Merge branch 'master' of github.com:pulumi/pulumi-aws into blampe/tes…

…t-sharding

.github/actions/setup-tools/action.yml

@@ -14,6 +14,12 @@ inputs:
         dotnet
         java
     default: all
+  cache-go:
+    description: |
+      Whether to enable the GitHub cache for Go. Appropriate for disabling in
+      smaller jobs that typically completely before the "real" job has an
+      opportunity to populate the cache.
+    default: "true"
 
 runs:
   using: "composite"
@@ -27,6 +33,8 @@ runs:
           provider/*.sum
           upstream/*.sum
           sdk/*.sum
+        # TODO(https://github.com/actions/setup-go/issues/316): Restore but don't save the cache.
+        cache: ${{ inputs.cache-go }}
 
     - name: Install pulumictl
       if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl')

.github/workflows/build_provider.yml

@@ -15,6 +15,7 @@ jobs:
     env:
       PROVIDER_VERSION: ${{ inputs.version }}
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      AZURE_SIGNING_CONFIGURED: ${{ secrets.AZURE_SIGNING_CLIENT_ID != '' && secrets.AZURE_SIGNING_CLIENT_SECRET != '' && secrets.AZURE_SIGNING_TENANT_ID != '' && secrets.AZURE_SIGNING_KEY_VAULT_URI != '' }}
     strategy:
       fail-fast: true
       matrix:
@@ -37,6 +38,7 @@ jobs:
           tool-cache: false
           swap-storage: false
           dotnet: false
+          large-packages: false
       - name: Checkout Repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
@@ -58,8 +60,31 @@ jobs:
           path: provider/cmd/pulumi-resource-aws
       - name: Restore makefile progress
         run: make --touch provider schema
-      - name: Build & package provider
+
+      - name: Build provider
+        run: make "provider-${{ matrix.platform.os }}-${{ matrix.platform.arch }}"
+
+      - name: Sign windows provider
+        if: matrix.platform.os == 'windows' && env.AZURE_SIGNING_CONFIGURED == 'true'
+        run: |
+          az login --service-principal \
+            -u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \
+            -p ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} \
+            -t ${{ secrets.AZURE_SIGNING_TENANT_ID }} \
+            -o none;
+
+          wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar;
+
+          java -jar jsign-6.0.jar \
+             --storetype AZUREKEYVAULT \
+             --keystore "PulumiCodeSigning" \
+             --url ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} \
+             --storepass "$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken)" \
+             bin/windows-amd64/pulumi-resource-aws.exe;
+
+      - name: Package provider
         run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
+
       - name: Upload artifacts
         uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:

.github/workflows/license.yml

@@ -40,6 +40,7 @@ jobs:
         uses: ./.github/actions/setup-tools
         with:
           tools: go
+          cache-go: false
       - run: make upstream
       - uses: pulumi/license-check-action@main
         with:

.github/workflows/prerequisites.yml

@@ -79,6 +79,10 @@ jobs:
       run: make provider
     - name: Unit-test provider code
       run: make test_provider
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@c2fcb216de2b0348de0100baa3ea2cad9f100a01 # v5.1.0
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
     - if: inputs.is_pr
       name: Check Schema is Valid
       run: |

.github/workflows/publish.yml

@@ -116,6 +116,8 @@ jobs:
     name: publish_sdk
     needs: publish
     runs-on: ubuntu-latest
+    outputs:
+      python_version: ${{ steps.python_version.outputs.version }}
     steps:
     - name: Checkout Repo
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -157,6 +159,13 @@ jobs:
           go.*
           go/**
           !*.tar.gz
+    - name: Extract python version
+      id: python_version
+      working-directory: sdk/python
+      run: |
+        pip install toml-cli==0.7.0
+        version=$(toml get --toml-path pyproject.toml project.version)
+        echo "version=${version}" >> "$GITHUB_OUTPUT"
   create_docs_build:
     name: create_docs_build
     needs: publish_sdk
@@ -208,3 +217,4 @@ jobs:
       # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release.
       enableMacosRunner: ${{ inputs.isPrerelease == false }}
       skipGoSdk: ${{ inputs.skipGoSdk }}
+      pythonVersion: ${{ needs.publish_sdk.outputs.python_version }}

.github/workflows/test.yml

@@ -52,11 +52,6 @@ jobs:
         ref: ${{ env.PR_COMMIT_SHA }}
         submodules: true
         persist-credentials: false
-    - name: Checkout p/examples
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
-        repository: pulumi/examples
-        path: p-examples
     - name: Setup tools
       uses: ./.github/actions/setup-tools
     - name: Prepare local workspace
@@ -120,7 +115,7 @@ jobs:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-region: ${{ env.AWS_REGION }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        role-duration-seconds: 3600
+        role-duration-seconds: 7200
         role-session-name: aws@githubActions
         role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
     - name: Make upstream
@@ -148,108 +143,6 @@ jobs:
          - 7
          - 8
          - 9
-  go_test_shim:
-      name: Run test of provider shim
-      runs-on: ubuntu-latest
-      steps:
-          - name: Free Disk Space (Ubuntu)
-            uses: jlumbroso/free-disk-space@main
-            with:
-              swap-storage: false
-              tool-cache: false
-          - name: Checkout Repo
-            uses: actions/checkout@v4
-            with:
-              ref: ${{ env.PR_COMMIT_SHA }}
-              submodules: true
-          - uses: pulumi/provider-version-action@v1
-            with:
-              set-env: PROVIDER_VERSION
-          - name: Setup tools
-            uses: ./.github/actions/setup-tools
-            with:
-              tools: pulumictl, pulumi, go
-          - name: Prepare local workspace
-            run: make prepare_local_workspace
-          - name: go test
-            run: |
-              cd upstream
-              go get github.com/hashicorp/aws-sdk-go-base@v1.1.0
-              cd shim
-              go test -v -coverprofile="coverage.txt" .
-          - env:
-              CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-            name: Upload coverage reports to Codecov
-            uses: codecov/codecov-action@v4
-      timeout-minutes: 60
-  provider_test:
-      name: provider_test
-      permissions:
-          contents: read
-          id-token: write
-      runs-on: ubuntu-latest
-      steps:
-          - name: Free Disk Space (Ubuntu)
-            uses: jlumbroso/free-disk-space@main
-            with:
-              swap-storage: false
-              tool-cache: false
-          - name: Checkout Repo
-            uses: actions/checkout@v4
-            with:
-              ref: ${{ env.PR_COMMIT_SHA }}
-              submodules: true
-          - uses: pulumi/provider-version-action@v1
-            with:
-              set-env: PROVIDER_VERSION
-          - name: Setup tools
-            uses: ./.github/actions/setup-tools
-            with:
-              tools: pulumictl, pulumi, go, node, dotnet, python, java
-          - name: Prepare local workspace
-            run: make prepare_local_workspace
-          - name: Download bin
-            uses: ./.github/actions/download-bin
-          - name: Download SDK
-            uses: ./.github/actions/download-sdk
-            with:
-              language: ${{ matrix.language }}
-          - name: Restore makefile progress
-            run: make --touch provider schema build_${{ matrix.language }}
-          - name: Update path
-            run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
-          - name: Install Python deps
-            run: |-
-              pip3 install virtualenv==20.0.23
-              pip3 install pipenv
-          - name: Install dependencies
-            run: make install_${{ matrix.language}}_sdk
-          - name: Install gotestfmt
-            uses: GoTestTools/gotestfmt-action@v2
-            with:
-              token: ${{ secrets.GITHUB_TOKEN }}
-              version: v2.5.0
-          - name: Configure AWS Credentials
-            uses: aws-actions/configure-aws-credentials@v4
-            with:
-              aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-              aws-region: ${{ env.AWS_REGION }}
-              aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-              role-duration-seconds: 3600
-              role-session-name: aws@githubActions
-              role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
-          - name: Run provider tests
-            run: |
-              cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
-      strategy:
-          fail-fast: false
-          matrix:
-              language:
-                  - nodejs
-                  - python
-                  - dotnet
-                  - go
-                  - java
   upstream_lint:
       name: Run upstream provider-lint
       runs-on: ubuntu-latest

.github/workflows/verify-release.yml

@@ -16,6 +16,10 @@ on:
         required: false
         type: boolean
         default: false
+      pythonVersion:
+        description: "Optional python SDK version to verify. Defaults to inputs.providerVersion."
+        type: string
+        required: false
   workflow_call:
     inputs:
       providerVersion:
@@ -32,6 +36,10 @@ on:
         required: false
         type: boolean
         default: false
+      pythonVersion:
+        description: "Optional python SDK version to verify. Defaults to inputs.providerVersion."
+        type: string
+        required: false
 
 env:
   AWS_REGION: us-west-2

.pulumi-java-gen.version

@@ -1 +1 @@
-0.18.0
+0.20.0

Makefile

@@ -236,7 +236,11 @@ test:
 .PHONY: test
 
 test_provider:
-	cd provider && go test -v -short ./... -parallel $(TESTPARALLELISM)
+	cd provider && go test -v -short \
+		-coverprofile="coverage.txt" \
+		-coverpkg="./...,github.com/hashicorp/terraform-provider-..." \
+		-parallel $(TESTPARALLELISM) \
+		./...
 .PHONY: test_provider
 
 tfgen: schema