mirror of https://github.com/pulumi/pulumi.git
496 lines
17 KiB
YAML
496 lines
17 KiB
YAML
on:
|
|
push:
|
|
tags:
|
|
- v*.*.*
|
|
paths-ignore:
|
|
- "CHANGELOG.md"
|
|
- "CHANGELOG_PENDING.md"
|
|
- "README.md"
|
|
env:
|
|
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_PROD_ACCESS_TOKEN }}
|
|
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
|
PULUMI_TEST_OWNER: "moolumi"
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
|
|
PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
|
|
TRAVIS_PUBLISH_PACKAGES: true
|
|
PYTHON: python
|
|
DOTNET_CLI_TELEMETRY_OPTOUT: "true"
|
|
|
|
jobs:
|
|
templates_smoke_test:
|
|
name: Trigger Templates Smoke Test
|
|
runs-on: ubuntu-latest
|
|
needs: publish-sdks
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Install pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.3.1
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
- name: Repository Dispatch
|
|
run: |
|
|
pulumictl dispatch -r pulumi/templates -c trigger-cron $(pulumictl get version --language generic -o)
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN}}
|
|
update-templates-version:
|
|
name: Trigger Updating Templates Version
|
|
runs-on: ubuntu-latest
|
|
needs: templates_smoke_test
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Install Pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.3.1
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
- name: Repository Dispatch
|
|
run: pulumictl dispatch -r pulumi/templates -c update-templates $(pulumictl get version --language generic -o)
|
|
examples_smoke_test:
|
|
name: Trigger Examples Smoke Test
|
|
runs-on: ubuntu-latest
|
|
needs: publish-sdks
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Install pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.3.1
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
- name: Repository Dispatch
|
|
run: |
|
|
pulumictl dispatch -r pulumi/examples -c smoke-test-cli $(pulumictl get version --language generic -o)
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN}}
|
|
chocolatey:
|
|
name: Chocolatey update
|
|
runs-on: ubuntu-latest
|
|
needs: publish-sdks
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Install pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.3.1
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
- name: Repository Dispatch
|
|
run: |
|
|
pulumictl create choco-deploy $(pulumictl get version --language generic -o)
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN}}
|
|
winget:
|
|
name: Winget Update
|
|
runs-on: ubuntu-latest
|
|
needs: publish-sdks
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Install pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.3.1
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
- name: Repository Dispatch
|
|
run: |
|
|
pulumictl winget-deploy
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
|
docs:
|
|
name: Build Package Docs
|
|
runs-on: ubuntu-latest
|
|
needs: publish-sdks
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Install pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.3.1
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
- name: Repository Dispatch
|
|
run: |
|
|
pulumictl create cli-docs-build $(pulumictl get version --language generic -o)
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN}}
|
|
homebrew:
|
|
name: Update Homebrew
|
|
runs-on: macos-latest
|
|
needs: publish-sdks
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Install pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.3.1
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
- name: Repository Dispatch
|
|
run: |
|
|
pulumictl create homebrew-bump $(pulumictl get version --language generic -o) ${{ github.sha }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN}}
|
|
publish-sdks:
|
|
name: Publish SDKs
|
|
runs-on: ubuntu-latest
|
|
needs: publish-binaries
|
|
strategy:
|
|
matrix:
|
|
go-version: [1.17.x]
|
|
python-version: [3.9.x]
|
|
dotnet-version: [3.1.x]
|
|
node-version: [14.x]
|
|
language: ["nodejs", "python", "dotnet"]
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Set up Go ${{ matrix.go-version }}
|
|
uses: actions/setup-go@v2
|
|
with:
|
|
go-version: ${{ matrix.go-version }}
|
|
check-latest: true
|
|
- id: go-cache-paths
|
|
run: |
|
|
echo "::set-output name=go-build::$(go env GOCACHE)"
|
|
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
|
|
- name: Go Cache
|
|
uses: actions/cache@v2
|
|
id: go-cache
|
|
if: ${{ runner.os != 'Windows' }} # Note [Windows Go Cache] in build.yml
|
|
with:
|
|
path: |
|
|
${{ steps.go-cache-paths.outputs.go-build }}
|
|
${{ steps.go-cache-paths.outputs.go-mod }}
|
|
key: ${{ runner.os }}-go-cache-${{ hashFiles('*/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
- name: Set up Python ${{ matrix.python-version }}
|
|
uses: actions/setup-python@v3
|
|
with:
|
|
python-version: ${{ matrix.python-version }}
|
|
cache: pip
|
|
cache-dependency-path: sdk/python/requirements.txt
|
|
- name: Set up DotNet ${{ matrix.dotnet-version }}
|
|
uses: actions/setup-dotnet@v1
|
|
with:
|
|
dotnet-version: ${{ matrix.dotnet-version }}
|
|
- name: Set up Node ${{ matrix.node-version }}
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: ${{ matrix.node-version }}
|
|
cache: yarn
|
|
cache-dependency-path: sdk/nodejs/package.json
|
|
registry-url: https://registry.npmjs.org
|
|
always-auth: true
|
|
- name: Install Python deps
|
|
run: |
|
|
python -m pip install --upgrade pip requests wheel urllib3 chardet twine
|
|
- name: Install pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.3.1
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
- name: Fetch Tags
|
|
run: |
|
|
git fetch --quiet --prune --unshallow --tags
|
|
- name: Update path
|
|
run: |
|
|
echo "${{ runner.temp }}/opt/pulumi/bin" >> $GITHUB_PATH
|
|
- name: Set Go Dep path
|
|
run: |
|
|
echo "PULUMI_GO_DEP_ROOT=$(dirname $(pwd))" >> $GITHUB_ENV
|
|
- name: Ensure
|
|
run: |
|
|
make ensure
|
|
- name: Publish Packages
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
run: |
|
|
make -C sdk/${{ matrix.language}} publish
|
|
publish-binaries:
|
|
name: Publish Binaries
|
|
runs-on: macos-latest
|
|
needs: [lint, build, test-linux, test-macos, test-windows]
|
|
strategy:
|
|
matrix:
|
|
go-version: [1.17.x]
|
|
steps:
|
|
- name: Set up Go ${{ matrix.go-version }}
|
|
uses: actions/setup-go@v2
|
|
with:
|
|
go-version: ${{ matrix.go-version }}
|
|
check-latest: true
|
|
- id: go-cache-paths
|
|
run: |
|
|
echo "::set-output name=go-build::$(go env GOCACHE)"
|
|
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
|
|
- name: Go Cache
|
|
uses: actions/cache@v2
|
|
id: go-cache
|
|
if: ${{ runner.os != 'Windows' }} # Note [Windows Go Cache] in build.yml
|
|
with:
|
|
path: |
|
|
${{ steps.go-cache-paths.outputs.go-build }}
|
|
${{ steps.go-cache-paths.outputs.go-mod }}
|
|
key: ${{ runner.os }}-go-cache-${{ hashFiles('*/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Fetch Tags
|
|
run: |
|
|
git fetch --quiet --prune --unshallow --tags
|
|
- name: Install pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.3.1
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
- name: Install goreleaser-filter
|
|
uses: jaxxstorm/action-install-gh-release@v1.2.0
|
|
with:
|
|
repo: t0yv0/goreleaser-filter
|
|
- name: Download pulumi-linux-x64
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: pulumi-linux-x64
|
|
path: goreleaser-downloads
|
|
- name: Download pulumi-linux-arm64
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: pulumi-linux-arm64
|
|
path: goreleaser-downloads
|
|
- name: Download pulumi-darwin-x64
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: pulumi-darwin-x64
|
|
path: goreleaser-downloads
|
|
- name: Download pulumi-darwin-arm64
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: pulumi-darwin-arm64
|
|
path: goreleaser-downloads
|
|
- name: Download pulumi-windows-x64
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: pulumi-windows-x64
|
|
path: goreleaser-downloads
|
|
- name: Inspect goreleaser-downloads
|
|
run: |
|
|
find goreleaser-downloads
|
|
- name: Unpack goreleaser-downloads
|
|
run: |
|
|
./scripts/unpack.sh
|
|
- name: Inspect goreleaser-prebuilt
|
|
run: |
|
|
find goreleaser-prebuilt
|
|
- name: Configure AWS Credentials
|
|
uses: aws-actions/configure-aws-credentials@v1
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws-region: us-east-2
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
role-duration-seconds: 3600
|
|
role-external-id: upload-pulumi-release
|
|
role-session-name: pulumi@githubActions
|
|
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
|
|
- name: Set Release Version
|
|
run: |
|
|
echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic -o)" >> $GITHUB_ENV
|
|
- name: Download pulumi-windows-checksums
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: pulumi-windows-checksums
|
|
path: artifacts/checksums/windows
|
|
- name: Download pulumi-linux-checksums
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: pulumi-linux-checksums
|
|
path: artifacts/checksums/linux
|
|
- name: Download pulumi-darwin-checksums
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: pulumi-darwin-checksums
|
|
path: artifacts/checksums/darwin
|
|
- name: Filter goreleaser config for pre-release check
|
|
run: |
|
|
cat .goreleaser.yml | goreleaser-filter -no-blobs > /tmp/.goreleaser.current.yml
|
|
- name: Run GoReleaser to verify tarball checksums
|
|
uses: goreleaser/goreleaser-action@v2
|
|
with:
|
|
version: latest
|
|
args: -p 3 -f /tmp/.goreleaser.current.yml --skip-publish --skip-announce --skip-validate --rm-dist --release-notes=CHANGELOG_PENDING.md
|
|
- name: Verify checksums
|
|
run: |
|
|
C=artifacts/checksums/pulumi-tested-checksums.txt
|
|
echo "Tested tarballs with the following checksums:"
|
|
cat artifacts/checksums/*/* | sort | tee $C
|
|
echo "Planning to release tarballs with the following checksums:"
|
|
sort goreleaser/*-checksums.txt
|
|
echo "Checking that tested and release checksums are identical:"
|
|
diff <(sort goreleaser/*-checksums.txt) $C
|
|
- name: Run GoReleaser to actually release
|
|
uses: goreleaser/goreleaser-action@v2
|
|
with:
|
|
version: latest
|
|
args: -p 3 -f .goreleaser.yml --rm-dist --release-notes=CHANGELOG_PENDING.md
|
|
- name: Verify checksums again
|
|
run: |
|
|
C=artifacts/checksums/pulumi-tested-checksums-2.txt
|
|
echo "Tested tarballs with the following checksums:"
|
|
cat artifacts/checksums/*/* | sort | tee $C
|
|
echo "Released tarballs with the following checksums:"
|
|
sort goreleaser/*-checksums.txt
|
|
echo "Checking that tested and released checksums are identical:"
|
|
diff <(sort goreleaser/*-checksums.txt) $C
|
|
lint:
|
|
# See https://github.com/pulumi/pulumi/issues/9280 for why this is set to v1.44
|
|
container: golangci/golangci-lint:v1.44
|
|
name: Lint ${{ matrix.directory }}
|
|
strategy:
|
|
matrix:
|
|
directory: [sdk, pkg, tests]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Lint ${{ matrix.directory }}
|
|
run: |
|
|
cd ${{ matrix.directory }} && golangci-lint run -c ../.golangci.yml
|
|
language-sdk-lint:
|
|
name: Lint Language SDKs
|
|
strategy:
|
|
matrix:
|
|
go-version: [1.17.x]
|
|
python-version: [3.9.x]
|
|
dotnet-version: [3.1.x]
|
|
node-version: [14.x]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Set up Go ${{ matrix.go-version }}
|
|
uses: actions/setup-go@v2
|
|
with:
|
|
go-version: ${{ matrix.go-version }}
|
|
check-latest: true
|
|
- id: go-cache-paths
|
|
run: |
|
|
echo "::set-output name=go-build::$(go env GOCACHE)"
|
|
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
|
|
- name: Go Cache
|
|
uses: actions/cache@v2
|
|
id: go-cache
|
|
if: ${{ runner.os != 'Windows' }} # Note [Windows Go Cache] in build.yml
|
|
with:
|
|
path: |
|
|
${{ steps.go-cache-paths.outputs.go-build }}
|
|
${{ steps.go-cache-paths.outputs.go-mod }}
|
|
key: ${{ runner.os }}-go-cache-${{ hashFiles('*/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
- name: Set up Python ${{ matrix.python-version }}
|
|
uses: actions/setup-python@v3
|
|
with:
|
|
python-version: ${{ matrix.python-version }}
|
|
cache: pip
|
|
cache-dependency-path: sdk/python/requirements.txt
|
|
- name: Set up DotNet ${{ matrix.dotnet-version }}
|
|
uses: actions/setup-dotnet@v1
|
|
with:
|
|
dotnet-version: ${{ matrix.dotnet-version }}
|
|
- run: mkdir -p ${{ runner.temp }}/opt/pulumi/nuget
|
|
- name: Add NuGet packages as a local NuGet source
|
|
run: |
|
|
echo $(which dotnet)
|
|
echo $(dotnet --version)
|
|
dotnet nuget add source ${{ runner.temp }}/opt/pulumi/nuget
|
|
- name: Set up Node ${{ matrix.node-version }}
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: ${{ matrix.node-version }}
|
|
cache: yarn
|
|
cache-dependency-path: sdk/nodejs/package.json
|
|
- name: Install Python deps
|
|
run: |
|
|
python -m pip install --upgrade pip requests wheel urllib3 chardet
|
|
- name: Setup git
|
|
run: |
|
|
git config --global user.email "you@example.com"
|
|
git config --global user.name "Your Name"
|
|
- name: Update path
|
|
run: |
|
|
echo "${{ runner.temp }}/opt/pulumi/bin" >> $GITHUB_PATH
|
|
- name: Fetch Tags
|
|
run: |
|
|
git fetch --quiet --prune --unshallow --tags
|
|
- name: Set Go Dep path
|
|
run: |
|
|
echo "PULUMI_GO_DEP_ROOT=$(dirname $(pwd))" >> $GITHUB_ENV
|
|
- name: Install pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.3.1
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
- name: Ensure
|
|
run: |
|
|
make ensure
|
|
- name: Lint Node
|
|
run: |
|
|
cd sdk/nodejs && make lint
|
|
- name: Lint Python
|
|
run: |
|
|
cd sdk/python && make lint
|
|
- name: Lint .NET
|
|
run: |
|
|
cd sdk/dotnet && make lint
|
|
build:
|
|
name: Build
|
|
uses: pulumi/pulumi/.github/workflows/build.yml@master
|
|
with:
|
|
# Cross-compiling from ubuntu-latest is faster but the artifact
|
|
# checksums will not match what publish-binaries expects.
|
|
default-build-platform: macos-latest
|
|
enable-coverage: false
|
|
goreleaser-config: '.goreleaser.yml'
|
|
goreleaser-flags: '-p 3 --release-notes=CHANGELOG_PENDING.md --skip-publish --skip-announce --skip-validate'
|
|
test-linux:
|
|
name: Test Linux
|
|
needs: build
|
|
uses: pulumi/pulumi/.github/workflows/test-fast.yml@master
|
|
with:
|
|
enable-coverage: false
|
|
platform: ubuntu-latest
|
|
secrets:
|
|
pulumi-access-token: ${{ secrets.PULUMI_PROD_ACCESS_TOKEN }}
|
|
test-macos:
|
|
name: Test MacOS
|
|
needs: build
|
|
uses: pulumi/pulumi/.github/workflows/test-fast.yml@master
|
|
with:
|
|
enable-coverage: false
|
|
platform: macos-latest
|
|
secrets:
|
|
pulumi-access-token: ${{ secrets.PULUMI_PROD_ACCESS_TOKEN }}
|
|
test-windows:
|
|
name: Test Windows
|
|
needs: build
|
|
uses: pulumi/pulumi/.github/workflows/test-fast.yml@master
|
|
with:
|
|
enable-coverage: false
|
|
platform: windows-latest
|
|
secrets:
|
|
pulumi-access-token: ${{ secrets.PULUMI_PROD_ACCESS_TOKEN }}
|
|
dispatch-docker-containers-release-build:
|
|
name: Dispatch Docker containers release build
|
|
needs: [publish-binaries, publish-sdks]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install pulumictl
|
|
uses: jaxxstorm/action-install-gh-release@v1.3.1
|
|
with:
|
|
repo: pulumi/pulumictl
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@v2
|
|
- name: Fetch Tags
|
|
run: |
|
|
git fetch --quiet --prune --unshallow --tags
|
|
- name: Dispatch event
|
|
run: pulumictl dispatch -r pulumi/pulumi-docker-containers -c release-build $(pulumictl get version --language generic -o)
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|