name: Build Binaries permissions: contents: read on: workflow_call: inputs: ref: required: true description: "GitHub ref to use" type: string os: required: true description: "Target OS (i.e.: GOOS)" type: string arch: required: true description: "Target Architecture (i.e.: GOARCH)" type: string build-platform: required: false default: ubuntu-latest description: 'Build platform (i.e.: runs-on) for job' type: string dev-version: required: false description: "Dev version to bake into the binary" type: string version: required: true description: "Version to produce" type: string version-set: required: true description: "Set of language versions to use for builds, lints, releases, etc." type: string enable-coverage: description: "Build coverage instrumented binaries" default: false required: false type: boolean enable-race-detection: description: "Build binaries with race detection" default: false required: false type: boolean defaults: run: shell: bash env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: build: name: ${{ inputs.os }}-${{ inputs.arch }} runs-on: ${{ inputs.build-platform }} permissions: id-token: write steps: - name: "Windows cache workaround" # https://github.com/actions/cache/issues/752#issuecomment-1222415717 # but only modify the path by adding tar.exe if: ${{ runner.os == 'Windows' }} env: TOOL_BIN: ${{ runner.temp }}/tar-bin run: | set -x mkdir -p "${TOOL_BIN}" cp "C:/Program Files/Git/usr/bin/tar.exe" "${TOOL_BIN}" PATH="${TOOL_BIN}:${PATH}" echo "$TOOL_BIN" | tee -a "$GITHUB_PATH" command -v tar tar --version - uses: actions/checkout@v4 with: ref: ${{ inputs.ref }} - name: Configure Go Cache Key env: CACHE_KEY: "${{ fromJson(inputs.version-set).go }}-${{ runner.os }}-${{ runner.arch }}" run: echo "$CACHE_KEY" > .gocache.tmp - uses: actions/setup-go@v5 with: go-version: ${{ fromJson(inputs.version-set).go }} check-latest: true cache: true cache-dependency-path: | pkg/go.sum .gocache.tmp - name: Setup versioning env vars run: | ./scripts/versions.sh | tee -a "${GITHUB_ENV}" - name: Install GoReleaser uses: goreleaser/goreleaser-action@v6 with: install-only: true distribution: goreleaser-pro - name: Prepare bin dir for goreleaser env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GOOS: ${{ inputs.os }} GOARCH: ${{ inputs.arch }} run: ./scripts/prep-for-goreleaser.sh local - name: Show files and permissions if: ${{ runner.os != 'macOS'}} run: find bin -type f -printf "%M %p/"\\n - name: Show files and permissions if: ${{ runner.os == 'macOS'}} run: | brew install findutils gfind bin -type f -printf "%M %p/"\\n - name: Package shell: bash env: GORELEASER_CURRENT_TAG: v${{ inputs.version }} PULUMI_VERSION: ${{ inputs.dev-version || inputs.version }} PULUMI_BUILD_MODE: ${{ inputs.enable-coverage && 'coverage' || 'normal' }} PULUMI_ENABLE_RACE_DETECTION: ${{ inputs.enable-race-detection && 'true' || 'false' }} run: | set -euxo pipefail # Spurious, this command requires piping via stdin # shellcheck disable=SC2002 cat .goreleaser.yml \ | go run github.com/t0yv0/goreleaser-filter@v0.3.0 -goos ${{ inputs.os }} -goarch ${{ inputs.arch }} \ | goreleaser release -f - -p 5 --skip=validate --clean --snapshot - uses: actions/upload-artifact@v4 if: ${{ inputs.os != 'js' }} with: name: artifacts-cli-${{ inputs.os }}-${{ inputs.arch }} overwrite: true retention-days: 1 path: | goreleaser/*.tar.gz goreleaser/*.zip