Skip to content

Commit

Permalink
Update GitHub Actions workflows. (#4920)
Browse files Browse the repository at this point in the history
This PR was automatically generated by the
update-workflows-single-bridged-provider workflow in the pulumi/ci-mgmt
repo, from commit 3e4be1caba9e051f1cbc2ecfdca169360313e9dd.
  • Loading branch information
pulumi-bot authored Dec 13, 2024
1 parent 8b5a96f commit bff892a
Show file tree
Hide file tree
Showing 22 changed files with 244 additions and 556 deletions.
14 changes: 11 additions & 3 deletions .github/actions/setup-tools/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,23 +14,31 @@ inputs:
dotnet
java
default: all
cache-go:
description: |
Whether to enable the GitHub cache for Go. Appropriate for disabling in
smaller jobs that typically completely before the "real" job has an
opportunity to populate the cache.
default: "true"

runs:
using: "composite"
steps:
- name: Install Go
if: inputs.tools == 'all' || contains(inputs.tools, 'go')
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version: "1.23.x"
cache-dependency-path: |
provider/*.sum
upstream/*.sum
sdk/*.sum
# TODO(https://github.com/actions/setup-go/issues/316): Restore but don't save the cache.
cache: ${{ inputs.cache-go }}

- name: Install pulumictl
if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl')
uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0
with:
tag: v0.0.46
repo: pulumi/pulumictl
Expand All @@ -43,7 +51,7 @@ runs:

- name: Install Schema Tools
if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools')
uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0
with:
repo: pulumi/schema-tools

Expand Down
27 changes: 26 additions & 1 deletion .github/workflows/build_provider.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ jobs:
env:
PROVIDER_VERSION: ${{ inputs.version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AZURE_SIGNING_CONFIGURED: ${{ secrets.AZURE_SIGNING_CLIENT_ID != '' && secrets.AZURE_SIGNING_CLIENT_SECRET != '' && secrets.AZURE_SIGNING_TENANT_ID != '' && secrets.AZURE_SIGNING_KEY_VAULT_URI != '' }}
strategy:
fail-fast: true
matrix:
Expand All @@ -37,6 +38,7 @@ jobs:
tool-cache: false
swap-storage: false
dotnet: false
large-packages: false
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
Expand All @@ -58,8 +60,31 @@ jobs:
path: provider/cmd/pulumi-resource-aws
- name: Restore makefile progress
run: make --touch provider schema
- name: Build & package provider

- name: Build provider
run: make "provider-${{ matrix.platform.os }}-${{ matrix.platform.arch }}"

- name: Sign windows provider
if: matrix.platform.os == 'windows' && env.AZURE_SIGNING_CONFIGURED == 'true'
run: |
az login --service-principal \
-u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \
-p ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} \
-t ${{ secrets.AZURE_SIGNING_TENANT_ID }} \
-o none;
wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar;
java -jar jsign-6.0.jar \
--storetype AZUREKEYVAULT \
--keystore "PulumiCodeSigning" \
--url ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} \
--storepass "$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken)" \
bin/windows-amd64/pulumi-resource-aws.exe;
- name: Package provider
run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }}

- name: Upload artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build_sdk.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ jobs:
submodules: true
persist-credentials: false
- name: Cache examples generation
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
with:
path: |
.pulumi/examples-cache
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/community-moderation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
- if: steps.sdk_changed.outputs.changed == 'true' &&
github.event.pull_request.head.repo.full_name != github.repository
name: Send codegen warning as comment on PR
uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
message: >
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/license.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ jobs:
uses: ./.github/actions/setup-tools
with:
tools: go
cache-go: false
- run: make upstream
- uses: pulumi/license-check-action@main
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
submodules: true
persist-credentials: false
- name: Install go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
# The versions of golangci-lint and setup-go here cross-depend and need to update together.
go-version: 1.23
Expand Down
101 changes: 4 additions & 97 deletions .github/workflows/master.yml
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,6 @@ jobs:
- build_provider
- test
- license_check
- upstream_lint
uses: ./.github/workflows/publish.yml
secrets: inherit
with:
Expand Down Expand Up @@ -127,106 +126,14 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

test:
name: test
uses: ./.github/workflows/test.yml
needs:
- prerequisites
- build_provider
- build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
env:
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
steps:
# Run as first step so we don't delete things that have just been installed
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
with:
tool-cache: false
swap-storage: false
dotnet: false
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: true
persist-credentials: false
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, ${{ matrix.language }}
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download bin
uses: ./.github/actions/download-bin
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Restore makefile progress
run: make --touch provider schema build_${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Python deps
if: matrix.language == 'python'
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.5.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: ${{ env.AWS_REGION }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Make upstream
run: make upstream
- name: Run tests
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4
strategy:
fail-fast: false
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
upstream_lint:
name: Run upstream provider-lint
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
swap-storage: false
tool-cache: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- name: Install Go
uses: actions/setup-go@v5
with:
cache: false
go-version: 1.23.x
- name: Prepare local workspace
run: make prepare_local_workspace
- name: upstream lint
run: |
cd upstream
make provider-lint
timeout-minutes: 60
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}

name: master
on:
Expand Down
75 changes: 5 additions & 70 deletions .github/workflows/nightly-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,80 +45,15 @@ jobs:
version: ${{ needs.prerequisites.outputs.version }}

test:
name: test
uses: ./.github/workflows/test.yml
needs:
- prerequisites
- build_provider
- build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
env:
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
steps:
# Run as first step so we don't delete things that have just been installed
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
with:
tool-cache: false
swap-storage: false
dotnet: false
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: true
persist-credentials: false
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, ${{ matrix.language}}
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download bin
uses: ./.github/actions/download-bin
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Restore makefile progress
run: make --touch provider schema build_${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Python deps
if: matrix.language == 'python'
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.5.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: ${{ env.AWS_REGION }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Make upstream
run: make upstream
- name: Run tests
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4
strategy:
fail-fast: false
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}

name: cron
on:
schedule:
Expand Down
Loading

0 comments on commit bff892a

Please sign in to comment.