name: Pull Request permissions: # To create a draft release. contents: write # To comment on PRs. pull-requests: write # To sign artifacts. id-token: write on: pull_request: paths-ignore: - "sdk/.version" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true # The jobs in this workflow are only run on branches. The `on-community-pr.yml` job provides # commands for running workflows from forks. jobs: changelog-comment: name: changelog preview if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} permissions: contents: read pull-requests: write uses: ./.github/workflows/on-pr-changelog.yml with: ref: ${{ github.ref }} base-ref: origin/${{ github.base_ref }} pr-number: ${{ github.event.pull_request.number }} changelog-required: ${{ !contains(github.event.pull_request.labels.*.name, 'impact/no-changelog-required') }} secrets: inherit info: name: info if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} uses: ./.github/workflows/ci-info.yml permissions: contents: read with: ref: ${{ github.ref }} is-snapshot: true secrets: inherit # Determines which files have changed so we can avoid running expensive tests # if they're not necessary. inspect: name: Inspect changed files runs-on: ubuntu-latest steps: - uses: dorny/paths-filter@v3 id: changes with: token: ${{ secrets.PULUMI_BOT_TOKEN }} filters: | # If files matching any of these patterns change, # we will run codegen tests for pull requests. test-codegen: - 'pkg/codegen/docs/**' - 'pkg/codegen/dotnet/**' - 'pkg/codegen/go/**' - 'pkg/codegen/nodejs/**' - 'pkg/codegen/python/**' outputs: # Add an entry here for every named pattern # defined in filters. test-codegen: ${{ steps.changes.outputs.test-codegen }} ci: name: CI if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} needs: [info, inspect] uses: ./.github/workflows/ci.yml permissions: contents: read # To sign artifacts. id-token: write with: ref: ${{ github.ref }} version: ${{ needs.info.outputs.version }} lint: true build-all-targets: ${{ contains(github.event.pull_request.labels.*.name, 'ci/test') }} # codegen tests take quite a while to run. # Run them only if ci/test is set, # or if one of the codegen files changed. test-codegen: >- # No newlines or trailing newline. ${{ contains(github.event.pull_request.labels.*.name, 'ci/test') || (needs.inspect.outputs.test-codegen == 'true') }} test-version-sets: >- # No newlines or trailing newline. ${{ contains(github.event.pull_request.labels.*.name, 'ci/test') && 'minimum current' || 'current' }} integration-test-platforms: ubuntu-latest acceptance-test-platforms: >- # No newlines or trailing newline. ${{ contains(github.event.pull_request.labels.*.name, 'ci/test') && 'macos-latest windows-latest' || '' }} # We'll only upload coverage artifacts with the periodic-coverage cron workflow. enable-coverage: false secrets: inherit prepare-release: name: prepare if: >- # No newlines or trailing newline. ${{ github.event.pull_request.head.repo.full_name == github.repository && contains(github.event.pull_request.labels.*.name, 'ci/test') }} needs: [info, ci] uses: ./.github/workflows/ci-prepare-release.yml permissions: contents: write # To sign artifacts. id-token: write with: ref: ${{ github.ref }} version: ${{ needs.info.outputs.version }} release-notes: ${{ needs.info.outputs.release-notes }} project: ${{ github.repository }} draft: true prerelease: true secrets: inherit ci-ok: name: ci-ok needs: [ci] runs-on: ubuntu-latest steps: - name: CI succeeded run: exit 0 # release: # name: release # if: ${{ contains(github.event.pull_request.labels.*.name, 'ci/test') }} # needs: [info, matrix, prepare-release] # uses: ./.github/workflows/release.yml # permissions: # contents: write # pull-requests: write # with: # ref: ${{ github.ref }} # version: ${{ needs.info.outputs.version }} # release-notes: ${{ needs.info.outputs.release-notes }} # version-set: ${{ needs.matrix.outputs.version-set }} # queue-merge: false # secrets: inherit