mirror of https://github.com/pulumi/pulumi.git
200 lines
6.4 KiB
YAML
200 lines
6.4 KiB
YAML
name: Release Actions
|
|
|
|
permissions:
|
|
# To create a PR
|
|
contents: write
|
|
pull-requests: write
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
ref:
|
|
required: true
|
|
description: "GitHub ref to use"
|
|
type: string
|
|
version:
|
|
required: true
|
|
description: "Version to produce"
|
|
type: string
|
|
branch_from_ref:
|
|
required: false
|
|
description: "Commit to branch from, if not the tag"
|
|
type: string
|
|
release-notes:
|
|
required: true
|
|
description: "Release notes to publish"
|
|
type: string
|
|
queue-merge:
|
|
required: false
|
|
default: false
|
|
description: "Whether to queue the release for immediate merge"
|
|
type: boolean
|
|
run-dispatch-commands:
|
|
required: false
|
|
default: false
|
|
# If version contains a '-', i.e.: a prerelease build, these commands are disabled until further notice.
|
|
description: "Whether to run dispatch commands"
|
|
type: boolean
|
|
version-set:
|
|
required: false
|
|
description: "Set of language versions to use for builds, lints, releases, etc."
|
|
type: string
|
|
# Example provided for illustration, this value is derived by scripts/get-job-matrix.py build
|
|
default: |
|
|
{
|
|
"dotnet": "6.0.x",
|
|
"go": "1.18.x",
|
|
"nodejs": "16.x",
|
|
"python": "3.9.x"
|
|
}
|
|
|
|
|
|
env:
|
|
PULUMI_VERSION: ${{ inputs.version }}
|
|
GIT_REF: ${{ inputs.ref }}
|
|
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
|
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_PROD_ACCESS_TOKEN }}
|
|
PULUMI_TEST_OWNER: "moolumi"
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
PYPI_USERNAME: __token__
|
|
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
|
|
|
|
jobs:
|
|
sdks:
|
|
name: ${{ matrix.language }}
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
language: ["nodejs", "python", "go"]
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
- name: Set up uv
|
|
if: ${{ matrix.language == 'python' }}
|
|
uses: astral-sh/setup-uv@v4
|
|
with:
|
|
enable-cache: true
|
|
cache-dependency-glob: sdk/python/uv.lock
|
|
- name: Set up Python ${{ fromJson(inputs.version-set).python }}
|
|
if: ${{ matrix.language == 'python' }}
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: ${{ fromJson(inputs.version-set).python }}
|
|
- name: Install Python deps
|
|
if: ${{ matrix.language == 'python' }}
|
|
run: |
|
|
python -m pip install --upgrade pip requests wheel urllib3 chardet twine
|
|
- name: Set up Node ${{ fromJson(inputs.version-set).nodejs }}
|
|
if: ${{ matrix.language == 'nodejs' }}
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: ${{ fromJson(inputs.version-set).nodejs }}
|
|
registry-url: https://registry.npmjs.org
|
|
always-auth: true
|
|
- name: Download release artifacts
|
|
if: ${{ matrix.language != 'go' }}
|
|
run: |
|
|
mkdir -p artifacts
|
|
gh release download "v${PULUMI_VERSION}" --dir ./artifacts --pattern 'sdk-${{ matrix.language }}-*'
|
|
find artifacts
|
|
- name: Publish Packages
|
|
run: |
|
|
make -C sdk/${{ matrix.language}} publish
|
|
|
|
s3-blobs:
|
|
name: s3 blobs
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
- name: Configure AWS Credentials
|
|
uses: aws-actions/configure-aws-credentials@v4
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws-region: us-east-2
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
role-duration-seconds: 3600
|
|
role-external-id: upload-pulumi-release
|
|
role-session-name: pulumi@githubActions
|
|
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
|
|
- name: Download release artifacts
|
|
run: |
|
|
mkdir -p artifacts
|
|
gh release download "v${PULUMI_VERSION}" --dir ./artifacts --pattern 'pulumi-*'
|
|
find artifacts
|
|
- name: Publish Blobs
|
|
run: |
|
|
aws s3 sync artifacts s3://get.pulumi.com/releases/sdk --acl public-read
|
|
|
|
pr:
|
|
# Relies on the Go SDK being published to update pkg
|
|
name: PR
|
|
needs: [sdks]
|
|
uses: ./.github/workflows/release-pr.yml
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
version: ${{ inputs.version }}
|
|
release-notes: ${{ inputs.release-notes }}
|
|
queue-merge: ${{ inputs.queue-merge }}
|
|
secrets: inherit
|
|
|
|
dispatch:
|
|
name: ${{ matrix.job.name }}
|
|
if: inputs.run-dispatch-commands && !contains(inputs.version, '-')
|
|
runs-on: ubuntu-latest
|
|
needs: [pr]
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
job:
|
|
- name: Update Templates Version
|
|
run-command: pulumictl dispatch -r pulumi/templates -c update-templates "${PULUMI_VERSION}"
|
|
- name: Chocolatey Update
|
|
run-command: pulumictl create choco-deploy "${PULUMI_VERSION}"
|
|
- name: Winget Update
|
|
run-command: pulumictl winget-deploy
|
|
- name: Build Package Docs
|
|
run-command: pulumictl create cli-docs-build "${PULUMI_VERSION}"
|
|
- name: Homebrew
|
|
run-command: pulumictl create homebrew-bump "${PULUMI_VERSION}" "$(git rev-parse HEAD)"
|
|
- name: Docker containers
|
|
run-command: pulumictl dispatch -r pulumi/pulumi-docker-containers -c release-build "${PULUMI_VERSION}"
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
- name: Install Pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.11.0
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
tag: v0.0.42
|
|
cache: enable
|
|
- name: Repository Dispatch
|
|
run: ${{ matrix.job.run-command }}
|
|
|
|
|
|
update-homebrew-tap:
|
|
name: Update Homebrew Tap
|
|
if: inputs.run-dispatch-commands && !contains(inputs.version, '-')
|
|
needs: [dispatch]
|
|
uses: ./.github/workflows/release-homebrew-tap.yml
|
|
permissions:
|
|
contents: read
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
version: ${{ inputs.version }}
|
|
dry-run: false
|
|
secrets: inherit
|