ci-mgmt onboarding

.ci-mgmt.yaml

@@ -0,0 +1,19 @@
+provider: pulumiservice
+major-version: 0
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_BACKEND_URL: https://api.pulumi-staging.io
+  # Required to properly write "go mod edit -replace=.." when running go examples
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PROVIDER: pulumiservice
+  # Need to pin this as 0.10.0 until codegen is updated
+  PULUMI_JAVA_SDK_VERSION: 0.10.0
+
+  # Lookup nuget packages from this directory as well as default nuget directories
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+
+  PULUMI_TEST_OWNER: service-provider-test-org
+  PULUMI_TEST_USE_SERVICE: true
+template: generic
+shards: 6

.github/actions/download-bin/action.yml

@@ -0,0 +1,17 @@
+name: Download binary assets
+description: Downloads the provider and tfgen binaries to `bin/`.
+
+runs:
+  using: "composite"
+  steps:
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumiservice-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: Untar provider binaries
+      shell: bash
+      # TODO: Assumes `bin` directory. Should this be a `make` target?
+      run: |
+        tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin
+        find ${{ github.workspace }} -name "pulumi-*-pulumiservice" -print -exec chmod +x {} \;

.github/actions/download-sdk/action.yml

@@ -0,0 +1,19 @@
+name: Download SDK asset
+description: Restores the SDK asset for a language.
+
+inputs:
+  language:
+    required: true
+    description: One of nodejs, python, dotnet, go, java
+
+runs:
+  using: "composite"
+  steps:
+    - name: Download ${{ inputs.language }} SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.language }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress SDK folder
+      shell: bash
+      run: tar -zxf ${{ github.workspace }}/sdk/${{ inputs.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ inputs.language }}

.github/actions/setup-tools/action.yml

@@ -0,0 +1,81 @@
+name: Setup tools
+description: Installs Go, Pulumi, pulumictl, schema-tools, Node.JS, Python, dotnet and Java.
+
+inputs:
+  tools:
+    description: |
+      Comma separated list of tools to install. The default of "all" installs all tools. Available tools are:
+        go
+        pulumicli
+        pulumictl
+        schema-tools
+        nodejs
+        python
+        dotnet
+        java
+    default: all
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install Go
+      if: inputs.tools == 'all' || contains(inputs.tools, 'go')
+      uses: actions/setup-go@v5
+      with:
+        go-version: "1.21.x"
+        cache-dependency-path: |
+          provider/*.sum
+          upstream/*.sum
+          sdk/*.sum
+
+    - name: Install pulumictl
+      if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl')
+      uses: jaxxstorm/[email protected]
+      with:
+        tag: v0.0.46
+        repo: pulumi/pulumictl
+
+    - name: Install Pulumi CLI
+      if: inputs.tools == 'all' || contains(inputs.tools, 'pulumicli')
+      uses: pulumi/actions@v6
+      with:
+        pulumi-version: "dev"
+
+    - name: Install Schema Tools
+      if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools')
+      uses: jaxxstorm/[email protected]
+      with:
+        repo: pulumi/schema-tools
+
+    - name: Setup Node
+      if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs')
+      uses: actions/setup-node@v4
+      with:
+        node-version: 20.x
+        registry-url: https://registry.npmjs.org
+
+    - name: Setup DotNet
+      if: inputs.tools == 'all' || contains(inputs.tools, 'dotnet')
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: 6.0.x
+
+    - name: Setup Python
+      if: inputs.tools == 'all' || contains(inputs.tools, 'python')
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.11.8
+
+    - name: Setup Java
+      if: inputs.tools == 'all' || contains(inputs.tools, 'java')
+      uses: actions/setup-java@v4
+      with:
+        cache: gradle
+        distribution: temurin
+        java-version: 11
+
+    - name: Setup Gradle
+      if: inputs.tools == 'all' || contains(inputs.tools, 'java')
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: 7.6

.github/actions/upload-bin/action.yml

@@ -0,0 +1,15 @@
+name: Upload bin assets
+description: Uploads the provider binaries to `bin/`.
+
+runs:
+  using: "composite"
+  steps:
+    - name: Tar provider binaries
+      shell: bash
+      run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-pulumiservice
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: pulumiservice-provider.tar.gz
+        path: ${{ github.workspace }}/bin/provider.tar.gz
+        retention-days: 30

.github/actions/upload-sdk/action.yml

@@ -0,0 +1,20 @@
+name: Upload SDK asset
+description: Upload the SDK for a specific language as an asset for the workflow.
+
+inputs:
+  language:
+    required: true
+    description: One of nodejs, python, dotnet, go, java
+
+runs:
+  using: "composite"
+  steps:
+    - name: Compress SDK folder
+      shell: bash
+      run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} .
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.language  }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz
+        retention-days: 30

.github/workflows/build_provider.yml

@@ -0,0 +1,55 @@
+name: "Build Provider"
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: true
+        type: string
+        description: Version of the provider to build
+
+jobs:
+  build_provider:
+    name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }}
+    runs-on: ubuntu-latest
+    env:
+      PROVIDER_VERSION: ${{ inputs.version }}
+    strategy:
+      fail-fast: true
+      matrix:
+        platform:
+          - os: linux
+            arch: amd64
+          - os: linux
+            arch: arm64
+          - os: darwin
+            arch: amd64
+          - os: darwin
+            arch: arm64
+          - os: windows
+            arch: amd64
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - name: Setup tools
+        uses: ./.github/actions/setup-tools
+        with:
+          tools: pulumictl, go
+      - name: Download schema-embed.json
+        uses: actions/download-artifact@v4
+        with:
+          # Use a pattern to avoid failing if the artifact doesn't exist
+          pattern: schema-embed.*
+          # Avoid creating directories for each artifact
+          merge-multiple: true
+          path: provider/cmd/pulumi-resource-pulumiservice/schema-embed.json
+      - name: Build & package provider
+        run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: pulumi-resource-pulumiservice-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz
+          path: dist/pulumi-resource-pulumiservice-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz
+          retention-days: 30

.github/workflows/build_sdk.yml

@@ -0,0 +1,81 @@
+name: "Build SDK"
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: true
+        type: string
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PROVIDER: pulumiservice
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_BACKEND_URL: https://api.pulumi-staging.io
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PULUMI_JAVA_SDK_VERSION: 0.10.0
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  PULUMI_TEST_OWNER: service-provider-test-org
+  PULUMI_TEST_USE_SERVICE: "true"
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  PYPI_USERNAME: __token__
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  TF_APPEND_USER_AGENT: pulumi
+  PROVIDER_VERSION: ${{ inputs.version }}
+
+jobs:
+  build_sdk:
+    name: build_sdk
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - name: Cache examples generation
+        uses: actions/cache@v4
+        with:
+          path: |
+            .pulumi/examples-cache
+          key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }}
+      - name: Setup tools
+        uses: ./.github/actions/setup-tools
+        with:
+          tools: pulumictl, pulumicli, ${{ matrix.language }}
+      - name: Download bin
+        uses: ./.github/actions/download-bin
+      - name: Install plugins
+        run: make install_plugins
+      - name: Update path
+        run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
+      - name: Build SDK
+        run: make build_${{ matrix.language }}
+      - name: Check worktree clean
+        uses: pulumi/git-status-check-action@v1
+        with:
+          allowed-changes: |
+            sdk/**/pulumi-plugin.json
+            sdk/dotnet/*.csproj
+            sdk/go/**/pulumiUtilities.go
+            sdk/nodejs/package.json
+            sdk/python/pyproject.toml
+      - name: Upload SDK
+        uses: ./.github/actions/upload-sdk
+        with:
+          language: ${{ matrix.language }}

.github/workflows/command-dispatch.yml

@@ -1,32 +1,47 @@
+# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
+
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
   NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
   NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
   PROVIDER: pulumiservice
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
   PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
-  PULUMI_BACKEND_URL: https://app.pulumi-staging.io
+  PULUMI_BACKEND_URL: https://api.pulumi-staging.io
   PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PULUMI_JAVA_SDK_VERSION: 0.10.0
   PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  PULUMI_TEST_OWNER: service-provider-test-org
+  PULUMI_TEST_USE_SERVICE: "true"
   PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
-  PYPI_USERNAME: "__token__"
+  PYPI_USERNAME: __token__
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  TF_APPEND_USER_AGENT: pulumi
 jobs:
   command-dispatch-for-testing:
     name: command-dispatch-for-testing
     runs-on: ubuntu-latest
     steps:
     - name: Checkout Repo
       uses: actions/checkout@v4
-    - uses: peter-evans/slash-command-dispatch@v2
       with:
-        commands: run-acceptance-tests
+        persist-credentials: false
+    - uses: peter-evans/slash-command-dispatch@v4
+      with:
+        commands: |
+          run-acceptance-tests
+          release
         issue-type: pull-request
         permission: write
         reaction-token: ${{ secrets.GITHUB_TOKEN }}
         repository: pulumi/pulumi-pulumiservice
         token: ${{ secrets.PULUMI_BOT_TOKEN }}
-    strategy: {}
-"on":
+name: command-dispatch
+on:
   issue_comment:
     types:
     - created