pulumi/.github/workflows/ci-dev-release.yml

152 lines
4.3 KiB
YAML

name: Create dev release
permissions:
contents: read
# To sign artifacts.
id-token: write
on:
workflow_call:
inputs:
version:
required: true
description: "Version to use for the release"
type: string
ref:
required: true
description: "GitHub ref to use"
type: string
jobs:
gather-info:
name: gather-info
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
- name: Git describe
id: ghd
uses: proudust/gh-describe@v1
- name: strip prefix
id: strip-prefix
run: |
version="${{ steps.ghd.outputs.describe }}"
version="${version#v}"
echo dev-version="$version" >>"${GITHUB_OUTPUT}"
outputs:
dev-version: ${{ steps.strip-prefix.outputs.dev-version }}
version: ${{ inputs.version }}
matrix:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
- name: build matrix
id: matrix
run: |
echo "::group::Version set variable"
VERSION_SET=$(./scripts/get-job-matrix.py \
generate-version-set \
--version-set current
)
echo "::endgroup::"
echo "::group::Version set"
echo "$VERSION_SET" | yq -P '.'
echo "::endgroup::"
echo "::group::Set outputs"
./.github/scripts/set-output version-set "${VERSION_SET}"
echo "::endgroup::"
outputs:
version-set: "${{ fromJson(steps.matrix.outputs.version-set) }}"
build-release:
name: build-release
needs: [gather-info, matrix]
strategy:
fail-fast: true
matrix:
os: ["linux", "darwin", "windows"]
arch: ["amd64", "arm64"]
build-platform: ["ubuntu-latest"]
uses: ./.github/workflows/ci-build-binaries.yml
with:
ref: ${{ inputs.ref }}
version: ${{ inputs.version }}
dev-version: ${{ needs.gather-info.outputs.dev-version }}
os: ${{ matrix.os }}
arch: ${{ matrix.arch }}
build-platform: ${{ matrix.build-platform }}
version-set: ${{ needs.matrix.outputs.version-set }}
enable-coverage: false
secrets: inherit
sign:
name: sign
needs: [build-release]
uses: ./.github/workflows/sign.yml
with:
ref: ${{ inputs.ref }}
version: ${{ inputs.version }}
s3-blobs:
name: s3 blobs
runs-on: ubuntu-latest
needs: [sign, gather-info]
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 3600
role-external-id: upload-pulumi-release
role-session-name: pulumi@githubActions
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Make artifacts directory
run: |
mkdir -p artifacts.tmp
- name: Download artifacts from previous step
uses: actions/download-artifact@v2
with:
path: artifacts.tmp
- name: Flatten artifact directories
run: |
find artifacts.tmp
mkdir -p ./artifacts
mv ./artifacts.tmp/artifacts-signatures/pulumi-*.tar.gz.sig ./artifacts
mv ./artifacts.tmp/artifacts-signatures/pulumi-*.zip.sig ./artifacts
mv ./artifacts.tmp/artifacts-signatures/pulumi-*.txt.sig ./artifacts
mv ./artifacts.tmp/artifacts-signatures/pulumi-*.txt ./artifacts
mv ./artifacts.tmp/artifacts-cli-*/pulumi-*.tar.gz ./artifacts
mv ./artifacts.tmp/artifacts-cli-*/pulumi-*.zip ./artifacts
- name: Find artifacts
run: |
find artifacts
- name: Rename artifacts
shell: bash
run: |
(
cd artifacts
version="${{ inputs.version }}"
dev_version="${{ needs.gather-info.outputs.dev-version }}"
for file in *; do
mv "$file" "${file//$version/$dev_version}"
done
)
- name: Find artifacts
run: |
find artifacts | sort
- name: Publish Blobs
run: |
aws s3 sync artifacts s3://get.pulumi.com/releases/sdk --acl public-read