mirror of https://github.com/pulumi/pulumi.git
273 lines
8.5 KiB
YAML
273 lines
8.5 KiB
YAML
name: Create dev release
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
# To sign artifacts.
|
|
id-token: write
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
version:
|
|
required: true
|
|
description: "Version to use for the release"
|
|
type: string
|
|
ref:
|
|
required: true
|
|
description: "GitHub ref to use"
|
|
type: string
|
|
|
|
jobs:
|
|
gather-info:
|
|
name: gather-info
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
|
|
- name: Git describe
|
|
id: ghd
|
|
uses: proudust/gh-describe@v1
|
|
- name: strip prefix
|
|
id: strip-prefix
|
|
# Always prefix the short_sha with a letter to ensure it's a valid semver prerelease,
|
|
# see https://github.com/pulumi/pulumi/issues/15471 for context.
|
|
run: |
|
|
short_sha="x${{ steps.ghd.outputs.short-sha }}"
|
|
version="${{ inputs.version }}"
|
|
version="${version#v}-alpha.${short_sha}"
|
|
echo dev-version="$version" >>"${GITHUB_OUTPUT}"
|
|
outputs:
|
|
dev-version: ${{ steps.strip-prefix.outputs.dev-version }}
|
|
version: ${{ inputs.version }}
|
|
|
|
matrix:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
- name: build matrix
|
|
id: matrix
|
|
run: |
|
|
echo "::group::Version set variable"
|
|
VERSION_SET=$(./scripts/get-job-matrix.py \
|
|
generate-version-set \
|
|
--version-set current
|
|
)
|
|
echo "::endgroup::"
|
|
|
|
echo "::group::Version set"
|
|
echo "$VERSION_SET" | yq -P '.'
|
|
echo "::endgroup::"
|
|
|
|
echo "::group::Set outputs"
|
|
./.github/scripts/set-output version-set "${VERSION_SET}"
|
|
echo "::endgroup::"
|
|
outputs:
|
|
version-set: "${{ fromJson(steps.matrix.outputs.version-set) }}"
|
|
|
|
build-release:
|
|
name: build-release
|
|
needs: [gather-info, matrix]
|
|
strategy:
|
|
fail-fast: true
|
|
matrix:
|
|
os: ["linux", "darwin", "windows"]
|
|
arch: ["amd64", "arm64"]
|
|
build-platform: ["ubuntu-latest"]
|
|
uses: ./.github/workflows/ci-build-binaries.yml
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
version: ${{ inputs.version }}
|
|
dev-version: ${{ needs.gather-info.outputs.dev-version }}
|
|
os: ${{ matrix.os }}
|
|
arch: ${{ matrix.arch }}
|
|
build-platform: ${{ matrix.build-platform }}
|
|
version-set: ${{ needs.matrix.outputs.version-set }}
|
|
enable-coverage: false
|
|
secrets: inherit
|
|
|
|
build-sdks:
|
|
name: Build SDKs
|
|
needs: [matrix, gather-info]
|
|
uses: ./.github/workflows/ci-build-sdks.yml
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
version: ${{ needs.gather-info.outputs.dev-version }}
|
|
version-set: ${{ needs.matrix.outputs.version-set }}
|
|
secrets: inherit
|
|
|
|
sign:
|
|
name: sign
|
|
needs: [build-release, build-sdks]
|
|
uses: ./.github/workflows/sign.yml
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
version: ${{ inputs.version }}
|
|
|
|
# Check if we need to create a new SDK dev release
|
|
sdk-check-release:
|
|
name: sdk-check-release
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Check for changes
|
|
id: check-changes
|
|
run: |
|
|
# We need to fetch one more commit to compare to
|
|
git fetch --deepen 1
|
|
if ! git diff --exit-code HEAD~...HEAD sdk/nodejs; then
|
|
echo "nodejs-release=true" >>"${GITHUB_OUTPUT}"
|
|
else
|
|
echo "nodejs-release=false" >>"${GITHUB_OUTPUT}"
|
|
fi
|
|
|
|
if ! git diff --exit-code HEAD~...HEAD sdk/python; then
|
|
echo "python-release=true" >>"${GITHUB_OUTPUT}"
|
|
else
|
|
echo "python-release=false" >>"${GITHUB_OUTPUT}"
|
|
fi
|
|
outputs:
|
|
nodejs-release: ${{ steps.check-changes.outputs.nodejs-release }}
|
|
python-release: ${{ steps.check-changes.outputs.python-release }}
|
|
|
|
nodejs-dev-sdk-release:
|
|
needs: [gather-info, build-sdks, sdk-check-release, matrix]
|
|
runs-on: ubuntu-latest
|
|
if: ${{ needs.sdk-check-release.outputs.nodejs-release == 'true' }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Make artifacts directory
|
|
run: |
|
|
mkdir -p artifacts.tmp
|
|
- name: Download artifacts from previous step
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
path: artifacts.tmp
|
|
- name: Move artifacts to the right place
|
|
run: |
|
|
mkdir -p artifacts
|
|
(
|
|
cd artifacts.tmp/artifacts-nodejs-sdk
|
|
version="${{ inputs.version }}"
|
|
for file in *"${version}"-alpha*.tgz ; do
|
|
mv -vT "$file" "../../artifacts/sdk-nodejs-${file}"
|
|
done
|
|
)
|
|
- name: Set up Node ${{ fromJson(needs.matrix.outputs.version-set).nodejs }}
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: ${{ fromJson(needs.matrix.outputs.version-set).nodejs }}
|
|
registry-url: https://registry.npmjs.org
|
|
always-auth: true
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
- name: Publish nodejs release
|
|
run: |
|
|
find artifacts
|
|
make -C sdk/nodejs publish
|
|
env:
|
|
PULUMI_VERSION: ${{ needs.gather-info.outputs.dev-version }}
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
GIT_REF: ${{ inputs.ref }}
|
|
|
|
|
|
python-dev-sdk-release:
|
|
needs: [gather-info, build-sdks, sdk-check-release]
|
|
runs-on: ubuntu-latest
|
|
if: ${{ needs.sdk-check-release.outputs.python-release == 'true' }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Make artifacts directory
|
|
run: |
|
|
mkdir -p artifacts.tmp
|
|
- name: Download artifacts from previous step
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
path: artifacts.tmp
|
|
- name: Move artifacts to the right place
|
|
run: |
|
|
mkdir -p artifacts
|
|
version="${{ inputs.version }}"
|
|
mkdir -p artifacts
|
|
(
|
|
cd artifacts.tmp/artifacts-python-sdk
|
|
for file in *"${version}a"*.whl ; do
|
|
mv -vT "$file" "../../artifacts/sdk-python-${file}"
|
|
done
|
|
)
|
|
- name: Install Python deps
|
|
run: |
|
|
python -m pip install --upgrade pip requests wheel urllib3 chardet twine
|
|
- name: Publish python release
|
|
run: |
|
|
find artifacts
|
|
make -C sdk/python publish
|
|
env:
|
|
PYPI_USERNAME: __token__
|
|
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
|
|
|
|
s3-blobs:
|
|
name: s3 blobs
|
|
runs-on: ubuntu-latest
|
|
needs: [sign, gather-info]
|
|
steps:
|
|
- name: Configure AWS Credentials
|
|
uses: aws-actions/configure-aws-credentials@v4
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws-region: us-east-2
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
role-duration-seconds: 3600
|
|
role-external-id: upload-pulumi-release
|
|
role-session-name: pulumi@githubActions
|
|
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
|
|
- name: Make artifacts directory
|
|
run: |
|
|
mkdir -p artifacts.tmp
|
|
- name: Download artifacts from previous step
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
path: artifacts.tmp
|
|
- name: Flatten artifact directories
|
|
run: |
|
|
find artifacts.tmp
|
|
mkdir -p ./artifacts
|
|
mv ./artifacts.tmp/artifacts-signatures/pulumi-*.tar.gz.sig ./artifacts
|
|
mv ./artifacts.tmp/artifacts-signatures/pulumi-*.zip.sig ./artifacts
|
|
mv ./artifacts.tmp/artifacts-signatures/pulumi-*.txt.sig ./artifacts
|
|
mv ./artifacts.tmp/artifacts-signatures/pulumi-*.txt ./artifacts
|
|
mv ./artifacts.tmp/artifacts-cli-*/pulumi-*.tar.gz ./artifacts
|
|
mv ./artifacts.tmp/artifacts-cli-*/pulumi-*.zip ./artifacts
|
|
|
|
- name: Find artifacts
|
|
run: |
|
|
find artifacts
|
|
- name: Rename artifacts
|
|
shell: bash
|
|
run: |
|
|
(
|
|
cd artifacts
|
|
version="${{ inputs.version }}"
|
|
dev_version="${{ needs.gather-info.outputs.dev-version }}"
|
|
for file in *; do
|
|
mv "$file" "${file//$version/$dev_version}"
|
|
done
|
|
)
|
|
- name: Find artifacts
|
|
run: |
|
|
find artifacts | sort
|
|
|
|
- name: Publish Blobs
|
|
run: |
|
|
aws s3 sync artifacts s3://get.pulumi.com/releases/sdk --acl public-read
|