Skip to content

Commit

Permalink
Only sign the windows binary when the signing secrets are configured (#…
Browse files Browse the repository at this point in the history
…1206)

The addition of signing Windows binaries unconditionally broke the setup
for non-Pulumi managed providers:

#1202 (comment)

This PR checks if the signing secrets have been configured and skips the
signing step when not configured, as is currently the case for the
providers I manage.

This is tested for the `acme` provider:

*
[commit](pulumiverse/pulumi-acme@16ad22e)
* [corresponding run which skips "Sign Windows
provider"](https://github.com/pulumiverse/pulumi-acme/actions/runs/12251907770/job/34177631020)

---------

Co-authored-by: Daniel Bradley <daniel@pulumi.com>
  • Loading branch information
ringods and danielrbradley authored Dec 10, 2024
1 parent 7420998 commit 91df679
Show file tree
Hide file tree
Showing 10 changed files with 50 additions and 35 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ jobs:
env:
PROVIDER_VERSION: ${{ inputs.version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AZURE_SIGNING_CONFIGURED: ${{ secrets.AZURE_SIGNING_CLIENT_ID != '' && secrets.AZURE_SIGNING_CLIENT_SECRET != '' && secrets.AZURE_SIGNING_TENANT_ID != '' && secrets.AZURE_SIGNING_KEY_VAULT_URI != '' }}
strategy:
fail-fast: true
matrix:
Expand Down Expand Up @@ -64,15 +65,10 @@ jobs:
run: make --touch provider schema

- name: Build provider
if: matrix.platform.os != 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-#{{ .Config.Provider }}#

- name: Build windows provider
if: matrix.platform.os == 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-#{{ .Config.Provider }}#.exe
run: make "provider-${{ matrix.platform.os }}-${{ matrix.platform.arch }}"

- name: Sign windows provider
if: matrix.platform.os == 'windows'
if: matrix.platform.os == 'windows' && env.AZURE_SIGNING_CONFIGURED == 'true'
run: |
az login --service-principal \
-u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \
Expand Down
7 changes: 7 additions & 0 deletions provider-ci/internal/pkg/templates/bridged-provider/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,13 @@ bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe:
export CGO_ENABLED=0 && \
go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)"

provider-linux-amd64: bin/linux-amd64/$(PROVIDER)
provider-linux-arm64: bin/linux-arm64/$(PROVIDER)
provider-darwin-amd64: bin/darwin-amd64/$(PROVIDER)
provider-darwin-arm64: bin/darwin-arm64/$(PROVIDER)
provider-windows-amd64: bin/windows-amd64/$(PROVIDER).exe
.PHONY: provider-linux-amd64 provider-linux-arm64 provider-darwin-amd64 provider-darwin-arm64 provider-windows-amd64

bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER)
bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER)
bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ jobs:
env:
PROVIDER_VERSION: ${{ inputs.version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AZURE_SIGNING_CONFIGURED: ${{ secrets.AZURE_SIGNING_CLIENT_ID != '' && secrets.AZURE_SIGNING_CLIENT_SECRET != '' && secrets.AZURE_SIGNING_TENANT_ID != '' && secrets.AZURE_SIGNING_KEY_VAULT_URI != '' }}
strategy:
fail-fast: true
matrix:
Expand Down Expand Up @@ -52,15 +53,10 @@ jobs:
run: make --touch provider schema

- name: Build provider
if: matrix.platform.os != 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-acme

- name: Build windows provider
if: matrix.platform.os == 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-acme.exe
run: make "provider-${{ matrix.platform.os }}-${{ matrix.platform.arch }}"

- name: Sign windows provider
if: matrix.platform.os == 'windows'
if: matrix.platform.os == 'windows' && env.AZURE_SIGNING_CONFIGURED == 'true'
run: |
az login --service-principal \
-u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \
Expand Down
7 changes: 7 additions & 0 deletions provider-ci/test-providers/acme/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -312,6 +312,13 @@ bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe:
export CGO_ENABLED=0 && \
go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)"

provider-linux-amd64: bin/linux-amd64/$(PROVIDER)
provider-linux-arm64: bin/linux-arm64/$(PROVIDER)
provider-darwin-amd64: bin/darwin-amd64/$(PROVIDER)
provider-darwin-arm64: bin/darwin-arm64/$(PROVIDER)
provider-windows-amd64: bin/windows-amd64/$(PROVIDER).exe
.PHONY: provider-linux-amd64 provider-linux-arm64 provider-darwin-amd64 provider-darwin-arm64 provider-windows-amd64

bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER)
bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER)
bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ jobs:
env:
PROVIDER_VERSION: ${{ inputs.version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AZURE_SIGNING_CONFIGURED: ${{ secrets.AZURE_SIGNING_CLIENT_ID != '' && secrets.AZURE_SIGNING_CLIENT_SECRET != '' && secrets.AZURE_SIGNING_TENANT_ID != '' && secrets.AZURE_SIGNING_KEY_VAULT_URI != '' }}
strategy:
fail-fast: true
matrix:
Expand Down Expand Up @@ -60,15 +61,10 @@ jobs:
run: make --touch provider schema

- name: Build provider
if: matrix.platform.os != 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-aws

- name: Build windows provider
if: matrix.platform.os == 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-aws.exe
run: make "provider-${{ matrix.platform.os }}-${{ matrix.platform.arch }}"

- name: Sign windows provider
if: matrix.platform.os == 'windows'
if: matrix.platform.os == 'windows' && env.AZURE_SIGNING_CONFIGURED == 'true'
run: |
az login --service-principal \
-u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \
Expand Down
7 changes: 7 additions & 0 deletions provider-ci/test-providers/aws/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,13 @@ bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe:
export CGO_ENABLED=0 && \
go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)"

provider-linux-amd64: bin/linux-amd64/$(PROVIDER)
provider-linux-arm64: bin/linux-arm64/$(PROVIDER)
provider-darwin-amd64: bin/darwin-amd64/$(PROVIDER)
provider-darwin-arm64: bin/darwin-arm64/$(PROVIDER)
provider-windows-amd64: bin/windows-amd64/$(PROVIDER).exe
.PHONY: provider-linux-amd64 provider-linux-arm64 provider-darwin-amd64 provider-darwin-arm64 provider-windows-amd64

bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER)
bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER)
bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ jobs:
env:
PROVIDER_VERSION: ${{ inputs.version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AZURE_SIGNING_CONFIGURED: ${{ secrets.AZURE_SIGNING_CLIENT_ID != '' && secrets.AZURE_SIGNING_CLIENT_SECRET != '' && secrets.AZURE_SIGNING_TENANT_ID != '' && secrets.AZURE_SIGNING_KEY_VAULT_URI != '' }}
strategy:
fail-fast: true
matrix:
Expand Down Expand Up @@ -52,15 +53,10 @@ jobs:
run: make --touch provider schema

- name: Build provider
if: matrix.platform.os != 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-cloudflare

- name: Build windows provider
if: matrix.platform.os == 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-cloudflare.exe
run: make "provider-${{ matrix.platform.os }}-${{ matrix.platform.arch }}"

- name: Sign windows provider
if: matrix.platform.os == 'windows'
if: matrix.platform.os == 'windows' && env.AZURE_SIGNING_CONFIGURED == 'true'
run: |
az login --service-principal \
-u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \
Expand Down
7 changes: 7 additions & 0 deletions provider-ci/test-providers/cloudflare/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -322,6 +322,13 @@ bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe:
export CGO_ENABLED=0 && \
go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)"

provider-linux-amd64: bin/linux-amd64/$(PROVIDER)
provider-linux-arm64: bin/linux-arm64/$(PROVIDER)
provider-darwin-amd64: bin/darwin-amd64/$(PROVIDER)
provider-darwin-arm64: bin/darwin-arm64/$(PROVIDER)
provider-windows-amd64: bin/windows-amd64/$(PROVIDER).exe
.PHONY: provider-linux-amd64 provider-linux-arm64 provider-darwin-amd64 provider-darwin-arm64 provider-windows-amd64

bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER)
bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER)
bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ jobs:
env:
PROVIDER_VERSION: ${{ inputs.version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AZURE_SIGNING_CONFIGURED: ${{ secrets.AZURE_SIGNING_CLIENT_ID != '' && secrets.AZURE_SIGNING_CLIENT_SECRET != '' && secrets.AZURE_SIGNING_TENANT_ID != '' && secrets.AZURE_SIGNING_KEY_VAULT_URI != '' }}
strategy:
fail-fast: true
matrix:
Expand Down Expand Up @@ -52,15 +53,10 @@ jobs:
run: make --touch provider schema

- name: Build provider
if: matrix.platform.os != 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-docker

- name: Build windows provider
if: matrix.platform.os == 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-docker.exe
run: make "provider-${{ matrix.platform.os }}-${{ matrix.platform.arch }}"

- name: Sign windows provider
if: matrix.platform.os == 'windows'
if: matrix.platform.os == 'windows' && env.AZURE_SIGNING_CONFIGURED == 'true'
run: |
az login --service-principal \
-u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \
Expand Down
7 changes: 7 additions & 0 deletions provider-ci/test-providers/docker/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -325,6 +325,13 @@ bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe:
export CGO_ENABLED=0 && \
go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)"

provider-linux-amd64: bin/linux-amd64/$(PROVIDER)
provider-linux-arm64: bin/linux-arm64/$(PROVIDER)
provider-darwin-amd64: bin/darwin-amd64/$(PROVIDER)
provider-darwin-arm64: bin/darwin-arm64/$(PROVIDER)
provider-windows-amd64: bin/windows-amd64/$(PROVIDER).exe
.PHONY: provider-linux-amd64 provider-linux-arm64 provider-darwin-amd64 provider-darwin-arm64 provider-windows-amd64

bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER)
bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER)
bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER)
Expand Down

0 comments on commit 91df679

Please sign in to comment.