yml` before the change. The observed changes are: 1. Extra `IS_PRERELEASE: true` env var 2. Optional extra `create_docs_build` job in `release.yml`. 3. Customised goreleaser args 4. `enableMacosRunner` is disabled for pre-release. 5. Workflow name and tags filters. ```diff 4d3 < IS_PRERELEASE: true 22a22,40 > #{{ if .Config.publishRegistry -}}# > create_docs_build: > name: create_docs_build > needs: publish_go_sdk > runs-on: #{{ .Config.runner.default }}# > steps: > - name: Dispatch Metadata build > uses: peter-evans/repository-dispatch@v3 > with: > token: ${{ secrets.PULUMI_BOT_TOKEN }} > repository: pulumi/registry > event-type: resource-provider > client-payload: |- > { > "project": "${{ github.repository }}", > "project-shortname": "#{{ .Config.provider }}#", > "ref": "${{ github.ref_name }}" > } > #{{ end -}}# 79,80c97 < args: -p #{{ .Config.parallel }}# -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout < #{{ .Config.timeout }}#m0s --- > args: -p #{{ .Config.parallel }}# release --rm-dist --timeout #{{ .Config.timeout }}#m0s 138a156,176 > > clean_up_release_labels: > name: Clean up release labels > #{{ if .Config.publishRegistry -}}# > needs: create_docs_build > #{{ else }}# > needs: tag_sdk > #{{- end }}# > runs-on: #{{ .Config.runner.default }}# > steps: > - name: Checkout Repo > uses: actions/checkout@v4 > - name: Clean up release labels > uses: pulumi/action-release-by-pr-label@main > with: > command: "clean-up-release-labels" > repo: ${{ github.repository }} > commit: ${{ github.sha }} > env: > GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} > 255,256c293 < # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. < enableMacosRunner: false --- > enableMacosRunner: true 258c295 < name: prerelease --- > name: release 262c299,300 < - v*.*.*-** --- > - v*.*.* > - "!v*.*.*-**" ``` ## Main -> Prerelease differences Diff summary: 1. `IS_PRERELEASE` was not set for main. 2. `generate_coverage_data` is only run on main - this is not part of the publish workflow and remains unchanged. 3. `tag_release_if_labeled_needs_release` in only in main - this will remain unchanged. 4. `publish_go_sdk` was not in main - we will skip this in the publish workflow. 5. `verify-release` was not in main - we can add this but skip go on main as we're not publishing it. 6. The triggers & workflow name vary. ```diff 3a4 > IS_PRERELEASE: true 22,63d22 < generate_coverage_data: < continue-on-error: true < env: < COVERAGE_OUTPUT_DIR: ${{ secrets.COVERAGE_OUTPUT_DIR }} < name: generate_coverage_data < needs: prerequisites < runs-on: #{{ .Config.runner.default }}# < steps: < - name: Free Disk Space (Ubuntu) < uses: jlumbroso/free-disk-space@v1.3.1 < with: < tool-cache: false < swap-storage: false < - name: Checkout Repo < uses: #{{ .Config.actionVersions.checkout }}# < #{{- if .Config.checkoutSubmodules }}# < with: < submodules: #{{ .Config.checkoutSubmodules }}# < #{{- end }}# < - name: Configure AWS Credentials < uses: #{{ .Config.actionVersions.configureAwsCredentials }}# < with: < aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} < aws-region: us-west-2 < aws-secret-access-key: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} < - name: Setup tools < uses: ./.github/actions/setup-tools < with: < tools: pulumictl, pulumicli, go, schema-tools < - name: Echo Coverage Output Dir < run: 'echo "Coverage output directory: ${{ env.COVERAGE_OUTPUT_DIR }}"' < - name: Generate Coverage Data < run: PULUMI_MISSING_DOCS_ERROR=true make tfgen < - name: Summarize Provider Coverage Results < run: cat ${{ env.COVERAGE_OUTPUT_DIR }}/shortSummary.txt < - name: Upload coverage data to S3 < run: >- < summaryName="${PROVIDER}_summary_$(date +"%Y-%m-%d_%H-%M-%S").json" < < s3FullURI="s3://${{ secrets.S3_COVERAGE_BUCKET_NAME }}/summaries/${summaryName}" < < aws s3 cp "${{ env.COVERAGE_OUTPUT_DIR }}/summary.json" "${s3FullURI}" --acl bucket-owner-full-control 123d81 < 146,149c104,108 < < tag_release_if_labeled_needs_release: < name: Tag release if labeled as needs-release < needs: publish_sdk --- > publish_go_sdk: > name: publish_go_sdk > needs: > - prerequisites > - publish_sdk 152,153c111,113 < - name: check if this commit needs release < uses: pulumi/action-release-by-pr-label@main --- > - name: Checkout Repo > uses: #{{ .Config.actionVersions.checkout }}# > #{{- if .Config.checkoutSubmodules }}# 155,163c115,138 < command: "release-if-needed" < repo: ${{ github.repository }} < commit: ${{ github.sha }} < slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} < env: < RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} < RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} < GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} < --- > submodules: #{{ .Config.checkoutSubmodules }}# > #{{- end }}# > - name: Download Go SDK > uses: actions/download-artifact@v4 > with: > name: go-sdk.tar.gz > path: ${{ github.workspace }}/sdk/ > - name: Uncompress Go SDK > run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C > ${{ github.workspace }}/sdk/go > shell: bash > - uses: pulumi/publish-go-sdk-action@v1 > with: > repository: ${{ github.repository }} > base-ref: ${{ github.sha }} > source: sdk > path: sdk > version: ${{ needs.prerequisites.outputs.version }} > additive: false > # Avoid including other language SDKs & artifacts in the commit > files: | > go.* > go/** > !*.tar.gz 269c244,258 < name: #{{ .Config.providerDefaultBranch }}# --- > verify-release: > name: verify-release > needs: > - prerequisites > - publish > - publish_sdk > - publish_go_sdk > uses: ./.github/workflows/verify-release.yml > secrets: inherit > with: > providerVersion: ${{ needs.prerequisites.outputs.version }} > # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. > enableMacosRunner: false > > name: prerelease 272,279c261,262 < branches: < - #{{ .Config.providerDefaultBranch }}# < paths-ignore: < - "**.md" < tags-ignore: < - v* < - sdk/* < - "**" --- > tags: > - v*.*.*-** ``` --- .../.github/workflows/main.yml | 70 +------ .../.github/workflows/prerelease.yml | 114 +---------- .../.github/workflows/publish.yml | 172 ++++++++++++++++ .../.github/workflows/release.yml | 150 +------------- .../.github/workflows/verify-release.yml | 6 + .../aws/.github/workflows/master.yml | 66 +----- .../aws/.github/workflows/prerelease.yml | 108 +--------- .../aws/.github/workflows/publish.yml | 180 +++++++++++++++++ .../aws/.github/workflows/release.yml | 139 +------------ .../aws/.github/workflows/verify-release.yml | 5 + .../cloudflare/.github/workflows/master.yml | 62 +----- .../.github/workflows/prerelease.yml | 102 +--------- .../cloudflare/.github/workflows/publish.yml | 175 ++++++++++++++++ .../cloudflare/.github/workflows/release.yml | 133 +------------ .../.github/workflows/verify-release.yml | 5 + .../docker/.github/workflows/master.yml | 62 +----- .../docker/.github/workflows/prerelease.yml | 102 +--------- .../docker/.github/workflows/publish.yml | 188 ++++++++++++++++++ .../docker/.github/workflows/release.yml | 133 +------------ .../.github/workflows/verify-release.yml | 5 + 20 files changed, 812 insertions(+), 1165 deletions(-) create mode 100644 provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/publish.yml create mode 100644 provider-ci/test-providers/aws/.github/workflows/publish.yml create mode 100644 provider-ci/test-providers/cloudflare/.github/workflows/publish.yml create mode 100644 provider-ci/test-providers/docker/.github/workflows/publish.yml diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/main.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/main.yml index 11f0dfdd1c..6eb947b724 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/main.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/main.yml @@ -82,71 +82,16 @@ jobs: #{{- range $action, $_ := .Config.extraTests }}# - #{{ $action }}# #{{- end }}# - runs-on: #{{ if .Config.runner.publish }}##{{- .Config.runner.publish }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# -#{{- if .Config.checkoutSubmodules }}# - with: - submodules: #{{ .Config.checkoutSubmodules }}# -#{{- end }}# - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: #{{ .Config.actionVersions.configureAwsCredentials }}# - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: #{{ .Config.provider }}#@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: #{{ .Config.actionVersions.goReleaser }}# - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p #{{ .Config.parallel }}# -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - #{{ .Config.timeout }}#m0s - version: latest - - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: #{{ .Config.runner.default }}# - steps: - - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# -#{{- if .Config.checkoutSubmodules }}# - with: - submodules: #{{ .Config.checkoutSubmodules }}# -#{{- end }}# - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: #{{ .Config.publish.publisherAction }}# - with: - sdk: #{{ .Config.publish.sdk }}# - version: ${{ needs.prerequisites.outputs.version }} + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + skipGoSdk: true tag_release_if_labeled_needs_release: name: Tag release if labeled as needs-release - needs: publish_sdk + needs: publish runs-on: #{{ .Config.runner.default }}# steps: - name: check if this commit needs release @@ -268,6 +213,7 @@ jobs: #{{ end }}# name: #{{ .Config.providerDefaultBranch }}# on: + workflow_dispatch: {} push: branches: - #{{ .Config.providerDefaultBranch }}# diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerelease.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerelease.yml index 7cc145cd81..2283cc0090 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerelease.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerelease.yml @@ -41,101 +41,12 @@ jobs: #{{- range $action, $_ := .Config.extraTests }}# - #{{ $action }}# #{{- end }}# - runs-on: #{{ if .Config.runner.publish }}##{{- .Config.runner.publish }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# -#{{- if .Config.checkoutSubmodules }}# - with: - submodules: #{{ .Config.checkoutSubmodules }}# -#{{- end }}# - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: #{{ .Config.actionVersions.configureAwsCredentials }}# - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: #{{ .Config.provider }}#@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: #{{ .Config.actionVersions.goReleaser }}# - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p #{{ .Config.parallel }}# -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - #{{ .Config.timeout }}#m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: #{{ .Config.runner.default }}# - steps: - - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# -#{{- if .Config.checkoutSubmodules }}# - with: - submodules: #{{ .Config.checkoutSubmodules }}# -#{{- end }}# - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: #{{ .Config.publish.publisherAction }}# - with: - sdk: #{{ .Config.publish.sdk }}# - version: ${{ needs.prerequisites.outputs.version }} - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: #{{ .Config.runner.default }}# - steps: - - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# -#{{- if .Config.checkoutSubmodules }}# - with: - submodules: #{{ .Config.checkoutSubmodules }}# -#{{- end }}# - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + test: name: test needs: @@ -241,19 +152,6 @@ jobs: #{{- if .Config.extraTests }}# #{{ .Config.extraTests | toYaml | indent 2 }}# #{{ end }}# - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. - enableMacosRunner: false name: prerelease on: diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/publish.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/publish.yml new file mode 100644 index 0000000000..6d8d025910 --- /dev/null +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/publish.yml @@ -0,0 +1,172 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: Publish + +on: + workflow_call: + inputs: + version: + required: true + type: string + isPrerelease: + required: true + type: boolean + skipGoSdk: + default: false + type: boolean + description: Skip publishing & verifying the Go SDK + +env: + IS_PRERELEASE: ${{ inputs.isPrerelease }} +#{{ .Config.env | toYaml | indent 2 }}# + +jobs: + publish: + name: publish + runs-on: #{{ if .Config.runner.publish }}##{{- .Config.runner.publish }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# + steps: + - name: Validate prerelease + if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) + run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1 + - name: Validate skipGoSdk + if: inputs.skipGoSdk && inputs.isPrerelease == false + run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@v1.3.1 + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: false + swap-storage: false + - name: Checkout Repo + uses: #{{ .Config.actionVersions.checkout }}# +#{{- if .Config.checkoutSubmodules }}# + with: + submodules: #{{ .Config.checkoutSubmodules }}# +#{{- end }}# + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go + - name: Configure AWS Credentials + uses: #{{ .Config.actionVersions.configureAwsCredentials }}# + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-external-id: upload-pulumi-release + role-session-name: #{{ .Config.provider }}#@githubActions + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Run GoReleaser + if: inputs.isPrerelease == false + uses: #{{ .Config.actionVersions.goReleaser }}# + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p #{{ .Config.parallel }}# release --rm-dist --timeout #{{ .Config.timeout }}#m0s + version: latest + - name: Run GoReleaser (prerelease) + if: inputs.isPrerelease == true + uses: #{{ .Config.actionVersions.goReleaser }}# + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p #{{ .Config.parallel }}# -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout + #{{ .Config.timeout }}#m0s + version: latest + + publish_sdk: + name: publish_sdk + needs: publish + runs-on: #{{ .Config.runner.default }}# + steps: + - name: Checkout Repo + uses: #{{ .Config.actionVersions.checkout }}# +#{{- if .Config.checkoutSubmodules }}# + with: + submodules: #{{ .Config.checkoutSubmodules }}# +#{{- end }}# + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, node, dotnet, python, java + - name: Publish SDKs + uses: pulumi/pulumi-package-publisher@v0.0.19 + with: + sdk: #{{ .Config.publish.sdk }}# + version: ${{ inputs.version }} + - name: Download Go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - uses: pulumi/publish-go-sdk-action@v1 + if: inputs.skipGoSdk == false + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ inputs.version }} + additive: false + # Avoid including other language SDKs & artifacts in the commit + files: | + go.* + go/** + !*.tar.gz + +#{{- if .Config.publishRegistry }}# + create_docs_build: + name: create_docs_build + needs: publish_sdk + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + runs-on: #{{ .Config.runner.default }}# + steps: + - name: Dispatch Metadata build + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: pulumi/registry + event-type: resource-provider + client-payload: |- + { + "project": "${{ github.repository }}", + "project-shortname": "#{{ .Config.provider }}#", + "ref": "${{ github.ref_name }}" + } +#{{- end }}# + + clean_up_release_labels: + name: Clean up release labels + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + #{{ if .Config.publishRegistry -}}# + needs: create_docs_build + #{{ else }}# + needs: publish_sdk + #{{- end }}# + runs-on: #{{ .Config.runner.default }}# + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Clean up release labels + uses: pulumi/action-release-by-pr-label@main + with: + command: "clean-up-release-labels" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/release.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/release.yml index cedf7eaf94..becb1f48d4 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/release.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/release.yml @@ -19,25 +19,6 @@ jobs: with: version: ${{ needs.prerequisites.outputs.version }} - #{{ if .Config.publishRegistry -}}# - create_docs_build: - name: create_docs_build - needs: publish_go_sdk - runs-on: #{{ .Config.runner.default }}# - steps: - - name: Dispatch Metadata build - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.PULUMI_BOT_TOKEN }} - repository: pulumi/registry - event-type: resource-provider - client-payload: |- - { - "project": "${{ github.repository }}", - "project-shortname": "#{{ .Config.provider }}#", - "ref": "${{ github.ref_name }}" - } - #{{ end -}}# #{{ if .Config.lint -}}# lint: name: lint @@ -59,120 +40,11 @@ jobs: #{{- range $action, $_ := .Config.extraTests }}# - #{{ $action }}# #{{- end }}# - runs-on: #{{ if .Config.runner.publish }}##{{- .Config.runner.publish }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# -#{{- if .Config.checkoutSubmodules }}# - with: - submodules: #{{ .Config.checkoutSubmodules }}# -#{{- end }}# - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: #{{ .Config.actionVersions.configureAwsCredentials }}# - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: #{{ .Config.provider }}#@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: #{{ .Config.actionVersions.goReleaser }}# - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p #{{ .Config.parallel }}# release --rm-dist --timeout #{{ .Config.timeout }}#m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: #{{ .Config.runner.default }}# - steps: - - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# -#{{- if .Config.checkoutSubmodules }}# - with: - submodules: #{{ .Config.checkoutSubmodules }}# -#{{- end }}# - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: #{{ .Config.publish.publisherAction }}# - with: - sdk: #{{ .Config.publish.sdk }}# - version: ${{ needs.prerequisites.outputs.version }} - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: #{{ .Config.runner.default }}# - steps: - - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# -#{{- if .Config.checkoutSubmodules }}# - with: - submodules: #{{ .Config.checkoutSubmodules }}# -#{{- end }}# - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz - - clean_up_release_labels: - name: Clean up release labels - #{{ if .Config.publishRegistry -}}# - needs: create_docs_build - #{{ else }}# - needs: tag_sdk - #{{- end }}# - runs-on: #{{ .Config.runner.default }}# - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Clean up release labels - uses: pulumi/action-release-by-pr-label@main - with: - command: "clean-up-release-labels" - repo: ${{ github.repository }} - commit: ${{ github.sha }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: false test: name: test @@ -279,18 +151,6 @@ jobs: #{{- if .Config.extraTests }}# #{{ .Config.extraTests | toYaml | indent 2 }}# #{{ end }}# - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - enableMacosRunner: true name: release on: diff --git a/provider-ci/internal/pkg/templates/provider/.github/workflows/verify-release.yml b/provider-ci/internal/pkg/templates/provider/.github/workflows/verify-release.yml index 24175de8c1..db2616d78b 100644 --- a/provider-ci/internal/pkg/templates/provider/.github/workflows/verify-release.yml +++ b/provider-ci/internal/pkg/templates/provider/.github/workflows/verify-release.yml @@ -22,6 +22,11 @@ on: required: false type: boolean default: false + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build." + required: false + type: boolean + default: false env: #{{ .Config.env | toYaml | indent 2 }}# @@ -89,6 +94,7 @@ jobs: #{{- if .Config.releaseVerification.go }}# - name: Verify go release uses: pulumi/verify-provider-release@v1 + if: inputs.skipGoSdk == false with: runtime: go directory: #{{ .Config.releaseVerification.go }}# diff --git a/provider-ci/test-providers/aws/.github/workflows/master.yml b/provider-ci/test-providers/aws/.github/workflows/master.yml index 7c2161f3fe..aaf8c38fdf 100644 --- a/provider-ci/test-providers/aws/.github/workflows/master.yml +++ b/provider-ci/test-providers/aws/.github/workflows/master.yml @@ -91,67 +91,16 @@ jobs: - go_test_shim - provider_test - test_oidc - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: aws@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 1 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 150m0s - version: latest - - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + skipGoSdk: true tag_release_if_labeled_needs_release: name: Tag release if labeled as needs-release - needs: publish_sdk + needs: publish runs-on: ubuntu-latest steps: - name: check if this commit needs release @@ -429,6 +378,7 @@ jobs: name: master on: + workflow_dispatch: {} push: branches: - master diff --git a/provider-ci/test-providers/aws/.github/workflows/prerelease.yml b/provider-ci/test-providers/aws/.github/workflows/prerelease.yml index 3b78bfd8a1..a0f3af4450 100644 --- a/provider-ci/test-providers/aws/.github/workflows/prerelease.yml +++ b/provider-ci/test-providers/aws/.github/workflows/prerelease.yml @@ -52,95 +52,12 @@ jobs: - go_test_shim - provider_test - test_oidc - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: aws@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 1 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 150m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + test: name: test needs: @@ -402,19 +319,6 @@ jobs: language: - nodejs - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. - enableMacosRunner: false name: prerelease on: diff --git a/provider-ci/test-providers/aws/.github/workflows/publish.yml b/provider-ci/test-providers/aws/.github/workflows/publish.yml new file mode 100644 index 0000000000..4cbebe2f3a --- /dev/null +++ b/provider-ci/test-providers/aws/.github/workflows/publish.yml @@ -0,0 +1,180 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: Publish + +on: + workflow_call: + inputs: + version: + required: true + type: string + isPrerelease: + required: true + type: boolean + skipGoSdk: + default: false + type: boolean + description: Skip publishing & verifying the Go SDK + +env: + IS_PRERELEASE: ${{ inputs.isPrerelease }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PULUMI_MISSING_DOCS_ERROR: true + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + publish: + name: publish + runs-on: ubuntu-latest + steps: + - name: Validate prerelease + if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) + run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1 + - name: Validate skipGoSdk + if: inputs.skipGoSdk && inputs.isPrerelease == false + run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@v1.3.1 + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: false + swap-storage: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + submodules: true + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-external-id: upload-pulumi-release + role-session-name: aws@githubActions + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Run GoReleaser + if: inputs.isPrerelease == false + uses: goreleaser/goreleaser-action@v5 + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p 1 release --rm-dist --timeout 150m0s + version: latest + - name: Run GoReleaser (prerelease) + if: inputs.isPrerelease == true + uses: goreleaser/goreleaser-action@v5 + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p 1 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout + 150m0s + version: latest + + publish_sdk: + name: publish_sdk + needs: publish + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + submodules: true + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, node, dotnet, python, java + - name: Publish SDKs + uses: pulumi/pulumi-package-publisher@v0.0.19 + with: + sdk: all + version: ${{ inputs.version }} + - name: Download Go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - uses: pulumi/publish-go-sdk-action@v1 + if: inputs.skipGoSdk == false + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ inputs.version }} + additive: false + # Avoid including other language SDKs & artifacts in the commit + files: | + go.* + go/** + !*.tar.gz + create_docs_build: + name: create_docs_build + needs: publish_sdk + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + runs-on: ubuntu-latest + steps: + - name: Dispatch Metadata build + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: pulumi/registry + event-type: resource-provider + client-payload: |- + { + "project": "${{ github.repository }}", + "project-shortname": "aws", + "ref": "${{ github.ref_name }}" + } + + clean_up_release_labels: + name: Clean up release labels + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + needs: create_docs_build + + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Clean up release labels + uses: pulumi/action-release-by-pr-label@main + with: + command: "clean-up-release-labels" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/provider-ci/test-providers/aws/.github/workflows/release.yml b/provider-ci/test-providers/aws/.github/workflows/release.yml index 9e332f0a9d..820dbc0d04 100644 --- a/provider-ci/test-providers/aws/.github/workflows/release.yml +++ b/provider-ci/test-providers/aws/.github/workflows/release.yml @@ -37,23 +37,6 @@ jobs: with: version: ${{ needs.prerequisites.outputs.version }} - create_docs_build: - name: create_docs_build - needs: publish_go_sdk - runs-on: ubuntu-latest - steps: - - name: Dispatch Metadata build - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.PULUMI_BOT_TOKEN }} - repository: pulumi/registry - event-type: resource-provider - client-payload: |- - { - "project": "${{ github.repository }}", - "project-shortname": "aws", - "ref": "${{ github.ref_name }}" - } license_check: name: License Check uses: ./.github/workflows/license.yml @@ -68,111 +51,11 @@ jobs: - go_test_shim - provider_test - test_oidc - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: aws@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 1 release --rm-dist --timeout 150m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz - - clean_up_release_labels: - name: Clean up release labels - needs: create_docs_build - - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Clean up release labels - uses: pulumi/action-release-by-pr-label@main - with: - command: "clean-up-release-labels" - repo: ${{ github.repository }} - commit: ${{ github.sha }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: false test: name: test @@ -435,18 +318,6 @@ jobs: language: - nodejs - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - enableMacosRunner: true name: release on: diff --git a/provider-ci/test-providers/aws/.github/workflows/verify-release.yml b/provider-ci/test-providers/aws/.github/workflows/verify-release.yml index 3006d5a7fa..c9c7dbe805 100644 --- a/provider-ci/test-providers/aws/.github/workflows/verify-release.yml +++ b/provider-ci/test-providers/aws/.github/workflows/verify-release.yml @@ -22,6 +22,11 @@ on: required: false type: boolean default: false + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build." + required: false + type: boolean + default: false env: AWS_REGION: us-west-2 diff --git a/provider-ci/test-providers/cloudflare/.github/workflows/master.yml b/provider-ci/test-providers/cloudflare/.github/workflows/master.yml index 50e40c30cb..ac3ec49cf1 100644 --- a/provider-ci/test-providers/cloudflare/.github/workflows/master.yml +++ b/provider-ci/test-providers/cloudflare/.github/workflows/master.yml @@ -89,63 +89,16 @@ jobs: - prerequisites - test - license_check - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: cloudflare@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 60m0s - version: latest - - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + skipGoSdk: true tag_release_if_labeled_needs_release: name: Tag release if labeled as needs-release - needs: publish_sdk + needs: publish runs-on: ubuntu-latest steps: - name: check if this commit needs release @@ -218,6 +171,7 @@ jobs: - java name: master on: + workflow_dispatch: {} push: branches: - master diff --git a/provider-ci/test-providers/cloudflare/.github/workflows/prerelease.yml b/provider-ci/test-providers/cloudflare/.github/workflows/prerelease.yml index 10d8c166db..d921caedb7 100644 --- a/provider-ci/test-providers/cloudflare/.github/workflows/prerelease.yml +++ b/provider-ci/test-providers/cloudflare/.github/workflows/prerelease.yml @@ -52,89 +52,12 @@ jobs: - prerequisites - test - license_check - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: cloudflare@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 60m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + test: name: test needs: @@ -191,19 +114,6 @@ jobs: - dotnet - go - java - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. - enableMacosRunner: false name: prerelease on: diff --git a/provider-ci/test-providers/cloudflare/.github/workflows/publish.yml b/provider-ci/test-providers/cloudflare/.github/workflows/publish.yml new file mode 100644 index 0000000000..a26ece49bb --- /dev/null +++ b/provider-ci/test-providers/cloudflare/.github/workflows/publish.yml @@ -0,0 +1,175 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: Publish + +on: + workflow_call: + inputs: + version: + required: true + type: string + isPrerelease: + required: true + type: boolean + skipGoSdk: + default: false + type: boolean + description: Skip publishing & verifying the Go SDK + +env: + IS_PRERELEASE: ${{ inputs.isPrerelease }} + CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} + CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + publish: + name: publish + runs-on: ubuntu-latest + steps: + - name: Validate prerelease + if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) + run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1 + - name: Validate skipGoSdk + if: inputs.skipGoSdk && inputs.isPrerelease == false + run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@v1.3.1 + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: false + swap-storage: false + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-external-id: upload-pulumi-release + role-session-name: cloudflare@githubActions + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Run GoReleaser + if: inputs.isPrerelease == false + uses: goreleaser/goreleaser-action@v5 + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p 3 release --rm-dist --timeout 60m0s + version: latest + - name: Run GoReleaser (prerelease) + if: inputs.isPrerelease == true + uses: goreleaser/goreleaser-action@v5 + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout + 60m0s + version: latest + + publish_sdk: + name: publish_sdk + needs: publish + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, node, dotnet, python, java + - name: Publish SDKs + uses: pulumi/pulumi-package-publisher@v0.0.19 + with: + sdk: all + version: ${{ inputs.version }} + - name: Download Go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - uses: pulumi/publish-go-sdk-action@v1 + if: inputs.skipGoSdk == false + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ inputs.version }} + additive: false + # Avoid including other language SDKs & artifacts in the commit + files: | + go.* + go/** + !*.tar.gz + create_docs_build: + name: create_docs_build + needs: publish_sdk + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + runs-on: ubuntu-latest + steps: + - name: Dispatch Metadata build + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: pulumi/registry + event-type: resource-provider + client-payload: |- + { + "project": "${{ github.repository }}", + "project-shortname": "cloudflare", + "ref": "${{ github.ref_name }}" + } + + clean_up_release_labels: + name: Clean up release labels + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + needs: create_docs_build + + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Clean up release labels + uses: pulumi/action-release-by-pr-label@main + with: + command: "clean-up-release-labels" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/provider-ci/test-providers/cloudflare/.github/workflows/release.yml b/provider-ci/test-providers/cloudflare/.github/workflows/release.yml index 384518e8a9..38e569ce4c 100644 --- a/provider-ci/test-providers/cloudflare/.github/workflows/release.yml +++ b/provider-ci/test-providers/cloudflare/.github/workflows/release.yml @@ -36,23 +36,6 @@ jobs: with: version: ${{ needs.prerequisites.outputs.version }} - create_docs_build: - name: create_docs_build - needs: publish_go_sdk - runs-on: ubuntu-latest - steps: - - name: Dispatch Metadata build - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.PULUMI_BOT_TOKEN }} - repository: pulumi/registry - event-type: resource-provider - client-payload: |- - { - "project": "${{ github.repository }}", - "project-shortname": "cloudflare", - "ref": "${{ github.ref_name }}" - } lint: name: lint uses: ./.github/workflows/lint.yml @@ -68,105 +51,11 @@ jobs: - prerequisites - test - license_check - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: cloudflare@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 3 release --rm-dist --timeout 60m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz - - clean_up_release_labels: - name: Clean up release labels - needs: create_docs_build - - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Clean up release labels - uses: pulumi/action-release-by-pr-label@main - with: - command: "clean-up-release-labels" - repo: ${{ github.repository }} - commit: ${{ github.sha }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: false test: name: test @@ -224,18 +113,6 @@ jobs: - dotnet - go - java - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - enableMacosRunner: true name: release on: diff --git a/provider-ci/test-providers/cloudflare/.github/workflows/verify-release.yml b/provider-ci/test-providers/cloudflare/.github/workflows/verify-release.yml index cc56122dae..00906aaefd 100644 --- a/provider-ci/test-providers/cloudflare/.github/workflows/verify-release.yml +++ b/provider-ci/test-providers/cloudflare/.github/workflows/verify-release.yml @@ -22,6 +22,11 @@ on: required: false type: boolean default: false + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build." + required: false + type: boolean + default: false env: CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} diff --git a/provider-ci/test-providers/docker/.github/workflows/master.yml b/provider-ci/test-providers/docker/.github/workflows/master.yml index ada1b60ddd..4e7118c3b0 100644 --- a/provider-ci/test-providers/docker/.github/workflows/master.yml +++ b/provider-ci/test-providers/docker/.github/workflows/master.yml @@ -102,63 +102,16 @@ jobs: - prerequisites - test - license_check - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: docker@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 60m0s - version: latest - - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + skipGoSdk: true tag_release_if_labeled_needs_release: name: Tag release if labeled as needs-release - needs: publish_sdk + needs: publish runs-on: ubuntu-latest steps: - name: check if this commit needs release @@ -252,6 +205,7 @@ jobs: - java name: master on: + workflow_dispatch: {} push: branches: - master diff --git a/provider-ci/test-providers/docker/.github/workflows/prerelease.yml b/provider-ci/test-providers/docker/.github/workflows/prerelease.yml index b6bc955a81..95231ac815 100644 --- a/provider-ci/test-providers/docker/.github/workflows/prerelease.yml +++ b/provider-ci/test-providers/docker/.github/workflows/prerelease.yml @@ -65,89 +65,12 @@ jobs: - prerequisites - test - license_check - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: docker@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 60m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + test: name: test needs: @@ -225,19 +148,6 @@ jobs: - dotnet - go - java - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. - enableMacosRunner: false name: prerelease on: diff --git a/provider-ci/test-providers/docker/.github/workflows/publish.yml b/provider-ci/test-providers/docker/.github/workflows/publish.yml new file mode 100644 index 0000000000..46aabd81b2 --- /dev/null +++ b/provider-ci/test-providers/docker/.github/workflows/publish.yml @@ -0,0 +1,188 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: Publish + +on: + workflow_call: + inputs: + version: + required: true + type: string + isPrerelease: + required: true + type: boolean + skipGoSdk: + default: false + type: boolean + description: Skip publishing & verifying the Go SDK + +env: + IS_PRERELEASE: ${{ inputs.isPrerelease }} + ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e + ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} + ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 + ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 + AWS_REGION: us-west-2 + AZURE_LOCATION: westus + DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} + DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com + GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci + GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci + GOOGLE_PROJECT: pulumi-ci-gcp-provider + GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_REGION: us-central1 + GOOGLE_ZONE: us-central1-a + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + publish: + name: publish + runs-on: ubuntu-latest + steps: + - name: Validate prerelease + if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) + run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1 + - name: Validate skipGoSdk + if: inputs.skipGoSdk && inputs.isPrerelease == false + run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@v1.3.1 + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: false + swap-storage: false + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-external-id: upload-pulumi-release + role-session-name: docker@githubActions + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Run GoReleaser + if: inputs.isPrerelease == false + uses: goreleaser/goreleaser-action@v5 + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p 3 release --rm-dist --timeout 60m0s + version: latest + - name: Run GoReleaser (prerelease) + if: inputs.isPrerelease == true + uses: goreleaser/goreleaser-action@v5 + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout + 60m0s + version: latest + + publish_sdk: + name: publish_sdk + needs: publish + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, node, dotnet, python, java + - name: Publish SDKs + uses: pulumi/pulumi-package-publisher@v0.0.19 + with: + sdk: all + version: ${{ inputs.version }} + - name: Download Go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - uses: pulumi/publish-go-sdk-action@v1 + if: inputs.skipGoSdk == false + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ inputs.version }} + additive: false + # Avoid including other language SDKs & artifacts in the commit + files: | + go.* + go/** + !*.tar.gz + create_docs_build: + name: create_docs_build + needs: publish_sdk + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + runs-on: ubuntu-latest + steps: + - name: Dispatch Metadata build + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: pulumi/registry + event-type: resource-provider + client-payload: |- + { + "project": "${{ github.repository }}", + "project-shortname": "docker", + "ref": "${{ github.ref_name }}" + } + + clean_up_release_labels: + name: Clean up release labels + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + needs: create_docs_build + + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Clean up release labels + uses: pulumi/action-release-by-pr-label@main + with: + command: "clean-up-release-labels" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/provider-ci/test-providers/docker/.github/workflows/release.yml b/provider-ci/test-providers/docker/.github/workflows/release.yml index bde62ec405..527ee7fa97 100644 --- a/provider-ci/test-providers/docker/.github/workflows/release.yml +++ b/provider-ci/test-providers/docker/.github/workflows/release.yml @@ -49,23 +49,6 @@ jobs: with: version: ${{ needs.prerequisites.outputs.version }} - create_docs_build: - name: create_docs_build - needs: publish_go_sdk - runs-on: ubuntu-latest - steps: - - name: Dispatch Metadata build - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.PULUMI_BOT_TOKEN }} - repository: pulumi/registry - event-type: resource-provider - client-payload: |- - { - "project": "${{ github.repository }}", - "project-shortname": "docker", - "ref": "${{ github.ref_name }}" - } lint: name: lint uses: ./.github/workflows/lint.yml @@ -81,105 +64,11 @@ jobs: - prerequisites - test - license_check - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: docker@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 3 release --rm-dist --timeout 60m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz - - clean_up_release_labels: - name: Clean up release labels - needs: create_docs_build - - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Clean up release labels - uses: pulumi/action-release-by-pr-label@main - with: - command: "clean-up-release-labels" - repo: ${{ github.repository }} - commit: ${{ github.sha }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: false test: name: test @@ -258,18 +147,6 @@ jobs: - dotnet - go - java - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - enableMacosRunner: true name: release on: diff --git a/provider-ci/test-providers/docker/.github/workflows/verify-release.yml b/provider-ci/test-providers/docker/.github/workflows/verify-release.yml index c44ad18290..1af8d258e0 100644 --- a/provider-ci/test-providers/docker/.github/workflows/verify-release.yml +++ b/provider-ci/test-providers/docker/.github/workflows/verify-release.yml @@ -22,6 +22,11 @@ on: required: false type: boolean default: false + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build." + required: false + type: boolean + default: false env: ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e