diff --git a/provider-ci/Makefile b/provider-ci/Makefile index 8b5403dc3..bb8c8b3af 100644 --- a/provider-ci/Makefile +++ b/provider-ci/Makefile @@ -37,7 +37,7 @@ format: # files for other bridged provider repositories should be ephemeral. .PHONY: test-providers test-provider/% -test-providers: test-provider/aws test-provider/docker test-provider/cloudflare test-provider/acme +test-providers: test-provider/aws test-provider/docker test-provider/cloudflare test-provider/acme test-provider/eks # 1. Delete all files except the .ci-mgmt.yaml file and run the provider-ci generate command. # 2. Copy the generated provider repository to a temporary git repo and run actionlint on it. diff --git a/provider-ci/go.mod b/provider-ci/go.mod index 60e37e943..36f95bd13 100644 --- a/provider-ci/go.mod +++ b/provider-ci/go.mod @@ -4,7 +4,6 @@ go 1.21 require ( github.com/Masterminds/sprig v2.22.0+incompatible - github.com/imdario/mergo v0.3.16 github.com/spf13/cobra v1.7.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -15,6 +14,7 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/google/uuid v1.3.0 // indirect github.com/huandu/xstrings v1.4.0 // indirect + github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/kr/pretty v0.1.0 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect diff --git a/provider-ci/internal/cmd/generate.go b/provider-ci/internal/cmd/generate.go index 0db0a8718..2e6d728db 100644 --- a/provider-ci/internal/cmd/generate.go +++ b/provider-ci/internal/cmd/generate.go @@ -21,33 +21,26 @@ var generateCmd = &cobra.Command{ Use: "generate", Short: "Generate repository files.", RunE: func(cmd *cobra.Command, args []string) error { - localConfig, err := pkg.LoadLocalConfig(generateArgs.ConfigPath) - if err != nil { - return err - } - // Merge local config with template defaults - mergedConfig, err := localConfig.WithTemplateDefaults() + config, err := pkg.LoadLocalConfig(generateArgs.ConfigPath) if err != nil { return err } // Template name priority: CLI flag > config file if generateArgs.TemplateName == "" { - if templateName, ok := mergedConfig["template"].(string); ok { - generateArgs.TemplateName = templateName + if config.Template != "" { + generateArgs.TemplateName = config.Template } } // Name priority: CLI flag > config file ("repository", then "name" field) if generateArgs.RepositoryName == "" { - if repositoryName, ok := mergedConfig["repository"].(string); ok { - generateArgs.RepositoryName = repositoryName - } else if name, ok := mergedConfig["name"].(string); ok { - generateArgs.RepositoryName = name + if config.Repository != "" { + generateArgs.RepositoryName = config.Repository } else { - providerName, providerOk := mergedConfig["provider"].(string) - organizationName, organizationOk := mergedConfig["organization"].(string) - if providerOk && organizationOk { + providerName := config.Provider + organizationName := config.Organization + if providerName != "" && organizationName != "" { generateArgs.RepositoryName = fmt.Sprintf("%s/pulumi-%s", organizationName, providerName) } } @@ -61,7 +54,7 @@ var generateCmd = &cobra.Command{ RepositoryName: generateArgs.RepositoryName, OutDir: generateArgs.OutDir, TemplateName: generateArgs.TemplateName, - Config: mergedConfig, + Config: config, }) return err }, diff --git a/provider-ci/internal/pkg/config.go b/provider-ci/internal/pkg/config.go index 690e11e82..57cdd097b 100644 --- a/provider-ci/internal/pkg/config.go +++ b/provider-ci/internal/pkg/config.go @@ -1,52 +1,408 @@ package pkg import ( + "bytes" "fmt" "os" "path/filepath" + "time" - "github.com/imdario/mergo" "gopkg.in/yaml.v3" ) -type Config map[string]any +// Config describes the shape of .ci-mgmt.yaml files. +type Config struct { + // Provider is required and is the name of the provider without the "pulumi-" prefix. + Provider string `yaml:"provider"` + // Repository is the optional repository of the provider. + Repository string `yaml:"repository"` + + // Template names can be found in the getTemplateDirs function in provider-ci/internal/pkg/generate.go. + Template string `yaml:"template"` + + // Organization is the name of the Github organization the repository lives + // in. Defaults to 'pulumi'. + Organization string `yaml:"organization"` + + // MajorVersion of the current provider used in Makefiles. This should + // always be set by all providers as this is key to go module paths. + MajorVersion int `yaml:"major-version"` + + // Plugins to install in the "install_plugins" make target. Should be set + // for all bridged providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22plugins%3A%22&type=code + Plugins []plugin `yaml:"plugins"` + + // JavaGenVersion ensures a specific javaGen version is used during + // upgrades if set. Set for 2 providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22javaGenVersion%3A%22&type=code + JavaGenVersion string `yaml:"javaGenVersion"` + + // UpstreamProviderOrg is optional and used in the bridge upgrade config. + // Only set for 4 providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22upstreamProviderOrg%3A%22&type=code + UpstreamProviderOrg string `yaml:"upstreamProviderOrg"` + + // UpstreamProviderRepo is used in the bridge upgrade config. Only set for + // 5 providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22upstream-provider-repo%22&type=code + UpstreamProviderRepo string `yaml:"upstream-provider-repo"` + + // Lint includes an extra lint job in workflows if enabled (default). Can + // be explicitly set to false. This is false in around 8 provider repos: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22lint%3A+false%22&type=code + Lint bool `yaml:"lint,omitempty"` + + // ProviderDefaultBranch is used to customise the default branch when + // needed. Currently set in around 17 repos: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22providerDefaultBranch%3A%22&type=code + ProviderDefaultBranch string `yaml:"providerDefaultBranch"` + + // FailOnMissingMapping sets PULUMI_MISSING_MAPPING_ERROR in the + // resync-build workflow. Used in alicloud only: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22fail-on-missing-mapping%3A%22&type=code + FailOnMissingMapping bool `yaml:"fail-on-missing-mapping"` + + // FailOnExtraMapping sets PULUMI_EXTRA_MAPPING_ERROR in resync-build and + // defaults to true. It is not used: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22fail-on-extra-mapping%3A%22&type=code + FailOnExtraMapping bool `yaml:"fail-on-extra-mapping"` + + // PublishRegistry decides if create_docs_build happens during release This + // can be overridden to false to not publish updates. This is disabled in 5 + // repos: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22publishRegistry%3A%22&type=code + PublishRegistry bool `yaml:"publishRegistry"` + + // CheckoutSubmodules is used for all checkouts during CI. Defaults to + // false. Only 3 providers use submodules: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22checkoutSubmodules%3A%22&type=code + CheckoutSubmodules bool `yaml:"checkoutSubmodules"` + + // TestMasterAndReleaseWorkflows runs the master and release workflows on + // every pull request. This option is currently never set to true: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22testMasterAndReleaseWorkflows%3A%22&type=code + TestMasterAndReleaseWorkflows bool `yaml:"testMasterAndReleaseWorkflows"` + + // FreeDiskSpaceBeforeBuild when true will clear disk space before running + // prerequisites workflow. This is used for larger providers which + // sometimes run out of disk space during builds. + FreeDiskSpaceBeforeBuild bool `yaml:"freeDiskSpaceBeforeBuild"` + + // FreeDiskSpaceBeforeSdkBuild when true will clear disk space before + // running test jobs. + FreeDiskSpaceBeforeSdkBuild bool `yaml:"freeDiskSpaceBeforeSdkBuild"` + + // FreeDiskSpaceBeforeTest when true will clear disk space before running + // sdk build jobs. + FreeDiskSpaceBeforeTest bool `yaml:"freeDiskSpaceBeforeTest"` + + // Used for centrally managing tool versions. This is not currently + // overridden by any providers, but ideally the provider's repository + // should pin its own tooling: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22toolVersions%22&type=code + ToolVersions toolVersions `yaml:"toolVersions"` + + // Languages controls which language SDKs get built and published. + Languages []string `yaml:"languages"` + + // Env contains an assortment of properties for different purposes. + // Additional entries are added by individual providers for different + // reasons. All jobs currently get the same env for all steps but values + // might only be used for very specific purposes. + Env map[string]string `yaml:"env"` + + // Actions can contain preBuild and preTest additional steps to be spliced + // into workflows. The use of these hooks vary - quite a few just build + // upstream and run provider tests. Usage: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22actions%3A%22&type=code + Actions actions `yaml:"actions"` + + // ExtraTests run as part of `run-acceptance-tests.yml`, `master.yml`, + // `main.yml`, `prerelease.yml` and `release.yml`. Only used for aws: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22extraTests%3A%22&type=code + // + // Not available in generic providers -- override make targets instead. + ExtraTests map[string]any `yaml:"extraTests"` // Only used by AWS... + + // IntegrationTestProvider will run e2e tests in the provider as well as in + // the examples directory when set to true. Defaults to false. + // + // Not available in generic providers -- override make targets instead. + IntegrationTestProvider bool `yaml:"integrationTestProvider"` + + // TestPulumiExamples runs e2e tests using the examples and test suite in + // the pulumi/examples repo when set to true. Defaults to false. This is + // unused but potentially useful for azure-native onboarding: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22testPulumiExamples%3A%22&type=code + TestPulumiExamples bool `yaml:"testPulumiExamples"` + + // Runner defines the runs-on property for various stages of the build + // These are not overridden by any providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22runner%3A%22&type=code + Runner struct { + Default string `yaml:"default"` + Prerequisites string `yaml:"prerequisites"` + BuildSDK string `yaml:"buildSdk"` + Publish string `yaml:"publish"` + } `yaml:"runner"` + + // actionVersions should be used wherever we use external actions to make + // upgrading easier. These are never overridden by providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22actionVersions%3A%22&type=code + ActionVersions actionVersions `yaml:"actionVersions"` + + // Publish contains multiple properties relating to the publish jobs. Used + // by 2 providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22publish%3A%22&type=code + Publish publish `yaml:"publish"` + + // RegistryDocs enables automatic registry index doc file generation. + // Intended for use with Tier 2/3 providers. + RegistryDocs bool `yaml:"registryDocs"` + + // CheckUpstreamUpgrade determines whether we run the upstream upgrade job + // for bridged providers. Set to false for providers that cannot be + // upgraded, e.g. because of archived upstream or a license conflict. + CheckUpstreamUpgrade bool `yaml:"checkUpstreamUpgrade"` + + // ReleaseVerification optionally enables running example tests during releases. + ReleaseVerification *releaseVerification `yaml:"releaseVerification,omitempty"` + + // ExtraLDFlags lists extra flags used by build targets. Only used by + // newrelic: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22extra-ld-flags%22&type=code + ExtraLDFlags []string `yaml:"extra-ld-flags"` + + // GoBuildParallelism sets PULUMI_PROVIDER_BUILD_PARALLELISM in the + // Makefile. Used in 5 providers and ideally should be configured by the provider: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22goBuildParallelism%22&type=code + GoBuildParallelism int `yaml:"goBuildParallelism"` + + // PulumiConvert sets PULUMI_CONVERT to 1 if truthy. PulumiConvert is set + // to "1" in 74 providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22pulumiConvert%22&type=code + PulumiConvert intOrBool `yaml:"pulumiConvert"` + + // DocsCmd adds a "docs" target in the makefile. Used only in + // pulumi-docker: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22docsCmd%3A%22&type=code + DocsCmd string `yaml:"docsCmd"` + + // XrunUpstreamTools adds extra steps for AWS's upstream make target. + // https://github.com/pulumi/pulumi-aws/issues/2757 + XrunUpstreamTools bool `yaml:"XrunUpstreamTools"` + + // AWS configures AWS credentials before running tests in CI job. Used in 4 + // providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22aws%3A%22&type=code + AWS bool `yaml:"aws"` + + // Docker runs testing/docker-compose.yml up before running tests in CI + // job. Used in 9 providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22docker%3A%22&type=code + Docker bool `yaml:"docker"` + + // SSHPrivateKey sets up SSH with specified private key before running + // tests in CI job. This should be provided from a secret. Used by the + // docker provider only: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22sshPrivateKey%3A%22&type=code + // + // Not available in generic providers -- see docker-build for an example of + // how to programatically generate a key. + SSHPrivateKey string `yaml:"sshPrivateKey"` + + // GCP authenticates with GCP before running tests in CI job. Used in gcp + // and docker: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22gcp%3A%22&type=code + GCP bool `yaml:"gcp"` + + // GCPRegistry enables logging into the GCP registry before running tests + // in CI job. Only used for docker: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22gcpRegistry%3A%22&type=code + GCPRegistry bool `yaml:"gcpRegistry"` + + // SetupScript executes a script before running tests in CI job. Used in 3 + // providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22setup-script%3A%22&type=code + // + // Not available in generic providers -- override make targets instead. + SetupScript string `yaml:"setup-script"` + + // GenerateNightlyTestWorkflow will include the nightly-test workflow. Used + // in 11 providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22generate-nightly-test-workflow%3A%22&type=code + GenerateNightlyTestWorkflow bool `yaml:"generate-nightly-test-workflow"` + + // License lists package paths to ignore when running the license check + License struct { + Ignore []string `yaml:"ignore"` + } `yaml:"license"` + + // CleanGithubWorkflows deletes existing files within the .github/workflows + // directory, except where the file begins with the name of the provider + // (e.g. `aws-*`) which are considered provider-specific workflows. + // Defaults to true but this will likely change to false in the future once + // we've made the process of cleaning up removed and renamed workflows more + // reliable. + CleanGithubWorkflows bool `yaml:"clean-github-workflows"` + + // ProviderVersion controls the path of the version LD flag. Only set for 3 + // providers: + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22providerVersion%3A%22&type=code + ProviderVersion string `yaml:"providerVersion"` + + // EnableConfigurationCheck prints a warning on PRs if configuration + // options aren't documented in the README. Only used by civo. + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22enableConfigurationCheck%3A%22&type=code + EnableConfigurationCheck bool `yaml:"enableConfigurationCheck"` + + // Deprecated configs + + // Parallel has no effect but is set by some providers. + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22parallel%3A%22&type=code + Parallel int `yaml:"parallel"` + + // Shards controls how many jobs integration tests are distributed across. + Shards int `yaml:"shards"` + + // Hybrid has no effect but is set by the docker provider. + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22hybrid%3A%22&type=code + Hybrid bool `yaml:"hybrid"` + + // Team has no effect but is set by some providers. + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22team%3A%22&type=code + Team string `yaml:"team"` + + // Timeout has no effect but is set by some providers. It can be specified + // as an int (minutes) or a string duration. + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22timeout%3A%22&type=code + Timeout intOrDuration `yaml:"timeout"` + + // MakeTemplate has no effect but is set by 78 providers. + // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22makeTemplate%3A%22&type=code + MakeTemplate string `yaml:"makeTemplate"` +} + +// LoadLocalConfig loads the provider configuration at the given path with +// defaults applied. func LoadLocalConfig(path string) (Config, error) { - localConfigBytes, err := os.ReadFile(path) + config, err := loadDefaultConfig() if err != nil { - return nil, fmt.Errorf("error reading config file %s: %w", path, err) + return Config{}, err } - var localConfig map[string]interface{} - err = yaml.Unmarshal(localConfigBytes, &localConfig) + localConfigBytes, err := os.ReadFile(path) if err != nil { - return nil, err + return Config{}, fmt.Errorf("error reading config file %s: %w", path, err) } - return localConfig, nil -} -func (c Config) WithTemplateDefaults() (Config, error) { - configForTemplate, err := loadDefaultConfig() + dec := yaml.NewDecoder(bytes.NewReader(localConfigBytes)) + dec.KnownFields(true) + err = dec.Decode(&config) if err != nil { - return nil, err + return Config{}, err } - err = mergo.Merge(&configForTemplate, &c, mergo.WithOverride) - if err != nil { - return nil, err - } - return configForTemplate, nil + return config, nil +} + +type plugin struct { + Name string `yaml:"name"` + Version string `yaml:"version"` + Kind string `yaml:"kind"` +} + +type actions struct { + PreTest any `yaml:"preTest"` + PreBuild any `yaml:"preBuild"` +} + +type actionVersions struct { + ConfigureAwsCredentials string `yaml:"configureAwsCredentials"` + SetupGcloud string `yaml:"setupGcloud"` + GoogleAuth string `yaml:"googleAuth"` + Checkout string `yaml:"checkout"` + DownloadArtifact string `yaml:"downloadArtifact"` + PathsFilter string `yaml:"pathsFilter"` + PrComment string `yaml:"prComment"` + UploadArtifact string `yaml:"uploadArtifact"` + UpgradeProviderAction string `yaml:"upgradeProviderAction"` + FreeDiskSpace string `yaml:"freeDiskSpace"` +} + +type toolVersions struct { + Dotnet string `yaml:"dotnet"` + Go string `yaml:"go"` + Java string `yaml:"java"` + Gradle string `yaml:"gradle"` + Nodejs string `yaml:"nodejs"` + Pulumi string `yaml:"pulumi"` + Python string `yaml:"python"` +} + +type releaseVerification struct { + Dotnet string `yaml:"dotnet"` + Go string `yaml:"go"` + Nodejs string `yaml:"nodejs"` + Python string `yaml:"python"` +} + +type publish struct { + PublisherAction string `yaml:"publisherAction"` + SDK string `yaml:"sdk"` + CDN bool `yaml:"cdn"` } func loadDefaultConfig() (Config, error) { - var config map[string]interface{} + var config Config configBytes, err := templateFS.ReadFile(filepath.Join("templates", "defaults.config.yaml")) if err != nil { - return nil, fmt.Errorf("error reading embedded defaults config file: %w", err) + return Config{}, fmt.Errorf("error reading embedded defaults config file: %w", err) } - err = yaml.Unmarshal(configBytes, &config) + + dec := yaml.NewDecoder(bytes.NewReader(configBytes)) + dec.KnownFields(true) + err = dec.Decode(&config) if err != nil { - return nil, fmt.Errorf("error parsing embedded defaults config file: %w", err) + return Config{}, fmt.Errorf("error parsing embedded defaults config file: %w", err) } return config, nil } + +type intOrBool bool + +func (x *intOrBool) UnmarshalYAML(unmarshal func(interface{}) error) error { + var b bool + if err := unmarshal(&b); err == nil { + *x = intOrBool(b) + return nil + } + + var i int + if err := unmarshal(&i); err != nil { + return fmt.Errorf("unmarshal int: %w", err) + } + + *x = intOrBool(i == 1) + return nil +} + +type intOrDuration time.Duration + +func (x *intOrDuration) UnmarshalYAML(unmarshal func(interface{}) error) error { + var d time.Duration + if err := unmarshal(&d); err == nil { + *x = intOrDuration(d) + return nil + } + + var i int64 + if err := unmarshal(&i); err != nil { + return fmt.Errorf("unmarshal int: %w", err) + } + + *x = intOrDuration(i * int64(time.Minute)) + return nil +} diff --git a/provider-ci/internal/pkg/generate.go b/provider-ci/internal/pkg/generate.go index 9bd61a239..82de5a7bb 100644 --- a/provider-ci/internal/pkg/generate.go +++ b/provider-ci/internal/pkg/generate.go @@ -44,12 +44,12 @@ func GeneratePackage(opts GenerateOpts) error { return fmt.Errorf("error getting template directories: %w", err) } // Clean up old workflows if requested - if clean, found := opts.Config["clean-github-workflows"]; found && clean.(bool) { + if opts.Config.CleanGithubWorkflows { workflows, err := os.ReadDir(filepath.Join(opts.OutDir, ".github", "workflows")) if err != nil { return fmt.Errorf("error reading .github/workflows directory: %w", err) } - providerName := opts.Config["provider"].(string) + providerName := opts.Config.Provider for _, workflow := range workflows { // Skip provider-specific workflows which are prefixed with the provider name if strings.HasPrefix(workflow.Name(), providerName+"-") { @@ -93,6 +93,8 @@ func getTemplateDirs(templateName string) ([]string, error) { case "external-bridged-provider": // Render more specific templates last to allow them to override more general templates. return []string{"dev-container", "provider", "bridged-provider"}, nil + case "generic": + return []string{"provider", "pulumi-provider", "generic"}, nil default: return nil, fmt.Errorf("unknown template: %s", templateName) } @@ -168,7 +170,7 @@ func renderTemplateDir(template string, opts GenerateOpts) error { outPath = filepath.Join(opts.OutDir, outPath) // Sub in the correct Workflow name by repo default branch if strings.Contains(inPath, "main.yml") { - branchName := fmt.Sprint(config["providerDefaultBranch"]) + branchName := config.ProviderDefaultBranch outPath = strings.ReplaceAll(outPath, "main", branchName) } tmpl, err := parseTemplate(templateFS, inPath) diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/actions/download-bin/action.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/actions/download-bin/action.yml index 3f80e2b1e..f925c0436 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/actions/download-bin/action.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/actions/download-bin/action.yml @@ -5,12 +5,12 @@ runs: using: "composite" steps: - name: Download provider + tfgen binaries - uses: #{{ .Config.actionVersions.downloadArtifact }}# + uses: #{{ .Config.ActionVersions.DownloadArtifact }}# with: - name: #{{ .Config.provider }}#-provider.tar.gz + name: #{{ .Config.Provider }}#-provider.tar.gz path: ${{ github.workspace }}/bin - name: Untar provider binaries shell: bash run: | tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin - find ${{ github.workspace }} -name "pulumi-*-#{{ .Config.provider }}#" -print -exec chmod +x {} \; + find ${{ github.workspace }} -name "pulumi-*-#{{ .Config.Provider }}#" -print -exec chmod +x {} \; diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/actions/upload-bin/action.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/actions/upload-bin/action.yml index 9d860c34e..0eb4de272 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/actions/upload-bin/action.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/actions/upload-bin/action.yml @@ -6,10 +6,10 @@ runs: steps: - name: Tar provider binaries shell: bash - run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-#{{ .Config.provider }}# pulumi-tfgen-#{{ .Config.provider }}# + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-#{{ .Config.Provider }}# pulumi-tfgen-#{{ .Config.Provider }}# - name: Upload artifacts - uses: #{{ .Config.actionVersions.uploadArtifact }}# + uses: #{{ .Config.ActionVersions.UploadArtifact }}# with: - name: #{{ .Config.provider }}#-provider.tar.gz + name: #{{ .Config.Provider }}#-provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz retention-days: 30 diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_provider.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_provider.yml index 4ce93fbb9..b02e5ceec 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_provider.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_provider.yml @@ -11,7 +11,7 @@ on: jobs: build_provider: name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }} - runs-on: #{{ if .Config.runner.buildSdk }}##{{- .Config.runner.buildSdk }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# env: PROVIDER_VERSION: ${{ inputs.version }} strategy: @@ -29,20 +29,20 @@ jobs: - os: windows arch: amd64 steps: - #{{- if .Config.freeDiskSpaceBeforeBuild }}# + #{{- if .Config.FreeDiskSpaceBeforeBuild }}# # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: #{{ .Config.actionVersions.freeDiskSpace }}# + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# with: tool-cache: false swap-storage: false dotnet: false #{{- end }}# - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Setup tools @@ -50,21 +50,21 @@ jobs: with: tools: pulumictl, go - name: Download schema-embed.json - uses: #{{ .Config.actionVersions.downloadArtifact }}# + uses: #{{ .Config.ActionVersions.DownloadArtifact }}# with: # Use a pattern to avoid failing if the artifact doesn't exist pattern: schema-embed.* # Avoid creating directories for each artifact merge-multiple: true - path: provider/cmd/pulumi-resource-#{{ .Config.provider }}#/schema-embed.json + path: provider/cmd/pulumi-resource-#{{ .Config.Provider }}#/schema-embed.json - name: Prepare for build # This installs plugins and prepares upstream run: make upstream - name: Build & package provider run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} - name: Upload artifacts - uses: #{{ .Config.actionVersions.uploadArtifact }}# + uses: #{{ .Config.ActionVersions.UploadArtifact }}# with: - name: pulumi-resource-#{{ .Config.provider }}#-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz - path: bin/pulumi-resource-#{{ .Config.provider }}#-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + name: pulumi-resource-#{{ .Config.Provider }}#-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + path: bin/pulumi-resource-#{{ .Config.Provider }}#-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz retention-days: 30 diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml index 8b23d826a..5191f0430 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml @@ -8,33 +8,33 @@ on: type: string env: -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# PROVIDER_VERSION: ${{ inputs.version }} jobs: build_sdk: name: build_sdk - runs-on: #{{ if .Config.runner.buildSdk }}##{{- .Config.runner.buildSdk }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# strategy: fail-fast: true matrix: language: -#{{ .Config.languages | toYaml | indent 8 }}# +#{{ .Config.Languages | toYaml | indent 8 }}# steps: - #{{- if .Config.freeDiskSpaceBeforeSdkBuild }}# + #{{- if .Config.FreeDiskSpaceBeforeSdkBuild }}# # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: #{{ .Config.actionVersions.freeDiskSpace }}# + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# with: tool-cache: false swap-storage: false dotnet: false #{{- end }}# - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Cache examples generation diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/main.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/main.yml index 6d5a9e7da..1599cb975 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/main.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/main.yml @@ -1,7 +1,7 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt env: -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: prerequisites: uses: ./.github/workflows/prerequisites.yml @@ -32,7 +32,7 @@ jobs: COVERAGE_OUTPUT_DIR: ${{ secrets.COVERAGE_OUTPUT_DIR }} name: generate_coverage_data needs: prerequisites - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - name: Free Disk Space (Ubuntu) uses: jlumbroso/free-disk-space@v1.3.1 @@ -40,14 +40,14 @@ jobs: tool-cache: false swap-storage: false - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Configure AWS Credentials - uses: #{{ .Config.actionVersions.configureAwsCredentials }}# + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# with: aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} aws-region: us-west-2 @@ -69,7 +69,7 @@ jobs: s3FullURI="s3://${{ secrets.S3_COVERAGE_BUCKET_NAME }}/summaries/${summaryName}" aws s3 cp "${{ env.COVERAGE_OUTPUT_DIR }}/summary.json" "${s3FullURI}" --acl bucket-owner-full-control - #{{ if .Config.lint -}}# + #{{ if .Config.Lint -}}# lint: name: lint uses: ./.github/workflows/lint.yml @@ -90,7 +90,7 @@ jobs: - build_provider - test - license_check - #{{- range $action, $_ := .Config.extraTests }}# + #{{- range $action, $_ := .Config.ExtraTests }}# - #{{ $action }}# #{{- end }}# uses: ./.github/workflows/publish.yml @@ -103,7 +103,7 @@ jobs: tag_release_if_labeled_needs_release: name: Tag release if labeled as needs-release needs: publish - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - name: check if this commit needs release if: ${{ env.RELEASE_BOT_ENDPOINT != '' }} @@ -126,24 +126,24 @@ jobs: permissions: contents: read id-token: write - runs-on: #{{ if .Config.runner.buildSdk }}##{{- .Config.runner.buildSdk }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: -#{{- if .Config.freeDiskSpaceBeforeTest }}# + #{{- if .Config.FreeDiskSpaceBeforeTest }}# # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: #{{ .Config.actionVersions.freeDiskSpace }}# + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# with: tool-cache: false swap-storage: false dotnet: false -#{{- end }}# + #{{- end }}# - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Setup tools @@ -166,24 +166,24 @@ jobs: run: |- pip3 install virtualenv==20.0.23 pip3 install pipenv - #{{- if .Config.docker }}# + #{{- if .Config.Docker }}# - name: Run docker compose run: docker compose -f testing/docker-compose.yml up --build -d #{{- end }}# - #{{- if .Config.aws }}# + #{{- if .Config.AWS }}# - name: Configure AWS Credentials - uses: #{{ .Config.actionVersions.configureAwsCredentials }}# + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 - role-session-name: #{{ .Config.provider }}#@githubActions + role-session-name: #{{ .Config.Provider }}#@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} #{{- end }}# - #{{- if .Config.gcp }}# + #{{- if .Config.GCP }}# - name: Authenticate to Google Cloud - uses: #{{ .Config.actionVersions.googleAuth }}# + uses: #{{ .Config.ActionVersions.GoogleAuth }}# with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER @@ -191,27 +191,27 @@ jobs: env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: #{{ .Config.actionVersions.setupGcloud }}# + uses: #{{ .Config.ActionVersions.SetupGcloud }}# with: install_components: gke-gcloud-auth-plugin #{{- end }}# - #{{- if .Config.gcpRegistry }}# + #{{- if .Config.GCPRegistry }}# - name: Login to Google Cloud Registry run: gcloud --quiet auth configure-docker #{{- end }}# - #{{- if .Config.sshPrivateKey }}# + #{{- if .Config.SSHPrivateKey }}# - name: Setup SSH key uses: webfactory/ssh-agent@v0.7.0 with: - ssh-private-key: #{{ .Config.sshPrivateKey }}# + ssh-private-key: #{{ .Config.SSHPrivateKey }}# #{{- end }}# - #{{- if .Config.integrationTestProvider }}# + #{{- if .Config.IntegrationTestProvider }}# - name: Prepare upstream code run: make upstream #{{- end }}# - #{{- if index .Config "setup-script" }}# + #{{- if index .Config.SetupScript }}# - name: Run setup script - run: #{{ index .Config "setup-script" }}# + run: #{{ index .Config.SetupScript }}# #{{- end }}# - name: Install dependencies run: make install_${{ matrix.language}}_sdk @@ -220,10 +220,10 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} version: v2.5.0 -#{{- if .Config.actions.preTest }}# -#{{ .Config.actions.preTest | toYaml | indent 4 }}# +#{{- if .Config.Actions.PreTest }}# +#{{ .Config.Actions.PreTest | toYaml | indent 4 }}# #{{- end }}# - #{{- if .Config.integrationTestProvider }}# +#{{- if .Config.IntegrationTestProvider }}# - name: Run provider tests working-directory: provider run: go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 @@ -234,22 +234,22 @@ jobs: fail-fast: false matrix: language: -#{{ .Config.languages | toYaml | indent 8 }}# -#{{- if .Config.extraTests }}# -#{{ .Config.extraTests | toYaml | indent 2 }}# +#{{ .Config.Languages | toYaml | indent 8 }}# +#{{- if .Config.ExtraTests }}# +#{{ .Config.ExtraTests | toYaml | indent 2 }}# #{{ end }}# -name: #{{ .Config.providerDefaultBranch }}# +name: #{{ .Config.ProviderDefaultBranch }}# on: workflow_dispatch: {} push: branches: - - #{{ .Config.providerDefaultBranch }}# + - #{{ .Config.ProviderDefaultBranch }}# paths-ignore: - "**.md" tags-ignore: - v* - sdk/* - "**" -#{{- if .Config.testMasterAndReleaseWorkflows }}# +#{{- if .Config.TestMasterAndReleaseWorkflows }}# pull_request: #{{ end }}# diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/nightly-test.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/nightly-test.yml index ae9f03c9e..ecaf9a8c6 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/nightly-test.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/nightly-test.yml @@ -1,8 +1,8 @@ -#{{ if index .Config "generate-nightly-test-workflow" -}}# +#{{ if index .Config.GenerateNightlyTestWorkflow -}}# # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt env: -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: prerequisites: uses: ./.github/workflows/prerequisites.yml @@ -35,24 +35,24 @@ jobs: permissions: contents: read id-token: write - runs-on: #{{ if .Config.runner.buildSdk }}##{{- .Config.runner.buildSdk }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: -#{{- if .Config.freeDiskSpaceBeforeTest }}# +#{{- if .Config.FreeDiskSpaceBeforeTest }}# # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: #{{ .Config.actionVersions.freeDiskSpace }}# + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# with: tool-cache: false swap-storage: false dotnet: false #{{- end }}# - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Setup tools @@ -75,13 +75,13 @@ jobs: run: |- pip3 install virtualenv==20.0.23 pip3 install pipenv - #{{- if .Config.docker }}# + #{{- if .Config.Docker }}# - name: Run docker compose run: docker compose -f testing/docker-compose.yml up --build -d #{{- end }}# - #{{- if .Config.aws }}# + #{{- if .Config.AWS }}# - name: Configure AWS Credentials - uses: #{{ .Config.actionVersions.configureAwsCredentials }}# + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} @@ -90,9 +90,9 @@ jobs: role-session-name: #{{ .Config.provider }}#@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} #{{- end }}# - #{{- if .Config.gcp }}# + #{{- if .Config.GCP }}# - name: Authenticate to Google Cloud - uses: #{{ .Config.actionVersions.googleAuth }}# + uses: #{{ .Config.ActionVersions.GoogleAuth }}# with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER @@ -100,27 +100,27 @@ jobs: env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: #{{ .Config.actionVersions.setupGcloud }}# + uses: #{{ .Config.ActionVersions.SetupGcloud }}# with: install_components: gke-gcloud-auth-plugin #{{- end }}# - #{{- if .Config.gcpRegistry }}# + #{{- if .Config.GCPRegistry }}# - name: Login to Google Cloud Registry run: gcloud --quiet auth configure-docker #{{- end }}# - #{{- if .Config.sshPrivateKey }}# + #{{- if .Config.SSHPrivateKey }}# - name: Setup SSH key uses: webfactory/ssh-agent@v0.7.0 with: - ssh-private-key: #{{ .Config.sshPrivateKey }}# + ssh-private-key: #{{ .Config.SSHPrivateKey }}# #{{- end }}# - #{{- if .Config.integrationTestProvider }}# + #{{- if .Config.IntegrationTestProvider }}# - name: Prepare upstream code run: make upstream #{{- end }}# - #{{- if index .Config "setup-script" }}# + #{{- if index .Config.SetupScript }}# - name: Run setup script - run: #{{ index .Config "setup-script" }}# + run: #{{ index .Config.SetupScript }}# #{{- end }}# - name: Install dependencies run: make install_${{ matrix.language}}_sdk @@ -129,10 +129,10 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} version: v2.5.0 -#{{- if .Config.actions.preTest }}# -#{{ .Config.actions.preTest | toYaml | indent 4 }}# +#{{- if .Config.Actions.PreTest }}# +#{{ .Config.Actions.PreTest | toYaml | indent 4 }}# #{{- end }}# - #{{- if .Config.integrationTestProvider }}# + #{{- if .Config.IntegrationTestProvider }}# - name: Run provider tests if: matrix.testTarget == 'local' working-directory: provider @@ -144,7 +144,7 @@ jobs: fail-fast: false matrix: language: -#{{ .Config.languages | toYaml | indent 10 }}# +#{{ .Config.Languages | toYaml | indent 10 }}# name: cron on: schedule: diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerelease.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerelease.yml index 2d5aba254..7564d14c5 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerelease.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerelease.yml @@ -2,7 +2,7 @@ env: IS_PRERELEASE: true -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: prerequisites: uses: ./.github/workflows/prerequisites.yml @@ -27,7 +27,7 @@ jobs: with: version: ${{ needs.prerequisites.outputs.version }} - #{{ if .Config.lint -}}# + #{{ if .Config.Lint -}}# lint: name: lint uses: ./.github/workflows/lint.yml @@ -48,7 +48,7 @@ jobs: - build_provider - test - license_check - #{{- range $action, $_ := .Config.extraTests }}# + #{{- range $action, $_ := .Config.ExtraTests }}# - #{{ $action }}# #{{- end }}# uses: ./.github/workflows/publish.yml @@ -65,30 +65,30 @@ jobs: permissions: contents: read id-token: write - runs-on: #{{ if .Config.runner.buildSdk }}##{{- .Config.runner.buildSdk }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: -#{{- if .Config.freeDiskSpaceBeforeTest }}# +#{{- if .Config.FreeDiskSpaceBeforeTest }}# # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: #{{ .Config.actionVersions.freeDiskSpace }}# + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# with: tool-cache: false swap-storage: false dotnet: false #{{- end }}# - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Setup tools uses: ./.github/actions/setup-tools with: - tools: pulumictl, pulumicli, #{{ range $index, $element := .Config.languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# + tools: pulumictl, pulumicli, #{{ range $index, $element := .Config.Languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# - name: Download bin uses: ./.github/actions/download-bin - name: Add NuGet source @@ -105,24 +105,24 @@ jobs: run: |- pip3 install virtualenv==20.0.23 pip3 install pipenv - #{{- if .Config.docker }}# + #{{- if .Config.Docker }}# - name: Run docker compose run: docker compose -f testing/docker-compose.yml up --build -d #{{- end }}# - #{{- if .Config.aws }}# + #{{- if .Config.AWS }}# - name: Configure AWS Credentials - uses: #{{ .Config.actionVersions.configureAwsCredentials }}# + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 - role-session-name: #{{ .Config.provider }}#@githubActions + role-session-name: #{{ .Config.Provider }}#@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} #{{- end }}# - #{{- if .Config.gcp }}# + #{{- if .Config.GCP }}# - name: Authenticate to Google Cloud - uses: #{{ .Config.actionVersions.googleAuth }}# + uses: #{{ .Config.ActionVersions.GoogleAuth }}# with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER @@ -130,27 +130,27 @@ jobs: env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: #{{ .Config.actionVersions.setupGcloud }}# + uses: #{{ .Config.ActionVersions.SetupGcloud }}# with: install_components: gke-gcloud-auth-plugin #{{- end }}# - #{{- if .Config.gcpRegistry }}# + #{{- if .Config.GCPRegistry }}# - name: Login to Google Cloud Registry run: gcloud --quiet auth configure-docker #{{- end }}# - #{{- if .Config.sshPrivateKey }}# + #{{- if .Config.SSHPrivateKey }}# - name: Setup SSH key uses: webfactory/ssh-agent@v0.7.0 with: - ssh-private-key: #{{ .Config.sshPrivateKey }}# + ssh-private-key: #{{ .Config.SSHPrivateKey }}# #{{- end }}# - #{{- if .Config.integrationTestProvider }}# + #{{- if .Config.IntegrationTestProvider }}# - name: Prepare upstream code run: make upstream #{{- end }}# - #{{- if index .Config "setup-script" }}# + #{{- if index .Config.SetupScript }}# - name: Run setup script - run: #{{ index .Config "setup-script" }}# + run: #{{ index .Config.SetupScript }}# #{{- end }}# - name: Install dependencies run: make install_${{ matrix.language}}_sdk @@ -159,10 +159,10 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} version: v2.5.0 -#{{- if .Config.actions.preTest }}# -#{{ .Config.actions.preTest | toYaml | indent 4 }}# +#{{- if .Config.Actions.PreTest }}# +#{{ .Config.Actions.PreTest | toYaml | indent 4 }}# #{{- end }}# - #{{- if .Config.integrationTestProvider }}# + #{{- if .Config.IntegrationTestProvider }}# - name: Run provider tests working-directory: provider run: go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . @@ -173,9 +173,9 @@ jobs: fail-fast: false matrix: language: -#{{ .Config.languages | toYaml | indent 8 }}# -#{{- if .Config.extraTests }}# -#{{ .Config.extraTests | toYaml | indent 2 }}# +#{{ .Config.Languages | toYaml | indent 8 }}# +#{{- if .Config.ExtraTests }}# +#{{ .Config.ExtraTests | toYaml | indent 2 }}# #{{ end }}# name: prerelease @@ -183,6 +183,6 @@ on: push: tags: - v*.*.*-** -#{{- if .Config.testMasterAndReleaseWorkflows }}# +#{{- if .Config.TestMasterAndReleaseWorkflows }}# pull_request: #{{ end }}# diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerequisites.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerequisites.yml index d8cf644c5..7133fe35c 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerequisites.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/prerequisites.yml @@ -18,29 +18,29 @@ on: value: ${{ jobs.prerequisites.outputs.version }} env: -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: prerequisites: name: prerequisites - runs-on: #{{ .Config.runner.prerequisites }}# + runs-on: #{{ .Config.Runner.Prerequisites }}# outputs: version: ${{ steps.provider-version.outputs.version }} steps: -#{{- if .Config.freeDiskSpaceBeforeBuild }}# +#{{- if .Config.FreeDiskSpaceBeforeBuild }}# # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: #{{ .Config.actionVersions.freeDiskSpace }}# + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# with: tool-cache: false swap-storage: false dotnet: false #{{- end }}# - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - uses: pulumi/provider-version-action@v1 @@ -59,8 +59,8 @@ jobs: uses: ./.github/actions/setup-tools with: tools: go, pulumictl, pulumicli, schema-tools -#{{- if .Config.actions.preBuild }}# -#{{ .Config.actions.preBuild | toYaml | indent 4 }}# +#{{- if .Config.Actions.PreBuild }}# +#{{ .Config.Actions.PreBuild | toYaml | indent 4 }}# #{{- end }}# - name: Build schema generator binary run: make tfgen_build_only @@ -78,12 +78,12 @@ jobs: EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) { echo "SCHEMA_CHANGES<<$EOF"; - schema-tools compare -r github://api.github.com/#{{ .Config.organization }}# -p #{{ .Config.provider }}# -o "${{ inputs.default_branch }}" -n --local-path=provider/cmd/pulumi-resource-#{{ .Config.provider }}#/schema.json; + schema-tools compare -r github://api.github.com/#{{ .Config.Organization }}# -p #{{ .Config.Provider }}# -o "${{ inputs.default_branch }}" -n --local-path=provider/cmd/pulumi-resource-#{{ .Config.Provider }}#/schema.json; echo "$EOF"; } >> "$GITHUB_ENV" - if: inputs.is_pr && inputs.is_automated == false name: Comment on PR with Details of Schema Check - uses: #{{ .Config.actionVersions.prComment }}# + uses: #{{ .Config.ActionVersions.PrComment }}# with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} comment_tag: schemaCheck @@ -93,12 +93,12 @@ jobs: Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes. -#{{- if .Config.enableConfigurationCheck }}# +#{{- if .Config.EnableConfigurationCheck }}# - if: inputs.is_pr name: Check Configuration section run: | sed -n '/## Configuration/,$p' README.md | sed -n '/## Reference/q;p' >> config_section.txt - jq -r '.config | select(.variables) | .variables | keys[]' < provider/cmd/pulumi-resource-#{{ .Config.provider }}#/schema.json >> keys.txt + jq -r '.config | select(.variables) | .variables | keys[]' < provider/cmd/pulumi-resource-#{{ .Config.Provider }}#/schema.json >> keys.txt EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) { echo "MISSING_CONFIG<<$EOF"; @@ -123,8 +123,8 @@ jobs: uses: ./.github/actions/upload-bin - name: Upload schema-embed.json - uses: #{{ .Config.actionVersions.uploadArtifact }}# + uses: #{{ .Config.ActionVersions.UploadArtifact }}# with: name: schema-embed.json - path: provider/cmd/pulumi-resource-#{{ .Config.provider }}#/schema-embed.json + path: provider/cmd/pulumi-resource-#{{ .Config.Provider }}#/schema-embed.json retention-days: 30 diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/publish.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/publish.yml index b63c413a6..7fb60fb59 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/publish.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/publish.yml @@ -17,12 +17,12 @@ on: env: IS_PRERELEASE: ${{ inputs.isPrerelease }} -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: publish: name: publish - runs-on: #{{ if .Config.runner.publish }}##{{- .Config.runner.publish }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# + runs-on: #{{ if .Config.Runner.Publish }}##{{- .Config.Runner.Publish }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# steps: - name: Validate prerelease if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) @@ -31,54 +31,54 @@ jobs: if: inputs.skipGoSdk && inputs.isPrerelease == false run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Setup tools uses: ./.github/actions/setup-tools with: tools: pulumictl, pulumicli, go, schema-tools -#{{- if .Config.publish.cdn }}# +#{{- if .Config.Publish.CDN }}# - name: Configure AWS Credentials - uses: #{{ .Config.actionVersions.configureAwsCredentials }}# + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 role-external-id: upload-pulumi-release - role-session-name: #{{ .Config.provider }}#@githubActions + role-session-name: #{{ .Config.Provider }}#@githubActions role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} #{{- end }}# - name: Create dist directory run: mkdir -p dist - name: Download provider assets - uses: #{{ .Config.actionVersions.downloadArtifact }}# + uses: #{{ .Config.ActionVersions.DownloadArtifact }}# with: - pattern: pulumi-resource-#{{ .Config.provider }}#-v${{ inputs.version }}-* + pattern: pulumi-resource-#{{ .Config.Provider }}#-v${{ inputs.version }}-* path: dist # Don't create a directory for each artifact merge-multiple: true - name: Calculate checksums working-directory: dist - run: shasum ./*.tar.gz > "pulumi-#{{ .Config.provider }}#_${{ inputs.version }}_checksums.txt" + run: shasum ./*.tar.gz > "pulumi-#{{ .Config.Provider }}#_${{ inputs.version }}_checksums.txt" - name: Get Schema Change Summary id: schema-summary shell: bash run: | # Get latest stable release. Return only first column from result (tag). - LAST_VERSION=$(gh release view --repo #{{ .Config.organization }}#/pulumi-#{{ .Config.provider }}# --json tagName -q .tagName || echo "No stable release" ) + LAST_VERSION=$(gh release view --repo #{{ .Config.Organization }}#/pulumi-#{{ .Config.Provider }}# --json tagName -q .tagName || echo "No stable release" ) { echo 'summary<> "$GITHUB_OUTPUT" -#{{- if .Config.publish.cdn }}# +#{{- if .Config.Publish.CDN }}# - name: Upload Provider Binaries run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive #{{- end }}# @@ -99,24 +99,24 @@ jobs: publish_sdk: name: publish_sdk needs: publish - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# # Persist credentials so we can push back to the repo persist-credentials: true - name: Setup tools uses: ./.github/actions/setup-tools with: - tools: pulumictl, pulumicli, #{{ range $index, $element := .Config.languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# + tools: pulumictl, pulumicli, #{{ range $index, $element := .Config.Languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# - name: Publish SDKs uses: pulumi/pulumi-package-publisher@v0.0.20 with: - sdk: #{{ .Config.publish.sdk }}# + sdk: #{{ .Config.Publish.SDK }}# version: ${{ inputs.version }} - name: Download Go SDK uses: ./.github/actions/download-sdk @@ -137,13 +137,13 @@ jobs: go/** !*.tar.gz -#{{- if .Config.publishRegistry }}# +#{{- if .Config.PublishRegistry }}# create_docs_build: name: create_docs_build needs: publish_sdk # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped if: inputs.isPrerelease == false - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - name: Dispatch Metadata build uses: peter-evans/repository-dispatch@v3 @@ -154,7 +154,7 @@ jobs: client-payload: |- { "project": "${{ github.repository }}", - "project-shortname": "#{{ .Config.provider }}#", + "project-shortname": "#{{ .Config.Provider }}#", "ref": "${{ github.ref_name }}" } #{{- end }}# @@ -163,15 +163,15 @@ jobs: name: Clean up release labels # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped if: inputs.isPrerelease == false - #{{ if .Config.publishRegistry -}}# + #{{ if .Config.PublishRegistry -}}# needs: create_docs_build #{{ else }}# needs: publish_sdk #{{- end }}# - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: persist-credentials: false - name: Clean up release labels diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/release.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/release.yml index 2329f3735..248218573 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/release.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/release.yml @@ -5,12 +5,12 @@ on: tags: - v*.*.* - "!v*.*.*-**" -#{{- if .Config.testMasterAndReleaseWorkflows }}# +#{{- if .Config.TestMasterAndReleaseWorkflows }}# pull_request: #{{ end }}# env: -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: prerequisites: uses: ./.github/workflows/prerequisites.yml @@ -35,7 +35,7 @@ jobs: with: version: ${{ needs.prerequisites.outputs.version }} - #{{ if .Config.lint -}}# + #{{ if .Config.Lint -}}# lint: name: lint uses: ./.github/workflows/lint.yml @@ -57,7 +57,7 @@ jobs: - build_provider - test - license_check - #{{- range $action, $_ := .Config.extraTests }}# + #{{- range $action, $_ := .Config.ExtraTests }}# - #{{ $action }}# #{{- end }}# uses: ./.github/workflows/publish.yml @@ -74,24 +74,24 @@ jobs: permissions: contents: read id-token: write - runs-on: #{{ if .Config.runner.buildSdk }}##{{- .Config.runner.buildSdk }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: -#{{- if .Config.freeDiskSpaceBeforeTest }}# +#{{- if .Config.FreeDiskSpaceBeforeTest }}# # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: #{{ .Config.actionVersions.freeDiskSpace }}# + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# with: tool-cache: false swap-storage: false dotnet: false #{{- end }}# - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Setup tools @@ -114,24 +114,24 @@ jobs: run: |- pip3 install virtualenv==20.0.23 pip3 install pipenv - #{{- if .Config.docker }}# + #{{- if .Config.Docker }}# - name: Run docker compose run: docker compose -f testing/docker-compose.yml up --build -d #{{- end }}# - #{{- if .Config.aws }}# + #{{- if .Config.AWS }}# - name: Configure AWS Credentials - uses: #{{ .Config.actionVersions.configureAwsCredentials }}# + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 - role-session-name: #{{ .Config.provider }}#@githubActions + role-session-name: #{{ .Config.Provider }}#@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} #{{- end }}# - #{{- if .Config.gcp }}# + #{{- if .Config.GCP }}# - name: Authenticate to Google Cloud - uses: #{{ .Config.actionVersions.googleAuth }}# + uses: #{{ .Config.ActionVersions.GoogleAuth }}# with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER @@ -139,27 +139,27 @@ jobs: env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: #{{ .Config.actionVersions.setupGcloud }}# + uses: #{{ .Config.ActionVersions.SetupGcloud }}# with: install_components: gke-gcloud-auth-plugin #{{- end }}# - #{{- if .Config.gcpRegistry }}# + #{{- if .Config.GCPRegistry }}# - name: Login to Google Cloud Registry run: gcloud --quiet auth configure-docker #{{- end }}# - #{{- if .Config.sshPrivateKey }}# + #{{- if .Config.SSHPrivateKey }}# - name: Setup SSH key uses: webfactory/ssh-agent@v0.7.0 with: - ssh-private-key: #{{ .Config.sshPrivateKey }}# + ssh-private-key: #{{ .Config.SSHPrivateKey }}# #{{- end }}# - #{{- if .Config.integrationTestProvider }}# + #{{- if .Config.IntegrationTestProvider }}# - name: Prepare upstream code run: make upstream #{{- end }}# - #{{- if index .Config "setup-script" }}# + #{{- if index .Config.SetupScript }}# - name: Run setup script - run: #{{ index .Config "setup-script" }}# + run: #{{ index .Config.SetupScript }}# #{{- end }}# - name: Install dependencies run: make install_${{ matrix.language}}_sdk @@ -168,10 +168,10 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} version: v2.5.0 -#{{- if .Config.actions.preTest }}# -#{{ .Config.actions.preTest | toYaml | indent 4 }}# +#{{- if .Config.Actions.PreTest }}# +#{{ .Config.Actions.PreTest | toYaml | indent 4 }}# #{{- end }}# - #{{- if .Config.integrationTestProvider }}# + #{{- if .Config.IntegrationTestProvider }}# - name: Run provider tests working-directory: provider run: go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . @@ -182,7 +182,7 @@ jobs: fail-fast: false matrix: language: -#{{ .Config.languages | toYaml | indent 8 }}# -#{{- if .Config.extraTests }}# -#{{ .Config.extraTests | toYaml | indent 2 }}# +#{{ .Config.Languages | toYaml | indent 8 }}# +#{{- if .Config.ExtraTests }}# +#{{ .Config.ExtraTests | toYaml | indent 2 }}# #{{ end }}# diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/resync-build.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/resync-build.yml index bec52713d..83fdaf5c6 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/resync-build.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/resync-build.yml @@ -1,24 +1,24 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt env: - PULUMI_EXTRA_MAPPING_ERROR: #{{ index .Config "fail-on-extra-mapping" }}# - PULUMI_MISSING_MAPPING_ERROR: #{{ index .Config "fail-on-missing-mapping" }}# -#{{ .Config.env | toYaml | indent 2 }}# + PULUMI_EXTRA_MAPPING_ERROR: #{{ .Config.FailOnExtraMapping }}# + PULUMI_MISSING_MAPPING_ERROR: #{{ .Config.FailOnMissingMapping }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: resync_build: name: resync-build - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# # Persist credentials so we can push a new branch. persist-credentials: true - name: Checkout repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: path: ci-mgmt repository: pulumi/ci-mgmt @@ -56,15 +56,15 @@ jobs: uses: peter-evans/create-pull-request@v3.12.0 with: author: pulumi-bot - base: #{{ .Config.providerDefaultBranch }}# + base: #{{ .Config.ProviderDefaultBranch }}# body: This pull request was generated automatically by the resync-build workflow in this repository. branch: pulumi-bot/resync-${{ github.run_id}} - commit-message: Resync build for pulumi-#{{ .Config.provider }}# + commit-message: Resync build for pulumi-#{{ .Config.Provider }}# committer: pulumi-bot labels: impact/no-changelog-required team-reviewers: platform-integrations - title: Fix up build for pulumi-#{{ .Config.provider }}# + title: Fix up build for pulumi-#{{ .Config.Provider }}# token: ${{ secrets.PULUMI_BOT_TOKEN }} name: Resync build on: diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/run-acceptance-tests.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/run-acceptance-tests.yml index f01a25c9c..fa0597718 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/run-acceptance-tests.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/run-acceptance-tests.yml @@ -12,7 +12,7 @@ on: env: PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# # This should cancel any previous runs of the same workflow on the same branch which are still running. concurrency: @@ -54,7 +54,7 @@ jobs: name: comment-notification permissions: pull-requests: write - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - id: run-url name: Create URL to the run output @@ -66,7 +66,7 @@ jobs: issue-number: ${{ github.event.client_payload.github.payload.issue.number }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} token: ${{ secrets.GITHUB_TOKEN }} - #{{ if .Config.lint -}}# + #{{ if .Config.Lint -}}# lint: if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository @@ -85,13 +85,13 @@ jobs: - test - build_provider - license_check - #{{- if .Config.lint }}# + #{{- if .Config.Lint }}# - lint #{{- end }}# - #{{- range $action, $_ := .Config.extraTests }}# + #{{- range $action, $_ := .Config.ExtraTests }}# - #{{ $action }}# #{{- end }}# - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 with: @@ -115,30 +115,30 @@ jobs: permissions: contents: read id-token: write - runs-on: #{{ if .Config.runner.buildSdk }}##{{- .Config.runner.buildSdk }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSdk }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: -#{{- if .Config.freeDiskSpaceBeforeTest }}# +#{{- if .Config.FreeDiskSpaceBeforeTest }}# # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: #{{ .Config.actionVersions.freeDiskSpace }}# + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# with: tool-cache: false swap-storage: false dotnet: false #{{- end }}# - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: ref: ${{ env.PR_COMMIT_SHA }} - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Checkout p/examples if: matrix.testTarget == 'pulumiExamples' - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: repository: pulumi/examples path: p-examples @@ -162,24 +162,24 @@ jobs: run: |- pip3 install virtualenv==20.0.23 pip3 install pipenv - #{{- if .Config.docker }}# + #{{- if .Config.Docker }}# - name: Run docker compose run: docker compose -f testing/docker-compose.yml up --build -d #{{- end }}# - #{{- if .Config.aws }}# + #{{- if .Config.AWS }}# - name: Configure AWS Credentials - uses: #{{ .Config.actionVersions.configureAwsCredentials }}# + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 - role-session-name: #{{ .Config.provider }}#@githubActions + role-session-name: #{{ .Config.Provider }}#@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} #{{- end }}# - #{{- if .Config.gcp }}# + #{{- if .Config.GCP }}# - name: Authenticate to Google Cloud - uses: #{{ .Config.actionVersions.googleAuth }}# + uses: #{{ .Config.ActionVersions.GoogleAuth }}# with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER @@ -187,27 +187,27 @@ jobs: env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: #{{ .Config.actionVersions.setupGcloud }}# + uses: #{{ .Config.ActionVersions.SetupGcloud }}# with: install_components: gke-gcloud-auth-plugin #{{- end }}# - #{{- if .Config.gcpRegistry }}# + #{{- if .Config.GCPRegistry }}# - name: Login to Google Cloud Registry run: gcloud --quiet auth configure-docker #{{- end }}# - #{{- if .Config.sshPrivateKey }}# + #{{- if .Config.SSHPrivateKey }}# - name: Setup SSH key uses: webfactory/ssh-agent@v0.7.0 with: - ssh-private-key: #{{ .Config.sshPrivateKey }}# + ssh-private-key: #{{ .Config.SSHPrivateKey }}# #{{- end }}# - #{{- if .Config.integrationTestProvider }}# + #{{- if .Config.IntegrationTestProvider }}# - name: Prepare upstream code run: make upstream #{{- end }}# - #{{- if index .Config "setup-script" }}# + #{{- if index .Config.SetupScript }}# - name: Run setup script - run: #{{ index .Config "setup-script" }}# + run: #{{ index .Config.setupScript }}# #{{- end }}# - name: Install dependencies run: make install_${{ matrix.language}}_sdk @@ -216,10 +216,10 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} version: v2.5.0 -#{{- if .Config.actions.preTest }}# -#{{ .Config.actions.preTest | toYaml | indent 4 }}# +#{{- if .Config.Actions.PreTest }}# +#{{ .Config.Actions.PreTest | toYaml | indent 4 }}# #{{- end }}# - #{{- if .Config.integrationTestProvider }}# + #{{- if .Config.IntegrationTestProvider }}# - name: Run provider tests if: matrix.testTarget == 'local' working-directory: provider @@ -235,8 +235,8 @@ jobs: fail-fast: false matrix: language: -#{{ .Config.languages | toYaml | indent 8 }}# - #{{- if .Config.testPulumiExamples }}# +#{{ .Config.Languages | toYaml | indent 8 }}# + #{{- if .Config.TestPulumiExamples }}# testTarget: [local, pulumiExamples] #{{- else }}# testTarget: [local] @@ -245,6 +245,6 @@ jobs: name: License Check uses: ./.github/workflows/license.yml secrets: inherit -#{{- if .Config.extraTests }}# -#{{ .Config.extraTests | toYaml | indent 2 }}# +#{{- if .Config.ExtraTests }}# +#{{ .Config.ExtraTests | toYaml | indent 2 }}# #{{ end }}# diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml index 4071e841e..a57f27609 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml @@ -55,31 +55,31 @@ env: jobs: upgrade_provider: name: upgrade-provider - runs-on: #{{ if .Config.runner.buildSdk }}##{{- .Config.runner.buildSdk }}##{{ else }}##{{- .Config.runner.default }}##{{ end }}# + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# steps: - #{{- if .Config.freeDiskSpaceBeforeBuild }}# + #{{- if .Config.FreeDiskSpaceBeforeBuild }}# # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: #{{ .Config.actionVersions.freeDiskSpace }}# + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# with: tool-cache: false swap-storage: false dotnet: false #{{- end }}# - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Setup tools uses: ./.github/actions/setup-tools with: - tools: pulumictl, pulumicli, #{{ range $index, $element := .Config.languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# + tools: pulumictl, pulumicli, #{{ range $index, $element := .Config.Languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# - name: Call upgrade provider action if: github.event_name == 'workflow_dispatch' - uses: #{{ .Config.actionVersions.upgradeProviderAction }}# + uses: #{{ .Config.ActionVersions.UpgradeProviderAction }}# with: kind: ${{ inputs.kind }} email: bot@pulumi.com @@ -87,15 +87,15 @@ jobs: automerge: ${{ inputs.automerge }} target-bridge-version: ${{ inputs.target-bridge-version }} target-pulumi-version: ${{ inputs.target-pulumi-version }} - #{{- if .Config.javaGenVersion }}# - target-java-version: #{{ .Config.javaGenVersion }}# + #{{- if .Config.JavaGenVersion }}# + target-java-version: #{{ .Config.JavaGenVersion }}# #{{- end }}# pr-reviewers: ${{ inputs.pr-reviewers }} pr-description: ${{ inputs.pr-description }} pr-title-prefix: ${{ inputs.pr-title-prefix }} - name: Call upgrade provider action if: github.event_name == 'repository_dispatch' - uses: #{{ .Config.actionVersions.upgradeProviderAction }}# + uses: #{{ .Config.ActionVersions.UpgradeProviderAction }}# with: kind: ${{ github.event.client_payload.kind || 'bridge' }} email: bot@pulumi.com diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-provider.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-provider.yml index 35396c662..b3fc44ce7 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-provider.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-provider.yml @@ -1,4 +1,3 @@ -#{{ if .Config.checkUpstreamUpgrade -}}# # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt name: Upgrade provider @@ -8,7 +7,7 @@ on: version: description: | The version of the upstream provider to upgrade to, without the 'v' prefix - + If no version is specified, it will be inferred from the upstream provider's release tags. required: false type: string @@ -22,29 +21,30 @@ env: jobs: upgrade_provider: name: upgrade-provider - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# + if: #{{ .Config.CheckUpstreamUpgrade }}# steps: - #{{- if .Config.freeDiskSpaceBeforeBuild }}# + #{{- if .Config.FreeDiskSpaceBeforeBuild }}# # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: #{{ .Config.actionVersions.freeDiskSpace }}# + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# with: tool-cache: false swap-storage: false dotnet: false #{{- end }}# - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# # Persist credentials so upgrade-provider can push a new branch. persist-credentials: true - name: Setup tools uses: ./.github/actions/setup-tools with: - tools: pulumictl, pulumicli, #{{ range $index, $element := .Config.languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# + tools: pulumictl, pulumicli, #{{ range $index, $element := .Config.Languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# - name: Install upgrade-provider run: go install github.com/pulumi/upgrade-provider@main shell: bash @@ -70,6 +70,5 @@ jobs: - name: Attempt provider upgrade # Only attempt the upgrade if we have a target version if: steps.target_version.outputs.version != '' - run: upgrade-provider "${{ github.repository }}" --kind="all" --target-version="${{ steps.target_version.outputs.version }}" #{{ if .Config.javaGenVersion }}#--java-version="#{{ .Config.javaGenVersion }}#"#{{ end }}# + run: upgrade-provider "${{ github.repository }}" --kind="all" --target-version="${{ steps.target_version.outputs.version }}" #{{ if .Config.JavaGenVersion }}#--java-version="#{{ .Config.JavaGenVersion }}#"#{{ end }}# shell: bash -#{{ end }}# \ No newline at end of file diff --git a/provider-ci/internal/pkg/templates/bridged-provider/Makefile b/provider-ci/internal/pkg/templates/bridged-provider/Makefile index a51046432..c874dde6c 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/Makefile +++ b/provider-ci/internal/pkg/templates/bridged-provider/Makefile @@ -1,10 +1,10 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt -PACK := #{{ .Config.provider }}# -ORG := #{{ .Config.organization }}# +PACK := #{{ .Config.Provider }}# +ORG := #{{ .Config.Organization }}# PROJECT := github.com/$(ORG)/pulumi-$(PACK) -#{{- if ge (index .Config "major-version") 2 }}# -PROVIDER_PATH := provider/v#{{ index .Config "major-version" }}# +#{{- if ge .Config.MajorVersion 2 }}# +PROVIDER_PATH := provider/v#{{ .Config.MajorVersion }}# #{{- else }}# PROVIDER_PATH := provider #{{- end }}# @@ -14,12 +14,12 @@ PROVIDER := pulumi-resource-$(PACK) JAVA_GEN := pulumi-java-gen TESTPARALLELISM := 10 WORKING_DIR := $(shell pwd) -#{{- if .Config.goBuildParallelism }}# -PULUMI_PROVIDER_BUILD_PARALLELISM ?= -p #{{ .Config.goBuildParallelism }}# +#{{- if .Config.GoBuildParallelism }}# +PULUMI_PROVIDER_BUILD_PARALLELISM ?= -p #{{ .Config.GoBuildParallelism }}# #{{- else }}# PULUMI_PROVIDER_BUILD_PARALLELISM ?= #{{- end }}# -#{{- if .Config.pulumiConvert }}# +#{{- if .Config.PulumiConvert }}# PULUMI_CONVERT := 1 #{{- else }}# PULUMI_CONVERT := 0 @@ -28,24 +28,24 @@ PULUMI_MISSING_DOCS_ERROR := true # Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable # Local & branch builds will just used this fixed default version unless specified -PROVIDER_VERSION ?= #{{ index .Config "major-version" }}#.0.0-alpha.0+dev +PROVIDER_VERSION ?= #{{ .Config.MajorVersion }}#.0.0-alpha.0+dev # Use this normalised version everywhere rather than the raw input to ensure consistency. VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version "$(PROVIDER_VERSION)") -LDFLAGS_PROJ_VERSION=-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC)#{{if .Config.providerVersion}}# -X #{{ .Config.providerVersion }}#=$(VERSION_GENERIC)#{{end}}# -#{{- if .Config.providerVersion }}# -LDFLAGS_UPSTREAM_VERSION=-X #{{ .Config.providerVersion }}#=v$(VERSION_GENERIC) +LDFLAGS_PROJ_VERSION=-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC)#{{if .Config.ProviderVersion}}# -X #{{ .Config.ProviderVersion }}#=$(VERSION_GENERIC)#{{end}}# +#{{- if .Config.ProviderVersion }}# +LDFLAGS_UPSTREAM_VERSION=-X #{{ .Config.ProviderVersion }}#=v$(VERSION_GENERIC) #{{- else }}# LDFLAGS_UPSTREAM_VERSION= #{{- end }}# -LDFLAGS_EXTRAS=#{{- range (index .Config "extra-ld-flags") }}# #{{ . }}# #{{- end }}# +LDFLAGS_EXTRAS=#{{- range .Config.ExtraLDFlags }}# #{{ . }}# #{{- end }}# LDFLAGS=$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_UPSTREAM_VERSION) $(LDFLAGS_EXTRAS) development: install_plugins provider build_sdks install_sdks build: install_plugins provider build_sdks install_sdks -build_sdks: #{{ range .Config.languages }}#build_#{{ . }}# #{{ end }}##{{- if .Config.registryDocs }}#build_registry_docs#{{- end }}# +build_sdks: #{{ range .Config.Languages }}#build_#{{ . }}# #{{ end }}##{{- if .Config.RegistryDocs }}#build_registry_docs#{{- end }}# install_go_sdk: @@ -111,7 +111,7 @@ build_python: upstream ./venv/bin/python -m pip install build==1.2.1 && \ cd ./bin && \ ../venv/bin/python -m build . -#{{- if .Config.registryDocs }}# +#{{- if .Config.RegistryDocs }}# # Run the bridge's registry-docs command to generated the content of the installation docs/ folder at provider repo root build_registry_docs: @@ -125,10 +125,10 @@ cleanup: rm -r $(WORKING_DIR)/bin rm -f provider/cmd/$(PROVIDER)/schema.go -#{{- if .Config.docsCmd }}# +#{{- if .Config.DocsCmd }}# docs: - #{{ .Config.docsCmd }}# + #{{ .Config.DocsCmd }}# #{{- end }}# help: @@ -146,8 +146,8 @@ install_nodejs_sdk: install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi install_plugins: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) install_plugins: .pulumi/bin/pulumi - #{{- range .Config.plugins }}# - .pulumi/bin/pulumi plugin install #{{ or .kind "resource" }}# #{{ .name }}# #{{ .version }}# + #{{- range .Config.Plugins }}# + .pulumi/bin/pulumi plugin install #{{ or .Kind "resource" }}# #{{ .Name }}# #{{ .Version }}# #{{- end }}# lint_provider: provider @@ -159,7 +159,7 @@ lint_provider.fix: cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml --fix # `make provider_no_deps` builds the provider binary directly, without ensuring that -# `cmd/pulumi-resource-#{{ .Config.provider }}#/schema.json` is valid and up to date. +# `cmd/pulumi-resource-#{{ .Config.Provider }}#/schema.json` is valid and up to date. # To create a release ready binary, you should use `make provider`. provider_no_deps: (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "$(LDFLAGS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)) @@ -176,7 +176,7 @@ test_provider: @echo "" cd provider && go test -v -short ./... -parallel $(TESTPARALLELISM) -tfgen: install_plugins upstream#{{ if .Config.docsCmd }}# docs#{{ end }}# tfgen_no_deps +tfgen: install_plugins upstream#{{ if .Config.DocsCmd }}# docs#{{ end }}# tfgen_no_deps tfgen_no_deps: export PULUMI_HOME := $(WORKING_DIR)/.pulumi tfgen_no_deps: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) @@ -217,7 +217,7 @@ ci-mgmt: .ci-mgmt.yaml go run github.com/pulumi/ci-mgmt/provider-ci@master generate \ --name $(ORG)/pulumi-$(PACK) \ --out . \ - --template #{{ .Config.template }}# \ + --template #{{ .Config.Template }}# \ --config $< # Because some codegen depends on the version of the CLI used, we install a local CLI @@ -243,7 +243,7 @@ ci-mgmt: .ci-mgmt.yaml debug_tfgen: dlv --listen=:2345 --headless=true --api-version=2 exec $(WORKING_DIR)/bin/$(TFGEN) -- schema --out provider/cmd/$(PROVIDER) -.PHONY: development build build_sdks install_go_sdk install_java_sdk install_python_sdk install_sdks only_build build_dotnet build_go build_java build_nodejs build_python clean cleanup#{{ if .Config.docsCmd }}# docs#{{end}}# help install_dotnet_sdk install_nodejs_sdk install_plugins lint_provider provider provider_no_deps test tfgen upstream ci-mgmt test_provider debug_tfgen tfgen_build_only +.PHONY: development build build_sdks install_go_sdk install_java_sdk install_python_sdk install_sdks only_build build_dotnet build_go build_java build_nodejs build_python clean cleanup#{{ if .Config.DocsCmd }}# docs#{{end}}# help install_dotnet_sdk install_nodejs_sdk install_plugins lint_provider provider provider_no_deps test tfgen upstream ci-mgmt test_provider debug_tfgen tfgen_build_only # Provider cross-platform build & packaging diff --git a/provider-ci/internal/pkg/templates/defaults.config.yaml b/provider-ci/internal/pkg/templates/defaults.config.yaml index 8c12d2bae..6c9d62aeb 100644 --- a/provider-ci/internal/pkg/templates/defaults.config.yaml +++ b/provider-ci/internal/pkg/templates/defaults.config.yaml @@ -44,7 +44,7 @@ lint: true # Currently set in around 17 repos: https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22providerDefaultBranch%3A%22&type=code providerDefaultBranch: master -# Sets PULUMI_MISSING_MAPPING_ERROR and PULUMI_EXTRA_MAPPING_ERROR in resync-build +# Sets PULUMI_MISSING_MAPPING_ERROR in resync-build # Used in alicloud only: https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22fail-on-missing-mapping%3A%22&type=code fail-on-missing-mapping: true # Not used: https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22fail-on-extra-mapping%3A%22&type=code @@ -127,7 +127,8 @@ env: # actions can contain preBuild and preTest additional steps to be spliced into workflows. # The use of these hooks vary - quite a few just build upstream and run provider tests. # Usage: https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22actions%3A%22&type=code -actions: {} +actions: + {} # preBuild: # - Your action here # preTest: @@ -188,13 +189,12 @@ registryDocs: false # checkUpstreamUpgrade determines whether we run the upstream upgrade job for bridged providers. # Set to false for providers that cannot be upgraded, e.g. because of archived upstream or a license conflict. checkUpstreamUpgrade: true - # Set a path for each language example to enable the test # releaseVerification: - # nodejs: examples/simple-nodejs - # python: examples/simple-python - # dotnet: examples/simple-dotnet - # go: exampels/simple-go +# nodejs: examples/simple-nodejs +# python: examples/simple-python +# dotnet: examples/simple-dotnet +# go: exampels/simple-go # List of extra flags used in Makefile. # Only used by newrelic: https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22extra-ld-flags%22&type=code @@ -205,6 +205,8 @@ checkUpstreamUpgrade: true # Used in 5 providers: https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22goBuildParallelism%22&type=code #goBuildParallelism: 1 +shards: 10 + # Sets PULUMI_CONVERT to 1 if truthy # Is set to "1" in 74 providers: https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22pulumiConvert%22&type=code #pulumiConvert: false @@ -245,12 +247,6 @@ checkUpstreamUpgrade: true # Used in 11 providers: https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22generate-nightly-test-workflow%3A%22&type=code #generate-nightly-test-workflow: false -# List of objects with `name` and `version` properties for the devbox packages. -# Unused: https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22nixpkgs%3A%22&type=code -#nixpkgs: -# - name: foo -# version: 1.2.3 - # Package paths to ignore when running the license check #license: # ignore: diff --git a/provider-ci/internal/pkg/templates/dev-container/devbox.json b/provider-ci/internal/pkg/templates/dev-container/devbox.json index 1d81d0eb7..07d537a36 100644 --- a/provider-ci/internal/pkg/templates/dev-container/devbox.json +++ b/provider-ci/internal/pkg/templates/dev-container/devbox.json @@ -1,15 +1,12 @@ { "packages": [ - #{{- range .Config.nixpkgs }}# - "#{{ .name }}#@#{{ .version }}#", - #{{- end }}# "yarn@latest", "pulumictl@latest", - "go@#{{ trimAll "x" .Config.toolVersions.go }}#", - "nodejs@#{{ trimAll "x" .Config.toolVersions.nodejs }}#", - "python3@#{{ trimAll "x" .Config.toolVersions.python }}#", - "dotnet-sdk@#{{ trimAll "x" .Config.toolVersions.dotnet }}#", - "gradle_7@#{{ trimAll "x" .Config.toolVersions.gradle }}#", + "go@#{{ trimAll "x" .Config.ToolVersions.Go }}#", + "nodejs@#{{ trimAll "x" .Config.ToolVersions.Nodejs }}#", + "python3@#{{ trimAll "x" .Config.ToolVersions.Python }}#", + "dotnet-sdk@#{{ trimAll "x" .Config.ToolVersions.Dotnet }}#", + "gradle_7@#{{ trimAll "x" .Config.ToolVersions.Gradle }}#", "curl@8" ], "shell": { diff --git a/provider-ci/internal/pkg/templates/generic/.github/actions/download-bin/action.yml b/provider-ci/internal/pkg/templates/generic/.github/actions/download-bin/action.yml new file mode 100644 index 000000000..f925c0436 --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/actions/download-bin/action.yml @@ -0,0 +1,16 @@ +name: Download binary assets +description: Downloads the provider and tfgen binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Download provider + tfgen binaries + uses: #{{ .Config.ActionVersions.DownloadArtifact }}# + with: + name: #{{ .Config.Provider }}#-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + shell: bash + run: | + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin + find ${{ github.workspace }} -name "pulumi-*-#{{ .Config.Provider }}#" -print -exec chmod +x {} \; diff --git a/provider-ci/internal/pkg/templates/generic/.github/actions/upload-bin/action.yml b/provider-ci/internal/pkg/templates/generic/.github/actions/upload-bin/action.yml new file mode 100644 index 000000000..d3bcea14d --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/actions/upload-bin/action.yml @@ -0,0 +1,15 @@ +name: Upload bin assets +description: Uploads the provider binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Tar provider binaries + shell: bash + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-#{{ .Config.Provider }}# + - name: Upload artifacts + uses: #{{ .Config.ActionVersions.UploadArtifact }}# + with: + name: #{{ .Config.Provider }}#-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + retention-days: 30 diff --git a/provider-ci/internal/pkg/templates/generic/.github/workflows/build_provider.yml b/provider-ci/internal/pkg/templates/generic/.github/workflows/build_provider.yml new file mode 100644 index 000000000..d8c528c4a --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/workflows/build_provider.yml @@ -0,0 +1,67 @@ +name: "Build Provider" + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: Version of the provider to build + +jobs: + build_provider: + name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }} + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# + env: + PROVIDER_VERSION: ${{ inputs.version }} + strategy: + fail-fast: true + matrix: + platform: + - os: linux + arch: amd64 + - os: linux + arch: arm64 + - os: darwin + arch: amd64 + - os: darwin + arch: arm64 + - os: windows + arch: amd64 + steps: + #{{- if .Config.FreeDiskSpaceBeforeBuild }}# + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# + with: + tool-cache: false + swap-storage: false + dotnet: false + #{{- end }}# + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# + #{{- end }}# + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, go + - name: Download schema-embed.json + uses: #{{ .Config.ActionVersions.DownloadArtifact }}# + with: + # Use a pattern to avoid failing if the artifact doesn't exist + pattern: schema-embed.* + # Avoid creating directories for each artifact + merge-multiple: true + path: provider/cmd/pulumi-resource-#{{ .Config.Provider }}#/schema-embed.json + - name: Build & package provider + run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} + - name: Upload artifacts + uses: #{{ .Config.ActionVersions.UploadArtifact }}# + with: + name: pulumi-resource-#{{ .Config.Provider }}#-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + path: dist/pulumi-resource-#{{ .Config.Provider }}#-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + retention-days: 30 diff --git a/provider-ci/internal/pkg/templates/generic/.github/workflows/build_sdk.yml b/provider-ci/internal/pkg/templates/generic/.github/workflows/build_sdk.yml new file mode 100644 index 000000000..5191f0430 --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/workflows/build_sdk.yml @@ -0,0 +1,70 @@ +name: "Build SDK" + +on: + workflow_call: + inputs: + version: + required: true + type: string + +env: +#{{ .Config.Env | toYaml | indent 2 }}# + PROVIDER_VERSION: ${{ inputs.version }} + +jobs: + build_sdk: + name: build_sdk + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# + strategy: + fail-fast: true + matrix: + language: +#{{ .Config.Languages | toYaml | indent 8 }}# + steps: + #{{- if .Config.FreeDiskSpaceBeforeSdkBuild }}# + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# + with: + tool-cache: false + swap-storage: false + dotnet: false + #{{- end }}# + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# + #{{- end }}# + persist-credentials: false + - name: Cache examples generation + uses: actions/cache@v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Install plugins + run: make install_plugins + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + uses: pulumi/git-status-check-action@v1 + with: + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Upload SDK + uses: ./.github/actions/upload-sdk + with: + language: ${{ matrix.language }} diff --git a/provider-ci/internal/pkg/templates/generic/.github/workflows/license.yml b/provider-ci/internal/pkg/templates/generic/.github/workflows/license.yml new file mode 100644 index 000000000..60cf36f2a --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/workflows/license.yml @@ -0,0 +1,48 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: license_check + +on: + workflow_call: + inputs: {} + +env: +#{{ .Config.Env | toYaml | indent 2 }}# + +jobs: + license_check: + name: License Check + runs-on: #{{ .Config.Runner.Default }}# + steps: + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go + - uses: pulumi/license-check-action@main + with: + module-path: provider + ignore-modules: >- + #{{ range $ignore := .Config.License.Ignore }}# + #{{- $ignore -}}#, + #{{ end -}}# + github.com/aead/chacha20, + github.com/apache/arrow/go/v12, + github.com/apache/thrift/lib/go/thrift, + github.com/cloudflare/circl, + github.com/golang, + github.com/gorhill/cronexpr, + github.com/in-toto/in-toto-golang, + github.com/jmespath/go-jmespath, + github.com/keybase/go-crypto, + github.com/klauspost/compress, + github.com/mattn/go-localereader, + github.com/modern-go/reflect2, + github.com/pierrec/lz4, + github.com/pjbgf/sha1cd, + github.com/pulumi, + github.com/segmentio/asm, + golang.org diff --git a/provider-ci/internal/pkg/templates/generic/.github/workflows/main.yml b/provider-ci/internal/pkg/templates/generic/.github/workflows/main.yml new file mode 100644 index 000000000..747e1deef --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/workflows/main.yml @@ -0,0 +1,183 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: +#{{ .Config.Env | toYaml | indent 2 }}# +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + #{{ if .Config.Lint -}}# + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + #{{ end -}}# + + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + skipGoSdk: true + + tag_release_if_labeled_needs_release: + name: Tag release if labeled as needs-release + needs: publish + runs-on: #{{ .Config.Runner.Default }}# + steps: + - name: check if this commit needs release + if: ${{ env.RELEASE_BOT_ENDPOINT != '' }} + uses: pulumi/action-release-by-pr-label@main + with: + command: "release-if-needed" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} + env: + RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} + RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + #{{- if .Config.FreeDiskSpaceBeforeTest }}# + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# + with: + tool-cache: false + swap-storage: false + dotnet: false + #{{- end }}# + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# + #{{- end }}# + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + #{{- if .Config.Docker }}# + - name: Run docker compose + run: docker compose -f testing/docker-compose.yml up --build -d + #{{- end }}# + #{{- if .Config.AWS }}# + - name: Configure AWS Credentials + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: #{{ .Config.Provider }}#@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + #{{- end }}# + #{{- if .Config.GCP }}# + - name: Authenticate to Google Cloud + uses: #{{ .Config.ActionVersions.GoogleAuth }}# + with: + service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} + workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER + }}/locations/global/workloadIdentityPools/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} + - name: Setup gcloud auth + uses: #{{ .Config.ActionVersions.SetupGcloud }}# + with: + install_components: gke-gcloud-auth-plugin + #{{- end }}# + #{{- if .Config.GCPRegistry }}# + - name: Login to Google Cloud Registry + run: gcloud --quiet auth configure-docker + #{{- end }}# + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - name: Run example tests + run: make test_${{ matrix.language }} + strategy: + fail-fast: false + matrix: + language: +#{{ .Config.Languages | toYaml | indent 8 }}# +name: #{{ .Config.ProviderDefaultBranch }}# +on: + workflow_dispatch: {} + push: + branches: + - #{{ .Config.ProviderDefaultBranch }}# + paths-ignore: + - "**.md" + tags-ignore: + - v* + - sdk/* + - "**" +#{{- if .Config.TestMasterAndReleaseWorkflows }}# + pull_request: +#{{ end }}# diff --git a/provider-ci/internal/pkg/templates/generic/.github/workflows/nightly-test.yml b/provider-ci/internal/pkg/templates/generic/.github/workflows/nightly-test.yml new file mode 100644 index 000000000..53b8e552b --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/workflows/nightly-test.yml @@ -0,0 +1,124 @@ +#{{ if index .Config.GenerateNightlyTestWorkflow -}}# +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: +#{{ .Config.Env | toYaml | indent 2 }}# +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: +#{{- if .Config.FreeDiskSpaceBeforeTest }}# + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# + with: + tool-cache: false + swap-storage: false + dotnet: false +#{{- end }}# + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# + #{{- end }}# + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language}} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + #{{- if .Config.Docker }}# + - name: Run docker compose + run: docker compose -f testing/docker-compose.yml up --build -d + #{{- end }}# + #{{- if .Config.AWS }}# + - name: Configure AWS Credentials + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: #{{ .Config.provider }}#@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + #{{- end }}# + #{{- if .Config.GCP }}# + - name: Authenticate to Google Cloud + uses: #{{ .Config.ActionVersions.GoogleAuth }}# + with: + service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} + workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER + }}/locations/global/workloadIdentityPools/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} + - name: Setup gcloud auth + uses: #{{ .Config.ActionVersions.SetupGcloud }}# + with: + install_components: gke-gcloud-auth-plugin + #{{- end }}# + #{{- if .Config.GCPRegistry }}# + - name: Login to Google Cloud Registry + run: gcloud --quiet auth configure-docker + #{{- end }}# + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Run example tests + run: make test_${{ matrix.language }} # TODO: Use test_shard. + strategy: + fail-fast: false + matrix: + language: +#{{ .Config.Languages | toYaml | indent 10 }}# +name: cron +on: + schedule: + - cron: 0 6 * * * +#{{ end -}}# diff --git a/provider-ci/internal/pkg/templates/generic/.github/workflows/prerelease.yml b/provider-ci/internal/pkg/templates/generic/.github/workflows/prerelease.yml new file mode 100644 index 000000000..c2163c421 --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/workflows/prerelease.yml @@ -0,0 +1,155 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + IS_PRERELEASE: true +#{{ .Config.Env | toYaml | indent 2 }}# +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + #{{ if .Config.Lint -}}# + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + #{{ end -}}# + + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: +#{{- if .Config.FreeDiskSpaceBeforeTest }}# + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# + with: + tool-cache: false + swap-storage: false + dotnet: false +#{{- end }}# + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# + #{{- end }}# + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, #{{ range $index, $element := .Config.Languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + #{{- if .Config.Docker }}# + - name: Run docker compose + run: docker compose -f testing/docker-compose.yml up --build -d + #{{- end }}# + #{{- if .Config.AWS }}# + - name: Configure AWS Credentials + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: #{{ .Config.Provider }}#@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + #{{- end }}# + #{{- if .Config.GCP }}# + - name: Authenticate to Google Cloud + uses: #{{ .Config.ActionVersions.GoogleAuth }}# + with: + service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} + workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER + }}/locations/global/workloadIdentityPools/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} + - name: Setup gcloud auth + uses: #{{ .Config.ActionVersions.SetupGcloud }}# + with: + install_components: gke-gcloud-auth-plugin + #{{- end }}# + #{{- if .Config.GCPRegistry }}# + - name: Login to Google Cloud Registry + run: gcloud --quiet auth configure-docker + #{{- end }}# + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Run example tests + run: make test_${{ matrix.language }} + strategy: + fail-fast: false + matrix: + language: +#{{ .Config.Languages | toYaml | indent 8 }}# + +name: prerelease +on: + push: + tags: + - v*.*.*-** +#{{- if .Config.TestMasterAndReleaseWorkflows }}# + pull_request: +#{{ end }}# diff --git a/provider-ci/internal/pkg/templates/generic/.github/workflows/prerequisites.yml b/provider-ci/internal/pkg/templates/generic/.github/workflows/prerequisites.yml new file mode 100644 index 000000000..2ceb6c32d --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/workflows/prerequisites.yml @@ -0,0 +1,130 @@ +name: "Prerequisites" + +on: + workflow_call: + inputs: + is_pr: + type: boolean + required: true + is_automated: + type: boolean + required: true + default_branch: + type: string + required: true + outputs: + version: + description: "Provider version being built" + value: ${{ jobs.prerequisites.outputs.version }} + +env: +#{{ .Config.Env | toYaml | indent 2 }}# + +jobs: + prerequisites: + name: prerequisites + runs-on: #{{ .Config.Runner.Prerequisites }}# + outputs: + version: ${{ steps.provider-version.outputs.version }} + steps: +#{{- if .Config.FreeDiskSpaceBeforeBuild }}# + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# + with: + tool-cache: false + swap-storage: false + dotnet: false +#{{- end }}# + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# + #{{- end }}# + persist-credentials: false + - uses: pulumi/provider-version-action@v1 + id: provider-version + with: + set-env: 'PROVIDER_VERSION' + - name: Cache examples generation + uses: actions/cache@v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go, pulumictl, pulumicli, schema-tools +#{{- if .Config.Actions.PreBuild }}# +#{{ .Config.Actions.PreBuild | toYaml | indent 4 }}# +#{{- end }}# + - name: Install plugins + run: make install_plugins + - name: Generate schema + run: make schema + - name: Build provider binary + run: make provider + - name: Unit-test provider code + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: inputs.is_pr + name: Check Schema is Valid + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + { + echo "SCHEMA_CHANGES<<$EOF"; + schema-tools compare -r github://api.github.com/#{{ .Config.Organization }}# -p #{{ .Config.Provider }}# -o "${{ inputs.default_branch }}" -n --local-path=provider/cmd/pulumi-resource-#{{ .Config.Provider }}#/schema.json; + echo "$EOF"; + } >> "$GITHUB_ENV" + - if: inputs.is_pr && inputs.is_automated == false + name: Comment on PR with Details of Schema Check + uses: #{{ .Config.ActionVersions.PrComment }}# + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + comment_tag: schemaCheck + message: >+ + ${{ env.SCHEMA_CHANGES }} + + + Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes. + +#{{- if .Config.EnableConfigurationCheck }}# + - if: inputs.is_pr + name: Check Configuration section + run: | + sed -n '/## Configuration/,$p' README.md | sed -n '/## Reference/q;p' >> config_section.txt + jq -r '.config | select(.variables) | .variables | keys[]' < provider/cmd/pulumi-resource-#{{ .Config.Provider }}#/schema.json >> keys.txt + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + { + echo "MISSING_CONFIG<<$EOF"; + xargs -I {} sh -c "grep -q {} config_section.txt || echo \\\`{}\\\` not found in Configuration section" < keys.txt + echo "$EOF"; + } >> "$GITHUB_ENV" + + - if: inputs.is_pr && inputs.is_automated == false + name: Check for missing config + run: | + if [ ! -z "${{ env.MISSING_CONFIG }}" ]; then + cat < "pulumi-#{{ .Config.Provider }}#_${{ inputs.version }}_checksums.txt" + - name: Get Schema Change Summary + id: schema-summary + shell: bash + run: | + # Get latest stable release. Return only first column from result (tag). + LAST_VERSION=$(gh release view --repo #{{ .Config.Organization }}#/pulumi-#{{ .Config.Provider }}# --json tagName -q .tagName || echo "No stable release" ) + { + echo 'summary<> "$GITHUB_OUTPUT" +#{{- if .Config.Publish.CDN }}# + - name: Upload Provider Binaries + run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive +#{{- end }}# + - name: Create GH Release + uses: softprops/action-gh-release@v1 + if: inputs.isPrerelease == false + with: + tag_name: v${{ inputs.version }} + prerelease: ${{ inputs.isPrerelease }} + # We keep pre-releases as drafts so they're not visible until we manually publish them. + draft: ${{ inputs.isPrerelease }} + body: ${{ steps.schema-summary.outputs.summary }} + generate_release_notes: true + files: dist/* + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + publish_sdk: + name: publish_sdk + needs: publish + runs-on: #{{ .Config.Runner.Default }}# + steps: + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# + #{{- end }}# + # Persist credentials so we can push back to the repo + persist-credentials: true + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, #{{ range $index, $element := .Config.Languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# + - name: Publish SDKs + uses: pulumi/pulumi-package-publisher@v0.0.20 + with: + sdk: #{{ .Config.Publish.SDK }}# + version: ${{ inputs.version }} + - name: Download Go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - uses: pulumi/publish-go-sdk-action@v1 + if: inputs.skipGoSdk == false + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ inputs.version }} + additive: false + # Avoid including other language SDKs & artifacts in the commit + files: | + go.* + go/** + !*.tar.gz + +#{{- if .Config.PublishRegistry }}# + create_docs_build: + name: create_docs_build + needs: publish_sdk + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + runs-on: #{{ .Config.Runner.Default }}# + steps: + - name: Dispatch Metadata build + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: pulumi/registry + event-type: resource-provider + client-payload: |- + { + "project": "${{ github.repository }}", + "project-shortname": "#{{ .Config.Provider }}#", + "ref": "${{ github.ref_name }}" + } +#{{- end }}# + + clean_up_release_labels: + name: Clean up release labels + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + #{{ if .Config.PublishRegistry -}}# + needs: create_docs_build + #{{ else }}# + needs: publish_sdk + #{{- end }}# + runs-on: #{{ .Config.Runner.Default }}# + steps: + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + persist-credentials: false + - name: Clean up release labels + uses: pulumi/action-release-by-pr-label@main + with: + command: "clean-up-release-labels" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/provider-ci/internal/pkg/templates/generic/.github/workflows/release.yml b/provider-ci/internal/pkg/templates/generic/.github/workflows/release.yml new file mode 100644 index 000000000..99ee48bce --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/workflows/release.yml @@ -0,0 +1,155 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: release +on: + push: + tags: + - v*.*.* + - "!v*.*.*-**" +#{{- if .Config.TestMasterAndReleaseWorkflows }}# + pull_request: +#{{ end }}# + +env: +#{{ .Config.Env | toYaml | indent 2 }}# +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + #{{ if .Config.Lint -}}# + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + #{{ end -}}# + + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + pull-requests: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: false + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: +#{{- if .Config.FreeDiskSpaceBeforeTest }}# + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# + with: + tool-cache: false + swap-storage: false + dotnet: false +#{{- end }}# + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# + #{{- end }}# + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + #{{- if .Config.Docker }}# + - name: Run docker compose + run: docker compose -f testing/docker-compose.yml up --build -d + #{{- end }}# + #{{- if .Config.AWS }}# + - name: Configure AWS Credentials + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: #{{ .Config.Provider }}#@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + #{{- end }}# + #{{- if .Config.GCP }}# + - name: Authenticate to Google Cloud + uses: #{{ .Config.ActionVersions.GoogleAuth }}# + with: + service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} + workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER + }}/locations/global/workloadIdentityPools/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} + - name: Setup gcloud auth + uses: #{{ .Config.ActionVersions.SetupGcloud }}# + with: + install_components: gke-gcloud-auth-plugin + #{{- end }}# + #{{- if .Config.GCPRegistry }}# + - name: Login to Google Cloud Registry + run: gcloud --quiet auth configure-docker + #{{- end }}# + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Run example tests + run: make test_${{ matrix.language }} + strategy: + fail-fast: false + matrix: + language: +#{{ .Config.Languages | toYaml | indent 8 }}# diff --git a/provider-ci/internal/pkg/templates/generic/.github/workflows/resync-build.yml b/provider-ci/internal/pkg/templates/generic/.github/workflows/resync-build.yml new file mode 100644 index 000000000..83fdaf5c6 --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/workflows/resync-build.yml @@ -0,0 +1,77 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + PULUMI_EXTRA_MAPPING_ERROR: #{{ .Config.FailOnExtraMapping }}# + PULUMI_MISSING_MAPPING_ERROR: #{{ .Config.FailOnMissingMapping }}# +#{{ .Config.Env | toYaml | indent 2 }}# +jobs: + resync_build: + name: resync-build + runs-on: #{{ .Config.Runner.Default }}# + steps: + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# + #{{- end }}# + # Persist credentials so we can push a new branch. + persist-credentials: true + - name: Checkout repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + path: ci-mgmt + repository: pulumi/ci-mgmt + persist-credentials: false + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, nodejs, dotnet, python + - name: Sync with ci-mgmt + run: cp -r "ci-mgmt/provider-ci/providers/$PROVIDER/repo/." . + - name: Remove ci-mgmt directory + run: rm -rf ci-mgmt + - name: Required entries for gitignore + run: |- + cat <<- EOF > "$RUNNER_TEMP/gitignore" + sdk/java/build + sdk/java/.gradle + sdk/java/gradle + sdk/java/gradlew + sdk/java/gradlew.bat + EOF + shell: bash + - name: Adding missing lines to .gitignore + run: | + comm -23 <(sort "$RUNNER_TEMP/gitignore") <(sort .gitignore) >> .gitignore.temp + cat .gitignore.temp >> .gitignore + rm .gitignore.temp + shell: bash + - name: Build + run: make build + - name: Create PR (no linked issue) + uses: peter-evans/create-pull-request@v3.12.0 + with: + author: pulumi-bot + base: #{{ .Config.ProviderDefaultBranch }}# + body: This pull request was generated automatically by the resync-build workflow + in this repository. + branch: pulumi-bot/resync-${{ github.run_id}} + commit-message: Resync build for pulumi-#{{ .Config.Provider }}# + committer: pulumi-bot + labels: impact/no-changelog-required + team-reviewers: platform-integrations + title: Fix up build for pulumi-#{{ .Config.Provider }}# + token: ${{ secrets.PULUMI_BOT_TOKEN }} +name: Resync build +on: + workflow_dispatch: + inputs: + automerge: + default: false + description: Mark created PR for auto-merging? + required: true + type: boolean diff --git a/provider-ci/internal/pkg/templates/generic/.github/workflows/run-acceptance-tests.yml b/provider-ci/internal/pkg/templates/generic/.github/workflows/run-acceptance-tests.yml new file mode 100644 index 000000000..217245edb --- /dev/null +++ b/provider-ci/internal/pkg/templates/generic/.github/workflows/run-acceptance-tests.yml @@ -0,0 +1,221 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: run-acceptance-tests + +on: + pull_request: + paths-ignore: + - CHANGELOG.md + repository_dispatch: + types: + - run-acceptance-tests-command + +env: + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} +#{{ .Config.Env | toYaml | indent 2 }}# + +# This should cancel any previous runs of the same workflow on the same branch which are still running. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + prerequisites: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + pull-requests: write + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + comment-notification: + if: github.event_name == 'repository_dispatch' + name: comment-notification + permissions: + pull-requests: write + runs-on: #{{ .Config.Runner.Default }}# + steps: + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@v1 + with: + body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + token: ${{ secrets.GITHUB_TOKEN }} + #{{ if .Config.Lint -}}# + lint: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + #{{ end -}}# + + sentinel: + name: sentinel + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + statuses: write + needs: + - test + - build_provider + - license_check + #{{- if .Config.Lint }}# + - lint + #{{- end }}# + runs-on: #{{ .Config.Runner.Default }}# + steps: + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 + with: + authToken: ${{secrets.GITHUB_TOKEN}} + # Write an explicit status check called "Sentinel" which will only pass if this code really runs. + # This should always be a required check for PRs. + context: 'Sentinel' + description: 'All required checks passed' + state: 'success' + # Write to the PR commit SHA if it's available as we don't want the merge commit sha, + # otherwise use the current SHA for any other type of build. + sha: ${{ github.event.pull_request.head.sha || github.sha }} + + # TODO: Extract into shared action. + test: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSdk }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: +#{{- if .Config.FreeDiskSpaceBeforeTest }}# + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: #{{ .Config.ActionVersions.FreeDiskSpace }}# + with: + tool-cache: false + swap-storage: false + dotnet: false +#{{- end }}# + - name: Checkout Repo + uses: #{{ .Config.ActionVersions.Checkout }}# + with: + ref: ${{ env.PR_COMMIT_SHA }} + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# + #{{- end }}# + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, nodejs, python, dotnet, java + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + run: dotnet nuget add source ${{ github.workspace }}/nuget + #{{- range $_, $language := .Config.Languages }}# + - name: Download #{{ $language }}# SDK + uses: ./.github/actions/download-sdk + with: + language: #{{ $language }}# + #{{- end }}# + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + #{{- if .Config.Docker }}# + - name: Run docker compose + run: docker compose -f testing/docker-compose.yml up --build -d + #{{- end }}# + #{{- if .Config.AWS }}# + - name: Configure AWS Credentials + uses: #{{ .Config.ActionVersions.ConfigureAwsCredentials }}# + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: #{{ .Config.Provider }}#@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + #{{- end }}# + #{{- if .Config.GCP }}# + - name: Authenticate to Google Cloud + uses: #{{ .Config.ActionVersions.GoogleAuth }}# + with: + service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} + workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER + }}/locations/global/workloadIdentityPools/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} + - name: Setup gcloud auth + uses: #{{ .Config.ActionVersions.SetupGcloud }}# + with: + install_components: gke-gcloud-auth-plugin + #{{- end }}# + #{{- if .Config.GCPRegistry }}# + - name: Login to Google Cloud Registry + run: gcloud --quiet auth configure-docker + #{{- end }}# + - name: Install dependencies + run: make install_sdks + - name: Generate shard + id: shard + uses: hashicorp-forge/go-test-split-action@v2.0.0 + with: + working-directory: examples # TODO: Parameterize this. + flags: -tags=all + total: ${{ matrix.total }} + index: ${{ matrix.index }} + - name: Run example tests + run: make test_shard + env: + TAGS: all + TESTS: ${{ steps.shard.outputs.run}} + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + strategy: + fail-fast: false + matrix: + total: + - #{{ .Config.Shards }}# + index: + #{{- range $i, $_ := until .Config.Shards }}# + - #{{ $i }}# + #{{- end }}# + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit diff --git a/provider-ci/internal/pkg/templates/provider/.github/actions/download-sdk/action.yml b/provider-ci/internal/pkg/templates/provider/.github/actions/download-sdk/action.yml index 2da0e7ce2..5efd756b8 100644 --- a/provider-ci/internal/pkg/templates/provider/.github/actions/download-sdk/action.yml +++ b/provider-ci/internal/pkg/templates/provider/.github/actions/download-sdk/action.yml @@ -10,7 +10,7 @@ runs: using: "composite" steps: - name: Download ${{ inputs.language }} SDK - uses: #{{ .Config.actionVersions.downloadArtifact }}# + uses: #{{ .Config.ActionVersions.DownloadArtifact }}# with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/ diff --git a/provider-ci/internal/pkg/templates/provider/.github/actions/setup-tools/action.yml b/provider-ci/internal/pkg/templates/provider/.github/actions/setup-tools/action.yml index 2834b1452..6220433e3 100644 --- a/provider-ci/internal/pkg/templates/provider/.github/actions/setup-tools/action.yml +++ b/provider-ci/internal/pkg/templates/provider/.github/actions/setup-tools/action.yml @@ -22,7 +22,7 @@ runs: if: inputs.tools == 'all' || contains(inputs.tools, 'go') uses: actions/setup-go@v5 with: - go-version: "#{{ .Config.toolVersions.go }}#" + go-version: "#{{ .Config.ToolVersions.Go }}#" cache-dependency-path: | provider/*.sum upstream/*.sum @@ -39,7 +39,7 @@ runs: if: inputs.tools == 'all' || contains(inputs.tools, 'pulumicli') uses: pulumi/actions@v5 with: - pulumi-version: "#{{ .Config.toolVersions.pulumi }}#" + pulumi-version: "#{{ .Config.ToolVersions.Pulumi }}#" - name: Install Schema Tools if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools') @@ -51,20 +51,20 @@ runs: if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs') uses: actions/setup-node@v4 with: - node-version: #{{ .Config.toolVersions.nodejs }}# + node-version: #{{ .Config.ToolVersions.Nodejs }}# registry-url: https://registry.npmjs.org - name: Setup DotNet if: inputs.tools == 'all' || contains(inputs.tools, 'dotnet') uses: actions/setup-dotnet@v4 with: - dotnet-version: #{{ .Config.toolVersions.dotnet }}# + dotnet-version: #{{ .Config.ToolVersions.Dotnet }}# - name: Setup Python if: inputs.tools == 'all' || contains(inputs.tools, 'python') uses: actions/setup-python@v5 with: - python-version: #{{ .Config.toolVersions.python }}# + python-version: #{{ .Config.ToolVersions.Python }}# - name: Setup Java if: inputs.tools == 'all' || contains(inputs.tools, 'java') @@ -72,10 +72,10 @@ runs: with: cache: gradle distribution: temurin - java-version: #{{ .Config.toolVersions.java }}# + java-version: #{{ .Config.ToolVersions.Java }}# - name: Setup Gradle if: inputs.tools == 'all' || contains(inputs.tools, 'java') uses: gradle/gradle-build-action@v3 with: - gradle-version: #{{ .Config.toolVersions.gradle }}# + gradle-version: #{{ .Config.ToolVersions.Gradle }}# diff --git a/provider-ci/internal/pkg/templates/provider/.github/actions/upload-sdk/action.yml b/provider-ci/internal/pkg/templates/provider/.github/actions/upload-sdk/action.yml index cf3e05644..e3299d2df 100644 --- a/provider-ci/internal/pkg/templates/provider/.github/actions/upload-sdk/action.yml +++ b/provider-ci/internal/pkg/templates/provider/.github/actions/upload-sdk/action.yml @@ -13,7 +13,7 @@ runs: shell: bash run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . - name: Upload artifacts - uses: #{{ .Config.actionVersions.uploadArtifact }}# + uses: #{{ .Config.ActionVersions.UploadArtifact }}# with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz diff --git a/provider-ci/internal/pkg/templates/provider/.github/workflows/license.yml b/provider-ci/internal/pkg/templates/provider/.github/workflows/license.yml index 3cd459eef..834443f88 100644 --- a/provider-ci/internal/pkg/templates/provider/.github/workflows/license.yml +++ b/provider-ci/internal/pkg/templates/provider/.github/workflows/license.yml @@ -7,15 +7,15 @@ on: inputs: {} env: -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: license_check: name: License Check - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: persist-credentials: false - name: Setup tools @@ -27,7 +27,7 @@ jobs: with: module-path: provider ignore-modules: >- - #{{ range $ignore := .Config.license.ignore }}# + #{{ range $ignore := .Config.License.Ignore }}# #{{- $ignore -}}#, #{{ end -}}# github.com/aead/chacha20, diff --git a/provider-ci/internal/pkg/templates/provider/.github/workflows/lint.yml b/provider-ci/internal/pkg/templates/provider/.github/workflows/lint.yml index efa180263..bb2edba7b 100644 --- a/provider-ci/internal/pkg/templates/provider/.github/workflows/lint.yml +++ b/provider-ci/internal/pkg/templates/provider/.github/workflows/lint.yml @@ -7,18 +7,18 @@ on: inputs: {} env: -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: lint: name: lint - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Install go diff --git a/provider-ci/internal/pkg/templates/provider/.github/workflows/pull-request.yml b/provider-ci/internal/pkg/templates/provider/.github/workflows/pull-request.yml index 753769ba0..591ea4e15 100644 --- a/provider-ci/internal/pkg/templates/provider/.github/workflows/pull-request.yml +++ b/provider-ci/internal/pkg/templates/provider/.github/workflows/pull-request.yml @@ -1,22 +1,22 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt env: -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: comment-on-pr: if: github.event.pull_request.head.repo.full_name != github.repository name: comment-on-pr - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - name: Comment PR - uses: #{{ .Config.actionVersions.prComment }}# + uses: #{{ .Config.ActionVersions.PrComment }}# with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: > diff --git a/provider-ci/internal/pkg/templates/provider/.github/workflows/verify-release.yml b/provider-ci/internal/pkg/templates/provider/.github/workflows/verify-release.yml index 1d84855c1..b9f370c4a 100644 --- a/provider-ci/internal/pkg/templates/provider/.github/workflows/verify-release.yml +++ b/provider-ci/internal/pkg/templates/provider/.github/workflows/verify-release.yml @@ -34,12 +34,12 @@ on: default: false env: -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: verify-release: name: verify-release -#{{- if not .Config.releaseVerification }}# +#{{- if not .Config.ReleaseVerification }}# # We don't have any release verification configurations, so we never run this workflow. # Configure your .ci-mgmt.yaml files to include the release verification configurations e.g. # releaseVerification: @@ -51,7 +51,7 @@ jobs: #{{- end }}# strategy: matrix: -#{{- if .Config.releaseVerification }}# +#{{- if .Config.ReleaseVerification }}# # We always run on Linux and Windows, and optionally on MacOS. This is because MacOS runners have limited availability. # Expression expands to ["ubuntu-latest","windows-latest"] or ["ubuntu-latest","windows-latest","macos-latest"] # GitHub expressions don't have 'if' statements, so we use a ternary operator to conditionally include the MacOS runner suffix. @@ -64,47 +64,49 @@ jobs: runs-on: ${{ matrix.runner }} steps: - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: persist-credentials: false - name: Setup tools uses: ./.github/actions/setup-tools with: - tools: pulumicli, #{{ range $index, $element := .Config.languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# -#{{- if .Config.releaseVerification.nodejs }}# + tools: pulumicli, #{{ range $index, $element := .Config.Languages }}##{{if $index}}#, #{{end}}##{{ $element }}##{{end}}# +#{{- if .Config.ReleaseVerification }}# +#{{- if .Config.ReleaseVerification.Nodejs }}# - name: Verify nodejs release uses: pulumi/verify-provider-release@v1 with: runtime: nodejs - directory: #{{ .Config.releaseVerification.nodejs }}# - provider: #{{ .Config.provider }}# + directory: #{{ .Config.ReleaseVerification.Nodejs }}# + provider: #{{ .Config.Provider }}# providerVersion: ${{ inputs.providerVersion }} #{{- end }}# -#{{- if .Config.releaseVerification.python }}# +#{{- if .Config.ReleaseVerification.Python }}# - name: Verify python release uses: pulumi/verify-provider-release@v1 with: runtime: python - directory: #{{ .Config.releaseVerification.python }}# - provider: #{{ .Config.provider }}# + directory: #{{ .Config.ReleaseVerification.Python }}# + provider: #{{ .Config.Provider }}# providerVersion: ${{ inputs.providerVersion }} #{{- end }}# -#{{- if .Config.releaseVerification.dotnet }}# +#{{- if .Config.ReleaseVerification.Dotnet }}# - name: Verify dotnet release uses: pulumi/verify-provider-release@v1 with: runtime: dotnet - directory: #{{ .Config.releaseVerification.dotnet }}# - provider: #{{ .Config.provider }}# + directory: #{{ .Config.ReleaseVerification.Dotnet }}# + provider: #{{ .Config.Provider }}# providerVersion: ${{ inputs.providerVersion }} #{{- end }}# -#{{- if .Config.releaseVerification.go }}# +#{{- if .Config.ReleaseVerification.Go }}# - name: Verify go release uses: pulumi/verify-provider-release@v1 if: inputs.skipGoSdk == false with: runtime: go - directory: #{{ .Config.releaseVerification.go }}# - provider: #{{ .Config.provider }}# + directory: #{{ .Config.ReleaseVerification.Go }}# + provider: #{{ .Config.Provider }}# providerVersion: ${{ inputs.providerVersion }} #{{- end }}# +#{{- end }}# diff --git a/provider-ci/internal/pkg/templates/provider/.golangci.yml b/provider-ci/internal/pkg/templates/provider/.golangci.yml index 2fd52de8b..b615b2f52 100644 --- a/provider-ci/internal/pkg/templates/provider/.golangci.yml +++ b/provider-ci/internal/pkg/templates/provider/.golangci.yml @@ -31,5 +31,5 @@ linters-settings: - blank # Blank section: contains all blank imports. - default # Default section: contains all imports that could not be matched to another section type. - prefix(github.com/pulumi/) # Custom section: groups all imports with the github.com/pulumi/ prefix. - - prefix(github.com/#{{ .Config.organization }}#/pulumi-#{{ .Config.provider }}#) # Custom section: local imports + - prefix(github.com/#{{ .Config.Organization }}#/pulumi-#{{ .Config.Provider }}#) # Custom section: local imports custom-order: true diff --git a/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/command-dispatch.yml b/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/command-dispatch.yml index cdb6b197c..5ec02778a 100644 --- a/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/command-dispatch.yml +++ b/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/command-dispatch.yml @@ -1,17 +1,17 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt env: -#{{ .Config.env | toYaml | indent 2 }}# +#{{ .Config.Env | toYaml | indent 2 }}# jobs: command-dispatch-for-testing: name: command-dispatch-for-testing - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - uses: peter-evans/slash-command-dispatch@v4 diff --git a/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/community-moderation.yml b/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/community-moderation.yml index f6d25b9a4..64bfdddba 100644 --- a/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/community-moderation.yml +++ b/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/community-moderation.yml @@ -5,30 +5,30 @@ env: jobs: warn_codegen: name: warn_codegen - runs-on: #{{ .Config.runner.default }}# + runs-on: #{{ .Config.Runner.Default }}# steps: - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: - #{{- if .Config.checkoutSubmodules }}# - submodules: #{{ .Config.checkoutSubmodules }}# + #{{- if .Config.CheckoutSubmodules }}# + submodules: #{{ .Config.CheckoutSubmodules }}# #{{- end }}# persist-credentials: false - id: schema_changed name: Check for diff in schema - uses: #{{ .Config.actionVersions.pathsFilter }}# + uses: #{{ .Config.ActionVersions.PathsFilter }}# with: filters: "changed: 'provider/cmd/**/schema.json'" - id: sdk_changed if: steps.schema_changed.outputs.changed == 'false' name: Check for diff in sdk/** - uses: #{{ .Config.actionVersions.pathsFilter }}# + uses: #{{ .Config.ActionVersions.PathsFilter }}# with: filters: "changed: 'sdk/**'" - if: steps.sdk_changed.outputs.changed == 'true' && github.event.pull_request.head.repo.full_name != github.repository name: Send codegen warning as comment on PR - uses: #{{ .Config.actionVersions.prComment }}# + uses: #{{ .Config.ActionVersions.PrComment }}# with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: > @@ -43,6 +43,6 @@ name: warn-codegen on: pull_request_target: branches: - - #{{ .Config.providerDefaultBranch }}# + - #{{ .Config.ProviderDefaultBranch }}# types: - opened diff --git a/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/release_command.yml b/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/release_command.yml index 95b4d185c..8cef9103e 100644 --- a/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/release_command.yml +++ b/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/release_command.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: #{{ .Config.actionVersions.checkout }}# + uses: #{{ .Config.ActionVersions.Checkout }}# with: persist-credentials: false - name: Should release PR diff --git a/provider-ci/internal/pkg/templates/pulumi-provider/.upgrade-config.yml b/provider-ci/internal/pkg/templates/pulumi-provider/.upgrade-config.yml index 974dd6a4f..177960cf7 100644 --- a/provider-ci/internal/pkg/templates/pulumi-provider/.upgrade-config.yml +++ b/provider-ci/internal/pkg/templates/pulumi-provider/.upgrade-config.yml @@ -1,16 +1,16 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt --- -#{{- if (index .Config "upstream-provider-repo") }}# -upstream-provider-name: #{{ index .Config "upstream-provider-repo" }}# +#{{- if .Config.UpstreamProviderRepo }}# +upstream-provider-name: #{{ .Config.UpstreamProviderRepo }}# #{{- else }}# -upstream-provider-name: terraform-provider-#{{ .Config.provider }}# +upstream-provider-name: terraform-provider-#{{ .Config.Provider }}# #{{- end }}# -#{{- if (index .Config "upstreamProviderOrg") }}# -upstream-provider-org: #{{ .Config.upstreamProviderOrg }}# +#{{- if .Config.UpstreamProviderOrg }}# +upstream-provider-org: #{{ .Config.UpstreamProviderOrg }}# #{{- end }}# pulumi-infer-version: true remove-plugins: true -#{{- if (index .Config "javaGenVersion") }}# -javaVersion: "#{{ .Config.javaGenVersion }}#" +#{{- if .Config.JavaGenVersion }}# +javaVersion: "#{{ .Config.JavaGenVersion }}#" #{{- end }}# diff --git a/provider-ci/internal/pkg/templates/bridged-provider/CODE-OF-CONDUCT.md b/provider-ci/internal/pkg/templates/pulumi-provider/CODE-OF-CONDUCT.md similarity index 100% rename from provider-ci/internal/pkg/templates/bridged-provider/CODE-OF-CONDUCT.md rename to provider-ci/internal/pkg/templates/pulumi-provider/CODE-OF-CONDUCT.md diff --git a/provider-ci/providers.json b/provider-ci/providers.json index 6e7d3fb85..031cba008 100644 --- a/provider-ci/providers.json +++ b/provider-ci/providers.json @@ -23,6 +23,7 @@ "dnsimple", "docker", "ec", + "eks", "external", "f5bigip", "fastly", diff --git a/provider-ci/test-providers/acme/.ci-mgmt.yaml b/provider-ci/test-providers/acme/.ci-mgmt.yaml index ad389d4d2..b424c1243 100644 --- a/provider-ci/test-providers/acme/.ci-mgmt.yaml +++ b/provider-ci/test-providers/acme/.ci-mgmt.yaml @@ -5,7 +5,6 @@ major-version: 0 providerDefaultBranch: main upstreamProviderOrg: vancluever publishRegistry: false -enableAutoRelease: false languages: - dotnet - go diff --git a/provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml b/provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml index c69a219c4..a4bdf4d5d 100644 --- a/provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml +++ b/provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml @@ -7,7 +7,7 @@ on: version: description: | The version of the upstream provider to upgrade to, without the 'v' prefix - + If no version is specified, it will be inferred from the upstream provider's release tags. required: false type: string @@ -22,6 +22,7 @@ jobs: upgrade_provider: name: upgrade-provider runs-on: ubuntu-latest + if: true steps: - name: Checkout Repo uses: actions/checkout@v4 diff --git a/provider-ci/test-providers/aws/.ci-mgmt.yaml b/provider-ci/test-providers/aws/.ci-mgmt.yaml index e01f2b2c6..721dbc72f 100644 --- a/provider-ci/test-providers/aws/.ci-mgmt.yaml +++ b/provider-ci/test-providers/aws/.ci-mgmt.yaml @@ -9,7 +9,7 @@ env: PULUMI_MISSING_DOCS_ERROR: true AWS_REGION: "us-west-2" OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }} -makeTemplate: bridged +template: bridged-provider checkoutSubmodules: true freeDiskSpaceBeforeBuild: true freeDiskSpaceBeforeSdkBuild: true diff --git a/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml b/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml index 40b8f0e3a..b8020bb8b 100644 --- a/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml +++ b/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml @@ -20,7 +20,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/command-dispatch.yml b/provider-ci/test-providers/aws/.github/workflows/command-dispatch.yml index 96e2d1a7b..c4842e14e 100644 --- a/provider-ci/test-providers/aws/.github/workflows/command-dispatch.yml +++ b/provider-ci/test-providers/aws/.github/workflows/command-dispatch.yml @@ -13,7 +13,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/license.yml b/provider-ci/test-providers/aws/.github/workflows/license.yml index f318695d7..25b7ca9c9 100644 --- a/provider-ci/test-providers/aws/.github/workflows/license.yml +++ b/provider-ci/test-providers/aws/.github/workflows/license.yml @@ -19,7 +19,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/lint.yml b/provider-ci/test-providers/aws/.github/workflows/lint.yml index 3bb14f160..9795683bb 100644 --- a/provider-ci/test-providers/aws/.github/workflows/lint.yml +++ b/provider-ci/test-providers/aws/.github/workflows/lint.yml @@ -19,7 +19,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/master.yml b/provider-ci/test-providers/aws/.github/workflows/master.yml index 8a373012e..351a36665 100644 --- a/provider-ci/test-providers/aws/.github/workflows/master.yml +++ b/provider-ci/test-providers/aws/.github/workflows/master.yml @@ -13,7 +13,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/nightly-test.yml b/provider-ci/test-providers/aws/.github/workflows/nightly-test.yml index a424e335f..cb1ee68f9 100644 --- a/provider-ci/test-providers/aws/.github/workflows/nightly-test.yml +++ b/provider-ci/test-providers/aws/.github/workflows/nightly-test.yml @@ -13,7 +13,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/prerelease.yml b/provider-ci/test-providers/aws/.github/workflows/prerelease.yml index b332e1f84..2aaf8720c 100644 --- a/provider-ci/test-providers/aws/.github/workflows/prerelease.yml +++ b/provider-ci/test-providers/aws/.github/workflows/prerelease.yml @@ -14,7 +14,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/prerequisites.yml b/provider-ci/test-providers/aws/.github/workflows/prerequisites.yml index 4d5745564..d626c0534 100644 --- a/provider-ci/test-providers/aws/.github/workflows/prerequisites.yml +++ b/provider-ci/test-providers/aws/.github/workflows/prerequisites.yml @@ -30,7 +30,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/publish.yml b/provider-ci/test-providers/aws/.github/workflows/publish.yml index 1ceebb946..01d54beb5 100644 --- a/provider-ci/test-providers/aws/.github/workflows/publish.yml +++ b/provider-ci/test-providers/aws/.github/workflows/publish.yml @@ -29,7 +29,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/pull-request.yml b/provider-ci/test-providers/aws/.github/workflows/pull-request.yml index 5bab42686..c66cb8b85 100644 --- a/provider-ci/test-providers/aws/.github/workflows/pull-request.yml +++ b/provider-ci/test-providers/aws/.github/workflows/pull-request.yml @@ -13,7 +13,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/release.yml b/provider-ci/test-providers/aws/.github/workflows/release.yml index 95c53595f..845558905 100644 --- a/provider-ci/test-providers/aws/.github/workflows/release.yml +++ b/provider-ci/test-providers/aws/.github/workflows/release.yml @@ -19,7 +19,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/resync-build.yml b/provider-ci/test-providers/aws/.github/workflows/resync-build.yml index 11f10eb67..ee2788602 100644 --- a/provider-ci/test-providers/aws/.github/workflows/resync-build.yml +++ b/provider-ci/test-providers/aws/.github/workflows/resync-build.yml @@ -15,7 +15,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml index 7055f99ae..3d62e924c 100644 --- a/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml +++ b/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml @@ -24,7 +24,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/aws/.github/workflows/upgrade-provider.yml b/provider-ci/test-providers/aws/.github/workflows/upgrade-provider.yml index 0ad95f5a0..90c15db69 100644 --- a/provider-ci/test-providers/aws/.github/workflows/upgrade-provider.yml +++ b/provider-ci/test-providers/aws/.github/workflows/upgrade-provider.yml @@ -7,7 +7,7 @@ on: version: description: | The version of the upstream provider to upgrade to, without the 'v' prefix - + If no version is specified, it will be inferred from the upstream provider's release tags. required: false type: string @@ -22,6 +22,7 @@ jobs: upgrade_provider: name: upgrade-provider runs-on: ubuntu-latest + if: true steps: # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) diff --git a/provider-ci/test-providers/aws/.github/workflows/verify-release.yml b/provider-ci/test-providers/aws/.github/workflows/verify-release.yml index 3c4eeccaf..8f1ff8355 100644 --- a/provider-ci/test-providers/aws/.github/workflows/verify-release.yml +++ b/provider-ci/test-providers/aws/.github/workflows/verify-release.yml @@ -46,7 +46,7 @@ env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: true + PULUMI_MISSING_DOCS_ERROR: "true" PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} diff --git a/provider-ci/test-providers/cloudflare/.ci-mgmt.yaml b/provider-ci/test-providers/cloudflare/.ci-mgmt.yaml index fb835017a..e9ffab7af 100644 --- a/provider-ci/test-providers/cloudflare/.ci-mgmt.yaml +++ b/provider-ci/test-providers/cloudflare/.ci-mgmt.yaml @@ -1,6 +1,6 @@ provider: cloudflare major-version: 5 -makeTemplate: bridged +template: bridged-provider plugins: - name: terraform version: "1.0.16" @@ -26,4 +26,4 @@ actions: cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt pulumiConvert: 1 registryDocs: true -checkUpstreamUpgrade: false \ No newline at end of file +checkUpstreamUpgrade: false diff --git a/provider-ci/test-providers/cloudflare/.github/workflows/upgrade-provider.yml b/provider-ci/test-providers/cloudflare/.github/workflows/upgrade-provider.yml new file mode 100644 index 000000000..63a5385b5 --- /dev/null +++ b/provider-ci/test-providers/cloudflare/.github/workflows/upgrade-provider.yml @@ -0,0 +1,62 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: Upgrade provider +on: + workflow_dispatch: + inputs: + version: + description: | + The version of the upstream provider to upgrade to, without the 'v' prefix + + If no version is specified, it will be inferred from the upstream provider's release tags. + required: false + type: string + schedule: + # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours. + - cron: 0 3 * * * + +env: + GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +jobs: + upgrade_provider: + name: upgrade-provider + runs-on: ubuntu-latest + if: false + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + # Persist credentials so upgrade-provider can push a new branch. + persist-credentials: true + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java + - name: Install upgrade-provider + run: go install github.com/pulumi/upgrade-provider@main + shell: bash + - name: "Set up git identity" + run: | + git config --global user.name 'bot@pulumi.com' + git config --global user.email 'bot@pulumi.com' + shell: bash + - name: Create issues for new upstream version + if: inputs.version == '' + id: upstream_version + # This step outputs `latest_version` if there is a pending upgrade + run: upgrade-provider "$REPO" --kind=check-upstream-version + env: + REPO: ${{ github.repository }} + shell: bash + - name: Calculate target version + id: target_version + # Prefer the manually specified version if it exists + # upstream_version will be empty if the provider is up-to-date + run: echo "version=${{ github.event.inputs.version || steps.upstream_version.outputs.latest_version }}" >> "$GITHUB_OUTPUT" + shell: bash + - name: Attempt provider upgrade + # Only attempt the upgrade if we have a target version + if: steps.target_version.outputs.version != '' + run: upgrade-provider "${{ github.repository }}" --kind="all" --target-version="${{ steps.target_version.outputs.version }}" + shell: bash diff --git a/provider-ci/test-providers/docker/.ci-mgmt.yaml b/provider-ci/test-providers/docker/.ci-mgmt.yaml index 2e63c3ec1..9bdce900c 100644 --- a/provider-ci/test-providers/docker/.ci-mgmt.yaml +++ b/provider-ci/test-providers/docker/.ci-mgmt.yaml @@ -20,7 +20,7 @@ env: GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} -makeTemplate: bridged +template: bridged-provider docsCmd: "cd provider/pkg/docs-gen/examples/ && go run generate.go ./yaml ./" hybrid: true plugins: diff --git a/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml b/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml index 8bdc9f079..7bb00d3c7 100644 --- a/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml +++ b/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml @@ -21,7 +21,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/command-dispatch.yml b/provider-ci/test-providers/docker/.github/workflows/command-dispatch.yml index 9b68cdaaf..8a8f10e37 100644 --- a/provider-ci/test-providers/docker/.github/workflows/command-dispatch.yml +++ b/provider-ci/test-providers/docker/.github/workflows/command-dispatch.yml @@ -14,7 +14,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/license.yml b/provider-ci/test-providers/docker/.github/workflows/license.yml index 79e2055c3..e64df22e9 100644 --- a/provider-ci/test-providers/docker/.github/workflows/license.yml +++ b/provider-ci/test-providers/docker/.github/workflows/license.yml @@ -20,7 +20,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/lint.yml b/provider-ci/test-providers/docker/.github/workflows/lint.yml index ae2e8815a..fd1a4e9a4 100644 --- a/provider-ci/test-providers/docker/.github/workflows/lint.yml +++ b/provider-ci/test-providers/docker/.github/workflows/lint.yml @@ -20,7 +20,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/master.yml b/provider-ci/test-providers/docker/.github/workflows/master.yml index 64de7e819..99549f80d 100644 --- a/provider-ci/test-providers/docker/.github/workflows/master.yml +++ b/provider-ci/test-providers/docker/.github/workflows/master.yml @@ -14,7 +14,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/prerelease.yml b/provider-ci/test-providers/docker/.github/workflows/prerelease.yml index aad3a563c..929475dda 100644 --- a/provider-ci/test-providers/docker/.github/workflows/prerelease.yml +++ b/provider-ci/test-providers/docker/.github/workflows/prerelease.yml @@ -15,7 +15,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/prerequisites.yml b/provider-ci/test-providers/docker/.github/workflows/prerequisites.yml index b4527a4f1..fe98f3366 100644 --- a/provider-ci/test-providers/docker/.github/workflows/prerequisites.yml +++ b/provider-ci/test-providers/docker/.github/workflows/prerequisites.yml @@ -31,7 +31,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/publish.yml b/provider-ci/test-providers/docker/.github/workflows/publish.yml index 812ece1cd..b188becff 100644 --- a/provider-ci/test-providers/docker/.github/workflows/publish.yml +++ b/provider-ci/test-providers/docker/.github/workflows/publish.yml @@ -30,7 +30,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/pull-request.yml b/provider-ci/test-providers/docker/.github/workflows/pull-request.yml index faac179a9..35287b1a0 100644 --- a/provider-ci/test-providers/docker/.github/workflows/pull-request.yml +++ b/provider-ci/test-providers/docker/.github/workflows/pull-request.yml @@ -14,7 +14,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/release.yml b/provider-ci/test-providers/docker/.github/workflows/release.yml index 4a56b7b8d..7a27be791 100644 --- a/provider-ci/test-providers/docker/.github/workflows/release.yml +++ b/provider-ci/test-providers/docker/.github/workflows/release.yml @@ -20,7 +20,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/resync-build.yml b/provider-ci/test-providers/docker/.github/workflows/resync-build.yml index 99d38561b..7dbcbe2a6 100644 --- a/provider-ci/test-providers/docker/.github/workflows/resync-build.yml +++ b/provider-ci/test-providers/docker/.github/workflows/resync-build.yml @@ -16,7 +16,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml index a04ee60ba..f9b5991aa 100644 --- a/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml +++ b/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml @@ -25,7 +25,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/docker/.github/workflows/upgrade-provider.yml b/provider-ci/test-providers/docker/.github/workflows/upgrade-provider.yml index 22386fa72..6f3c1f735 100644 --- a/provider-ci/test-providers/docker/.github/workflows/upgrade-provider.yml +++ b/provider-ci/test-providers/docker/.github/workflows/upgrade-provider.yml @@ -7,7 +7,7 @@ on: version: description: | The version of the upstream provider to upgrade to, without the 'v' prefix - + If no version is specified, it will be inferred from the upstream provider's release tags. required: false type: string @@ -22,6 +22,7 @@ jobs: upgrade_provider: name: upgrade-provider runs-on: ubuntu-latest + if: true steps: - name: Checkout Repo uses: actions/checkout@v4 diff --git a/provider-ci/test-providers/docker/.github/workflows/verify-release.yml b/provider-ci/test-providers/docker/.github/workflows/verify-release.yml index c256de52a..50b6ab09b 100644 --- a/provider-ci/test-providers/docker/.github/workflows/verify-release.yml +++ b/provider-ci/test-providers/docker/.github/workflows/verify-release.yml @@ -47,7 +47,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider - GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/provider-ci/test-providers/eks/.ci-mgmt.yaml b/provider-ci/test-providers/eks/.ci-mgmt.yaml new file mode 100644 index 000000000..23c7d95db --- /dev/null +++ b/provider-ci/test-providers/eks/.ci-mgmt.yaml @@ -0,0 +1,25 @@ +provider: eks +major-version: 3 +aws: true +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + PULUMI_ENABLE_RESOURCE_REFERENCES: 1 + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget +template: generic +freeDiskSpaceBeforeTest: true # TODO: https://github.com/pulumi/pulumi/issues/17718 diff --git a/provider-ci/test-providers/eks/.gitattributes b/provider-ci/test-providers/eks/.gitattributes new file mode 100644 index 000000000..ff9aa4f9d --- /dev/null +++ b/provider-ci/test-providers/eks/.gitattributes @@ -0,0 +1 @@ +sdk/**/* linguist-generated=true diff --git a/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/bug.yaml b/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/bug.yaml new file mode 100644 index 000000000..63d707268 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/bug.yaml @@ -0,0 +1,69 @@ +name: Bug Report +description: Report something that's not working correctly +labels: ["kind/bug", "needs-triage"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + You can also ask questions on our [Community Slack](https://slack.pulumi.com/). + - type: textarea + id: what-happened + attributes: + label: Describe what happened + description: Please summarize what happened, including what Pulumi commands you ran, as well as + an inline snippet of any relevant error or console output. + validations: + required: true + - type: textarea + id: sample-program + attributes: + label: Sample program + description: | +
Provide a reproducible sample program + If this is a bug you encountered while running a Pulumi command, please provide us with a minimal, + self-contained Pulumi program that reproduces this behavior so that we can investigate on our end. + Without a functional reproduction, we will not be able to prioritize this bug. + **Note:** If the program output is more than a few lines, please send us a Gist or a link to a file. +
+ validations: + required: true + - type: textarea + id: log-output + attributes: + label: Log output + description: | +
How to Submit Logs + If this is something that is dependent on your environment, please also provide us with the output of + `pulumi up --logtostderr --logflow -v=10` from the root of your project. + We may also ask you to supply us with debug output following [these steps](https://www.pulumi.com/docs/using-pulumi/pulumi-packages/debugging-provider-packages/). + **Note:** If the log output is more than a few lines, please send us a Gist or a link to a file. +
+ - type: textarea + id: resources + attributes: + label: Affected Resource(s) + description: Please list the affected Pulumi Resource(s) or Function(s). + validations: + required: false + - type: textarea + id: versions + attributes: + label: Output of `pulumi about` + description: Provide the output of `pulumi about` from the root of your project. + validations: + required: true + - type: textarea + id: ctx + attributes: + label: Additional context + description: Anything else you would like to add? + validations: + required: false + - type: textarea + id: voting + attributes: + label: Contributing + value: | + Vote on this issue by adding a 👍 reaction. + To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already). \ No newline at end of file diff --git a/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/epic.md b/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/epic.md new file mode 100644 index 000000000..27d4e3a44 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/epic.md @@ -0,0 +1,35 @@ +--- +name: Epic +about: Tracks a shippable unit of work +title: '[Epic] {your-title-here}' +labels: kind/epic +projects: ['pulumi/32'] +assignees: '' +type: Epic +--- + +## Overview + + +## Key KPIs + + +## Key Stakeholders +- Product and Engineering: +- Documentation: +- Marketing/Partnerships: +- Customers: + +## Key Deliverables + + +### References 📔 + + +- [ ] Project View +- [ ] PR/FAQ +- [ ] Design Doc +- [ ] UX Designs +- [ ] Decision Log + + diff --git a/provider-ci/test-providers/eks/.github/actions/download-bin/action.yml b/provider-ci/test-providers/eks/.github/actions/download-bin/action.yml new file mode 100644 index 000000000..8558d5f73 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/actions/download-bin/action.yml @@ -0,0 +1,16 @@ +name: Download binary assets +description: Downloads the provider and tfgen binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: eks-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + shell: bash + run: | + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin + find ${{ github.workspace }} -name "pulumi-*-eks" -print -exec chmod +x {} \; diff --git a/provider-ci/test-providers/eks/.github/actions/download-sdk/action.yml b/provider-ci/test-providers/eks/.github/actions/download-sdk/action.yml new file mode 100644 index 000000000..1fd54841b --- /dev/null +++ b/provider-ci/test-providers/eks/.github/actions/download-sdk/action.yml @@ -0,0 +1,19 @@ +name: Download SDK asset +description: Restores the SDK asset for a language. + +inputs: + language: + required: true + description: One of nodejs, python, dotnet, go, java + +runs: + using: "composite" + steps: + - name: Download ${{ inputs.language }} SDK + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress SDK folder + shell: bash + run: tar -zxf ${{ github.workspace }}/sdk/${{ inputs.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ inputs.language }} diff --git a/provider-ci/test-providers/eks/.github/actions/setup-tools/action.yml b/provider-ci/test-providers/eks/.github/actions/setup-tools/action.yml new file mode 100644 index 000000000..642d1d223 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/actions/setup-tools/action.yml @@ -0,0 +1,81 @@ +name: Setup tools +description: Installs Go, Pulumi, pulumictl, schema-tools, Node.JS, Python, dotnet and Java. + +inputs: + tools: + description: | + Comma separated list of tools to install. The default of "all" installs all tools. Available tools are: + go + pulumicli + pulumictl + schema-tools + nodejs + python + dotnet + java + default: all + +runs: + using: "composite" + steps: + - name: Install Go + if: inputs.tools == 'all' || contains(inputs.tools, 'go') + uses: actions/setup-go@v5 + with: + go-version: "1.21.x" + cache-dependency-path: | + provider/*.sum + upstream/*.sum + sdk/*.sum + + - name: Install pulumictl + if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + tag: v0.0.46 + repo: pulumi/pulumictl + + - name: Install Pulumi CLI + if: inputs.tools == 'all' || contains(inputs.tools, 'pulumicli') + uses: pulumi/actions@v5 + with: + pulumi-version: "dev" + + - name: Install Schema Tools + if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools') + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/schema-tools + + - name: Setup Node + if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs') + uses: actions/setup-node@v4 + with: + node-version: 20.x + registry-url: https://registry.npmjs.org + + - name: Setup DotNet + if: inputs.tools == 'all' || contains(inputs.tools, 'dotnet') + uses: actions/setup-dotnet@v4 + with: + dotnet-version: 6.0.x + + - name: Setup Python + if: inputs.tools == 'all' || contains(inputs.tools, 'python') + uses: actions/setup-python@v5 + with: + python-version: 3.11.8 + + - name: Setup Java + if: inputs.tools == 'all' || contains(inputs.tools, 'java') + uses: actions/setup-java@v4 + with: + cache: gradle + distribution: temurin + java-version: 11 + + - name: Setup Gradle + if: inputs.tools == 'all' || contains(inputs.tools, 'java') + uses: gradle/gradle-build-action@v3 + with: + gradle-version: 7.6 diff --git a/provider-ci/test-providers/eks/.github/actions/upload-bin/action.yml b/provider-ci/test-providers/eks/.github/actions/upload-bin/action.yml new file mode 100644 index 000000000..d0b01b0af --- /dev/null +++ b/provider-ci/test-providers/eks/.github/actions/upload-bin/action.yml @@ -0,0 +1,15 @@ +name: Upload bin assets +description: Uploads the provider binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Tar provider binaries + shell: bash + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-eks + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: eks-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + retention-days: 30 diff --git a/provider-ci/test-providers/eks/.github/actions/upload-sdk/action.yml b/provider-ci/test-providers/eks/.github/actions/upload-sdk/action.yml new file mode 100644 index 000000000..77d484942 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/actions/upload-sdk/action.yml @@ -0,0 +1,20 @@ +name: Upload SDK asset +description: Upload the SDK for a specific language as an asset for the workflow. + +inputs: + language: + required: true + description: One of nodejs, python, dotnet, go, java + +runs: + using: "composite" + steps: + - name: Compress SDK folder + shell: bash + run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz + retention-days: 30 diff --git a/provider-ci/test-providers/eks/.github/workflows/build_provider.yml b/provider-ci/test-providers/eks/.github/workflows/build_provider.yml new file mode 100644 index 000000000..dd151611e --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/build_provider.yml @@ -0,0 +1,55 @@ +name: "Build Provider" + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: Version of the provider to build + +jobs: + build_provider: + name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }} + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ inputs.version }} + strategy: + fail-fast: true + matrix: + platform: + - os: linux + arch: amd64 + - os: linux + arch: arm64 + - os: darwin + arch: amd64 + - os: darwin + arch: arm64 + - os: windows + arch: amd64 + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, go + - name: Download schema-embed.json + uses: actions/download-artifact@v4 + with: + # Use a pattern to avoid failing if the artifact doesn't exist + pattern: schema-embed.* + # Avoid creating directories for each artifact + merge-multiple: true + path: provider/cmd/pulumi-resource-eks/schema-embed.json + - name: Build & package provider + run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + path: dist/pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + retention-days: 30 diff --git a/provider-ci/test-providers/eks/.github/workflows/build_sdk.yml b/provider-ci/test-providers/eks/.github/workflows/build_sdk.yml new file mode 100644 index 000000000..00292ce7a --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/build_sdk.yml @@ -0,0 +1,84 @@ +name: "Build SDK" + +on: + workflow_call: + inputs: + version: + required: true + type: string + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + PROVIDER_VERSION: ${{ inputs.version }} + +jobs: + build_sdk: + name: build_sdk + runs-on: ubuntu-latest + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Cache examples generation + uses: actions/cache@v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Install plugins + run: make install_plugins + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + uses: pulumi/git-status-check-action@v1 + with: + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Upload SDK + uses: ./.github/actions/upload-sdk + with: + language: ${{ matrix.language }} diff --git a/provider-ci/test-providers/eks/.github/workflows/command-dispatch.yml b/provider-ci/test-providers/eks/.github/workflows/command-dispatch.yml new file mode 100644 index 000000000..6118880b9 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/command-dispatch.yml @@ -0,0 +1,51 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + command-dispatch-for-testing: + name: command-dispatch-for-testing + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - uses: peter-evans/slash-command-dispatch@v4 + with: + commands: | + run-acceptance-tests + release + issue-type: pull-request + permission: write + reaction-token: ${{ secrets.GITHUB_TOKEN }} + repository: pulumi/pulumi-eks + token: ${{ secrets.PULUMI_BOT_TOKEN }} +name: command-dispatch +on: + issue_comment: + types: + - created + - edited diff --git a/provider-ci/test-providers/eks/.github/workflows/community-moderation.yml b/provider-ci/test-providers/eks/.github/workflows/community-moderation.yml new file mode 100644 index 000000000..2afb297c2 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/community-moderation.yml @@ -0,0 +1,45 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +jobs: + warn_codegen: + name: warn_codegen + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - id: schema_changed + name: Check for diff in schema + uses: dorny/paths-filter@v2 + with: + filters: "changed: 'provider/cmd/**/schema.json'" + - id: sdk_changed + if: steps.schema_changed.outputs.changed == 'false' + name: Check for diff in sdk/** + uses: dorny/paths-filter@v2 + with: + filters: "changed: 'sdk/**'" + - if: steps.sdk_changed.outputs.changed == 'true' && + github.event.pull_request.head.repo.full_name != github.repository + name: Send codegen warning as comment on PR + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + message: > + Hello and thank you for your pull request! :heart: :sparkles: + + It looks like you're directly modifying files in the language SDKs, many of which are autogenerated. + + Be sure any files you're editing do not begin with a code generation warning. + + For generated files, you will need to make changes in `resources.go` instead, and [generate the code](https://github.com/pulumi/${{ github.event.repository.name }}/blob/master/CONTRIBUTING.md#committing-generated-code). +name: warn-codegen +on: + pull_request_target: + branches: + - master + types: + - opened diff --git a/provider-ci/test-providers/eks/.github/workflows/license.yml b/provider-ci/test-providers/eks/.github/workflows/license.yml new file mode 100644 index 000000000..0edf10436 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/license.yml @@ -0,0 +1,67 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: license_check + +on: + workflow_call: + inputs: {} + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + license_check: + name: License Check + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go + - uses: pulumi/license-check-action@main + with: + module-path: provider + ignore-modules: >- + github.com/aead/chacha20, + github.com/apache/arrow/go/v12, + github.com/apache/thrift/lib/go/thrift, + github.com/cloudflare/circl, + github.com/golang, + github.com/gorhill/cronexpr, + github.com/in-toto/in-toto-golang, + github.com/jmespath/go-jmespath, + github.com/keybase/go-crypto, + github.com/klauspost/compress, + github.com/mattn/go-localereader, + github.com/modern-go/reflect2, + github.com/pierrec/lz4, + github.com/pjbgf/sha1cd, + github.com/pulumi, + github.com/segmentio/asm, + golang.org diff --git a/provider-ci/test-providers/eks/.github/workflows/lint.yml b/provider-ci/test-providers/eks/.github/workflows/lint.yml new file mode 100644 index 000000000..6d12e18d9 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/lint.yml @@ -0,0 +1,61 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: lint + +on: + workflow_call: + inputs: {} + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + lint: + name: lint + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Install go + uses: actions/setup-go@v5 + with: + # The versions of golangci-lint and setup-go here cross-depend and need to update together. + go-version: 1.23 + # Either this action or golangci-lint needs to disable the cache + cache: false + - name: disarm go:embed directives to enable lint + continue-on-error: true # this fails if there are no go:embed directives + run: | + git grep -l 'go:embed' -- provider | xargs sed -i 's/go:embed/ goembed/g' + - name: prepare upstream + continue-on-error: true + run: make upstream + - name: golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: v1.60 + working-directory: provider diff --git a/provider-ci/test-providers/eks/.github/workflows/master.yml b/provider-ci/test-providers/eks/.github/workflows/master.yml new file mode 100644 index 000000000..904923fa9 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/master.yml @@ -0,0 +1,174 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + skipGoSdk: true + + tag_release_if_labeled_needs_release: + name: Tag release if labeled as needs-release + needs: publish + runs-on: ubuntu-latest + steps: + - name: check if this commit needs release + if: ${{ env.RELEASE_BOT_ENDPOINT != '' }} + uses: pulumi/action-release-by-pr-label@main + with: + command: "release-if-needed" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} + env: + RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} + RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + with: + tool-cache: false + swap-storage: false + dotnet: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - name: Run example tests + run: make test_${{ matrix.language }} + strategy: + fail-fast: false + matrix: + language: + - nodejs + - python + - dotnet + - go + - java +name: master +on: + workflow_dispatch: {} + push: + branches: + - master + paths-ignore: + - "**.md" + tags-ignore: + - v* + - sdk/* + - "**" diff --git a/provider-ci/test-providers/eks/.github/workflows/prerelease.yml b/provider-ci/test-providers/eks/.github/workflows/prerelease.yml new file mode 100644 index 000000000..81845a329 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/prerelease.yml @@ -0,0 +1,146 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + IS_PRERELEASE: true + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + with: + tool-cache: false + swap-storage: false + dotnet: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Run example tests + run: make test_${{ matrix.language }} + strategy: + fail-fast: false + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + +name: prerelease +on: + push: + tags: + - v*.*.*-** diff --git a/provider-ci/test-providers/eks/.github/workflows/prerequisites.yml b/provider-ci/test-providers/eks/.github/workflows/prerequisites.yml new file mode 100644 index 000000000..26d0611ed --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/prerequisites.yml @@ -0,0 +1,111 @@ +name: "Prerequisites" + +on: + workflow_call: + inputs: + is_pr: + type: boolean + required: true + is_automated: + type: boolean + required: true + default_branch: + type: string + required: true + outputs: + version: + description: "Provider version being built" + value: ${{ jobs.prerequisites.outputs.version }} + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + prerequisites: + name: prerequisites + runs-on: ubuntu-latest + outputs: + version: ${{ steps.provider-version.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - uses: pulumi/provider-version-action@v1 + id: provider-version + with: + set-env: 'PROVIDER_VERSION' + - name: Cache examples generation + uses: actions/cache@v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go, pulumictl, pulumicli, schema-tools + - name: Install plugins + run: make install_plugins + - name: Generate schema + run: make schema + - name: Build provider binary + run: make provider + - name: Unit-test provider code + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: inputs.is_pr + name: Check Schema is Valid + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + { + echo "SCHEMA_CHANGES<<$EOF"; + schema-tools compare -r github://api.github.com/pulumi -p eks -o "${{ inputs.default_branch }}" -n --local-path=provider/cmd/pulumi-resource-eks/schema.json; + echo "$EOF"; + } >> "$GITHUB_ENV" + - if: inputs.is_pr && inputs.is_automated == false + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + comment_tag: schemaCheck + message: >+ + ${{ env.SCHEMA_CHANGES }} + + + Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes. + + - name: Upload bin + uses: ./.github/actions/upload-bin + + - name: Upload schema-embed.json + uses: actions/upload-artifact@v4 + with: + name: schema-embed.json + path: provider/cmd/pulumi-resource-eks/schema-embed.json + retention-days: 30 diff --git a/provider-ci/test-providers/eks/.github/workflows/publish.yml b/provider-ci/test-providers/eks/.github/workflows/publish.yml new file mode 100644 index 000000000..334f20f95 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/publish.yml @@ -0,0 +1,201 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: Publish + +on: + workflow_call: + inputs: + version: + required: true + type: string + isPrerelease: + required: true + type: boolean + skipGoSdk: + default: false + type: boolean + description: Skip publishing & verifying the Go SDK + +env: + IS_PRERELEASE: ${{ inputs.isPrerelease }} + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + publish: + name: publish + runs-on: ubuntu-latest + steps: + - name: Validate prerelease + if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) + run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1 + - name: Validate skipGoSdk + if: inputs.skipGoSdk && inputs.isPrerelease == false + run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, schema-tools + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-external-id: upload-pulumi-release + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Create dist directory + run: mkdir -p dist + - name: Download provider assets + uses: actions/download-artifact@v4 + with: + pattern: pulumi-resource-eks-v${{ inputs.version }}-* + path: dist + # Don't create a directory for each artifact + merge-multiple: true + - name: Calculate checksums + working-directory: dist + run: shasum ./*.tar.gz > "pulumi-eks_${{ inputs.version }}_checksums.txt" + - name: Get Schema Change Summary + id: schema-summary + shell: bash + run: | + # Get latest stable release. Return only first column from result (tag). + LAST_VERSION=$(gh release view --repo pulumi/pulumi-eks --json tagName -q .tagName || echo "No stable release" ) + { + echo 'summary<> "$GITHUB_OUTPUT" + - name: Upload Provider Binaries + run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive + - name: Create GH Release + uses: softprops/action-gh-release@v1 + if: inputs.isPrerelease == false + with: + tag_name: v${{ inputs.version }} + prerelease: ${{ inputs.isPrerelease }} + # We keep pre-releases as drafts so they're not visible until we manually publish them. + draft: ${{ inputs.isPrerelease }} + body: ${{ steps.schema-summary.outputs.summary }} + generate_release_notes: true + files: dist/* + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + publish_sdk: + name: publish_sdk + needs: publish + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + # Persist credentials so we can push back to the repo + persist-credentials: true + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java + - name: Publish SDKs + uses: pulumi/pulumi-package-publisher@v0.0.20 + with: + sdk: all + version: ${{ inputs.version }} + - name: Download Go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - uses: pulumi/publish-go-sdk-action@v1 + if: inputs.skipGoSdk == false + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ inputs.version }} + additive: false + # Avoid including other language SDKs & artifacts in the commit + files: | + go.* + go/** + !*.tar.gz + create_docs_build: + name: create_docs_build + needs: publish_sdk + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + runs-on: ubuntu-latest + steps: + - name: Dispatch Metadata build + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: pulumi/registry + event-type: resource-provider + client-payload: |- + { + "project": "${{ github.repository }}", + "project-shortname": "eks", + "ref": "${{ github.ref_name }}" + } + + clean_up_release_labels: + name: Clean up release labels + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + needs: create_docs_build + + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Clean up release labels + uses: pulumi/action-release-by-pr-label@main + with: + command: "clean-up-release-labels" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/provider-ci/test-providers/eks/.github/workflows/pull-request.yml b/provider-ci/test-providers/eks/.github/workflows/pull-request.yml new file mode 100644 index 000000000..6dfee6450 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/pull-request.yml @@ -0,0 +1,47 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + comment-on-pr: + if: github.event.pull_request.head.repo.full_name != github.repository + name: comment-on-pr + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Comment PR + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + message: > + PR is now waiting for a maintainer to run the acceptance tests. + + **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR +name: pull-request +on: + pull_request_target: {} diff --git a/provider-ci/test-providers/eks/.github/workflows/release.yml b/provider-ci/test-providers/eks/.github/workflows/release.yml new file mode 100644 index 000000000..a04ede301 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/release.yml @@ -0,0 +1,146 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: release +on: + push: + tags: + - v*.*.* + - "!v*.*.*-**" + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + pull-requests: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: false + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + with: + tool-cache: false + swap-storage: false + dotnet: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Run example tests + run: make test_${{ matrix.language }} + strategy: + fail-fast: false + matrix: + language: + - nodejs + - python + - dotnet + - go + - java diff --git a/provider-ci/test-providers/eks/.github/workflows/release_command.yml b/provider-ci/test-providers/eks/.github/workflows/release_command.yml new file mode 100644 index 000000000..4029f32a7 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/release_command.yml @@ -0,0 +1,45 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: release-command +on: + repository_dispatch: + types: + - release-command +jobs: + should_release: + name: Should release PR + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Should release PR + uses: pulumi/action-release-by-pr-label@main + with: + command: "should-release" + repo: ${{ github.repository }} + pr: ${{ github.event.client_payload.pull_request.number }} + version: ${{ github.event.client_payload.slash_command.args.all }} + slack_channel: ${{ secrets.RELEASE_OPS_STAGING_SLACK_CHANNEL }} + env: + RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} + RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - if: failure() + name: Notify failure + uses: peter-evans/create-or-update-comment@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + body: | + "release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + - if: success() + name: Notify success + uses: peter-evans/create-or-update-comment@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + comment-id: ${{ github.event.client_payload.github.payload.comment.id }} + reaction-type: hooray diff --git a/provider-ci/test-providers/eks/.github/workflows/resync-build.yml b/provider-ci/test-providers/eks/.github/workflows/resync-build.yml new file mode 100644 index 000000000..80c0e5ecc --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/resync-build.yml @@ -0,0 +1,96 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + PULUMI_EXTRA_MAPPING_ERROR: true + PULUMI_MISSING_MAPPING_ERROR: true + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + resync_build: + name: resync-build + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + # Persist credentials so we can push a new branch. + persist-credentials: true + - name: Checkout repo + uses: actions/checkout@v4 + with: + path: ci-mgmt + repository: pulumi/ci-mgmt + persist-credentials: false + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, nodejs, dotnet, python + - name: Sync with ci-mgmt + run: cp -r "ci-mgmt/provider-ci/providers/$PROVIDER/repo/." . + - name: Remove ci-mgmt directory + run: rm -rf ci-mgmt + - name: Required entries for gitignore + run: |- + cat <<- EOF > "$RUNNER_TEMP/gitignore" + sdk/java/build + sdk/java/.gradle + sdk/java/gradle + sdk/java/gradlew + sdk/java/gradlew.bat + EOF + shell: bash + - name: Adding missing lines to .gitignore + run: | + comm -23 <(sort "$RUNNER_TEMP/gitignore") <(sort .gitignore) >> .gitignore.temp + cat .gitignore.temp >> .gitignore + rm .gitignore.temp + shell: bash + - name: Build + run: make build + - name: Create PR (no linked issue) + uses: peter-evans/create-pull-request@v3.12.0 + with: + author: pulumi-bot + base: master + body: This pull request was generated automatically by the resync-build workflow + in this repository. + branch: pulumi-bot/resync-${{ github.run_id}} + commit-message: Resync build for pulumi-eks + committer: pulumi-bot + labels: impact/no-changelog-required + team-reviewers: platform-integrations + title: Fix up build for pulumi-eks + token: ${{ secrets.PULUMI_BOT_TOKEN }} +name: Resync build +on: + workflow_dispatch: + inputs: + automerge: + default: false + description: Mark created PR for auto-merging? + required: true + type: boolean diff --git a/provider-ci/test-providers/eks/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/eks/.github/workflows/run-acceptance-tests.yml new file mode 100644 index 000000000..0abf5abcd --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/run-acceptance-tests.yml @@ -0,0 +1,230 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: run-acceptance-tests + +on: + pull_request: + paths-ignore: + - CHANGELOG.md + repository_dispatch: + types: + - run-acceptance-tests-command + +env: + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +# This should cancel any previous runs of the same workflow on the same branch which are still running. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + prerequisites: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + pull-requests: write + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + comment-notification: + if: github.event_name == 'repository_dispatch' + name: comment-notification + permissions: + pull-requests: write + runs-on: ubuntu-latest + steps: + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@v1 + with: + body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + token: ${{ secrets.GITHUB_TOKEN }} + lint: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + sentinel: + name: sentinel + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + statuses: write + needs: + - test + - build_provider + - license_check + - lint + runs-on: ubuntu-latest + steps: + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 + with: + authToken: ${{secrets.GITHUB_TOKEN}} + # Write an explicit status check called "Sentinel" which will only pass if this code really runs. + # This should always be a required check for PRs. + context: 'Sentinel' + description: 'All required checks passed' + state: 'success' + # Write to the PR commit SHA if it's available as we don't want the merge commit sha, + # otherwise use the current SHA for any other type of build. + sha: ${{ github.event.pull_request.head.sha || github.sha }} + + # TODO: Extract into shared action. + test: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + with: + tool-cache: false + swap-storage: false + dotnet: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, nodejs, python, dotnet, java + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download nodejs SDK + uses: ./.github/actions/download-sdk + with: + language: nodejs + - name: Download python SDK + uses: ./.github/actions/download-sdk + with: + language: python + - name: Download dotnet SDK + uses: ./.github/actions/download-sdk + with: + language: dotnet + - name: Download go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - name: Download java SDK + uses: ./.github/actions/download-sdk + with: + language: java + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Install dependencies + run: make install_sdks + - name: Generate shard + id: shard + uses: hashicorp-forge/go-test-split-action@v2.0.0 + with: + working-directory: examples # TODO: Parameterize this. + flags: -tags=all + total: ${{ matrix.total }} + index: ${{ matrix.index }} + - name: Run example tests + run: make test_shard + env: + TAGS: all + TESTS: ${{ steps.shard.outputs.run}} + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + strategy: + fail-fast: false + matrix: + total: + - 10 + index: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + - 8 + - 9 + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit diff --git a/provider-ci/test-providers/eks/.github/workflows/verify-release.yml b/provider-ci/test-providers/eks/.github/workflows/verify-release.yml new file mode 100644 index 000000000..aae2bc6c0 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/verify-release.yml @@ -0,0 +1,85 @@ +name: "Verify Release" + +on: + workflow_dispatch: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacRunner: + description: "Enable the MacOS runner in addition to Linux and Windows. Defaults to 'false'." + required: false + type: boolean + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. Enable this when verifying a pre-release for which we don't publish the Go SDK (for PRs and the default branch)." + required: false + type: boolean + default: false + workflow_call: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacosRunner: + description: "Enable the macos-latest runner in addition to ubuntu-latest and windows-latest. Defaults to 'false'." + required: false + type: boolean + default: false + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build." + required: false + type: boolean + default: false + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + verify-release: + name: verify-release + # We don't have any release verification configurations, so we never run this workflow. + # Configure your .ci-mgmt.yaml files to include the release verification configurations e.g. + # releaseVerification: + # nodejs: path/to/nodejs/project + # python: path/to/python/project + # dotnet: path/to/dotnet/project + # go: path/to/go/project + if: false + strategy: + matrix: + # We don't have any release verification configurations, so we only run on Linux to print warnings to help users configure the release verification. + runner: ["ubuntu-latest"] + runs-on: ${{ matrix.runner }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumicli, nodejs, python, dotnet, go, java diff --git a/provider-ci/test-providers/eks/.golangci.yml b/provider-ci/test-providers/eks/.golangci.yml new file mode 100644 index 000000000..720e7cd3f --- /dev/null +++ b/provider-ci/test-providers/eks/.golangci.yml @@ -0,0 +1,35 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +linters: + enable: + - errcheck + - gci + - goconst + - gofmt + - gosec + - govet + - ineffassign + - lll + - gosimple + - staticcheck + - misspell + - nakedret + - revive + - unconvert + - unused + enable-all: false +issues: + exclude-files: + - schema.go + - pulumiManifest.go +run: + timeout: 20m +linters-settings: + gci: + sections: + - standard # Standard section: captures all standard library packages. + - blank # Blank section: contains all blank imports. + - default # Default section: contains all imports that could not be matched to another section type. + - prefix(github.com/pulumi/) # Custom section: groups all imports with the github.com/pulumi/ prefix. + - prefix(github.com/pulumi/pulumi-eks) # Custom section: local imports + custom-order: true diff --git a/provider-ci/test-providers/eks/.upgrade-config.yml b/provider-ci/test-providers/eks/.upgrade-config.yml new file mode 100644 index 000000000..0005a0198 --- /dev/null +++ b/provider-ci/test-providers/eks/.upgrade-config.yml @@ -0,0 +1,6 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +--- +upstream-provider-name: terraform-provider-eks +pulumi-infer-version: true +remove-plugins: true diff --git a/provider-ci/test-providers/eks/CODE-OF-CONDUCT.md b/provider-ci/test-providers/eks/CODE-OF-CONDUCT.md new file mode 100644 index 000000000..995e13c00 --- /dev/null +++ b/provider-ci/test-providers/eks/CODE-OF-CONDUCT.md @@ -0,0 +1,80 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of experience, +education, socio-economic status, nationality, personal appearance, race, +religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members +* Contribute in a positive and constructive way + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Community Guidelines +* Be clear and stay on topic. Communicating with strangers on the Internet can make it hard to convey or read tone, and sarcasm is frequently misunderstood. Try to use clear language, and think about how the other person will receive it. +* Don’t cross-post the same thing in multiple GitHub Discussion topics or multiple Slack channels. This can make it difficult for people answering your questions and creates "scrollback spam". +* Public discussion is preferred to private. Avoid using Slack DMs for questions, and instead share them in public Slack channels or GitHub Discussion threads. This allows a larger audience to both share their knowledge as well as learn from your question or issue. If you're having a problem, chances are someone else is having a similar problem. Learning in public is a community contribution. +* Minimize notifications to other community members. Avoid tagging other community members in Slack messages or Discussion threads, unless you are replying to something specific. Community members are here to help each other, but are not "on call" for support, and we expect everyone to try to minimize "notification fatigue". If your issue is time-sensitive or critical, use methods like support@pulumi.com instead. + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, GitHub Discussions posts, +and other contributions that are not aligned to this Code of Conduct, or to ban +temporarily or permanently any contributor for other behaviors that they deem +inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces (including the Community Slack +and GitHub Discussions forums) and in public spaces when an individual is representing the +project or its community. Examples of representing a project or community include +using an official project e-mail address, posting via an official social media account, +or acting as an appointed representative at an online or offline event. Representation +of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at code-of-conduct@pulumi.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org