Skip to content

Commit

Permalink
Regenerate Github Actions workflows for pulumi-acme (#95)
Browse files Browse the repository at this point in the history
* Regenerate workflows for pulumi-acme
* Only sign when secrets have been configured

---------

Co-authored-by: pulumi-bot <bot@pulumi.com>
  • Loading branch information
ringods and pulumi-bot authored Dec 10, 2024
1 parent 0c9b2cb commit 9cec5ff
Show file tree
Hide file tree
Showing 13 changed files with 95 additions and 27 deletions.
19 changes: 13 additions & 6 deletions .github/actions/download-bin/action.yml
Original file line number Diff line number Diff line change
@@ -1,16 +1,23 @@
name: Download binary assets
description: Downloads the provider and tfgen binaries to `bin/`.
name: Download the provider binary
description: Downloads the provider binary to `bin/`.

runs:
using: "composite"
steps:
- name: Download provider + tfgen binaries

- name: Download pulumi-resource-acme
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: acme-provider.tar.gz
pattern: pulumi-resource-acme-*-linux-amd64.tar.gz
path: ${{ github.workspace }}/bin
- name: Untar provider binaries
merge-multiple: true

- name: Untar pulumi-resource-acme
shell: bash
run: |
tar -zxf ${{ github.workspace }}/bin/*amd64.tar.gz -C ${{ github.workspace}}/bin
- name: Mark pulumi-resource-acme as executable
shell: bash
run: |
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin
find ${{ github.workspace }} -name "pulumi-*-acme" -print -exec chmod +x {} \;
17 changes: 17 additions & 0 deletions .github/actions/download-tfgen/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Download the tfgen binary
description: Downloads the tfgen binary to `bin/`.

runs:
using: "composite"
steps:

- name: Download pulumi-tfgen-acme
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: pulumi-tfgen-acme
path: ${{ github.workspace }}/bin

- name: Ensure pulumi-tfgen-acme is executable
shell: bash
run: |
find ${{ github.workspace }} -name "pulumi-*-acme" -print -exec chmod +x {} \;
4 changes: 2 additions & 2 deletions .github/actions/setup-tools/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ runs:
- name: Install pulumictl
if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl')
uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0
with:
tag: v0.0.46
repo: pulumi/pulumictl
Expand All @@ -43,7 +43,7 @@ runs:

- name: Install Schema Tools
if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools')
uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0
with:
repo: pulumi/schema-tools

Expand Down
32 changes: 31 additions & 1 deletion .github/workflows/build_provider.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ jobs:
runs-on: ubuntu-latest
env:
PROVIDER_VERSION: ${{ inputs.version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SIGN: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI != '' }}
strategy:
fail-fast: true
matrix:
Expand Down Expand Up @@ -49,8 +51,36 @@ jobs:
path: provider/cmd/pulumi-resource-acme
- name: Restore makefile progress
run: make --touch provider schema
- name: Build & package provider

- name: Build provider
if: matrix.platform.os != 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-acme

- name: Build windows provider
if: matrix.platform.os == 'windows'
run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-acme.exe

- name: Sign windows provider
if: matrix.platform.os == 'windows' && env.SIGN == 'true'
run: |
az login --service-principal \
-u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \
-p ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} \
-t ${{ secrets.AZURE_SIGNING_TENANT_ID }} \
-o none;
wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar;
java -jar jsign-6.0.jar \
--storetype AZUREKEYVAULT \
--keystore "PulumiCodeSigning" \
--url ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} \
--storepass "$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken)" \
bin/windows-amd64/pulumi-resource-acme.exe;
- name: Package provider
run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }}

- name: Upload artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/build_sdk.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
with:
persist-credentials: false
- name: Cache examples generation
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
with:
path: |
.pulumi/examples-cache
Expand All @@ -55,8 +55,8 @@ jobs:
tools: pulumictl, pulumicli, ${{ matrix.language }}
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download bin
uses: ./.github/actions/download-bin
- name: Download tfgen
uses: ./.github/actions/download-tfgen
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Restore makefile progress
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ jobs:
name: test
needs:
- prerequisites
- build_provider
- build_sdk
permissions:
contents: read
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/prerelease.yml
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ jobs:
name: test
needs:
- prerequisites
- build_provider
- build_sdk
permissions:
contents: read
Expand Down
16 changes: 10 additions & 6 deletions .github/workflows/prerequisites.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ jobs:
with:
set-env: 'PROVIDER_VERSION'
- name: Cache examples generation
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
with:
path: |
.pulumi/examples-cache
Expand Down Expand Up @@ -79,18 +79,22 @@ jobs:
} >> "$GITHUB_ENV"
- if: inputs.is_pr && inputs.is_automated == false
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
comment_tag: schemaCheck
github-token: ${{ secrets.GITHUB_TOKEN }}
comment-tag: schemaCheck
message: >+
${{ env.SCHEMA_CHANGES }}
Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes.
- name: Upload bin
uses: ./.github/actions/upload-bin
- name: Upload pulumi-tfgen-acme
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: pulumi-tfgen-acme
path: ${{ github.workspace }}/bin/pulumi-tfgen-acme
retention-days: 30

- name: Upload schema-embed.json
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/pull-request.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@ jobs:
with:
persist-credentials: false
- name: Comment PR
uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
message: >
PR is now waiting for a maintainer to run the acceptance tests.
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ jobs:
name: test
needs:
- prerequisites
- build_provider
- build_sdk
permissions:
contents: read
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/run-acceptance-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,7 @@ jobs:
name: test
needs:
- prerequisites
- build_provider
- build_sdk
permissions:
contents: read
Expand Down
10 changes: 5 additions & 5 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ GEN_ENVS := PULUMI_HOME=$(GEN_PULUMI_HOME) PULUMI_CONVERT_EXAMPLES_CACHE_DIR=$(G
generate_dotnet: .make/generate_dotnet
build_dotnet: .make/build_dotnet
.make/generate_dotnet: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH)
.make/generate_dotnet: bin/$(TFGEN)
.make/generate_dotnet: .make/install_plugins bin/$(TFGEN)
$(GEN_ENVS) $(WORKING_DIR)/bin/$(TFGEN) dotnet --out sdk/dotnet/
cd sdk/dotnet/ && \
printf "module fake_dotnet_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \
Expand All @@ -109,7 +109,7 @@ build_dotnet: .make/build_dotnet
generate_go: .make/generate_go
build_go: .make/build_go
.make/generate_go: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH)
.make/generate_go: bin/$(TFGEN)
.make/generate_go: .make/install_plugins bin/$(TFGEN)
$(GEN_ENVS) $(WORKING_DIR)/bin/$(TFGEN) go --out sdk/go/
@touch $@
.make/build_go: .make/generate_go
Expand All @@ -121,7 +121,7 @@ generate_java: .make/generate_java
build_java: .make/build_java
.make/generate_java: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH)
.make/generate_java: PACKAGE_VERSION := $(VERSION_GENERIC)
.make/generate_java: bin/pulumi-java-gen .make/schema
.make/generate_java: .make/install_plugins bin/pulumi-java-gen .make/schema
PULUMI_HOME=$(GEN_PULUMI_HOME) PULUMI_CONVERT_EXAMPLES_CACHE_DIR=$(GEN_PULUMI_CONVERT_EXAMPLES_CACHE_DIR) bin/$(JAVA_GEN) generate --schema provider/cmd/$(PROVIDER)/schema.json --out sdk/java --build gradle-nexus
printf "module fake_java_module // Exclude this directory from Go tools\n\ngo 1.17\n" > sdk/java/go.mod
@touch $@
Expand All @@ -136,7 +136,7 @@ build_java: .make/build_java
generate_nodejs: .make/generate_nodejs
build_nodejs: .make/build_nodejs
.make/generate_nodejs: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH)
.make/generate_nodejs: bin/$(TFGEN)
.make/generate_nodejs: .make/install_plugins bin/$(TFGEN)
$(GEN_ENVS) $(WORKING_DIR)/bin/$(TFGEN) nodejs --out sdk/nodejs/
printf "module fake_nodejs_module // Exclude this directory from Go tools\n\ngo 1.17\n" > sdk/nodejs/go.mod
@touch $@
Expand All @@ -151,7 +151,7 @@ build_nodejs: .make/build_nodejs
generate_python: .make/generate_python
build_python: .make/build_python
.make/generate_python: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH)
.make/generate_python: bin/$(TFGEN)
.make/generate_python: .make/install_plugins bin/$(TFGEN)
$(GEN_ENVS) $(WORKING_DIR)/bin/$(TFGEN) python --out sdk/python/
printf "module fake_python_module // Exclude this directory from Go tools\n\ngo 1.17\n" > sdk/python/go.mod
cp README.md sdk/python/
Expand Down
10 changes: 8 additions & 2 deletions upstream.sh
Original file line number Diff line number Diff line change
Expand Up @@ -138,11 +138,14 @@ apply_patches() {
# Iterating over the patches folder in sorted order,
# apply the patch using a 3-way merge strategy. This mirrors the default behavior of 'git merge'
cd upstream
# Allow directory to be empty
shopt -s nullglob
for patch in ../patches/*.patch; do
if ! git apply --3way "${patch}" --allow-empty; then
err_failed_to_apply "$(basename "${patch}")"
fi
done
shopt -u nullglob
}

clean_rebases() {
Expand Down Expand Up @@ -227,13 +230,16 @@ checkout() {
# Create a new branch 'pulumi/patch-checkout' which will contain the commits for each patch
git checkout -B pulumi/patch-checkout

# Allow directory to be empty
shopt -s nullglob
for patch in ../patches/*.patch; do
if ! git am --3way "${patch}"; then
err_failed_to_apply "$(basename "${patch}")"
fi
done
shopt -u nullglob

cat <<EOF
cat <<EOF
The patches have been checked out as commits in the './upstream' repository.
The 'pulumi/patch-checkout' branch is pointing to the last patch.
Expand Down Expand Up @@ -280,7 +286,7 @@ rebase() {
interactive_flag="--interactive"
fi
if ! git rebase --onto "${onto}" ${interactive_flag}; then
echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory."
echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory. Once the rebase is complete, run '${original_exec} check_in' to write to commits back to patches."
exit 1
fi
cd ..
Expand Down

0 comments on commit 9cec5ff

Please sign in to comment.