From a43ddb6fe729c55f1810f5d6e259b45add7a9250 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Tue, 5 Nov 2024 11:49:19 -0800 Subject: [PATCH 01/44] Remove unnecessary codegen --- provider/cmd/pulumi-gen-eks/main.go | 33 ----------------------------- provider/go.mod | 1 - provider/go.sum | 2 -- 3 files changed, 36 deletions(-) diff --git a/provider/cmd/pulumi-gen-eks/main.go b/provider/cmd/pulumi-gen-eks/main.go index 0ae152087..93e18881f 100644 --- a/provider/cmd/pulumi-gen-eks/main.go +++ b/provider/cmd/pulumi-gen-eks/main.go @@ -22,10 +22,7 @@ import ( "github.com/blang/semver" "github.com/pkg/errors" - dotnetgen "github.com/pulumi/pulumi/pkg/v3/codegen/dotnet" - gogen "github.com/pulumi/pulumi/pkg/v3/codegen/go" nodejsgen "github.com/pulumi/pulumi/pkg/v3/codegen/nodejs" - pygen "github.com/pulumi/pulumi/pkg/v3/codegen/python" "github.com/pulumi/pulumi/pkg/v3/codegen/schema" "github.com/pulumi/pulumi/sdk/v3/go/common/util/contract" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" @@ -74,12 +71,6 @@ func main() { case Nodejs: templateDir := filepath.Join(base, "provider", "cmd", "pulumi-gen-eks", "nodejs-templates") genNodejs(readSchema(schemaFile, version), templateDir, outdir) - case DotNet: - genDotNet(readSchema(schemaFile, version), outdir) - case Go: - genGo(readSchema(schemaFile, version), outdir) - case Python: - genPython(readSchema(schemaFile, version), outdir) case Schema: pkgSpec := generateSchema(semver.MustParse(version)) mustWritePulumiSchema(pkgSpec, outdir) @@ -2681,30 +2672,6 @@ func genNodejs(pkg *schema.Package, templateDir, outdir string) { mustWriteFiles(outdir, files) } -func genDotNet(pkg *schema.Package, outdir string) { - files, err := dotnetgen.GeneratePackage(Tool, pkg, map[string][]byte{}, map[string]string{}) - if err != nil { - panic(err) - } - mustWriteFiles(outdir, files) -} - -func genGo(pkg *schema.Package, outdir string) { - files, err := gogen.GeneratePackage(Tool, pkg, map[string]string{}) - if err != nil { - panic(err) - } - mustWriteFiles(outdir, files) -} - -func genPython(pkg *schema.Package, outdir string) { - files, err := pygen.GeneratePackage(Tool, pkg, map[string][]byte{}) - if err != nil { - panic(err) - } - mustWriteFiles(outdir, files) -} - func mustWriteFiles(rootDir string, files map[string][]byte) { for filename, contents := range files { mustWriteFile(rootDir, filename, contents) diff --git a/provider/go.mod b/provider/go.mod index 5833ca159..04fc077b5 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -97,7 +97,6 @@ require ( github.com/hashicorp/hcl v1.0.1-vault-5 // indirect github.com/hashicorp/hcl/v2 v2.20.1 // indirect github.com/hashicorp/vault/api v1.12.2 // indirect - github.com/iancoleman/strcase v0.3.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect diff --git a/provider/go.sum b/provider/go.sum index 25e3ac2cb..a9d284bbd 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -257,8 +257,6 @@ github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdx github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE= github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE= -github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSASxEI= -github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= From 8dc029bb2457af7a9f40c2ae4940d0c3b5908c64 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Tue, 5 Nov 2024 11:51:19 -0800 Subject: [PATCH 02/44] Track .pulumi/version --- .gitignore | 1 - .pulumi/version | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 .pulumi/version diff --git a/.gitignore b/.gitignore index 40e906fd9..2354f8731 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -.pulumi **/bin/ **/obj/ **/node_modules/ diff --git a/.pulumi/version b/.pulumi/version new file mode 100644 index 000000000..58efbe7b4 --- /dev/null +++ b/.pulumi/version @@ -0,0 +1 @@ +3.124.0 From 3d4a6f841cdc35347a9db622284e8315434e4677 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Tue, 5 Nov 2024 11:51:35 -0800 Subject: [PATCH 03/44] Customize default make targets --- .mk/defaults.mk | 225 ++++++++++++++++++++++++++++++++++++++++++++++++ .mk/vars.mk | 31 +++++++ Makefile | 98 +++------------------ 3 files changed, 266 insertions(+), 88 deletions(-) create mode 100644 .mk/defaults.mk create mode 100644 .mk/vars.mk diff --git a/.mk/defaults.mk b/.mk/defaults.mk new file mode 100644 index 000000000..7f456fdfc --- /dev/null +++ b/.mk/defaults.mk @@ -0,0 +1,225 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made +# via https://github.com/pulumi/ci-mgmt. +# +# This file contains default make targets consumed by CI workflows. This targets are no-ops and are intended to be +# +# does not +# make any assumptions about the provider such as its language, file structure, +# etc. +# +# A top-level `Makefile` is required and must implement provider-specific +# targets like `test`. +# +# In order to use these targets, the top-level Makefile must include this file: +# +# include .mk/defaults.mk +# +# If the top-level Makefile implements a target like `test`, then this will be +# invoked in CI. Otherwise, the `default.test` target will be used. + +include .mk/vars.mk + +# Implement `prerequisites` to run custom logic before all SDK and provider build steps. +default.prebuild: + @echo "No prerequisites to build" + +default.development: install_plugins provider build_sdks install_sdks + +default.build: install_plugins provider build_sdks install_sdks + +default.build_sdks: build_nodejs build_python build_dotnet build_go build_java + +default.install_go_sdk: + +default.install_java_sdk: + +default.install_python_sdk: + +default.install_sdks: install_dotnet_sdk install_python_sdk install_nodejs_sdk install_java_sdk + + +default.build_dotnet: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +default.build_dotnet: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +default.build_dotnet: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +default.build_dotnet: prebuild + rm -rf sdk/dotnet + PULUMI_CONVERT=$(PULUMI_CONVERT) PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION=$(PULUMI_CONVERT) $(WORKING_DIR)/bin/$(TFGEN) dotnet --out sdk/dotnet/ + cd sdk/dotnet/ && \ + printf "module fake_dotnet_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ + echo "$(VERSION_GENERIC)" >version.txt && \ + dotnet build + +default.build_go: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +default.build_go: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +default.build_go: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +default.build_go: prebuild + PULUMI_CONVERT=$(PULUMI_CONVERT) PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION=$(PULUMI_CONVERT) $(WORKING_DIR)/bin/$(TFGEN) go --out sdk/go/ + cd sdk && go list "$$(grep -e "^module" go.mod | cut -d ' ' -f 2)/go/..." | xargs -I {} bash -c 'go build {} && go clean -i {}' + +default.build_java: PACKAGE_VERSION := $(VERSION_GENERIC) +default.build_java: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +default.build_java: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +default.build_java: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +default.build_java: bin/pulumi-java-gen +default.build_java: prebuild + rm -rf sdk/java/ + $(WORKING_DIR)/bin/$(JAVA_GEN) generate --schema $(SCHEMA_PATH) --out sdk/java --build gradle-nexus + cd sdk/java/ && \ + printf "module fake_java_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ + gradle --console=plain build && \ + gradle --console=plain javadoc + +default.build_nodejs: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +default.build_nodejs: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +default.build_nodejs: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +default.build_nodejs: prebuild + rm -rf sdk/nodejs/ + cd sdk/nodejs/ && \ + printf "module fake_nodejs_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ + yarn install && \ + yarn run tsc && \ + cp ../../README.md ../../LICENSE* package.json yarn.lock ./bin/ + +default.build_python: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +default.build_python: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +default.build_python: export PULggUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +default.build_python: prebuild + rm -rf sdk/python/ + cd sdk/python/ && \ + printf "module fake_python_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ + cp ../../README.md . && \ + rm -rf ./bin/ ../python.bin/ && cp -R . ../python.bin && mv ../python.bin ./bin && \ + rm ./bin/go.mod && \ + python3 -m venv venv && \ + ./venv/bin/python -m pip install build==1.2.1 && \ + cd ./bin && \ + ../venv/bin/python -m build . + +default.clean: + rm -rf sdk/{dotnet,nodejs,go,python} + rm -rf $(WORKING_DIR)/bin + +default.docs: + @echo "Define a `docs` target to generate docs." + +default.install_dotnet_sdk: + mkdir -p $(WORKING_DIR)/nuget + find . -name '*.nupkg' -print -exec cp -p {} $(WORKING_DIR)/nuget \; + +default.install_nodejs_sdk: + yarn link --cwd $(WORKING_DIR)/sdk/nodejs/bin + +default.install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +default.install_plugins: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +default.install_plugins: .pulumi/bin/pulumi + +default.lint_provider: provider + cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml + +# `lint_provider.fix` is a utility target meant to be run manually +# that will run the linter and fix errors when possible. +default.lint_provider.fix: + cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml --fix + +# `make provider_no_deps` builds the provider binary directly, without ensuring that +# `cmd/pulumi-resource-eks/schema.json` is valid and up to date. +# To create a release ready binary, you should use `make provider`. +default.provider: + (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "$(LDFLAGS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)) + +default.test: export PATH := $(WORKING_DIR)/bin:$(PATH) +default.test: + cd examples && go test -v -tags=all -parallel $(TESTPARALLELISM) -timeout 2h + +default.test_provider: + @echo "" + @echo "== test_provider ===================================================================" + @echo "" + cd provider && go test -v -short ./... -parallel $(TESTPARALLELISM) + +default.bin/pulumi-java-gen: + mkdir -p bin/ + pulumictl download-binary -n pulumi-language-java -v $(JAVA_GEN_VERSION) -r pulumi/pulumi-java + +# To make an immediately observable change to .ci-mgmt.yaml: +# +# - Edit .ci-mgmt.yaml +# - Run make ci-mgmt to apply the change locally. +# +default.ci-mgmt: .ci-mgmt.yaml + go run github.com/pulumi/ci-mgmt/provider-ci@master generate \ + --name $(ORG)/pulumi-$(PACK) \ + --out . \ + --template generic \ + --config $< + +# Because some codegen depends on the version of the CLI used, we install a local CLI +# version pinned to the same version as `provider/go.mod`. +# +# This logic compares the version of .pulumi/bin/pulumi already installed. If it matches +# the desired version, we just print. Otherwise we (re)install pulumi at the desired +# version. +default..pulumi/bin/pulumi: .pulumi/version + @if [ -x .pulumi/bin/pulumi ] && [ "v$$(cat .pulumi/version)" = "$$(.pulumi/bin/pulumi version)" ]; then \ + echo "pulumi/bin/pulumi version: v$$(cat .pulumi/version)"; \ + else \ + curl -fsSL https://get.pulumi.com | \ + HOME=$(WORKING_DIR) sh -s -- --version "$$(cat .pulumi/version)"; \ + fi + +# Compute the version of Pulumi to use by inspecting the Go dependencies of the provider. +default..pulumi/version: provider/go.mod + @mkdir -p .pulumi + @cd provider && go list -f "{{slice .Version 1}}" -m github.com/pulumi/pulumi/pkg/v3 | tee ../$@ + +.PHONY: development build build_sdks install_go_sdk install_java_sdk install_python_sdk install_sdks only_build build_dotnet build_go build_java build_nodejs build_python clean cleanup help install_dotnet_sdk install_nodejs_sdk install_plugins lint_provider provider provider_no_deps test prerequisites ci-mgmt test_provider + +# Provider cross-platform build & packaging + +# These targets assume that the schema-embed.json exists - it's generated by tfgen. +# We disable CGO to ensure that the binary is statically linked. +bin/linux-amd64/$(PROVIDER): TARGET := linux-amd64 +bin/linux-arm64/$(PROVIDER): TARGET := linux-arm64 +bin/darwin-amd64/$(PROVIDER): TARGET := darwin-amd64 +bin/darwin-arm64/$(PROVIDER): TARGET := darwin-arm64 +bin/windows-amd64/$(PROVIDER).exe: TARGET := windows-amd64 +bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: + @# check the TARGET is set + test $(TARGET) + cd provider && \ + export GOOS=$$(echo "$(TARGET)" | cut -d "-" -f 1) && \ + export GOARCH=$$(echo "$(TARGET)" | cut -d "-" -f 2) && \ + export CGO_ENABLED=0 && \ + go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)" + +bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz: bin/darwin-arm64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz: bin/windows-amd64/$(PROVIDER).exe +bin/$(PROVIDER)-v$(VERSION_GENERIC)-%.tar.gz: + @mkdir -p dist + @# $< is the last dependency (the binary path from above) e.g. bin/linux-amd64/pulumi-resource-xyz + @# $@ is the current target e.g. bin/pulumi-resource-xyz-v1.2.3-linux-amd64.tar.gz + tar --gzip -cf $@ README.md LICENSE -C $$(dirname $<) . + +provider_dist-linux-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz +provider_dist-linux-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz +provider_dist-darwin-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz +provider_dist-darwin-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz +provider_dist-windows-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz +provider_dist: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 +.PHONY: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 provider_dist + +help: + grep '^[^.#]\+:\s\+.*#' Makefile | \ + sed "s/\(.\+\):\s*\(.*\) #\s*\(.*\)/`printf "\033[93m"`\1`printf "\033[0m"` \3 [\2]/" | \ + expand -t20 + + +# Delegate any undefined target "foo" to its respective "default.foo" target, +# if it exists. +%: + @$(MAKE) -f defaults.mk "default.$@" + + diff --git a/.mk/vars.mk b/.mk/vars.mk new file mode 100644 index 000000000..df27b0ca5 --- /dev/null +++ b/.mk/vars.mk @@ -0,0 +1,31 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made +# via https://github.com/pulumi/ci-mgmt. +# +# This file contains default variables consumed by CI workflows. +# +PACK := eks +ORG := pulumi +PROJECT := github.com/$(ORG)/pulumi-$(PACK) +PROVIDER_PATH := provider/v3 +VERSION_PATH := $(PROVIDER_PATH)/pkg/version.Version +SCHEMA_PATH := provider/cmd/$(PROVIDER)/schema.json +PROVIDER := pulumi-resource-$(PACK) +JAVA_GEN := pulumi-java-gen +JAVA_GEN_VERSION := v0.16.1 +TESTPARALLELISM := 10 +WORKING_DIR := $(shell pwd) +PULUMI_PROVIDER_BUILD_PARALLELISM ?= +PULUMI_CONVERT := 0 +PULUMI_MISSING_DOCS_ERROR := true + +# Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable +# Local & branch builds will just used this fixed default version unless specified +PROVIDER_VERSION ?= 3.0.0-alpha.0+dev +# Use this normalised version everywhere rather than the raw input to ensure consistency. +VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version "$(PROVIDER_VERSION)") + +LDFLAGS_PROJ_VERSION=-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC) +LDFLAGS_UPSTREAM_VERSION= +LDFLAGS_EXTRAS= +LDFLAGS=$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_UPSTREAM_VERSION) $(LDFLAGS_EXTRAS) + diff --git a/Makefile b/Makefile index b2d2248ed..8163c8e64 100644 --- a/Makefile +++ b/Makefile @@ -1,86 +1,34 @@ -PROJECT_NAME := Pulumi Amazon Web Services (AWS) EKS Components - -# Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable -# Local & branch builds will just used this fixed default version unless specified -PROVIDER_VERSION ?= 3.0.0-alpha.0+dev -# Use this normalised version everywhere rather than the raw input to ensure consistency. -VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version "$(PROVIDER_VERSION)") +include .mk/defaults.mk TESTPARALLELISM := 8 -PACK := eks -PROVIDER := pulumi-resource-${PACK} CODEGEN := pulumi-gen-${PACK} GZIP_PREFIX := pulumi-resource-${PACK}-v${VERSION_GENERIC} -WORKING_DIR := $(shell pwd) - -JAVA_GEN := pulumi-java-gen -JAVA_GEN_VERSION := v0.16.1 - EKS_SRC := $(wildcard nodejs/eks/*.*) $(wildcard nodejs/eks/*/*.ts) $(wildcard nodejs/eks/*/*/*.ts) LOCAL_PLAT ?= "" PKG_ARGS := --no-bytecode --public-packages "*" --public PKG_TARGET := ./bin/cmd/provider/index.js -SCHEMA_PATH := provider/cmd/$(PROVIDER)/schema.json -build:: schema provider build_nodejs build_python build_go build_dotnet build_java +prebuild: schema -schema:: +schema: (cd provider/cmd/$(CODEGEN) && go run main.go schema ../$(PROVIDER) $(VERSION_GENERIC)) -provider:: bin/${PROVIDER} +.pulumi/version: nodejs/eks/yarn.lock + (cd nodejs/eks && yarn list --pattern @pulumi/pulumi --json --no-progress | jq -r '.data.trees[].name' | cut -d'@' -f3 > ../../.pulumi/version) -.pulumi/bin/pulumi: PULUMI_VERSION := $(shell cd nodejs/eks && yarn list --pattern @pulumi/pulumi --json --no-progress | jq -r '.data.trees[].name' | cut -d'@' -f3) -.pulumi/bin/pulumi: HOME := $(WORKING_DIR) -.pulumi/bin/pulumi: - curl -fsSL https://get.pulumi.com | sh -s -- --version "$(PULUMI_VERSION)" +provider:: bin/${PROVIDER} -build_nodejs:: .pulumi/bin/pulumi schema +build_nodejs: schema cd provider/cmd/$(CODEGEN) && go run main.go nodejs ../../../sdk/nodejs $(CURDIR) ../$(PROVIDER)/schema.json $(VERSION_GENERIC) cd sdk/nodejs && \ yarn install --no-progress && \ yarn run build && \ cp package.json yarn.lock ./bin/ -bin/pulumi-java-gen:: - mkdir -p bin/ - pulumictl download-binary -n pulumi-language-java -v $(JAVA_GEN_VERSION) -r pulumi/pulumi-java - -build_java:: PACKAGE_VERSION := ${VERSION_GENERIC} -build_java:: bin/pulumi-java-gen schema - rm -rf sdk/java - $(WORKING_DIR)/bin/$(JAVA_GEN) generate --schema provider/cmd/$(PROVIDER)/schema.json --out sdk/java --build gradle-nexus - cd sdk/java && \ - echo "module fake_java_module // Exclude this directory from Go tools\n\ngo 1.17" > go.mod && \ - gradle --console=plain build - -build_python:: schema - rm -rf sdk/python - cd provider/cmd/$(CODEGEN) && go run main.go python ../../../sdk/python $(CURDIR) ../$(PROVIDER)/schema.json $(VERSION_GENERIC) - cd sdk/python/ && \ - echo "module fake_python_module // Exclude this directory from Go tools\n\ngo 1.17" > go.mod && \ - cp ../../README.md . && \ - rm -rf ./bin/ ../python.bin/ && cp -R . ../python.bin && mv ../python.bin ./bin && \ - python3 -m venv venv && \ - ./venv/bin/python -m pip install build && \ - cd ./bin && \ - ../venv/bin/python -m build . - -build_go:: schema - rm -rf sdk/go - cd provider/cmd/$(CODEGEN) && go run main.go go ../../../sdk/go $(CURDIR) ../$(PROVIDER)/schema.json $(VERSION_GENERIC) - -build_dotnet:: schema - rm -rf sdk/dotnet - cd provider/cmd/$(CODEGEN) && go run main.go dotnet ../../../sdk/dotnet $(CURDIR) ../$(PROVIDER)/schema.json $(VERSION_GENERIC) - cd sdk/dotnet/ && \ - echo "module fake_dotnet_module // Exclude this directory from Go tools\n\ngo 1.17" > go.mod && \ - echo "${VERSION_GENERIC}" >version.txt && \ - dotnet build - lint_fix: cd nodejs/eks && \ yarn install && \ @@ -91,9 +39,6 @@ lint: yarn install && \ yarn lint-check -lint_provider:: - cd provider && golangci-lint run -c ../.golangci.yml - install_provider:: PROVIDER_VERSION := latest install_provider:: provider install_nodejs_sdk cd provider/cmd/$(PROVIDER) && \ @@ -102,23 +47,6 @@ install_provider:: provider install_nodejs_sdk cp ../../../bin/$(PROVIDER) ./bin && \ sed -e 's/\$${VERSION}/$(PROVIDER_VERSION)/g' < package.json > bin/package.json -generate_schema:: schema - -install_nodejs_sdk:: build_nodejs - yarn link --cwd $(WORKING_DIR)/sdk/nodejs/bin - -install_dotnet_sdk:: build_dotnet - mkdir -p $(WORKING_DIR)/nuget - find . -name '*.nupkg' -print -exec cp -p {} ${WORKING_DIR}/nuget \; - -install_go_sdk:: - #Intentionally empty for CI / CD templating - -install_python_sdk:: - #Intentionally empty for CI / CD templating - -install_java_sdk:: - #Intentionally empty for CI / CD templating nodejs/eks/node_modules: nodejs/eks/package.json nodejs/eks/yarn.lock yarn install --cwd nodejs/eks --no-progress @@ -133,7 +61,7 @@ nodejs/eks/bin: nodejs/eks/node_modules ${EKS_SRC} # Re-use the local platform if provided (e.g. `make provider LOCAL_PLAT=linux-amd64`) ifneq ($(LOCAL_PLAT),"") -bin/${PROVIDER}:: bin/provider/$(LOCAL_PLAT)/${PROVIDER} +bin/${PROVIDER}: bin/provider/$(LOCAL_PLAT)/${PROVIDER} cp bin/provider/$(LOCAL_PLAT)/${PROVIDER} bin/${PROVIDER} else bin/${PROVIDER}: nodejs/eks/bin nodejs/eks/node_modules @@ -198,11 +126,5 @@ specific_test:: install_nodejs_sdk test_build specific_test_local:: install_nodejs_sdk test_build cd examples && go test -tags=$(LanguageTags) -v -count=1 -cover -timeout 3h . --run=TestAcc$(TestName) -dev:: lint build_nodejs -test:: test_nodejs - -test_provider: - @echo "" - @echo "== test_provider ===================================================================" - @echo "" - cd provider && go test -v -short ./... -parallel $(TESTPARALLELISM) +dev: lint build_nodejs +test: test_nodejs From 0cd87901352e2a755a07a277c8a42f612865bab8 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Tue, 5 Nov 2024 15:14:16 -0800 Subject: [PATCH 04/44] Rename existing custom workflows so ci-mgmt doesn't wipe them --- .github/workflows/{actionlint.yml => eks-actionlint.yml} | 0 .github/workflows/{cron.yml => eks-cron.yml} | 0 .github/workflows/{record.yml => eks-record.yml} | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{actionlint.yml => eks-actionlint.yml} (100%) rename .github/workflows/{cron.yml => eks-cron.yml} (100%) rename .github/workflows/{record.yml => eks-record.yml} (100%) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/eks-actionlint.yml similarity index 100% rename from .github/workflows/actionlint.yml rename to .github/workflows/eks-actionlint.yml diff --git a/.github/workflows/cron.yml b/.github/workflows/eks-cron.yml similarity index 100% rename from .github/workflows/cron.yml rename to .github/workflows/eks-cron.yml diff --git a/.github/workflows/record.yml b/.github/workflows/eks-record.yml similarity index 100% rename from .github/workflows/record.yml rename to .github/workflows/eks-record.yml From d76c4c47c776c0376168de4b5b6a225a93fb75c9 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Tue, 5 Nov 2024 16:12:20 -0800 Subject: [PATCH 05/44] Initial ci-mgmt config --- .ci-mgmt.yaml | 25 +++++++++++++++++++++++++ .mk/defaults.mk | 25 +++++++++++++++++++++++-- .mk/vars.mk | 4 +++- Makefile | 24 +----------------------- 4 files changed, 52 insertions(+), 26 deletions(-) create mode 100644 .ci-mgmt.yaml diff --git a/.ci-mgmt.yaml b/.ci-mgmt.yaml new file mode 100644 index 000000000..abe552ea0 --- /dev/null +++ b/.ci-mgmt.yaml @@ -0,0 +1,25 @@ +provider: eks +major-version: 3 +aws: true +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + PULUMI_ENABLE_RESOURCE_REFERENCES: 1 + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget +template: generic diff --git a/.mk/defaults.mk b/.mk/defaults.mk index 7f456fdfc..590ef127a 100644 --- a/.mk/defaults.mk +++ b/.mk/defaults.mk @@ -129,13 +129,34 @@ default.provider: default.test: export PATH := $(WORKING_DIR)/bin:$(PATH) default.test: - cd examples && go test -v -tags=all -parallel $(TESTPARALLELISM) -timeout 2h + cd examples && go test -v -tags=all -parallel $(TESTPARALLELISM) -timeout 2h . default.test_provider: @echo "" @echo "== test_provider ===================================================================" @echo "" - cd provider && go test -v -short ./... -parallel $(TESTPARALLELISM) + cd provider && go test -v -count 1 -short -coverprofile="coverage.txt" -coverpkg=./... -parallel $(TESTPARALLELISM) ./... + +default.test_nodejs: PATH := $(WORKING_DIR)/bin:$(PATH) +default.test_nodejs: intall_provider install_nodejs_sdk + cd examples && \ + go test -tags=nodejs -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} ./... + +default.test_python: install_provider install_python_sdk + cd examples && \ + go test -tags=python -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} ./... + +default.test_dotnet: install_provider install_dotnet_sdk + cd examples && \ + go test -tags=dotnet -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} ./... + +default.test_java: install_provider install_java_sdk + cd examples && \ + go test -tags=java -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} ./... + +default.test_shard: install_provider install_sdks + cd examples && \ + go test -tags=$(TAGS) -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} -run $(TESTS) ./... default.bin/pulumi-java-gen: mkdir -p bin/ diff --git a/.mk/vars.mk b/.mk/vars.mk index df27b0ca5..e7be74cc9 100644 --- a/.mk/vars.mk +++ b/.mk/vars.mk @@ -12,7 +12,9 @@ SCHEMA_PATH := provider/cmd/$(PROVIDER)/schema.json PROVIDER := pulumi-resource-$(PACK) JAVA_GEN := pulumi-java-gen JAVA_GEN_VERSION := v0.16.1 -TESTPARALLELISM := 10 +TESTPARALLELISM ?= 10 +TAGS ?= all +TESTSHARDS ?= 20 WORKING_DIR := $(shell pwd) PULUMI_PROVIDER_BUILD_PARALLELISM ?= PULUMI_CONVERT := 0 diff --git a/Makefile b/Makefile index 8163c8e64..3560ffcad 100644 --- a/Makefile +++ b/Makefile @@ -95,36 +95,14 @@ dist:: dist/${GZIP_PREFIX}-darwin-amd64.tar.gz dist:: dist/${GZIP_PREFIX}-darwin-arm64.tar.gz dist:: dist/${GZIP_PREFIX}-windows-amd64.tar.gz -test_build:: - cd examples/utils/testvpc && yarn install && yarn run tsc - -test_nodejs:: PATH := $(WORKING_DIR)/bin:$(PATH) -test_nodejs:: provider install_nodejs_sdk - cd examples && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} . 2>&1 | tee /tmp/gotest.log | gotestfmt - test_nodejs_upgrade:: PATH := $(WORKING_DIR)/bin:$(PATH) test_nodejs_upgrade:: provider install_nodejs_sdk - cd provider && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt - -test_python:: install_provider test_build - cd examples && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} . 2>&1 | tee /tmp/gotest.log | gotestfmt - -test_dotnet:: install_provider - cd examples && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} . 2>&1 | tee /tmp/gotest.log | gotestfmt - -test_java:: install_provider - cd examples && go test -tags=java -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} . 2>&1 | tee /tmp/gotest.log | gotestfmt + cd provider && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} ./... test_unit_tests: cd nodejs/eks && \ yarn install && \ yarn run test -specific_test:: install_nodejs_sdk test_build - cd examples && go test -tags=$(LanguageTags) -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} . --run=TestAcc$(TestName) 2>&1 | tee /tmp/gotest.log | gotestfmt - -specific_test_local:: install_nodejs_sdk test_build - cd examples && go test -tags=$(LanguageTags) -v -count=1 -cover -timeout 3h . --run=TestAcc$(TestName) - dev: lint build_nodejs test: test_nodejs From 6def75a1529b564e8e3b4676616a7228ec207cf3 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Tue, 5 Nov 2024 16:13:10 -0800 Subject: [PATCH 06/44] Generate initial workflows --- .github/ISSUE_TEMPLATE/bug.yaml | 69 ++ .github/ISSUE_TEMPLATE/epic.md | 35 + .github/actions/download-bin/action.yml | 16 + .github/actions/setup-tools/action.yml | 7 +- .github/actions/upload-bin/action.yml | 15 + .github/actions/upload-sdk/action.yml | 20 + .github/workflows/build_provider.yml | 58 ++ .github/workflows/build_sdk.yml | 85 ++ .github/workflows/command-dispatch.yml | 61 +- .github/workflows/community-moderation.yml | 45 ++ .github/workflows/license.yml | 69 ++ .github/workflows/lint.yml | 62 ++ .github/workflows/master.yml | 683 +++------------- .github/workflows/prerelease.yml | 140 ++++ .github/workflows/prerequisites.yml | 112 +++ .github/workflows/publish.yml | 78 +- .github/workflows/pull-request.yml | 55 +- .github/workflows/release.yml | 660 +++------------ .github/workflows/release_command.yml | 45 ++ .github/workflows/resync-build.yml | 97 +++ .github/workflows/run-acceptance-tests.yml | 889 +++++---------------- .github/workflows/verify-release.yml | 86 ++ 22 files changed, 1486 insertions(+), 1901 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug.yaml create mode 100644 .github/ISSUE_TEMPLATE/epic.md create mode 100644 .github/actions/download-bin/action.yml create mode 100644 .github/actions/upload-bin/action.yml create mode 100644 .github/actions/upload-sdk/action.yml create mode 100644 .github/workflows/build_provider.yml create mode 100644 .github/workflows/build_sdk.yml create mode 100644 .github/workflows/community-moderation.yml create mode 100644 .github/workflows/license.yml create mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/prerelease.yml create mode 100644 .github/workflows/prerequisites.yml create mode 100644 .github/workflows/release_command.yml create mode 100644 .github/workflows/resync-build.yml create mode 100644 .github/workflows/verify-release.yml diff --git a/.github/ISSUE_TEMPLATE/bug.yaml b/.github/ISSUE_TEMPLATE/bug.yaml new file mode 100644 index 000000000..63d707268 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug.yaml @@ -0,0 +1,69 @@ +name: Bug Report +description: Report something that's not working correctly +labels: ["kind/bug", "needs-triage"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + You can also ask questions on our [Community Slack](https://slack.pulumi.com/). + - type: textarea + id: what-happened + attributes: + label: Describe what happened + description: Please summarize what happened, including what Pulumi commands you ran, as well as + an inline snippet of any relevant error or console output. + validations: + required: true + - type: textarea + id: sample-program + attributes: + label: Sample program + description: | +
Provide a reproducible sample program + If this is a bug you encountered while running a Pulumi command, please provide us with a minimal, + self-contained Pulumi program that reproduces this behavior so that we can investigate on our end. + Without a functional reproduction, we will not be able to prioritize this bug. + **Note:** If the program output is more than a few lines, please send us a Gist or a link to a file. +
+ validations: + required: true + - type: textarea + id: log-output + attributes: + label: Log output + description: | +
How to Submit Logs + If this is something that is dependent on your environment, please also provide us with the output of + `pulumi up --logtostderr --logflow -v=10` from the root of your project. + We may also ask you to supply us with debug output following [these steps](https://www.pulumi.com/docs/using-pulumi/pulumi-packages/debugging-provider-packages/). + **Note:** If the log output is more than a few lines, please send us a Gist or a link to a file. +
+ - type: textarea + id: resources + attributes: + label: Affected Resource(s) + description: Please list the affected Pulumi Resource(s) or Function(s). + validations: + required: false + - type: textarea + id: versions + attributes: + label: Output of `pulumi about` + description: Provide the output of `pulumi about` from the root of your project. + validations: + required: true + - type: textarea + id: ctx + attributes: + label: Additional context + description: Anything else you would like to add? + validations: + required: false + - type: textarea + id: voting + attributes: + label: Contributing + value: | + Vote on this issue by adding a 👍 reaction. + To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already). \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/epic.md b/.github/ISSUE_TEMPLATE/epic.md new file mode 100644 index 000000000..27d4e3a44 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/epic.md @@ -0,0 +1,35 @@ +--- +name: Epic +about: Tracks a shippable unit of work +title: '[Epic] {your-title-here}' +labels: kind/epic +projects: ['pulumi/32'] +assignees: '' +type: Epic +--- + +## Overview + + +## Key KPIs + + +## Key Stakeholders +- Product and Engineering: +- Documentation: +- Marketing/Partnerships: +- Customers: + +## Key Deliverables + + +### References 📔 + + +- [ ] Project View +- [ ] PR/FAQ +- [ ] Design Doc +- [ ] UX Designs +- [ ] Decision Log + + diff --git a/.github/actions/download-bin/action.yml b/.github/actions/download-bin/action.yml new file mode 100644 index 000000000..8558d5f73 --- /dev/null +++ b/.github/actions/download-bin/action.yml @@ -0,0 +1,16 @@ +name: Download binary assets +description: Downloads the provider and tfgen binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: eks-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + shell: bash + run: | + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin + find ${{ github.workspace }} -name "pulumi-*-eks" -print -exec chmod +x {} \; diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index e6437b7bb..642d1d223 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -22,9 +22,7 @@ runs: if: inputs.tools == 'all' || contains(inputs.tools, 'go') uses: actions/setup-go@v5 with: - # TODO: here pulumi-eks diverges from the 1.21.x standard, to upgrade separately. - # go-version: "1.21.x" - go-version: "1.18.x" + go-version: "1.21.x" cache-dependency-path: | provider/*.sum upstream/*.sum @@ -53,8 +51,7 @@ runs: if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs') uses: actions/setup-node@v4 with: - # TODO: here pulumi-eks diverges from 20.x standard; will need to update. - node-version: 18.x + node-version: 20.x registry-url: https://registry.npmjs.org - name: Setup DotNet diff --git a/.github/actions/upload-bin/action.yml b/.github/actions/upload-bin/action.yml new file mode 100644 index 000000000..da9ce2eac --- /dev/null +++ b/.github/actions/upload-bin/action.yml @@ -0,0 +1,15 @@ +name: Upload bin assets +description: Uploads the provider and tfgen binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Tar provider binaries + shell: bash + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-eks pulumi-tfgen-eks + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: eks-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + retention-days: 30 diff --git a/.github/actions/upload-sdk/action.yml b/.github/actions/upload-sdk/action.yml new file mode 100644 index 000000000..77d484942 --- /dev/null +++ b/.github/actions/upload-sdk/action.yml @@ -0,0 +1,20 @@ +name: Upload SDK asset +description: Upload the SDK for a specific language as an asset for the workflow. + +inputs: + language: + required: true + description: One of nodejs, python, dotnet, go, java + +runs: + using: "composite" + steps: + - name: Compress SDK folder + shell: bash + run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz + retention-days: 30 diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml new file mode 100644 index 000000000..afccb150e --- /dev/null +++ b/.github/workflows/build_provider.yml @@ -0,0 +1,58 @@ +name: "Build Provider" + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: Version of the provider to build + +jobs: + build_provider: + name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }} + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ inputs.version }} + strategy: + fail-fast: true + matrix: + platform: + - os: linux + arch: amd64 + - os: linux + arch: arm64 + - os: darwin + arch: amd64 + - os: darwin + arch: arm64 + - os: windows + arch: amd64 + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, go + - name: Download schema-embed.json + uses: actions/download-artifact@v4 + with: + # Use a pattern to avoid failing if the artifact doesn't exist + pattern: schema-embed.* + # Avoid creating directories for each artifact + merge-multiple: true + path: provider/cmd/pulumi-resource-eks/schema-embed.json + - name: Prepare for build + # This installs plugins and prepares upstream + run: make upstream + - name: Build & package provider + run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + path: bin/pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + retention-days: 30 diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml new file mode 100644 index 000000000..61ed3fe29 --- /dev/null +++ b/.github/workflows/build_sdk.yml @@ -0,0 +1,85 @@ +name: "Build SDK" + +on: + workflow_call: + inputs: + version: + required: true + type: string + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + PROVIDER_VERSION: ${{ inputs.version }} + +jobs: + build_sdk: + name: build_sdk + runs-on: ubuntu-latest + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Cache examples generation + uses: actions/cache@v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Install plugins + run: make install_plugins + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + uses: pulumi/git-status-check-action@v1 + with: + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Upload SDK + uses: ./.github/actions/upload-sdk + with: + language: ${{ matrix.language }} diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index c30d3286f..323780c89 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -1,19 +1,52 @@ -name: Command Dispatch for testing -on: - issue_comment: - types: [created, edited] +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi jobs: command-dispatch-for-testing: + name: command-dispatch-for-testing runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Run Build - uses: peter-evans/slash-command-dispatch@v4 - with: - token: ${{ secrets.PULUMI_BOT_TOKEN }} - reaction-token: ${{ secrets.GITHUB_TOKEN }} - commands: run-acceptance-tests - permission: write - issue-type: pull-request - repository: pulumi/pulumi-eks + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - uses: peter-evans/slash-command-dispatch@v4 + with: + commands: | + run-acceptance-tests + release + issue-type: pull-request + permission: write + reaction-token: ${{ secrets.GITHUB_TOKEN }} + repository: pulumi/pulumi-eks + token: ${{ secrets.PULUMI_BOT_TOKEN }} +name: command-dispatch +on: + issue_comment: + types: + - created + - edited diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml new file mode 100644 index 000000000..2afb297c2 --- /dev/null +++ b/.github/workflows/community-moderation.yml @@ -0,0 +1,45 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +jobs: + warn_codegen: + name: warn_codegen + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - id: schema_changed + name: Check for diff in schema + uses: dorny/paths-filter@v2 + with: + filters: "changed: 'provider/cmd/**/schema.json'" + - id: sdk_changed + if: steps.schema_changed.outputs.changed == 'false' + name: Check for diff in sdk/** + uses: dorny/paths-filter@v2 + with: + filters: "changed: 'sdk/**'" + - if: steps.sdk_changed.outputs.changed == 'true' && + github.event.pull_request.head.repo.full_name != github.repository + name: Send codegen warning as comment on PR + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + message: > + Hello and thank you for your pull request! :heart: :sparkles: + + It looks like you're directly modifying files in the language SDKs, many of which are autogenerated. + + Be sure any files you're editing do not begin with a code generation warning. + + For generated files, you will need to make changes in `resources.go` instead, and [generate the code](https://github.com/pulumi/${{ github.event.repository.name }}/blob/master/CONTRIBUTING.md#committing-generated-code). +name: warn-codegen +on: + pull_request_target: + branches: + - master + types: + - opened diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml new file mode 100644 index 000000000..ba478c114 --- /dev/null +++ b/.github/workflows/license.yml @@ -0,0 +1,69 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: license_check + +on: + workflow_call: + inputs: {} + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + license_check: + name: License Check + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go + - run: make upstream + - uses: pulumi/license-check-action@main + with: + module-path: provider + ignore-modules: >- + github.com/aead/chacha20, + github.com/apache/arrow/go/v12, + github.com/apache/thrift/lib/go/thrift, + github.com/cloudflare/circl, + github.com/golang, + github.com/gorhill/cronexpr, + github.com/in-toto/in-toto-golang, + github.com/jmespath/go-jmespath, + github.com/keybase/go-crypto, + github.com/klauspost/compress, + github.com/mattn/go-localereader, + github.com/modern-go/reflect2, + github.com/pierrec/lz4, + github.com/pjbgf/sha1cd, + github.com/pulumi, + github.com/segmentio/asm, + golang.org diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 000000000..adf5e979a --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,62 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: lint + +on: + workflow_call: + inputs: {} + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + lint: + name: lint + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Install go + uses: actions/setup-go@v5 + with: + # The versions of golangci-lint and setup-go here cross-depend and need to update together. + go-version: 1.23 + # Either this action or golangci-lint needs to disable the cache + cache: false + - name: disarm go:embed directives to enable lint + continue-on-error: true # this fails if there are no go:embed directives + run: | + git grep -l 'go:embed' -- provider | xargs sed -i 's/go:embed/ goembed/g' + - name: prepare upstream + continue-on-error: true + run: make upstream + - name: golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: v1.60 + working-directory: provider diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index ab307a97c..438ab0c3d 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -1,9 +1,11 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} GOLANGCI_LINT_VERSION: v1.61.0 NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} @@ -13,186 +15,58 @@ env: PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - PYPI_USERNAME: __token__ - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - PULUMI_ENABLE_RESOURCE_REFERENCES: 1 - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - GOVERSION: "1.21.x" - DOTNETVERSION: "6.x" - PYTHONVERSION: "3.8" - JAVAVERSION: "11" + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi jobs: - lint: - name: Lint and unit test - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Run nodejs linter - run: make lint - - name: golangci-lint - uses: golangci/golangci-lint-action@v6 - with: - version: ${{ env.GOLANGCI_LINT_VERSION }} - args: -c ../.golangci.yml - working-directory: provider - - name: Run unit tests - run: make test_unit_tests prerequisites: - name: prerequisites - runs-on: ubuntu-latest - outputs: - version: ${{ steps.provider-version.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - uses: pulumi/provider-version-action@v1 - id: provider-version - with: - set-env: "PROVIDER_VERSION" - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Build provider binary + schema - run: make schema provider - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Tar provider binaries - run: - tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin/ pulumi-resource-${{ env.PROVIDER }} - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin/provider.tar.gz - - if: failure() && github.event_name == 'push' - name: Notify Slack - uses: 8398a7/action-slack@v3 - with: - author_name: Failure in building provider prerequisites - fields: repo,commit,author,action - status: ${{ job.status }} - strategy: - fail-fast: true + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: name: build_sdk - runs-on: ubuntu-latest needs: prerequisites - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Java - uses: actions/setup-java@v4 - with: - cache: gradle - distribution: temurin - java-version: ${{ env.JAVAVERSION }} - - name: Setup Gradle - uses: gradle/gradle-build-action@v3.5.0 - with: - gradle-version: "7.6" - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Build SDK - run: make build_${{ matrix.language }} - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Compress ${{ matrix.language }} SDK folder - run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }}/ . - - name: Upload ${{ matrix.language }} artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz - strategy: - fail-fast: true - matrix: - language: - - nodejs - - python - - dotnet - - java - - go + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit publish: name: publish + permissions: + contents: write needs: - prerequisites - - test-nodejs - - test-python - - test-dotnet - - test-go + - build_provider + - test + - license_check uses: ./.github/workflows/publish.yml secrets: inherit with: @@ -200,418 +74,95 @@ jobs: isPrerelease: true skipGoSdk: true - test-nodejs: - name: Run NodeJS Tests - needs: - - prerequisites - - build_sdk + tag_release_if_labeled_needs_release: + name: Tag release if labeled as needs-release + needs: publish runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install dependencies - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: examples - flags: -tags=nodejs - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd examples && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt - strategy: - fail-fast: false - max-parallel: 10 - matrix: - total: [15] - index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14] - test-python: - name: Run Python Tests + - name: check if this commit needs release + if: ${{ env.RELEASE_BOT_ENDPOINT != '' }} + uses: pulumi/action-release-by-pr-label@main + with: + command: "release-if-needed" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} + env: + RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} + RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + test: + name: test needs: - prerequisites - build_sdk + permissions: + contents: read + id-token: write runs-on: ubuntu-latest env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Install Python deps - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Download Python SDK - uses: actions/download-artifact@v4 - with: - name: python-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Python SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python - - name: Install dependencies - run: make install_python_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: examples - flags: -tags=python - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd examples && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - name: Run example tests + run: make test_${{ matrix.language }} strategy: fail-fast: false - max-parallel: 4 matrix: - total: [6] - index: [0, 1, 2, 3, 4, 5] - test-dotnet: - name: Run DotNet Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Download DotNet SDK - uses: actions/download-artifact@v4 - with: - name: dotnet-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress DotNet SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet - - name: Install dependencies - run: make install_dotnet_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - run: dotnet nuget add source ${{ github.workspace }}/nuget - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd examples && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt - test-go: - name: Run Go Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Go SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/go.tar.gz -C ${{github.workspace}}/sdk/go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd examples && go test -tags=go -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt + language: + - nodejs + - python + - dotnet + - go + - java name: master -"on": +on: + workflow_dispatch: {} push: branches: - - master - - feature/1.x + - master paths-ignore: - - CHANGELOG.md + - "**.md" tags-ignore: - - v* - - sdk/* - - "**" - workflow_dispatch: {} + - v* + - sdk/* + - "**" diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml new file mode 100644 index 000000000..636d74935 --- /dev/null +++ b/.github/workflows/prerelease.yml @@ -0,0 +1,140 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + IS_PRERELEASE: true + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Run example tests + run: make test_${{ matrix.language }} + strategy: + fail-fast: false + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + +name: prerelease +on: + push: + tags: + - v*.*.*-** diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml new file mode 100644 index 000000000..1c727afa0 --- /dev/null +++ b/.github/workflows/prerequisites.yml @@ -0,0 +1,112 @@ +name: "Prerequisites" + +on: + workflow_call: + inputs: + is_pr: + type: boolean + required: true + is_automated: + type: boolean + required: true + default_branch: + type: string + required: true + outputs: + version: + description: "Provider version being built" + value: ${{ jobs.prerequisites.outputs.version }} + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + prerequisites: + name: prerequisites + runs-on: ubuntu-latest + outputs: + version: ${{ steps.provider-version.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - uses: pulumi/provider-version-action@v1 + id: provider-version + with: + set-env: 'PROVIDER_VERSION' + - name: Cache examples generation + uses: actions/cache@v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Prepare upstream code + run: make upstream + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go, pulumictl, pulumicli, schema-tools + - name: Build schema generator binary + run: make tfgen_build_only + - name: Install plugins + run: make install_plugins + - name: Generate schema + run: make tfgen_no_deps + - name: Build provider binary + run: make provider_no_deps + - name: Unit-test provider code + run: make test_provider + - if: inputs.is_pr + name: Check Schema is Valid + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + { + echo "SCHEMA_CHANGES<<$EOF"; + schema-tools compare -r github://api.github.com/pulumi -p eks -o "${{ inputs.default_branch }}" -n --local-path=provider/cmd/pulumi-resource-eks/schema.json; + echo "$EOF"; + } >> "$GITHUB_ENV" + - if: inputs.is_pr && inputs.is_automated == false + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + comment_tag: schemaCheck + message: >+ + ${{ env.SCHEMA_CHANGES }} + + + Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes. + + - name: Upload bin + uses: ./.github/actions/upload-bin + + - name: Upload schema-embed.json + uses: actions/upload-artifact@v4 + with: + name: schema-embed.json + path: provider/cmd/pulumi-resource-eks/schema-embed.json + retention-days: 30 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9ab165483..9d65db1cc 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,4 +1,4 @@ -# WARNING: This file was adapted from pulumi-aws and needs to be folded back into https://github.com/pulumi/ci-mgmt +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt name: Publish on: @@ -17,15 +17,21 @@ on: env: IS_PRERELEASE: ${{ inputs.isPrerelease }} + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} @@ -33,48 +39,12 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi jobs: - - # TODO this job is specific for EKS and needs to be retrofitted to be part of prerequisites so that test run against - # the actual provider build being published, not a separate set of binaries. Inserting a separate job temporarily. - dist: - name: dist - runs-on: ubuntu-latest - strategy: - matrix: - os: [linux, darwin, windows] - arch: [amd64, arm64] - exclude: - - os: windows - arch: arm64 - env: - PROVIDER_VERSION: ${{ inputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - uses: MOZGIII/install-ldid-action@v1 - with: - tag: v2.1.5-procursus2 - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Make Provider Binary - run: make dist/pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.os }}-${{ matrix.arch }}.tar.gz - - name: Upload - uses: actions/upload-artifact@v4 - with: - name: pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.os }}-${{ matrix.arch }}.tar.gz - path: dist/pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.os }}-${{ matrix.arch }}.tar.gz - retention-days: 30 - publish: name: publish - needs: - - dist runs-on: ubuntu-latest steps: - name: Validate prerelease @@ -85,6 +55,8 @@ jobs: run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 - name: Checkout Repo uses: actions/checkout@v4 + with: + persist-credentials: false - name: Setup tools uses: ./.github/actions/setup-tools with: @@ -97,7 +69,7 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 role-external-id: upload-pulumi-release - role-session-name: aws@githubActions + role-session-name: eks@githubActions role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - name: Create dist directory run: mkdir -p dist @@ -110,7 +82,7 @@ jobs: merge-multiple: true - name: Calculate checksums working-directory: dist - run: shasum ./*.tar.gz > pulumi-eks_${{ inputs.version }}_checksums.txt + run: shasum ./*.tar.gz > "pulumi-eks_${{ inputs.version }}_checksums.txt" - name: Get Schema Change Summary id: schema-summary shell: bash @@ -120,7 +92,7 @@ jobs: { echo 'summary<> "$GITHUB_OUTPUT" @@ -138,7 +110,7 @@ jobs: generate_release_notes: true files: dist/* env: - GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} publish_sdk: name: publish_sdk @@ -148,7 +120,8 @@ jobs: - name: Checkout Repo uses: actions/checkout@v4 with: - submodules: true + # Persist credentials so we can push back to the repo + persist-credentials: true - name: Setup tools uses: ./.github/actions/setup-tools with: @@ -201,11 +174,13 @@ jobs: # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped if: inputs.isPrerelease == false needs: create_docs_build - + runs-on: ubuntu-latest steps: - name: Checkout Repo uses: actions/checkout@v4 + with: + persist-credentials: false - name: Clean up release labels uses: pulumi/action-release-by-pr-label@main with: @@ -214,3 +189,14 @@ jobs: commit: ${{ github.sha }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 8a1c03d6e..6a305605f 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,21 +1,48 @@ -name: pull-request -"on": - pull_request_target: +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi jobs: comment-on-pr: - # We only care about commenting on a PR if the PR is from a fork if: github.event.pull_request.head.repo.full_name != github.repository + name: comment-on-pr runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Comment PR - uses: thollander/actions-comment-pull-request@main - with: - message: | - PR is now waiting for a maintainer to run the acceptance tests. This PR will only perform build and linting. - **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Comment PR + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + message: > + PR is now waiting for a maintainer to run the acceptance tests. + + **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR +name: pull-request +on: + pull_request_target: {} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7ba590f2a..96f1c7020 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,9 +1,17 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: release +on: + push: + tags: + - v*.*.* + - "!v*.*.*-**" + env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} GOLANGCI_LINT_VERSION: v1.61.0 NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} @@ -13,590 +21,120 @@ env: PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - PYPI_USERNAME: __token__ - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - PULUMI_ENABLE_RESOURCE_REFERENCES: 1 - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - GOVERSION: "1.21.x" - DOTNETVERSION: "6.x" - PYTHONVERSION: "3.8" - JAVAVERSION: "11" + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi jobs: - lint: - name: Lint and unit test - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Run nodejs linter - run: make lint - - name: golangci-lint - uses: golangci/golangci-lint-action@v6 - with: - version: ${{ env.GOLANGCI_LINT_VERSION }} - args: -c ../.golangci.yml - working-directory: provider - - name: Run unit tests - run: make test_unit_tests + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: name: build_sdk - runs-on: ubuntu-latest needs: prerequisites - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Java - uses: actions/setup-java@v4 - with: - cache: gradle - distribution: temurin - java-version: ${{ env.JAVAVERSION }} - - name: Setup Gradle - uses: gradle/gradle-build-action@v3.5.0 - with: - gradle-version: "7.6" - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Build SDK - run: make build_${{ matrix.language }} - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Compress ${{ matrix.language }} SDK folder - run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }}/ . - - name: Upload ${{ matrix.language }} artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz - strategy: - fail-fast: true - matrix: - language: - - nodejs - - python - - dotnet - - java - - go - prerequisites: - name: prerequisites - runs-on: ubuntu-latest - outputs: - version: ${{ steps.provider-version.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - uses: pulumi/provider-version-action@v1 - id: provider-version - with: - set-env: "PROVIDER_VERSION" - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Build provider binary + schema - run: make schema provider - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Tar provider binaries - run: - tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin/ pulumi-resource-${{ env.PROVIDER }} - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin/provider.tar.gz - strategy: - fail-fast: true + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit publish: name: publish + permissions: + contents: write + pull-requests: write needs: - prerequisites - - test-nodejs - - test-python - - test-dotnet - - test-go + - build_provider + - test + - license_check uses: ./.github/workflows/publish.yml secrets: inherit with: version: ${{ needs.prerequisites.outputs.version }} - isPrerelease: ${{ contains(github.ref_name,'-') || github.event_name == 'workflow_dispatch' }} + isPrerelease: false - test-nodejs: - name: Run NodeJS Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install dependencies - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: examples - flags: -tags=nodejs - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd examples && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt - strategy: - fail-fast: false - max-parallel: 10 - matrix: - total: [15] - index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14] - test-python: - name: Run Python Tests + test: + name: test needs: - prerequisites - build_sdk + permissions: + contents: read + id-token: write runs-on: ubuntu-latest env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install Python deps - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Download Python SDK - uses: actions/download-artifact@v4 - with: - name: python-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Python SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python - - name: Install dependencies - run: make install_python_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: examples - flags: -tags=python - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd examples && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Run example tests + run: make test_${{ matrix.language }} strategy: fail-fast: false - max-parallel: 4 matrix: - total: [6] - index: [0, 1, 2, 3, 4, 5] - test-dotnet: - name: Run DotNet Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Download DotNet SDK - uses: actions/download-artifact@v4 - with: - name: dotnet-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress DotNet SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet - - name: Install dependencies - run: make install_dotnet_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - run: dotnet nuget add source ${{ github.workspace }}/nuget - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd examples && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt - test-go: - name: Run Go Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Go SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/go.tar.gz -C ${{github.workspace}}/sdk/go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd examples && go test -tags=go -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt -name: release -"on": - push: - tags: - - v*.*.* - workflow_dispatch: {} + language: + - nodejs + - python + - dotnet + - go + - java diff --git a/.github/workflows/release_command.yml b/.github/workflows/release_command.yml new file mode 100644 index 000000000..4029f32a7 --- /dev/null +++ b/.github/workflows/release_command.yml @@ -0,0 +1,45 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: release-command +on: + repository_dispatch: + types: + - release-command +jobs: + should_release: + name: Should release PR + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Should release PR + uses: pulumi/action-release-by-pr-label@main + with: + command: "should-release" + repo: ${{ github.repository }} + pr: ${{ github.event.client_payload.pull_request.number }} + version: ${{ github.event.client_payload.slash_command.args.all }} + slack_channel: ${{ secrets.RELEASE_OPS_STAGING_SLACK_CHANNEL }} + env: + RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} + RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - if: failure() + name: Notify failure + uses: peter-evans/create-or-update-comment@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + body: | + "release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + - if: success() + name: Notify success + uses: peter-evans/create-or-update-comment@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + comment-id: ${{ github.event.client_payload.github.payload.comment.id }} + reaction-type: hooray diff --git a/.github/workflows/resync-build.yml b/.github/workflows/resync-build.yml new file mode 100644 index 000000000..5b194351b --- /dev/null +++ b/.github/workflows/resync-build.yml @@ -0,0 +1,97 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + PULUMI_EXTRA_MAPPING_ERROR: true + PULUMI_MISSING_MAPPING_ERROR: true + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + resync_build: + name: resync-build + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + # Persist credentials so we can push a new branch. + persist-credentials: true + - name: Checkout repo + uses: actions/checkout@v4 + with: + path: ci-mgmt + repository: pulumi/ci-mgmt + persist-credentials: false + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, nodejs, dotnet, python + - name: Sync with ci-mgmt + run: cp -r "ci-mgmt/provider-ci/providers/$PROVIDER/repo/." . + - name: Remove ci-mgmt directory + run: rm -rf ci-mgmt + - name: Required entries for gitignore + run: |- + cat <<- EOF > "$RUNNER_TEMP/gitignore" + sdk/java/build + sdk/java/.gradle + sdk/java/gradle + sdk/java/gradlew + sdk/java/gradlew.bat + EOF + shell: bash + - name: Adding missing lines to .gitignore + run: | + comm -23 <(sort "$RUNNER_TEMP/gitignore") <(sort .gitignore) >> .gitignore.temp + cat .gitignore.temp >> .gitignore + rm .gitignore.temp + shell: bash + - name: Build + run: make build + - name: Create PR (no linked issue) + uses: peter-evans/create-pull-request@v3.12.0 + with: + author: pulumi-bot + base: master + body: This pull request was generated automatically by the resync-build workflow + in this repository. + branch: pulumi-bot/resync-${{ github.run_id}} + commit-message: Resync build for pulumi-eks + committer: pulumi-bot + labels: impact/no-changelog-required + team-reviewers: platform-integrations + title: Fix up build for pulumi-eks + token: ${{ secrets.PULUMI_BOT_TOKEN }} +name: Resync build +on: + workflow_dispatch: + inputs: + automerge: + default: false + description: Mark created PR for auto-merging? + required: true + type: boolean diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 170941a84..78ce66035 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -1,735 +1,234 @@ -name: Run Acceptance Tests from PR +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: run-acceptance-tests + on: + pull_request: + paths-ignore: + - CHANGELOG.md repository_dispatch: - types: [run-acceptance-tests-command] - pull_request: {} + types: + - run-acceptance-tests-command env: + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} GOLANGCI_LINT_VERSION: v1.61.0 NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} PROVIDER: eks PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - PULUMI_ENABLE_RESOURCE_REFERENCES: 1 - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - GOVERSION: "1.21.x" - DOTNETVERSION: "6.x" - PYTHONVERSION: "3.8" - JAVAVERSION: "11" + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +# This should cancel any previous runs of the same workflow on the same branch which are still running. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: + prerequisites: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + pull-requests: write + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + comment-notification: if: github.event_name == 'repository_dispatch' + name: comment-notification + permissions: + pull-requests: write runs-on: ubuntu-latest steps: - - name: Create URL to the run output - id: vars - run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" - - name: Update with Result - uses: peter-evans/create-or-update-comment@v4 - with: - token: ${{ secrets.PULUMI_BOT_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - issue-number: ${{ github.event.client_payload.github.payload.issue.number }} - body: | - Please view the PR build - ${{ steps.vars.outputs.run-url }} + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@v1 + with: + body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + token: ${{ secrets.GITHUB_TOKEN }} lint: - name: Lint and unit test - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Run nodejs linter - run: make lint - - name: golangci-lint - uses: golangci/golangci-lint-action@v6 - with: - version: ${{ env.GOLANGCI_LINT_VERSION }} - args: -c ../.golangci.yml - working-directory: provider - - name: Run unit tests - run: make test_unit_tests - prerequisites: - name: prerequisites - runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - outputs: - version: ${{ steps.provider-version.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - uses: pulumi/provider-version-action@v1 - id: provider-version - with: - set-env: "PROVIDER_VERSION" - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Schema Tools - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/schema-tools - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Build provider binary + schema - run: make schema provider - - name: Check Schema is Valid - run: | - EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) - { - echo "SCHEMA_CHANGES<<$EOF" - schema-tools compare -p eks -o ${{ github.base_ref || 'master' }} -n --local-path=provider/cmd/pulumi-resource-eks/schema.json - echo "$EOF" - } >> "$GITHUB_ENV" - - if: github.event_name == 'pull_request' - name: Comment on PR with Details of Schema Check - uses: thollander/actions-comment-pull-request@v2 - with: - comment_tag: schemaCheck - message: | - ${{ env.SCHEMA_CHANGES }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Tar provider binaries - run: - tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin/ pulumi-resource-${{ env.PROVIDER }} - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin/provider.tar.gz - strategy: - fail-fast: true - build_sdk: - name: Build ${{ matrix.language }} SDK - runs-on: ubuntu-latest - needs: prerequisites - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - ref: ${{ env.PR_COMMIT_SHA }} - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Java - uses: actions/setup-java@v4 - with: - cache: gradle - distribution: temurin - java-version: ${{ env.JAVAVERSION }} - - name: Setup Gradle - uses: gradle/gradle-build-action@v3.5.0 - with: - gradle-version: "7.6" - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Build SDK - run: make build_${{ matrix.language }} - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Compress ${{ matrix.language }} SDK folder - run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }}/ . - - name: Upload ${{ matrix.language }} artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz - strategy: - fail-fast: true - matrix: - language: - - nodejs - - python - - dotnet - - go - - java - test-nodejs-upgrade: - name: Run NodeJS Upgrade Tests + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + sentinel: + name: sentinel + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + statuses: write needs: - - prerequisites - - build_sdk + - test + - build_provider + - license_check + - lint runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - ref: ${{ env.PR_COMMIT_SHA }} - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install Kubectl - run: | - curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" - chmod +x ./kubectl - sudo mv kubectl /usr/local/bin - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/action-install-pulumi-cli@v2.0.0 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install dependencies - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Clear GitHub Actions Ubuntu runner disk space - uses: jlumbroso/free-disk-space@v1.3.1 - with: - tool-cache: false - dotnet: false - android: true - haskell: true - swap-storage: true - large-packages: false - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run upgrade tests - run: make test_nodejs_upgrade + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 + with: + authToken: ${{secrets.GITHUB_TOKEN}} + # Write an explicit status check called "Sentinel" which will only pass if this code really runs. + # This should always be a required check for PRs. + context: 'Sentinel' + description: 'All required checks passed' + state: 'success' + # Write to the PR commit SHA if it's available as we don't want the merge commit sha, + # otherwise use the current SHA for any other type of build. + sha: ${{ github.event.pull_request.head.sha || github.sha }} - test-nodejs: - name: Run NodeJS Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - ref: ${{ env.PR_COMMIT_SHA }} - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install Kubectl - run: | - curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" - chmod +x ./kubectl - sudo mv kubectl /usr/local/bin - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install dependencies - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: examples - flags: -tags=nodejs - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd examples && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt - strategy: - fail-fast: false - max-parallel: 10 - matrix: - total: [15] - index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14] - test-python: - name: Run Python Tests + # TODO: Extract into shared action. + test: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: test needs: - prerequisites - build_sdk + permissions: + contents: read + id-token: write runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install Python deps - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Download Python SDK - uses: actions/download-artifact@v4 - with: - name: python-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Python SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python - - name: Install dependencies - run: make install_python_sdk - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: examples - flags: -tags=python - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd examples && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, nodejs, python, dotnet, java + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download nodejs SDK + uses: ./.github/actions/download-sdk + with: + language: nodejs + - name: Download python SDK + uses: ./.github/actions/download-sdk + with: + language: python + - name: Download dotnet SDK + uses: ./.github/actions/download-sdk + with: + language: dotnet + - name: Download go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - name: Download java SDK + uses: ./.github/actions/download-sdk + with: + language: java + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Install dependencies + run: make install_sdks + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - name: Generate shard + id: shard + uses: hashicorp-forge/go-test-split-action@v2.0.0 + with: + working-directory: examples # TODO: Parameterize this. + flags: -tags=all + total: ${{ matrix.total }} + index: ${{ matrix.index }} + - name: Run example tests + run: make test_shard + env: + TAGS: all + TESTS: ${{ steps.shard.outputs.run}} strategy: fail-fast: false - max-parallel: 4 matrix: - total: [6] - index: [0, 1, 2, 3, 4, 5] - test-dotnet: - name: Run DotNet Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Download DotNet SDK - uses: actions/download-artifact@v4 - with: - name: dotnet-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress DotNet SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet - - name: Install dependencies - run: make install_dotnet_sdk - - run: dotnet nuget add source ${{ github.workspace }}/nuget - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd examples && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt - test-go: - name: Run Go Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Go SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/go.tar.gz -C ${{github.workspace}}/sdk/go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd examples && go test -tags=go -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt + total: + - 20 + index: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + - 8 + - 9 + - 10 + - 11 + - 12 + - 13 + - 14 + - 15 + - 16 + - 17 + - 18 + - 19 + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml new file mode 100644 index 000000000..e35f022e0 --- /dev/null +++ b/.github/workflows/verify-release.yml @@ -0,0 +1,86 @@ +name: "Verify Release" + +on: + workflow_dispatch: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacRunner: + description: "Enable the MacOS runner in addition to Linux and Windows. Defaults to 'false'." + required: false + type: boolean + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. Enable this when verifying a pre-release for which we don't publish the Go SDK (for PRs and the default branch)." + required: false + type: boolean + default: false + workflow_call: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacosRunner: + description: "Enable the macos-latest runner in addition to ubuntu-latest and windows-latest. Defaults to 'false'." + required: false + type: boolean + default: false + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build." + required: false + type: boolean + default: false + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + verify-release: + name: verify-release + # We don't have any release verification configurations, so we never run this workflow. + # Configure your .ci-mgmt.yaml files to include the release verification configurations e.g. + # releaseVerification: + # nodejs: path/to/nodejs/project + # python: path/to/python/project + # dotnet: path/to/dotnet/project + # go: path/to/go/project + if: false + strategy: + matrix: + # We don't have any release verification configurations, so we only run on Linux to print warnings to help users configure the release verification. + runner: ["ubuntu-latest"] + runs-on: ${{ matrix.runner }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumicli, nodejs, python, dotnet, go, java From 498df3dbb7a9099ea3e5ff518d5885492fb4a717 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Tue, 5 Nov 2024 16:22:11 -0800 Subject: [PATCH 07/44] remove upstream references --- .github/workflows/build_provider.yml | 3 --- .github/workflows/prerequisites.yml | 2 -- 2 files changed, 5 deletions(-) diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index afccb150e..a32aaaf81 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -45,9 +45,6 @@ jobs: # Avoid creating directories for each artifact merge-multiple: true path: provider/cmd/pulumi-resource-eks/schema-embed.json - - name: Prepare for build - # This installs plugins and prepares upstream - run: make upstream - name: Build & package provider run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} - name: Upload artifacts diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 1c727afa0..d37e1397c 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -64,8 +64,6 @@ jobs: path: | .pulumi/examples-cache key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} - - name: Prepare upstream code - run: make upstream - name: Setup tools uses: ./.github/actions/setup-tools with: From e9804ed81f28e420fbbd786410c40adafd373ef0 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Tue, 5 Nov 2024 16:33:54 -0800 Subject: [PATCH 08/44] remove custom license check --- .github/workflows/license.yml | 69 ----------------------------- .github/workflows/prerequisites.yml | 4 +- 2 files changed, 1 insertion(+), 72 deletions(-) delete mode 100644 .github/workflows/license.yml diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml deleted file mode 100644 index ba478c114..000000000 --- a/.github/workflows/license.yml +++ /dev/null @@ -1,69 +0,0 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt - -name: license_check - -on: - workflow_call: - inputs: {} - -env: - ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} - ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - GOLANGCI_LINT_VERSION: v1.61.0 - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} - PROVIDER: eks - PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} - PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} - PULUMI_API: https://api.pulumi-staging.io - PULUMI_ENABLE_RESOURCE_REFERENCES: "1" - PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} - PYPI_USERNAME: __token__ - SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} - SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} - SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - TF_APPEND_USER_AGENT: pulumi - -jobs: - license_check: - name: License Check - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: go - - run: make upstream - - uses: pulumi/license-check-action@main - with: - module-path: provider - ignore-modules: >- - github.com/aead/chacha20, - github.com/apache/arrow/go/v12, - github.com/apache/thrift/lib/go/thrift, - github.com/cloudflare/circl, - github.com/golang, - github.com/gorhill/cronexpr, - github.com/in-toto/in-toto-golang, - github.com/jmespath/go-jmespath, - github.com/keybase/go-crypto, - github.com/klauspost/compress, - github.com/mattn/go-localereader, - github.com/modern-go/reflect2, - github.com/pierrec/lz4, - github.com/pjbgf/sha1cd, - github.com/pulumi, - github.com/segmentio/asm, - golang.org diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index d37e1397c..ee643ecbb 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -68,12 +68,10 @@ jobs: uses: ./.github/actions/setup-tools with: tools: go, pulumictl, pulumicli, schema-tools - - name: Build schema generator binary - run: make tfgen_build_only - name: Install plugins run: make install_plugins - name: Generate schema - run: make tfgen_no_deps + run: make schema - name: Build provider binary run: make provider_no_deps - name: Unit-test provider code From 45e2312b2b39207be0bb0bb95dab2ee4f885443a Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Tue, 5 Nov 2024 16:50:07 -0800 Subject: [PATCH 09/44] bump tests --- provider/provider_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/provider/provider_test.go b/provider/provider_test.go index 002fd8736..26d611600 100644 --- a/provider/provider_test.go +++ b/provider/provider_test.go @@ -85,7 +85,6 @@ func TestExamplesUpgrades(t *testing.T) { t.Run("subnet-tags", func(t *testing.T) { testProviderUpgrade(t, "subnet-tags") }) - t.Run("tags", func(t *testing.T) { testProviderUpgrade(t, "tags") }) From 906fde812ef808b289489a5e42d3aacee68cc6db Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 09:21:19 -0800 Subject: [PATCH 10/44] try renaming to get tests to run --- .github/workflows/run-acceptance-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 78ce66035..749529d3a 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -1,6 +1,6 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt -name: run-acceptance-tests +name: Run Acceptance Tests from PR on: pull_request: From 8f6fc85489faf92a5faba15eebb652bc8e52786e Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 09:24:20 -0800 Subject: [PATCH 11/44] add missing license --- .github/workflows/license.yml | 69 +++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .github/workflows/license.yml diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml new file mode 100644 index 000000000..ba478c114 --- /dev/null +++ b/.github/workflows/license.yml @@ -0,0 +1,69 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: license_check + +on: + workflow_call: + inputs: {} + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + license_check: + name: License Check + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go + - run: make upstream + - uses: pulumi/license-check-action@main + with: + module-path: provider + ignore-modules: >- + github.com/aead/chacha20, + github.com/apache/arrow/go/v12, + github.com/apache/thrift/lib/go/thrift, + github.com/cloudflare/circl, + github.com/golang, + github.com/gorhill/cronexpr, + github.com/in-toto/in-toto-golang, + github.com/jmespath/go-jmespath, + github.com/keybase/go-crypto, + github.com/klauspost/compress, + github.com/mattn/go-localereader, + github.com/modern-go/reflect2, + github.com/pierrec/lz4, + github.com/pjbgf/sha1cd, + github.com/pulumi, + github.com/segmentio/asm, + golang.org From f5cbaaebeccfe2daf74a11b73c1ca61b69b5ce0c Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 09:30:15 -0800 Subject: [PATCH 12/44] remove more upstream references --- .github/actions/upload-bin/action.yml | 4 ++-- .github/workflows/license.yml | 1 - .github/workflows/run-acceptance-tests.yml | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/actions/upload-bin/action.yml b/.github/actions/upload-bin/action.yml index da9ce2eac..d0b01b0af 100644 --- a/.github/actions/upload-bin/action.yml +++ b/.github/actions/upload-bin/action.yml @@ -1,12 +1,12 @@ name: Upload bin assets -description: Uploads the provider and tfgen binaries to `bin/`. +description: Uploads the provider binaries to `bin/`. runs: using: "composite" steps: - name: Tar provider binaries shell: bash - run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-eks pulumi-tfgen-eks + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-eks - name: Upload artifacts uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index ba478c114..daa10f0a6 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -45,7 +45,6 @@ jobs: uses: ./.github/actions/setup-tools with: tools: go - - run: make upstream - uses: pulumi/license-check-action@main with: module-path: provider diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 749529d3a..78ce66035 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -1,6 +1,6 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt -name: Run Acceptance Tests from PR +name: run-acceptance-tests on: pull_request: From 87c2b4034ba76694236bdc87f0afdca91bea140a Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 11:36:31 -0800 Subject: [PATCH 13/44] Revert Makefile to master for now --- Makefile | 122 ++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 111 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index 3560ffcad..b2d2248ed 100644 --- a/Makefile +++ b/Makefile @@ -1,34 +1,86 @@ -include .mk/defaults.mk +PROJECT_NAME := Pulumi Amazon Web Services (AWS) EKS Components + +# Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable +# Local & branch builds will just used this fixed default version unless specified +PROVIDER_VERSION ?= 3.0.0-alpha.0+dev +# Use this normalised version everywhere rather than the raw input to ensure consistency. +VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version "$(PROVIDER_VERSION)") TESTPARALLELISM := 8 +PACK := eks +PROVIDER := pulumi-resource-${PACK} CODEGEN := pulumi-gen-${PACK} GZIP_PREFIX := pulumi-resource-${PACK}-v${VERSION_GENERIC} +WORKING_DIR := $(shell pwd) + +JAVA_GEN := pulumi-java-gen +JAVA_GEN_VERSION := v0.16.1 + EKS_SRC := $(wildcard nodejs/eks/*.*) $(wildcard nodejs/eks/*/*.ts) $(wildcard nodejs/eks/*/*/*.ts) LOCAL_PLAT ?= "" PKG_ARGS := --no-bytecode --public-packages "*" --public PKG_TARGET := ./bin/cmd/provider/index.js +SCHEMA_PATH := provider/cmd/$(PROVIDER)/schema.json -prebuild: schema +build:: schema provider build_nodejs build_python build_go build_dotnet build_java -schema: +schema:: (cd provider/cmd/$(CODEGEN) && go run main.go schema ../$(PROVIDER) $(VERSION_GENERIC)) -.pulumi/version: nodejs/eks/yarn.lock - (cd nodejs/eks && yarn list --pattern @pulumi/pulumi --json --no-progress | jq -r '.data.trees[].name' | cut -d'@' -f3 > ../../.pulumi/version) - provider:: bin/${PROVIDER} -build_nodejs: schema +.pulumi/bin/pulumi: PULUMI_VERSION := $(shell cd nodejs/eks && yarn list --pattern @pulumi/pulumi --json --no-progress | jq -r '.data.trees[].name' | cut -d'@' -f3) +.pulumi/bin/pulumi: HOME := $(WORKING_DIR) +.pulumi/bin/pulumi: + curl -fsSL https://get.pulumi.com | sh -s -- --version "$(PULUMI_VERSION)" + +build_nodejs:: .pulumi/bin/pulumi schema cd provider/cmd/$(CODEGEN) && go run main.go nodejs ../../../sdk/nodejs $(CURDIR) ../$(PROVIDER)/schema.json $(VERSION_GENERIC) cd sdk/nodejs && \ yarn install --no-progress && \ yarn run build && \ cp package.json yarn.lock ./bin/ +bin/pulumi-java-gen:: + mkdir -p bin/ + pulumictl download-binary -n pulumi-language-java -v $(JAVA_GEN_VERSION) -r pulumi/pulumi-java + +build_java:: PACKAGE_VERSION := ${VERSION_GENERIC} +build_java:: bin/pulumi-java-gen schema + rm -rf sdk/java + $(WORKING_DIR)/bin/$(JAVA_GEN) generate --schema provider/cmd/$(PROVIDER)/schema.json --out sdk/java --build gradle-nexus + cd sdk/java && \ + echo "module fake_java_module // Exclude this directory from Go tools\n\ngo 1.17" > go.mod && \ + gradle --console=plain build + +build_python:: schema + rm -rf sdk/python + cd provider/cmd/$(CODEGEN) && go run main.go python ../../../sdk/python $(CURDIR) ../$(PROVIDER)/schema.json $(VERSION_GENERIC) + cd sdk/python/ && \ + echo "module fake_python_module // Exclude this directory from Go tools\n\ngo 1.17" > go.mod && \ + cp ../../README.md . && \ + rm -rf ./bin/ ../python.bin/ && cp -R . ../python.bin && mv ../python.bin ./bin && \ + python3 -m venv venv && \ + ./venv/bin/python -m pip install build && \ + cd ./bin && \ + ../venv/bin/python -m build . + +build_go:: schema + rm -rf sdk/go + cd provider/cmd/$(CODEGEN) && go run main.go go ../../../sdk/go $(CURDIR) ../$(PROVIDER)/schema.json $(VERSION_GENERIC) + +build_dotnet:: schema + rm -rf sdk/dotnet + cd provider/cmd/$(CODEGEN) && go run main.go dotnet ../../../sdk/dotnet $(CURDIR) ../$(PROVIDER)/schema.json $(VERSION_GENERIC) + cd sdk/dotnet/ && \ + echo "module fake_dotnet_module // Exclude this directory from Go tools\n\ngo 1.17" > go.mod && \ + echo "${VERSION_GENERIC}" >version.txt && \ + dotnet build + lint_fix: cd nodejs/eks && \ yarn install && \ @@ -39,6 +91,9 @@ lint: yarn install && \ yarn lint-check +lint_provider:: + cd provider && golangci-lint run -c ../.golangci.yml + install_provider:: PROVIDER_VERSION := latest install_provider:: provider install_nodejs_sdk cd provider/cmd/$(PROVIDER) && \ @@ -47,6 +102,23 @@ install_provider:: provider install_nodejs_sdk cp ../../../bin/$(PROVIDER) ./bin && \ sed -e 's/\$${VERSION}/$(PROVIDER_VERSION)/g' < package.json > bin/package.json +generate_schema:: schema + +install_nodejs_sdk:: build_nodejs + yarn link --cwd $(WORKING_DIR)/sdk/nodejs/bin + +install_dotnet_sdk:: build_dotnet + mkdir -p $(WORKING_DIR)/nuget + find . -name '*.nupkg' -print -exec cp -p {} ${WORKING_DIR}/nuget \; + +install_go_sdk:: + #Intentionally empty for CI / CD templating + +install_python_sdk:: + #Intentionally empty for CI / CD templating + +install_java_sdk:: + #Intentionally empty for CI / CD templating nodejs/eks/node_modules: nodejs/eks/package.json nodejs/eks/yarn.lock yarn install --cwd nodejs/eks --no-progress @@ -61,7 +133,7 @@ nodejs/eks/bin: nodejs/eks/node_modules ${EKS_SRC} # Re-use the local platform if provided (e.g. `make provider LOCAL_PLAT=linux-amd64`) ifneq ($(LOCAL_PLAT),"") -bin/${PROVIDER}: bin/provider/$(LOCAL_PLAT)/${PROVIDER} +bin/${PROVIDER}:: bin/provider/$(LOCAL_PLAT)/${PROVIDER} cp bin/provider/$(LOCAL_PLAT)/${PROVIDER} bin/${PROVIDER} else bin/${PROVIDER}: nodejs/eks/bin nodejs/eks/node_modules @@ -95,14 +167,42 @@ dist:: dist/${GZIP_PREFIX}-darwin-amd64.tar.gz dist:: dist/${GZIP_PREFIX}-darwin-arm64.tar.gz dist:: dist/${GZIP_PREFIX}-windows-amd64.tar.gz +test_build:: + cd examples/utils/testvpc && yarn install && yarn run tsc + +test_nodejs:: PATH := $(WORKING_DIR)/bin:$(PATH) +test_nodejs:: provider install_nodejs_sdk + cd examples && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} . 2>&1 | tee /tmp/gotest.log | gotestfmt + test_nodejs_upgrade:: PATH := $(WORKING_DIR)/bin:$(PATH) test_nodejs_upgrade:: provider install_nodejs_sdk - cd provider && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} ./... + cd provider && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt + +test_python:: install_provider test_build + cd examples && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} . 2>&1 | tee /tmp/gotest.log | gotestfmt + +test_dotnet:: install_provider + cd examples && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} . 2>&1 | tee /tmp/gotest.log | gotestfmt + +test_java:: install_provider + cd examples && go test -tags=java -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} . 2>&1 | tee /tmp/gotest.log | gotestfmt test_unit_tests: cd nodejs/eks && \ yarn install && \ yarn run test -dev: lint build_nodejs -test: test_nodejs +specific_test:: install_nodejs_sdk test_build + cd examples && go test -tags=$(LanguageTags) -v -json -count=1 -cover -timeout 3h -parallel ${TESTPARALLELISM} . --run=TestAcc$(TestName) 2>&1 | tee /tmp/gotest.log | gotestfmt + +specific_test_local:: install_nodejs_sdk test_build + cd examples && go test -tags=$(LanguageTags) -v -count=1 -cover -timeout 3h . --run=TestAcc$(TestName) + +dev:: lint build_nodejs +test:: test_nodejs + +test_provider: + @echo "" + @echo "== test_provider ===================================================================" + @echo "" + cd provider && go test -v -short ./... -parallel $(TESTPARALLELISM) From ba6776dda4bcac8c343d728265bc136514525833 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 11:38:31 -0800 Subject: [PATCH 14/44] Add some targets for ci-mgmt compatibility --- Makefile | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/Makefile b/Makefile index b2d2248ed..008873454 100644 --- a/Makefile +++ b/Makefile @@ -206,3 +206,22 @@ test_provider: @echo "== test_provider ===================================================================" @echo "" cd provider && go test -v -short ./... -parallel $(TESTPARALLELISM) + + +# ci-mgmt onboarding + +.pulumi/bin/pulumi: .pulumi/version + @if [ -x .pulumi/bin/pulumi ] && [ "v$$(cat .pulumi/version)" = "$$(.pulumi/bin/pulumi version)" ]; then \ + echo "pulumi/bin/pulumi version: v$$(cat .pulumi/version)"; \ + else \ + curl -fsSL https://get.pulumi.com | \ + HOME=$(WORKING_DIR) sh -s -- --version "$$(cat .pulumi/version)"; \ + fi + +.pulumi/version: provider/go.mod + @mkdir -p .pulumi + @cd provider && go list -f "{{slice .Version 1}}" -m github.com/pulumi/pulumi/pkg/v3 | tee ../$@ + +test_shard: install_provider install_sdks + cd examples && \ + go test -tags=$(TAGS) -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} -run $(TESTS) ./... From 1ec9facd41a975dc38ed5e274b154a5022b4c35d Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 11:39:08 -0800 Subject: [PATCH 15/44] make provider_no_deps -> make provider --- .github/workflows/prerequisites.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index ee643ecbb..ef0151403 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -73,7 +73,7 @@ jobs: - name: Generate schema run: make schema - name: Build provider binary - run: make provider_no_deps + run: make provider - name: Unit-test provider code run: make test_provider - if: inputs.is_pr From 4c417bb6af5ff6d39ad113c62606f0c47871dda9 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 11:43:31 -0800 Subject: [PATCH 16/44] add missing .actionlint.yml --- .actionlint.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .actionlint.yml diff --git a/.actionlint.yml b/.actionlint.yml new file mode 100644 index 000000000..653148f50 --- /dev/null +++ b/.actionlint.yml @@ -0,0 +1,4 @@ +self-hosted-runner: + # Labels of self-hosted runner in array of string + labels: + - pulumi-ubuntu-8core From 5454fbae0ec3c5da7d69466cf6b4d5d3911cc8cf Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 11:48:31 -0800 Subject: [PATCH 17/44] fix install_plugins --- Makefile | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 008873454..238ac7a72 100644 --- a/Makefile +++ b/Makefile @@ -33,10 +33,11 @@ schema:: provider:: bin/${PROVIDER} -.pulumi/bin/pulumi: PULUMI_VERSION := $(shell cd nodejs/eks && yarn list --pattern @pulumi/pulumi --json --no-progress | jq -r '.data.trees[].name' | cut -d'@' -f3) -.pulumi/bin/pulumi: HOME := $(WORKING_DIR) -.pulumi/bin/pulumi: - curl -fsSL https://get.pulumi.com | sh -s -- --version "$(PULUMI_VERSION)" +# Replaced with ci-mgmt target below. +#.pulumi/bin/pulumi: PULUMI_VERSION := $(shell cd nodejs/eks && yarn list --pattern @pulumi/pulumi --json --no-progress | jq -r '.data.trees[].name' | cut -d'@' -f3) +#.pulumi/bin/pulumi: HOME := $(WORKING_DIR) +#.pulumi/bin/pulumi: +# curl -fsSL https://get.pulumi.com | sh -s -- --version "$(PULUMI_VERSION)" build_nodejs:: .pulumi/bin/pulumi schema cd provider/cmd/$(CODEGEN) && go run main.go nodejs ../../../sdk/nodejs $(CURDIR) ../$(PROVIDER)/schema.json $(VERSION_GENERIC) @@ -218,10 +219,17 @@ test_provider: HOME=$(WORKING_DIR) sh -s -- --version "$$(cat .pulumi/version)"; \ fi -.pulumi/version: provider/go.mod - @mkdir -p .pulumi - @cd provider && go list -f "{{slice .Version 1}}" -m github.com/pulumi/pulumi/pkg/v3 | tee ../$@ +# Uses a custom target which reads from package.json. +#.pulumi/version: provider/go.mod +# @mkdir -p .pulumi +# @cd provider && go list -f "{{slice .Version 1}}" -m github.com/pulumi/pulumi/pkg/v3 | tee ../$@ +.pulumi/version: nodejs/eks/yarn.lock + (cd nodejs/eks && yarn list --pattern @pulumi/pulumi --json --no-progress | jq -r '.data.trees[].name' | cut -d'@' -f3 > ../../.pulumi/version) test_shard: install_provider install_sdks cd examples && \ go test -tags=$(TAGS) -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} -run $(TESTS) ./... + +install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +install_plugins: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +install_plugins: .pulumi/bin/pulumi From 899773e2b885e8d70012263ca0aff62068b1c63f Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 12:04:09 -0800 Subject: [PATCH 18/44] make test_provider was never getting called? --- provider/provider_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/provider/provider_test.go b/provider/provider_test.go index 26d611600..c8dbe2c00 100644 --- a/provider/provider_test.go +++ b/provider/provider_test.go @@ -99,6 +99,9 @@ func TestEksClusterInputValidations(t *testing.T) { for _, p := range props { for n := 0; n < 2; n++ { t.Run(fmt.Sprintf("%s_%d", p, n), func(t *testing.T) { + if testing.Short() { + t.Skipf("Skipping in testing.Short() mode, assuming this is a CI run without credentials") + } checkEksClusterInputValidations(t, p, n, n > 0) }) } From d283d1c40d81bf87cbacb99f3549d860441e9682 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 12:13:45 -0800 Subject: [PATCH 19/44] dist targets --- Makefile | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 238ac7a72..9a1f33256 100644 --- a/Makefile +++ b/Makefile @@ -209,7 +209,9 @@ test_provider: cd provider && go test -v -short ./... -parallel $(TESTPARALLELISM) -# ci-mgmt onboarding +###################### +# ci-mgmt onboarding # +###################### .pulumi/bin/pulumi: .pulumi/version @if [ -x .pulumi/bin/pulumi ] && [ "v$$(cat .pulumi/version)" = "$$(.pulumi/bin/pulumi version)" ]; then \ @@ -233,3 +235,10 @@ test_shard: install_provider install_sdks install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi install_plugins: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) install_plugins: .pulumi/bin/pulumi + +provider_dist-linux-arm64: bin/provider/linux-arm64/${PROVIDER} +provider_dist-linux-amd64: bin/provider/linux-amd64/${PROVIDER} +provider_dist-darwin-arm64: bin/provider/darwin-arm64/${PROVIDER} +provider_dist-darwin-amd64: bin/provider/darwin-amd64/${PROVIDER} +provider_dist-windows-arm64: bin/provider/windows-arm64/${PROVIDER} +provider_dist-windows-amd64: bin/provider/windows-amd64/${PROVIDER} From 2b7ba984c7bbd35e7dc3621903b62152d29584ef Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 12:13:48 -0800 Subject: [PATCH 20/44] Revert "Remove unnecessary codegen" This reverts commit a43ddb6fe729c55f1810f5d6e259b45add7a9250. --- provider/cmd/pulumi-gen-eks/main.go | 33 +++++++++++++++++++++++++++++ provider/go.mod | 1 + provider/go.sum | 2 ++ 3 files changed, 36 insertions(+) diff --git a/provider/cmd/pulumi-gen-eks/main.go b/provider/cmd/pulumi-gen-eks/main.go index 93e18881f..0ae152087 100644 --- a/provider/cmd/pulumi-gen-eks/main.go +++ b/provider/cmd/pulumi-gen-eks/main.go @@ -22,7 +22,10 @@ import ( "github.com/blang/semver" "github.com/pkg/errors" + dotnetgen "github.com/pulumi/pulumi/pkg/v3/codegen/dotnet" + gogen "github.com/pulumi/pulumi/pkg/v3/codegen/go" nodejsgen "github.com/pulumi/pulumi/pkg/v3/codegen/nodejs" + pygen "github.com/pulumi/pulumi/pkg/v3/codegen/python" "github.com/pulumi/pulumi/pkg/v3/codegen/schema" "github.com/pulumi/pulumi/sdk/v3/go/common/util/contract" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" @@ -71,6 +74,12 @@ func main() { case Nodejs: templateDir := filepath.Join(base, "provider", "cmd", "pulumi-gen-eks", "nodejs-templates") genNodejs(readSchema(schemaFile, version), templateDir, outdir) + case DotNet: + genDotNet(readSchema(schemaFile, version), outdir) + case Go: + genGo(readSchema(schemaFile, version), outdir) + case Python: + genPython(readSchema(schemaFile, version), outdir) case Schema: pkgSpec := generateSchema(semver.MustParse(version)) mustWritePulumiSchema(pkgSpec, outdir) @@ -2672,6 +2681,30 @@ func genNodejs(pkg *schema.Package, templateDir, outdir string) { mustWriteFiles(outdir, files) } +func genDotNet(pkg *schema.Package, outdir string) { + files, err := dotnetgen.GeneratePackage(Tool, pkg, map[string][]byte{}, map[string]string{}) + if err != nil { + panic(err) + } + mustWriteFiles(outdir, files) +} + +func genGo(pkg *schema.Package, outdir string) { + files, err := gogen.GeneratePackage(Tool, pkg, map[string]string{}) + if err != nil { + panic(err) + } + mustWriteFiles(outdir, files) +} + +func genPython(pkg *schema.Package, outdir string) { + files, err := pygen.GeneratePackage(Tool, pkg, map[string][]byte{}) + if err != nil { + panic(err) + } + mustWriteFiles(outdir, files) +} + func mustWriteFiles(rootDir string, files map[string][]byte) { for filename, contents := range files { mustWriteFile(rootDir, filename, contents) diff --git a/provider/go.mod b/provider/go.mod index 04fc077b5..5833ca159 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -97,6 +97,7 @@ require ( github.com/hashicorp/hcl v1.0.1-vault-5 // indirect github.com/hashicorp/hcl/v2 v2.20.1 // indirect github.com/hashicorp/vault/api v1.12.2 // indirect + github.com/iancoleman/strcase v0.3.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect diff --git a/provider/go.sum b/provider/go.sum index a9d284bbd..25e3ac2cb 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -257,6 +257,8 @@ github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdx github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE= github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE= +github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSASxEI= +github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= From d22bfe753b3949494936eb291432331d7feeb504 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 12:22:49 -0800 Subject: [PATCH 21/44] fix windows target --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 9a1f33256..603f60f09 100644 --- a/Makefile +++ b/Makefile @@ -240,5 +240,4 @@ provider_dist-linux-arm64: bin/provider/linux-arm64/${PROVIDER} provider_dist-linux-amd64: bin/provider/linux-amd64/${PROVIDER} provider_dist-darwin-arm64: bin/provider/darwin-arm64/${PROVIDER} provider_dist-darwin-amd64: bin/provider/darwin-amd64/${PROVIDER} -provider_dist-windows-arm64: bin/provider/windows-arm64/${PROVIDER} -provider_dist-windows-amd64: bin/provider/windows-amd64/${PROVIDER} +provider_dist-windows-amd64: bin/provider/windows-amd64/${PROVIDER}.exe From 913667c1479798858b98129fe71657ff93693418 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 12:23:32 -0800 Subject: [PATCH 22/44] add install_sdks target --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index 603f60f09..b9f482d11 100644 --- a/Makefile +++ b/Makefile @@ -241,3 +241,5 @@ provider_dist-linux-amd64: bin/provider/linux-amd64/${PROVIDER} provider_dist-darwin-arm64: bin/provider/darwin-arm64/${PROVIDER} provider_dist-darwin-amd64: bin/provider/darwin-amd64/${PROVIDER} provider_dist-windows-amd64: bin/provider/windows-amd64/${PROVIDER}.exe + +install_sdks: install_nodejs_sdk install_dotnet_sdk install_go_sdk install_python_sdk install_java_sdk From f3dbb288907523e56b65d7446a1f926fad6e2c02 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 12:39:05 -0800 Subject: [PATCH 23/44] use dist for provider upload --- .github/workflows/build_provider.yml | 2 +- Makefile | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index a32aaaf81..dd151611e 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -51,5 +51,5 @@ jobs: uses: actions/upload-artifact@v4 with: name: pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz - path: bin/pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + path: dist/pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz retention-days: 30 diff --git a/Makefile b/Makefile index b9f482d11..011e7f93d 100644 --- a/Makefile +++ b/Makefile @@ -236,10 +236,10 @@ install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi install_plugins: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) install_plugins: .pulumi/bin/pulumi -provider_dist-linux-arm64: bin/provider/linux-arm64/${PROVIDER} -provider_dist-linux-amd64: bin/provider/linux-amd64/${PROVIDER} -provider_dist-darwin-arm64: bin/provider/darwin-arm64/${PROVIDER} -provider_dist-darwin-amd64: bin/provider/darwin-amd64/${PROVIDER} -provider_dist-windows-amd64: bin/provider/windows-amd64/${PROVIDER}.exe +provider_dist-linux-amd64: dist/${GZIP_PREFIX}-linux-amd64.tar.gz +provider_dist-linux-arm64: dist/${GZIP_PREFIX}-linux-arm64.tar.gz +provider_dist-darwin-amd64: dist/${GZIP_PREFIX}-darwin-amd64.tar.gz +provider_dist-darwin-arm64: dist/${GZIP_PREFIX}-darwin-arm64.tar.gz +provider_dist-windows-amd64: dist/${GZIP_PREFIX}-windows-amd64.tar.gz install_sdks: install_nodejs_sdk install_dotnet_sdk install_go_sdk install_python_sdk install_java_sdk From c92c040e29022199920a5fb2947d3831e10404fe Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 12:42:33 -0800 Subject: [PATCH 24/44] Don't rebuild SDK --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 011e7f93d..6f0612b9f 100644 --- a/Makefile +++ b/Makefile @@ -105,10 +105,10 @@ install_provider:: provider install_nodejs_sdk generate_schema:: schema -install_nodejs_sdk:: build_nodejs +install_nodejs_sdk:: # Removed build dependency yarn link --cwd $(WORKING_DIR)/sdk/nodejs/bin -install_dotnet_sdk:: build_dotnet +install_dotnet_sdk:: # Removed build dependency mkdir -p $(WORKING_DIR)/nuget find . -name '*.nupkg' -print -exec cp -p {} ${WORKING_DIR}/nuget \; From 83a79b9b295ff7cbf48036654e7dc766bc7f2a83 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 12:57:26 -0800 Subject: [PATCH 25/44] fix shard invocation --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 6f0612b9f..220074ed8 100644 --- a/Makefile +++ b/Makefile @@ -228,9 +228,9 @@ test_provider: .pulumi/version: nodejs/eks/yarn.lock (cd nodejs/eks && yarn list --pattern @pulumi/pulumi --json --no-progress | jq -r '.data.trees[].name' | cut -d'@' -f3 > ../../.pulumi/version) -test_shard: install_provider install_sdks +test_shard: cd examples && \ - go test -tags=$(TAGS) -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} -run $(TESTS) ./... + go test -tags=$(TAGS) -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} -run "${TESTS}" ./... install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi install_plugins: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) From d6f12003ae9493e4b95204b11d050d00aabd507c Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 14:00:52 -0800 Subject: [PATCH 26/44] set profile credentials as part of the test instead of the workflow --- .ci-mgmt.yaml | 1 - examples/examples_nodejs_test.go | 4 ++++ examples/examples_py_test.go | 4 ++++ examples/examples_test.go | 22 ++++++++++++++++++++++ 4 files changed, 30 insertions(+), 1 deletion(-) diff --git a/.ci-mgmt.yaml b/.ci-mgmt.yaml index abe552ea0..acd20bf4c 100644 --- a/.ci-mgmt.yaml +++ b/.ci-mgmt.yaml @@ -4,7 +4,6 @@ aws: true env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} GOLANGCI_LINT_VERSION: v1.61.0 diff --git a/examples/examples_nodejs_test.go b/examples/examples_nodejs_test.go index 0911cf613..9de6a6ce7 100644 --- a/examples/examples_nodejs_test.go +++ b/examples/examples_nodejs_test.go @@ -302,9 +302,13 @@ func TestAccScopedKubeconfig(t *testing.T) { func TestAccAwsProfile(t *testing.T) { unsetAWSProfileEnv(t) + profile := "aws-profile" + setProfileCredentials(t, profile) + test := getJSBaseOptions(t). With(integration.ProgramTestOptions{ Dir: path.Join(getCwd(t), "aws-profile"), + Env: []string{"ALT_AWS_PROFILE=" + profile}, ExtraRuntimeValidation: func(t *testing.T, info integration.RuntimeValidationStackInfo) { // The `cluster.kubeconfig` output should fail as it does not have the right AWS_PROFILE set. t.Logf("Ensuring cluster.kubeconfig fails without AWS_PROFILE envvar set") diff --git a/examples/examples_py_test.go b/examples/examples_py_test.go index 065e1c355..e0c76cbb7 100644 --- a/examples/examples_py_test.go +++ b/examples/examples_py_test.go @@ -30,10 +30,14 @@ import ( func TestAccAwsProfilePy(t *testing.T) { unsetAWSProfileEnv(t) + profile := "aws-profile-py" + setProfileCredentials(t, profile) + test := getPythonBaseOptions(t). With(integration.ProgramTestOptions{ NoParallel: true, Dir: filepath.Join(getCwd(t), "aws-profile-py"), + Env: []string{"ALT_AWS_PROFILE=" + profile}, ExtraRuntimeValidation: func(t *testing.T, info integration.RuntimeValidationStackInfo) { // The `cluster.kubeconfig` output should fail as it does not have the right AWS_PROFILE set. t.Logf("Ensuring cluster.kubeconfig fails without AWS_PROFILE envvar set") diff --git a/examples/examples_test.go b/examples/examples_test.go index 4ca182237..bd77fb57d 100644 --- a/examples/examples_test.go +++ b/examples/examples_test.go @@ -19,6 +19,7 @@ import ( "errors" "fmt" "os" + "os/exec" "path/filepath" "runtime" "testing" @@ -176,6 +177,27 @@ func loadAwsDefaultConfig(t *testing.T) aws.Config { return cfg } +// setProfileCredentials ensures a profile exists with the given name. It shares ambient credentials. +func setProfileCredentials(t *testing.T, profile string) { + t.Helper() + + keyID := os.Getenv("ALT_AWS_ACCESS_KEY_ID") + if keyID == "" { + t.Skip("ALT_AWS_ACCESS_KEY_ID is unset") + } + + secret := os.Getenv("ALT_AWS_SECRET_ACCESS_KEY") + if secret == "" { + t.Skip("ALT_AWS_SECRET_ACCESS_KEY is unset") + } + + out, err := exec.Command("aws", "configure", "set", "aws_access_key_id", keyID, "--profile", profile).CombinedOutput() + require.NoError(t, err, string(out)) + + out, err = exec.Command("aws", "configure", "set", "aws_secret_access_key", secret, "--profile", profile).CombinedOutput() + require.NoError(t, err, string(out)) +} + func createEksClient(t *testing.T) *eks.Client { client := eks.NewFromConfig(loadAwsDefaultConfig(t)) require.NotNil(t, client, "failed to create EKS client") From 4037a01dad36855ecc1d5f2371e50b4c88f0e79e Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 14:01:14 -0800 Subject: [PATCH 27/44] fix codecov --- .github/workflows/prerequisites.yml | 4 ++++ .github/workflows/run-acceptance-tests.yml | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index ef0151403..548c31ee0 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -76,6 +76,10 @@ jobs: run: make provider - name: Unit-test provider code run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - if: inputs.is_pr name: Check Schema is Valid run: | diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 78ce66035..7a6da2f3e 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -185,10 +185,6 @@ jobs: role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - name: Install dependencies run: make install_sdks - - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@v4 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - name: Generate shard id: shard uses: hashicorp-forge/go-test-split-action@v2.0.0 @@ -202,6 +198,10 @@ jobs: env: TAGS: all TESTS: ${{ steps.shard.outputs.run}} + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} strategy: fail-fast: false matrix: From d2aeb0c81d822fd7688cc9115444bdec29f67c51 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 15:35:02 -0800 Subject: [PATCH 28/44] remove noparallels --- examples/examples_nodejs_test.go | 13 +++++++------ examples/examples_py_test.go | 12 +++++++----- examples/examples_test.go | 29 ++++++----------------------- 3 files changed, 20 insertions(+), 34 deletions(-) diff --git a/examples/examples_nodejs_test.go b/examples/examples_nodejs_test.go index 9de6a6ce7..dcd62738d 100644 --- a/examples/examples_nodejs_test.go +++ b/examples/examples_nodejs_test.go @@ -300,15 +300,18 @@ func TestAccScopedKubeconfig(t *testing.T) { } func TestAccAwsProfile(t *testing.T) { - unsetAWSProfileEnv(t) - - profile := "aws-profile" + profile := "aws-profile-node" setProfileCredentials(t, profile) test := getJSBaseOptions(t). With(integration.ProgramTestOptions{ Dir: path.Join(getCwd(t), "aws-profile"), - Env: []string{"ALT_AWS_PROFILE=" + profile}, + Env: []string{ + "ALT_AWS_PROFILE=" + profile, + "AWS_SECRET_ACCESS_KEY=", // unset + "AWS_ACCESS_KEY_ID=", // unset + "AWS_SESSION_TOKEN=", // unset + }, ExtraRuntimeValidation: func(t *testing.T, info integration.RuntimeValidationStackInfo) { // The `cluster.kubeconfig` output should fail as it does not have the right AWS_PROFILE set. t.Logf("Ensuring cluster.kubeconfig fails without AWS_PROFILE envvar set") @@ -319,7 +322,6 @@ func TestAccAwsProfile(t *testing.T) { info.Outputs["kubeconfigWithProfile"], ) }, - NoParallel: true, }) programTestWithExtraOptions(t, &test, nil) @@ -335,7 +337,6 @@ func TestAccAwsProfileRole(t *testing.T) { info.Outputs["kubeconfig"], ) }, - NoParallel: true, }) programTestWithExtraOptions(t, &test, nil) } diff --git a/examples/examples_py_test.go b/examples/examples_py_test.go index e0c76cbb7..eb4766562 100644 --- a/examples/examples_py_test.go +++ b/examples/examples_py_test.go @@ -28,16 +28,18 @@ import ( ) func TestAccAwsProfilePy(t *testing.T) { - unsetAWSProfileEnv(t) - profile := "aws-profile-py" setProfileCredentials(t, profile) test := getPythonBaseOptions(t). With(integration.ProgramTestOptions{ - NoParallel: true, - Dir: filepath.Join(getCwd(t), "aws-profile-py"), - Env: []string{"ALT_AWS_PROFILE=" + profile}, + Dir: filepath.Join(getCwd(t), "aws-profile-py"), + Env: []string{ + "ALT_AWS_PROFILE=" + profile, + "AWS_SECRET_ACCESS_KEY=", // unset + "AWS_ACCESS_KEY_ID=", // unset + "AWS_SESSION_TOKEN=", // unset + }, ExtraRuntimeValidation: func(t *testing.T, info integration.RuntimeValidationStackInfo) { // The `cluster.kubeconfig` output should fail as it does not have the right AWS_PROFILE set. t.Logf("Ensuring cluster.kubeconfig fails without AWS_PROFILE envvar set") diff --git a/examples/examples_test.go b/examples/examples_test.go index bd77fb57d..fb79335f3 100644 --- a/examples/examples_test.go +++ b/examples/examples_test.go @@ -51,10 +51,7 @@ func getCwd(t *testing.T) string { } func getBaseOptions(t *testing.T) integration.ProgramTestOptions { - pathEnv, err := providerPluginPathEnv() - if err != nil { - t.Fatalf("failed to build provider plugin PATH: %v", err) - } + pathEnv := providerPluginPathEnv(t) return integration.ProgramTestOptions{ Env: []string{pathEnv}, ExpectRefreshChanges: true, @@ -62,7 +59,8 @@ func getBaseOptions(t *testing.T) integration.ProgramTestOptions { } } -func providerPluginPathEnv() (string, error) { +func providerPluginPathEnv(t *testing.T) string { + t.Helper() // providerDir := filepath.Join("..", "bin") // absProviderDir, err := filepath.Abs(providerDir) // if err != nil { @@ -73,33 +71,18 @@ func providerPluginPathEnv() (string, error) { pluginDir := filepath.Join("..", "provider", "cmd", "pulumi-resource-eks", "bin") absPluginDir, err := filepath.Abs(pluginDir) if err != nil { - return "", err + t.Fatalf("failed to build provider plugin PATH: %v", err) + return "" } pathSeparator := ":" if runtime.GOOS == "windows" { pathSeparator = ";" } - return "PATH=" + os.Getenv("PATH") + pathSeparator + absPluginDir, nil + return "PATH=" + os.Getenv("PATH") + pathSeparator + absPluginDir // return "PATH=" + os.Getenv("PATH") + pathSeparator + absPluginDir + pathSeparator + absTestPluginDir + pathSeparator + absProviderDir, nil } -var envToUnset = [...]string{"AWS_SECRET_ACCESS_KEY", "AWS_ACCESS_KEY_ID", "AWS_SESSION_TOKEN"} - -// unsetAWSProfileEnv unsets the AWS_PROFILE and associated environment variables. -// EKS token retrieval using the AWS_PROFILE seems to prefer the -// the following variables over AWS_PROFILE so you end up with -// authentication failures in the tests. So drop these environment -// variables if set and reapply them after the test. -func unsetAWSProfileEnv(t *testing.T) { - t.Helper() - - for _, envVar := range envToUnset { - t.Setenv(envVar, "") - assert.NoError(t, os.Unsetenv(envVar)) // Explicitly unset the environment variable, as well. - } -} - type programTestExtraOptions struct { IgnoreDestroyErrors bool } From 4f41807d1fd9edcd82a63ce8ceb49a195a8e75f1 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Wed, 6 Nov 2024 15:53:06 -0800 Subject: [PATCH 29/44] reduce parallelism --- .github/workflows/run-acceptance-tests.yml | 12 +----------- examples/examples_nodejs_test.go | 1 + examples/examples_py_test.go | 1 + 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 7a6da2f3e..f8f579fd2 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -206,7 +206,7 @@ jobs: fail-fast: false matrix: total: - - 20 + - 10 index: - 0 - 1 @@ -218,16 +218,6 @@ jobs: - 7 - 8 - 9 - - 10 - - 11 - - 12 - - 13 - - 14 - - 15 - - 16 - - 17 - - 18 - - 19 license_check: name: License Check uses: ./.github/workflows/license.yml diff --git a/examples/examples_nodejs_test.go b/examples/examples_nodejs_test.go index dcd62738d..ab0a0dffd 100644 --- a/examples/examples_nodejs_test.go +++ b/examples/examples_nodejs_test.go @@ -308,6 +308,7 @@ func TestAccAwsProfile(t *testing.T) { Dir: path.Join(getCwd(t), "aws-profile"), Env: []string{ "ALT_AWS_PROFILE=" + profile, + "AWS_PROFILE=", // unset "AWS_SECRET_ACCESS_KEY=", // unset "AWS_ACCESS_KEY_ID=", // unset "AWS_SESSION_TOKEN=", // unset diff --git a/examples/examples_py_test.go b/examples/examples_py_test.go index eb4766562..4f085d25c 100644 --- a/examples/examples_py_test.go +++ b/examples/examples_py_test.go @@ -36,6 +36,7 @@ func TestAccAwsProfilePy(t *testing.T) { Dir: filepath.Join(getCwd(t), "aws-profile-py"), Env: []string{ "ALT_AWS_PROFILE=" + profile, + "AWS_PROFILE=", // unset "AWS_SECRET_ACCESS_KEY=", // unset "AWS_ACCESS_KEY_ID=", // unset "AWS_SESSION_TOKEN=", // unset From aa648f6bfb185ba249a68fb6ab5833a7d664d870 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Thu, 7 Nov 2024 09:23:33 -0800 Subject: [PATCH 30/44] free disk space before build --- .ci-mgmt.yaml | 1 + .github/workflows/master.yml | 7 +++++++ .github/workflows/prerelease.yml | 7 +++++++ .github/workflows/release.yml | 7 +++++++ .github/workflows/run-acceptance-tests.yml | 7 +++++++ 5 files changed, 29 insertions(+) diff --git a/.ci-mgmt.yaml b/.ci-mgmt.yaml index acd20bf4c..60827f958 100644 --- a/.ci-mgmt.yaml +++ b/.ci-mgmt.yaml @@ -22,3 +22,4 @@ env: PULUMI_ENABLE_RESOURCE_REFERENCES: 1 PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget template: generic +freeDiskSpaceBeforeTest: true diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 438ab0c3d..fddb3905d 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -104,6 +104,13 @@ jobs: env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + with: + tool-cache: false + swap-storage: false + dotnet: false - name: Checkout Repo uses: actions/checkout@v4 with: diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 636d74935..451b8a050 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -86,6 +86,13 @@ jobs: env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + with: + tool-cache: false + swap-storage: false + dotnet: false - name: Checkout Repo uses: actions/checkout@v4 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 96f1c7020..2b9ceb39b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -92,6 +92,13 @@ jobs: env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + with: + tool-cache: false + swap-storage: false + dotnet: false - name: Checkout Repo uses: actions/checkout@v4 with: diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index f8f579fd2..4f35b4d1e 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -135,6 +135,13 @@ jobs: env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + with: + tool-cache: false + swap-storage: false + dotnet: false - name: Checkout Repo uses: actions/checkout@v4 with: From 71b630af67040a353af902f3b00113e18a42086f Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Thu, 7 Nov 2024 10:06:16 -0800 Subject: [PATCH 31/44] Don't set ALT_AWS_PROFILE --- .github/workflows/build_sdk.yml | 1 - .github/workflows/command-dispatch.yml | 1 - .github/workflows/license.yml | 1 - .github/workflows/lint.yml | 1 - .github/workflows/master.yml | 1 - .github/workflows/prerelease.yml | 1 - .github/workflows/prerequisites.yml | 1 - .github/workflows/publish.yml | 1 - .github/workflows/pull-request.yml | 1 - .github/workflows/release.yml | 1 - .github/workflows/resync-build.yml | 1 - .github/workflows/run-acceptance-tests.yml | 1 - .github/workflows/verify-release.yml | 1 - 13 files changed, 13 deletions(-) diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index 61ed3fe29..00292ce7a 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -9,7 +9,6 @@ on: env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index 323780c89..6118880b9 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -2,7 +2,6 @@ env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index daa10f0a6..0edf10436 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -8,7 +8,6 @@ on: env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index adf5e979a..6d12e18d9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -8,7 +8,6 @@ on: env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index fddb3905d..904923fa9 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -2,7 +2,6 @@ env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 451b8a050..81845a329 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -3,7 +3,6 @@ env: IS_PRERELEASE: true ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 548c31ee0..26d0611ed 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -19,7 +19,6 @@ on: env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9d65db1cc..334f20f95 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,7 +18,6 @@ on: env: IS_PRERELEASE: ${{ inputs.isPrerelease }} ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 6a305605f..6dfee6450 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -2,7 +2,6 @@ env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2b9ceb39b..a04ede301 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,6 @@ on: env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/resync-build.yml b/.github/workflows/resync-build.yml index 5b194351b..80c0e5ecc 100644 --- a/.github/workflows/resync-build.yml +++ b/.github/workflows/resync-build.yml @@ -4,7 +4,6 @@ env: PULUMI_EXTRA_MAPPING_ERROR: true PULUMI_MISSING_MAPPING_ERROR: true ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 4f35b4d1e..0abf5abcd 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -13,7 +13,6 @@ on: env: PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index e35f022e0..aae2bc6c0 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -35,7 +35,6 @@ on: env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} From 49ad44ebc95721a375ed17fdb65cc640be6efe55 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Mon, 11 Nov 2024 17:00:40 -0800 Subject: [PATCH 32/44] don't depend on default profile --- examples/aws-profile-py/__main__.py | 6 +++++- examples/aws-profile/index.ts | 1 + examples/examples_nodejs_test.go | 3 +++ examples/examples_py_test.go | 3 +++ 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/examples/aws-profile-py/__main__.py b/examples/aws-profile-py/__main__.py index e9059aadc..162841e30 100644 --- a/examples/aws-profile-py/__main__.py +++ b/examples/aws-profile-py/__main__.py @@ -9,6 +9,9 @@ if not os.getenv("ALT_AWS_PROFILE"): raise Exception("ALT_AWS_PROFILE must be set") +if not os.getenv("AWS_REGION"): + raise Exception("AWS_REGION must be set") + # AWS named profile to use. profile_name = os.getenv("ALT_AWS_PROFILE") @@ -16,7 +19,7 @@ # and current region. aws_provider = aws.Provider("aws-provider", profile=profile_name, - region=aws.get_region().name) + region=os.getenv("AWS_REGION")) # Define the AWS provider credential opts to configure the cluster's # kubeconfig auth. @@ -25,6 +28,7 @@ # Create the cluster using the AWS provider and credential opts. cluster = eks.Cluster(project_name, provider_credential_opts=kubeconfig_opts, + authentication_mode=eks.AuthenticationMode.API, opts=pulumi.ResourceOptions(provider=aws_provider)) # Export the cluster kubeconfig. diff --git a/examples/aws-profile/index.ts b/examples/aws-profile/index.ts index 4fb01ff7c..2dc32a872 100644 --- a/examples/aws-profile/index.ts +++ b/examples/aws-profile/index.ts @@ -33,6 +33,7 @@ const kubeconfigOpts: eks.KubeconfigOptions = {profileName: profileName}; // Create the cluster using the AWS provider and credential opts. const cluster = new eks.Cluster(`${projectName}`, { providerCredentialOpts: kubeconfigOpts, + authenticationMode: eks.AuthenticationMode.Api, }, {provider: awsProvider}); // Export the cluster kubeconfig. diff --git a/examples/examples_nodejs_test.go b/examples/examples_nodejs_test.go index ab0a0dffd..ac759cdf3 100644 --- a/examples/examples_nodejs_test.go +++ b/examples/examples_nodejs_test.go @@ -306,6 +306,9 @@ func TestAccAwsProfile(t *testing.T) { test := getJSBaseOptions(t). With(integration.ProgramTestOptions{ Dir: path.Join(getCwd(t), "aws-profile"), + OrderedConfig: []integration.ConfigValue{ + {Key: "pulumi:disable-default-providers[0]", Value: "aws", Path: true}, + }, Env: []string{ "ALT_AWS_PROFILE=" + profile, "AWS_PROFILE=", // unset diff --git a/examples/examples_py_test.go b/examples/examples_py_test.go index 4f085d25c..e000facda 100644 --- a/examples/examples_py_test.go +++ b/examples/examples_py_test.go @@ -34,6 +34,9 @@ func TestAccAwsProfilePy(t *testing.T) { test := getPythonBaseOptions(t). With(integration.ProgramTestOptions{ Dir: filepath.Join(getCwd(t), "aws-profile-py"), + OrderedConfig: []integration.ConfigValue{ + {Key: "pulumi:disable-default-providers[0]", Value: "aws", Path: true}, + }, Env: []string{ "ALT_AWS_PROFILE=" + profile, "AWS_PROFILE=", // unset From 8564594be2cb4ff45c4c6ebf72792ca796644b76 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Tue, 12 Nov 2024 14:09:19 -0800 Subject: [PATCH 33/44] Use --profile instead of AWS_PROFILE AWS_PROFILE has less precedence than ambient credentials: Credentials from environment variables have precedence over credentials from the shared credentials and AWS CLI config file. Credentials specified in the shared credentials file have precedence over credentials in the AWS CLI config file. If AWS_PROFILE environment variable is set and the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables are set, then the credentials provided by AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY will override the credentials located in the profile provided by AWS_PROFILE. https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#id1 --- examples/aws-profile-py/__main__.py | 1 + examples/aws-profile-py/requirements.txt | 2 +- examples/aws-profile/README.md | 5 ++--- examples/aws-profile/index.ts | 1 + examples/examples_nodejs_test.go | 1 + examples/examples_py_test.go | 1 + nodejs/eks/cluster.ts | 2 +- 7 files changed, 8 insertions(+), 5 deletions(-) diff --git a/examples/aws-profile-py/__main__.py b/examples/aws-profile-py/__main__.py index 162841e30..cf6626358 100644 --- a/examples/aws-profile-py/__main__.py +++ b/examples/aws-profile-py/__main__.py @@ -29,6 +29,7 @@ cluster = eks.Cluster(project_name, provider_credential_opts=kubeconfig_opts, authentication_mode=eks.AuthenticationMode.API, + # TODO(#1475): bootstrap_self_managed_addons=false, # To speed up the test. opts=pulumi.ResourceOptions(provider=aws_provider)) # Export the cluster kubeconfig. diff --git a/examples/aws-profile-py/requirements.txt b/examples/aws-profile-py/requirements.txt index 83e91ee46..ec7f2222b 100644 --- a/examples/aws-profile-py/requirements.txt +++ b/examples/aws-profile-py/requirements.txt @@ -1,3 +1,3 @@ pulumi>=3.0.0,<4.0.0 pulumi-aws>=6.0.0,<7.0.0 -pulumi-eks>=2.0.0,<3.0.0 \ No newline at end of file +pulumi-eks>=3.0.0,<4.0.0 diff --git a/examples/aws-profile/README.md b/examples/aws-profile/README.md index 5bd143a1b..ce23480d7 100755 --- a/examples/aws-profile/README.md +++ b/examples/aws-profile/README.md @@ -1,5 +1,4 @@ # examples/cluster -Creates two EKS clusters in the default VPC with two t3.medium nodes. -- One cluster uses the default configuration. -- One cluster uses a non-default configuration. +Creates an EKS cluster in the default VPC with two t3.medium nodes, using a +non-default AWS profile for credentials. diff --git a/examples/aws-profile/index.ts b/examples/aws-profile/index.ts index 2dc32a872..899316fb9 100644 --- a/examples/aws-profile/index.ts +++ b/examples/aws-profile/index.ts @@ -34,6 +34,7 @@ const kubeconfigOpts: eks.KubeconfigOptions = {profileName: profileName}; const cluster = new eks.Cluster(`${projectName}`, { providerCredentialOpts: kubeconfigOpts, authenticationMode: eks.AuthenticationMode.Api, + // TODO(#1475): bootstrapSelfManagedAddons: false, // To speed up the test. }, {provider: awsProvider}); // Export the cluster kubeconfig. diff --git a/examples/examples_nodejs_test.go b/examples/examples_nodejs_test.go index ac759cdf3..6026f178a 100644 --- a/examples/examples_nodejs_test.go +++ b/examples/examples_nodejs_test.go @@ -309,6 +309,7 @@ func TestAccAwsProfile(t *testing.T) { OrderedConfig: []integration.ConfigValue{ {Key: "pulumi:disable-default-providers[0]", Value: "aws", Path: true}, }, + RetryFailedSteps: false, Env: []string{ "ALT_AWS_PROFILE=" + profile, "AWS_PROFILE=", // unset diff --git a/examples/examples_py_test.go b/examples/examples_py_test.go index e000facda..e592c636d 100644 --- a/examples/examples_py_test.go +++ b/examples/examples_py_test.go @@ -37,6 +37,7 @@ func TestAccAwsProfilePy(t *testing.T) { OrderedConfig: []integration.ConfigValue{ {Key: "pulumi:disable-default-providers[0]", Value: "aws", Path: true}, }, + RetryFailedSteps: false, Env: []string{ "ALT_AWS_PROFILE=" + profile, "AWS_PROFILE=", // unset diff --git a/nodejs/eks/cluster.ts b/nodejs/eks/cluster.ts index 4ee8e22f3..c72e0734c 100644 --- a/nodejs/eks/cluster.ts +++ b/nodejs/eks/cluster.ts @@ -219,7 +219,7 @@ export function generateKubeconfig( } if (includeProfile && opts?.profileName) { - env.push({ name: "AWS_PROFILE", value: opts.profileName }); + args = [...args, "--profile", opts.profileName]; } return pulumi.all([args, env]).apply(([tokenArgs, envvars]) => { From d7e2c2c59f8f08cda0e7a84fa47c1b96e8636ee8 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Fri, 15 Nov 2024 13:32:31 -0800 Subject: [PATCH 34/44] revert workflows --- .github/actions/setup-tools/action.yml | 7 +- .github/workflows/command-dispatch.yml | 60 +- .github/workflows/eks-cron.yml | 37 +- .github/workflows/eks-record.yml | 11 +- .github/workflows/master.yml | 664 +++++++++++++--- .github/workflows/publish.yml | 77 +- .github/workflows/pull-request.yml | 54 +- .github/workflows/release.yml | 641 +++++++++++++--- .github/workflows/run-acceptance-tests.yml | 854 ++++++++++++++++----- 9 files changed, 1828 insertions(+), 577 deletions(-) diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index 642d1d223..e6437b7bb 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -22,7 +22,9 @@ runs: if: inputs.tools == 'all' || contains(inputs.tools, 'go') uses: actions/setup-go@v5 with: - go-version: "1.21.x" + # TODO: here pulumi-eks diverges from the 1.21.x standard, to upgrade separately. + # go-version: "1.21.x" + go-version: "1.18.x" cache-dependency-path: | provider/*.sum upstream/*.sum @@ -51,7 +53,8 @@ runs: if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs') uses: actions/setup-node@v4 with: - node-version: 20.x + # TODO: here pulumi-eks diverges from 20.x standard; will need to update. + node-version: 18.x registry-url: https://registry.npmjs.org - name: Setup DotNet diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index 6118880b9..c30d3286f 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -1,51 +1,19 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: Command Dispatch for testing +on: + issue_comment: + types: [created, edited] -env: - ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - GOLANGCI_LINT_VERSION: v1.61.0 - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} - PROVIDER: eks - PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} - PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} - PULUMI_API: https://api.pulumi-staging.io - PULUMI_ENABLE_RESOURCE_REFERENCES: "1" - PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} - PYPI_USERNAME: __token__ - SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} - SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} - SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - TF_APPEND_USER_AGENT: pulumi jobs: command-dispatch-for-testing: - name: command-dispatch-for-testing runs-on: ubuntu-latest steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - uses: peter-evans/slash-command-dispatch@v4 - with: - commands: | - run-acceptance-tests - release - issue-type: pull-request - permission: write - reaction-token: ${{ secrets.GITHUB_TOKEN }} - repository: pulumi/pulumi-eks - token: ${{ secrets.PULUMI_BOT_TOKEN }} -name: command-dispatch -on: - issue_comment: - types: - - created - - edited + - uses: actions/checkout@v4 + - name: Run Build + uses: peter-evans/slash-command-dispatch@v4 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + reaction-token: ${{ secrets.GITHUB_TOKEN }} + commands: run-acceptance-tests + permission: write + issue-type: pull-request + repository: pulumi/pulumi-eks diff --git a/.github/workflows/eks-cron.yml b/.github/workflows/eks-cron.yml index 595221efd..57ef84ce2 100644 --- a/.github/workflows/eks-cron.yml +++ b/.github/workflows/eks-cron.yml @@ -1,7 +1,6 @@ env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GOLANGCI_LINT_VERSION: v1.61.0 @@ -256,12 +255,6 @@ jobs: role-duration-seconds: 7200 role-session-name: ${{ env.PROVIDER }}@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - name: Link nodejs binary for testing run: | cd ${{ github.workspace }}/bin @@ -270,12 +263,12 @@ jobs: id: test_split uses: hashicorp-forge/go-test-split-action@v2.0.0 with: - working-directory: examples + working-directory: tests flags: -tags=nodejs total: ${{ matrix.total }} index: ${{ matrix.index }} - name: Run tests - run: cd examples && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt + run: cd tests && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt strategy: fail-fast: false max-parallel: 10 @@ -367,12 +360,6 @@ jobs: role-duration-seconds: 7200 role-session-name: ${{ env.PROVIDER }}@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - name: Link nodejs binary for testing run: | cd ${{ github.workspace }}/bin @@ -381,12 +368,12 @@ jobs: id: test_split uses: hashicorp-forge/go-test-split-action@v2.0.0 with: - working-directory: examples + working-directory: tests flags: -tags=python total: ${{ matrix.total }} index: ${{ matrix.index }} - name: Run tests - run: cd examples && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt + run: cd tests && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt strategy: fail-fast: false matrix: @@ -478,18 +465,12 @@ jobs: role-duration-seconds: 7200 role-session-name: ${{ env.PROVIDER }}@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - name: Link nodejs binary for testing run: | cd ${{ github.workspace }}/bin yarn install && yarn link @pulumi/eks - name: Run tests - run: cd examples && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt + run: cd tests && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt test-go: name: Run Go Tests needs: @@ -573,18 +554,12 @@ jobs: role-duration-seconds: 7200 role-session-name: ${{ env.PROVIDER }}@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - name: Link nodejs binary for testing run: | cd ${{ github.workspace }}/bin yarn install && yarn link @pulumi/eks - name: Run tests - run: cd examples && go test -tags=go -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt + run: cd tests && go test -tags=go -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt name: cron "on": schedule: diff --git a/.github/workflows/eks-record.yml b/.github/workflows/eks-record.yml index 10ca3c78b..c467bb27d 100644 --- a/.github/workflows/eks-record.yml +++ b/.github/workflows/eks-record.yml @@ -4,7 +4,7 @@ on: inputs: runTests: type: string - description: "The tests in examples to record snapshots for, as a regex for `go test -run`. Defaults to `TestExamplesUpgrades`" + description: "The tests to record snapshots for, as a regex for `go test -run`. Defaults to `TestExamplesUpgrades`" required: true default: "TestExamplesUpgrades" targetBranch: @@ -16,7 +16,6 @@ on: env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} - ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} AWS_REGION: us-west-2 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} @@ -209,12 +208,6 @@ jobs: role-duration-seconds: 7200 role-session-name: ${{ env.PROVIDER }}@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Configure AWS CLI - run: | - aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} - aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} - name: Clear GitHub Actions Ubuntu runner disk space uses: jlumbroso/free-disk-space@v1.3.1 with: @@ -231,7 +224,7 @@ jobs: - name: Record provider test snapshots run: | - cd provider && go test -tags nodejs -run '${{ inputs.runTests }}' -provider-snapshot -v -json -count=1 -cover -timeout 4h -parallel 20 . 2>&1 | tee /tmp/gotest.log | gotestfmt + cd tests && go test -tags nodejs -run '${{ inputs.runTests }}' -provider-snapshot -v -json -count=1 -cover -timeout 4h -parallel 20 . 2>&1 | tee /tmp/gotest.log | gotestfmt # TODO,tkappler Not sure why this is happening, but gotestfmt-action seems to download and unpack into the repository's root folder. # https://github.com/GoTestTools/gotestfmt-action/blob/v2/index.js#L6 diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 904923fa9..e84a417e0 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -1,10 +1,8 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt - env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GOLANGCI_LINT_VERSION: v1.61.0 NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} @@ -14,58 +12,186 @@ env: PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io - PULUMI_ENABLE_RESOURCE_REFERENCES: "1" - PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - TF_APPEND_USER_AGENT: pulumi + PULUMI_ENABLE_RESOURCE_REFERENCES: 1 + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + GOVERSION: "1.21.x" + DOTNETVERSION: "6.x" + PYTHONVERSION: "3.8" + JAVAVERSION: "11" jobs: + lint: + name: Lint and unit test + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Install Yarn + run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 + - name: Update PATH for Yarn + run: | + echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" + echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" + - name: Run nodejs linter + run: make lint + - name: golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: ${{ env.GOLANGCI_LINT_VERSION }} + args: -c ../.golangci.yml + working-directory: provider + - name: Run unit tests + run: make test_unit_tests prerequisites: - uses: ./.github/workflows/prerequisites.yml - secrets: inherit - with: - default_branch: ${{ github.event.repository.default_branch }} - is_pr: ${{ github.event_name == 'pull_request' }} - is_automated: ${{ github.actor == 'dependabot[bot]' }} - - build_provider: - uses: ./.github/workflows/build_provider.yml - needs: prerequisites - secrets: inherit - with: - version: ${{ needs.prerequisites.outputs.version }} - + name: prerequisites + runs-on: ubuntu-latest + outputs: + version: ${{ steps.provider-version.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - uses: pulumi/provider-version-action@v1 + id: provider-version + with: + set-env: "PROVIDER_VERSION" + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Build provider binary + schema + run: make schema provider + - name: Check worktree clean + uses: pulumi/git-status-check-action@v1 + with: + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Tar provider binaries + run: + tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin/ pulumi-resource-${{ env.PROVIDER }} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in building provider prerequisites + fields: repo,commit,author,action + status: ${{ job.status }} + strategy: + fail-fast: true build_sdk: name: build_sdk + runs-on: ubuntu-latest needs: prerequisites - uses: ./.github/workflows/build_sdk.yml - secrets: inherit - with: - version: ${{ needs.prerequisites.outputs.version }} - - lint: - name: lint - uses: ./.github/workflows/lint.yml - secrets: inherit - license_check: - name: License Check - uses: ./.github/workflows/license.yml - secrets: inherit + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Setup Java + uses: actions/setup-java@v4 + with: + cache: gradle + distribution: temurin + java-version: ${{ env.JAVAVERSION }} + - name: Setup Gradle + uses: gradle/gradle-build-action@v3.5.0 + with: + gradle-version: "7.6" + - name: Install Yarn + run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 + - name: Update PATH for Yarn + run: | + echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" + echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + uses: pulumi/git-status-check-action@v1 + with: + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Compress ${{ matrix.language }} SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }}/ . + - name: Upload ${{ matrix.language }} artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - java + - go publish: name: publish - permissions: - contents: write needs: - prerequisites - - build_provider - - test - - license_check + - test-nodejs + - test-python + - test-dotnet + - test-go uses: ./.github/workflows/publish.yml secrets: inherit with: @@ -73,102 +199,394 @@ jobs: isPrerelease: true skipGoSdk: true - tag_release_if_labeled_needs_release: - name: Tag release if labeled as needs-release - needs: publish + test-nodejs: + name: Run NodeJS Tests + needs: + - prerequisites + - build_sdk runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - - name: check if this commit needs release - if: ${{ env.RELEASE_BOT_ENDPOINT != '' }} - uses: pulumi/action-release-by-pr-label@main - with: - command: "release-if-needed" - repo: ${{ github.repository }} - commit: ${{ github.sha }} - slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} - env: - RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} - RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - test: - name: test + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install dependencies + run: make install_nodejs_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Generate go test Slice + id: test_split + uses: hashicorp-forge/go-test-split-action@v2.0.0 + with: + working-directory: tests + flags: -tags=nodejs + total: ${{ matrix.total }} + index: ${{ matrix.index }} + - name: Run tests + run: cd tests && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt + strategy: + fail-fast: false + max-parallel: 10 + matrix: + total: [15] + index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14] + test-python: + name: Run Python Tests needs: - prerequisites - build_sdk - permissions: - contents: read - id-token: write runs-on: ubuntu-latest env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - # Run as first step so we don't delete things that have just been installed - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be - with: - tool-cache: false - swap-storage: false - dotnet: false - - name: Checkout Repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, ${{ matrix.language }} - - name: Download bin - uses: ./.github/actions/download-bin - - name: Add NuGet source - if: matrix.language == 'dotnet' - run: dotnet nuget add source ${{ github.workspace }}/nuget - - name: Download SDK - uses: ./.github/actions/download-sdk - with: - language: ${{ matrix.language }} - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Install Python deps - if: matrix.language == 'python' - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: eks@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Install dependencies - run: make install_${{ matrix.language}}_sdk - - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@v4 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - - name: Run example tests - run: make test_${{ matrix.language }} + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download NodeJS SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress NodeJS SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install NodeJS SDK + run: make install_nodejs_sdk + - name: Download Python SDK + uses: actions/download-artifact@v4 + with: + name: python-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress Python SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python + - name: Install dependencies + run: make install_python_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Generate go test Slice + id: test_split + uses: hashicorp-forge/go-test-split-action@v2.0.0 + with: + working-directory: tests + flags: -tags=python + total: ${{ matrix.total }} + index: ${{ matrix.index }} + - name: Run tests + run: cd tests && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt strategy: fail-fast: false + max-parallel: 4 matrix: - language: - - nodejs - - python - - dotnet - - go - - java + total: [6] + index: [0, 1, 2, 3, 4, 5] + test-dotnet: + name: Run DotNet Tests + needs: + - prerequisites + - build_sdk + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download NodeJS SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress NodeJS SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install NodeJS SDK + run: make install_nodejs_sdk + - name: Download DotNet SDK + uses: actions/download-artifact@v4 + with: + name: dotnet-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress DotNet SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet + - name: Install dependencies + run: make install_dotnet_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Run tests + run: cd tests && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt + test-go: + name: Run Go Tests + needs: + - prerequisites + - build_sdk + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download NodeJS SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress NodeJS SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install NodeJS SDK + run: make install_nodejs_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - name: Download Go SDK + uses: actions/download-artifact@v4 + with: + name: go-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress Go SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/go.tar.gz -C ${{github.workspace}}/sdk/go + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Run tests + run: cd tests && go test -tags=go -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt name: master -on: - workflow_dispatch: {} +"on": push: branches: - - master + - master + - feature/1.x paths-ignore: - - "**.md" + - CHANGELOG.md tags-ignore: - - v* - - sdk/* - - "**" + - v* + - sdk/* + - "**" + workflow_dispatch: {} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 334f20f95..9ab165483 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,4 +1,4 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +# WARNING: This file was adapted from pulumi-aws and needs to be folded back into https://github.com/pulumi/ci-mgmt name: Publish on: @@ -17,20 +17,15 @@ on: env: IS_PRERELEASE: ${{ inputs.isPrerelease }} - ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - GOLANGCI_LINT_VERSION: v1.61.0 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} - PROVIDER: eks PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io - PULUMI_ENABLE_RESOURCE_REFERENCES: "1" PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} @@ -38,12 +33,48 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - TF_APPEND_USER_AGENT: pulumi jobs: + + # TODO this job is specific for EKS and needs to be retrofitted to be part of prerequisites so that test run against + # the actual provider build being published, not a separate set of binaries. Inserting a separate job temporarily. + dist: + name: dist + runs-on: ubuntu-latest + strategy: + matrix: + os: [linux, darwin, windows] + arch: [amd64, arm64] + exclude: + - os: windows + arch: arm64 + env: + PROVIDER_VERSION: ${{ inputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - uses: MOZGIII/install-ldid-action@v1 + with: + tag: v2.1.5-procursus2 + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Make Provider Binary + run: make dist/pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.os }}-${{ matrix.arch }}.tar.gz + - name: Upload + uses: actions/upload-artifact@v4 + with: + name: pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.os }}-${{ matrix.arch }}.tar.gz + path: dist/pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.os }}-${{ matrix.arch }}.tar.gz + retention-days: 30 + publish: name: publish + needs: + - dist runs-on: ubuntu-latest steps: - name: Validate prerelease @@ -54,8 +85,6 @@ jobs: run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 - name: Checkout Repo uses: actions/checkout@v4 - with: - persist-credentials: false - name: Setup tools uses: ./.github/actions/setup-tools with: @@ -68,7 +97,7 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 role-external-id: upload-pulumi-release - role-session-name: eks@githubActions + role-session-name: aws@githubActions role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - name: Create dist directory run: mkdir -p dist @@ -81,7 +110,7 @@ jobs: merge-multiple: true - name: Calculate checksums working-directory: dist - run: shasum ./*.tar.gz > "pulumi-eks_${{ inputs.version }}_checksums.txt" + run: shasum ./*.tar.gz > pulumi-eks_${{ inputs.version }}_checksums.txt - name: Get Schema Change Summary id: schema-summary shell: bash @@ -91,7 +120,7 @@ jobs: { echo 'summary<> "$GITHUB_OUTPUT" @@ -109,7 +138,7 @@ jobs: generate_release_notes: true files: dist/* env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} publish_sdk: name: publish_sdk @@ -119,8 +148,7 @@ jobs: - name: Checkout Repo uses: actions/checkout@v4 with: - # Persist credentials so we can push back to the repo - persist-credentials: true + submodules: true - name: Setup tools uses: ./.github/actions/setup-tools with: @@ -173,13 +201,11 @@ jobs: # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped if: inputs.isPrerelease == false needs: create_docs_build - + runs-on: ubuntu-latest steps: - name: Checkout Repo uses: actions/checkout@v4 - with: - persist-credentials: false - name: Clean up release labels uses: pulumi/action-release-by-pr-label@main with: @@ -188,14 +214,3 @@ jobs: commit: ${{ github.sha }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - verify_release: - name: verify_release - needs: publish_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ inputs.version }} - # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. - enableMacosRunner: ${{ inputs.isPrerelease == false }} - skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 6dfee6450..8a1c03d6e 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,47 +1,21 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: pull-request +"on": + pull_request_target: env: - ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} - ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - GOLANGCI_LINT_VERSION: v1.61.0 - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} - PROVIDER: eks - PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} - PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} - PULUMI_API: https://api.pulumi-staging.io - PULUMI_ENABLE_RESOURCE_REFERENCES: "1" - PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} - PYPI_USERNAME: __token__ - SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} - SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} - SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - TF_APPEND_USER_AGENT: pulumi + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: comment-on-pr: + # We only care about commenting on a PR if the PR is from a fork if: github.event.pull_request.head.repo.full_name != github.repository - name: comment-on-pr runs-on: ubuntu-latest steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Comment PR - uses: thollander/actions-comment-pull-request@v2 - with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - message: > - PR is now waiting for a maintainer to run the acceptance tests. - - **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR -name: pull-request -on: - pull_request_target: {} + - uses: actions/checkout@v4 + - name: Comment PR + uses: thollander/actions-comment-pull-request@main + with: + message: | + PR is now waiting for a maintainer to run the acceptance tests. This PR will only perform build and linting. + **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a04ede301..deb65b9cb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,16 +1,8 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt -name: release -on: - push: - tags: - - v*.*.* - - "!v*.*.*-**" - env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GOLANGCI_LINT_VERSION: v1.61.0 NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} @@ -20,127 +12,566 @@ env: PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io - PULUMI_ENABLE_RESOURCE_REFERENCES: "1" - PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - TF_APPEND_USER_AGENT: pulumi + PULUMI_ENABLE_RESOURCE_REFERENCES: 1 + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + GOVERSION: "1.21.x" + DOTNETVERSION: "6.x" + PYTHONVERSION: "3.8" + JAVAVERSION: "11" jobs: - prerequisites: - uses: ./.github/workflows/prerequisites.yml - secrets: inherit - with: - default_branch: ${{ github.event.repository.default_branch }} - is_pr: ${{ github.event_name == 'pull_request' }} - is_automated: ${{ github.actor == 'dependabot[bot]' }} - - build_provider: - uses: ./.github/workflows/build_provider.yml - needs: prerequisites - secrets: inherit - with: - version: ${{ needs.prerequisites.outputs.version }} - + lint: + name: Lint and unit test + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Install Yarn + run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 + - name: Update PATH for Yarn + run: | + echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" + echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" + - name: Run nodejs linter + run: make lint + - name: golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: ${{ env.GOLANGCI_LINT_VERSION }} + args: -c ../.golangci.yml + working-directory: provider + - name: Run unit tests + run: make test_unit_tests build_sdk: name: build_sdk + runs-on: ubuntu-latest needs: prerequisites - uses: ./.github/workflows/build_sdk.yml - secrets: inherit - with: - version: ${{ needs.prerequisites.outputs.version }} - - lint: - name: lint - uses: ./.github/workflows/lint.yml - secrets: inherit - license_check: - name: License Check - uses: ./.github/workflows/license.yml - secrets: inherit + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Setup Java + uses: actions/setup-java@v4 + with: + cache: gradle + distribution: temurin + java-version: ${{ env.JAVAVERSION }} + - name: Setup Gradle + uses: gradle/gradle-build-action@v3.5.0 + with: + gradle-version: "7.6" + - name: Install Yarn + run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 + - name: Update PATH for Yarn + run: | + echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" + echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + uses: pulumi/git-status-check-action@v1 + with: + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Compress ${{ matrix.language }} SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }}/ . + - name: Upload ${{ matrix.language }} artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - java + - go + prerequisites: + name: prerequisites + runs-on: ubuntu-latest + outputs: + version: ${{ steps.provider-version.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - uses: pulumi/provider-version-action@v1 + id: provider-version + with: + set-env: "PROVIDER_VERSION" + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Build provider binary + schema + run: make schema provider + - name: Check worktree clean + uses: pulumi/git-status-check-action@v1 + with: + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Tar provider binaries + run: + tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin/ pulumi-resource-${{ env.PROVIDER }} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + strategy: + fail-fast: true publish: name: publish - permissions: - contents: write - pull-requests: write needs: - prerequisites - - build_provider - - test - - license_check + - test-nodejs + - test-python + - test-dotnet + - test-go uses: ./.github/workflows/publish.yml secrets: inherit with: version: ${{ needs.prerequisites.outputs.version }} - isPrerelease: false + isPrerelease: ${{ contains(github.ref_name,'-') || github.event_name == 'workflow_dispatch' }} - test: - name: test + test-nodejs: + name: Run NodeJS Tests needs: - prerequisites - build_sdk - permissions: - contents: read - id-token: write runs-on: ubuntu-latest env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - # Run as first step so we don't delete things that have just been installed - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be - with: - tool-cache: false - swap-storage: false - dotnet: false - - name: Checkout Repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, ${{ matrix.language }} - - name: Download bin - uses: ./.github/actions/download-bin - - name: Add NuGet source - if: matrix.language == 'dotnet' - run: dotnet nuget add source ${{ github.workspace }}/nuget - - name: Download SDK - uses: ./.github/actions/download-sdk - with: - language: ${{ matrix.language }} - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Install Python deps - if: matrix.language == 'python' - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: eks@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Install dependencies - run: make install_${{ matrix.language}}_sdk - - name: Run example tests - run: make test_${{ matrix.language }} + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install dependencies + run: make install_nodejs_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Generate go test Slice + id: test_split + uses: hashicorp-forge/go-test-split-action@v2.0.0 + with: + working-directory: tests + flags: -tags=nodejs + total: ${{ matrix.total }} + index: ${{ matrix.index }} + - name: Run tests + run: cd tests && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt strategy: fail-fast: false + max-parallel: 10 matrix: - language: - - nodejs - - python - - dotnet - - go - - java + total: [15] + index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14] + test-python: + name: Run Python Tests + needs: + - prerequisites + - build_sdk + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download NodeJS SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress NodeJS SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install NodeJS SDK + run: make install_nodejs_sdk + - name: Download Python SDK + uses: actions/download-artifact@v4 + with: + name: python-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress Python SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python + - name: Install dependencies + run: make install_python_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Generate go test Slice + id: test_split + uses: hashicorp-forge/go-test-split-action@v2.0.0 + with: + working-directory: tests + flags: -tags=python + total: ${{ matrix.total }} + index: ${{ matrix.index }} + - name: Run tests + run: cd tests && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt + strategy: + fail-fast: false + max-parallel: 4 + matrix: + total: [6] + index: [0, 1, 2, 3, 4, 5] + test-dotnet: + name: Run DotNet Tests + needs: + - prerequisites + - build_sdk + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download NodeJS SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress NodeJS SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install NodeJS SDK + run: make install_nodejs_sdk + - name: Download DotNet SDK + uses: actions/download-artifact@v4 + with: + name: dotnet-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress DotNet SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet + - name: Install dependencies + run: make install_dotnet_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Run tests + run: cd tests && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt + test-go: + name: Run Go Tests + needs: + - prerequisites + - build_sdk + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download NodeJS SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress NodeJS SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install NodeJS SDK + run: make install_nodejs_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - name: Download Go SDK + uses: actions/download-artifact@v4 + with: + name: go-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress Go SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/go.tar.gz -C ${{github.workspace}}/sdk/go + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Run tests + run: cd tests && go test -tags=go -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt +name: release +"on": + push: + tags: + - v*.*.* + workflow_dispatch: {} diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 0abf5abcd..ff8463929 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -1,17 +1,10 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt - -name: run-acceptance-tests - +name: Run Acceptance Tests from PR on: - pull_request: - paths-ignore: - - CHANGELOG.md repository_dispatch: - types: - - run-acceptance-tests-command + types: [run-acceptance-tests-command] + pull_request: {} env: - PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 @@ -19,212 +12,693 @@ env: GOLANGCI_LINT_VERSION: v1.61.0 NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} PROVIDER: eks PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io - PULUMI_ENABLE_RESOURCE_REFERENCES: "1" PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} - PYPI_USERNAME: __token__ + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - TF_APPEND_USER_AGENT: pulumi - -# This should cancel any previous runs of the same workflow on the same branch which are still running. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - + PULUMI_ENABLE_RESOURCE_REFERENCES: 1 + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + GOVERSION: "1.21.x" + DOTNETVERSION: "6.x" + PYTHONVERSION: "3.8" + JAVAVERSION: "11" jobs: - prerequisites: - if: github.event_name == 'repository_dispatch' || - github.event.pull_request.head.repo.full_name == github.repository - permissions: - pull-requests: write - uses: ./.github/workflows/prerequisites.yml - secrets: inherit - with: - default_branch: ${{ github.event.repository.default_branch }} - is_pr: ${{ github.event_name == 'pull_request' }} - is_automated: ${{ github.actor == 'dependabot[bot]' }} - - build_provider: - uses: ./.github/workflows/build_provider.yml - needs: prerequisites - secrets: inherit - with: - version: ${{ needs.prerequisites.outputs.version }} - - build_sdk: - if: github.event_name == 'repository_dispatch' || - github.event.pull_request.head.repo.full_name == github.repository - name: build_sdk - needs: prerequisites - uses: ./.github/workflows/build_sdk.yml - secrets: inherit - with: - version: ${{ needs.prerequisites.outputs.version }} - comment-notification: if: github.event_name == 'repository_dispatch' - name: comment-notification - permissions: - pull-requests: write runs-on: ubuntu-latest steps: - - id: run-url - name: Create URL to the run output - run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" - - name: Update with Result - uses: peter-evans/create-or-update-comment@v1 - with: - body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" - issue-number: ${{ github.event.client_payload.github.payload.issue.number }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - token: ${{ secrets.GITHUB_TOKEN }} + - name: Create URL to the run output + id: vars + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@v4 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + body: | + Please view the PR build - ${{ steps.vars.outputs.run-url }} lint: - if: github.event_name == 'repository_dispatch' || - github.event.pull_request.head.repo.full_name == github.repository - name: lint - uses: ./.github/workflows/lint.yml - secrets: inherit - sentinel: - name: sentinel - if: github.event_name == 'repository_dispatch' || - github.event.pull_request.head.repo.full_name == github.repository - permissions: - statuses: write + name: Lint and unit test + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Install Yarn + run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 + - name: Update PATH for Yarn + run: | + echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" + echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" + - name: Run nodejs linter + run: make lint + - name: golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: ${{ env.GOLANGCI_LINT_VERSION }} + args: -c ../.golangci.yml + working-directory: provider + - name: Run unit tests + run: make test_unit_tests + prerequisites: + name: prerequisites + runs-on: ubuntu-latest + if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository + outputs: + version: ${{ steps.provider-version.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - uses: pulumi/provider-version-action@v1 + id: provider-version + with: + set-env: "PROVIDER_VERSION" + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Schema Tools + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/schema-tools + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Build provider binary + schema + run: make schema provider + - name: Check Schema is Valid + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + { + echo "SCHEMA_CHANGES<<$EOF" + schema-tools compare -p eks -o ${{ github.base_ref || 'master' }} -n --local-path=provider/cmd/pulumi-resource-eks/schema.json + echo "$EOF" + } >> "$GITHUB_ENV" + - if: github.event_name == 'pull_request' + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@v2 + with: + comment_tag: schemaCheck + message: | + ${{ env.SCHEMA_CHANGES }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Check worktree clean + uses: pulumi/git-status-check-action@v1 + with: + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Tar provider binaries + run: + tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin/ pulumi-resource-${{ env.PROVIDER }} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + strategy: + fail-fast: true + build_sdk: + name: Build ${{ matrix.language }} SDK + runs-on: ubuntu-latest + needs: prerequisites + if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Setup Java + uses: actions/setup-java@v4 + with: + cache: gradle + distribution: temurin + java-version: ${{ env.JAVAVERSION }} + - name: Setup Gradle + uses: gradle/gradle-build-action@v3.5.0 + with: + gradle-version: "7.6" + - name: Install Yarn + run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 + - name: Update PATH for Yarn + run: | + echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" + echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + uses: pulumi/git-status-check-action@v1 + with: + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Compress ${{ matrix.language }} SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }}/ . + - name: Upload ${{ matrix.language }} artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + test-nodejs-upgrade: + name: Run NodeJS Upgrade Tests needs: - - test - - build_provider - - license_check - - lint + - prerequisites + - build_sdk runs-on: ubuntu-latest + if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 - with: - authToken: ${{secrets.GITHUB_TOKEN}} - # Write an explicit status check called "Sentinel" which will only pass if this code really runs. - # This should always be a required check for PRs. - context: 'Sentinel' - description: 'All required checks passed' - state: 'success' - # Write to the PR commit SHA if it's available as we don't want the merge commit sha, - # otherwise use the current SHA for any other type of build. - sha: ${{ github.event.pull_request.head.sha || github.sha }} + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install Kubectl + run: | + curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x ./kubectl + sudo mv kubectl /usr/local/bin + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/action-install-pulumi-cli@v2.0.0 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install dependencies + run: make install_nodejs_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Clear GitHub Actions Ubuntu runner disk space + uses: jlumbroso/free-disk-space@v1.3.1 + with: + tool-cache: false + dotnet: false + android: true + haskell: true + swap-storage: true + large-packages: false + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Run upgrade tests + run: make test_nodejs_upgrade - # TODO: Extract into shared action. - test: - if: github.event_name == 'repository_dispatch' || - github.event.pull_request.head.repo.full_name == github.repository - name: test + test-nodejs: + name: Run NodeJS Tests + needs: + - prerequisites + - build_sdk + runs-on: ubuntu-latest + if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install Kubectl + run: | + curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x ./kubectl + sudo mv kubectl /usr/local/bin + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install dependencies + run: make install_nodejs_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Generate go test Slice + id: test_split + uses: hashicorp-forge/go-test-split-action@v2.0.0 + with: + working-directory: tests + flags: -tags=nodejs + total: ${{ matrix.total }} + index: ${{ matrix.index }} + - name: Run tests + run: cd tests && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt + strategy: + fail-fast: false + max-parallel: 10 + matrix: + total: [15] + index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14] + test-python: + name: Run Python Tests needs: - prerequisites - build_sdk - permissions: - contents: read - id-token: write runs-on: ubuntu-latest + if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository env: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - # Run as first step so we don't delete things that have just been installed - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be - with: - tool-cache: false - swap-storage: false - dotnet: false - - name: Checkout Repo - uses: actions/checkout@v4 - with: - ref: ${{ env.PR_COMMIT_SHA }} - persist-credentials: false - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go, nodejs, python, dotnet, java - - name: Download bin - uses: ./.github/actions/download-bin - - name: Add NuGet source - run: dotnet nuget add source ${{ github.workspace }}/nuget - - name: Download nodejs SDK - uses: ./.github/actions/download-sdk - with: - language: nodejs - - name: Download python SDK - uses: ./.github/actions/download-sdk - with: - language: python - - name: Download dotnet SDK - uses: ./.github/actions/download-sdk - with: - language: dotnet - - name: Download go SDK - uses: ./.github/actions/download-sdk - with: - language: go - - name: Download java SDK - uses: ./.github/actions/download-sdk - with: - language: java - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Install Python deps - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: eks@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Install dependencies - run: make install_sdks - - name: Generate shard - id: shard - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: examples # TODO: Parameterize this. - flags: -tags=all - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run example tests - run: make test_shard - env: - TAGS: all - TESTS: ${{ steps.shard.outputs.run}} - - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@v4 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download NodeJS SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress NodeJS SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install NodeJS SDK + run: make install_nodejs_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - name: Download Python SDK + uses: actions/download-artifact@v4 + with: + name: python-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress Python SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python + - name: Install dependencies + run: make install_python_sdk + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Generate go test Slice + id: test_split + uses: hashicorp-forge/go-test-split-action@v2.0.0 + with: + working-directory: tests + flags: -tags=python + total: ${{ matrix.total }} + index: ${{ matrix.index }} + - name: Run tests + run: cd tests && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt strategy: fail-fast: false + max-parallel: 4 matrix: - total: - - 10 - index: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - - 8 - - 9 - license_check: - name: License Check - uses: ./.github/workflows/license.yml - secrets: inherit + total: [6] + index: [0, 1, 2, 3, 4, 5] + test-dotnet: + name: Run DotNet Tests + needs: + - prerequisites + - build_sdk + runs-on: ubuntu-latest + if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download NodeJS SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress NodeJS SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install NodeJS SDK + run: make install_nodejs_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - name: Download DotNet SDK + uses: actions/download-artifact@v4 + with: + name: dotnet-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress DotNet SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet + - name: Install dependencies + run: make install_dotnet_sdk + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Run tests + run: cd tests && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt + test-go: + name: Run Go Tests + needs: + - prerequisites + - build_sdk + runs-on: ubuntu-latest + if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.12.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: .node-version + registry-url: https://registry.npmjs.org + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Download provider binary + uses: actions/download-artifact@v4 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace + }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Download NodeJS SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress NodeJS SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install NodeJS SDK + run: make install_nodejs_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.4.0 + - name: Download Go SDK + uses: actions/download-artifact@v4 + with: + name: go-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress Go SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/go.tar.gz -C ${{github.workspace}}/sdk/go + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + - name: Run tests + run: cd tests && go test -tags=go -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt From 3f0ba46eb180438965aa22abd5443d67aab15fa3 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Fri, 15 Nov 2024 13:53:56 -0800 Subject: [PATCH 35/44] regenerate workflows --- .github/actions/setup-tools/action.yml | 7 +- .github/workflows/command-dispatch.yml | 60 +- .github/workflows/community-moderation.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/master.yml | 618 ++--------------- .github/workflows/prerelease.yml | 65 +- .github/workflows/publish.yml | 77 +- .github/workflows/pull-request.yml | 54 +- .github/workflows/release.yml | 598 ++-------------- .github/workflows/release_command.yml | 2 +- .github/workflows/run-acceptance-tests.yml | 772 +++------------------ .github/workflows/test.yml | 140 ++++ .mk/defaults.mk | 246 ------- .mk/vars.mk | 33 - 14 files changed, 492 insertions(+), 2184 deletions(-) create mode 100644 .github/workflows/test.yml delete mode 100644 .mk/defaults.mk delete mode 100644 .mk/vars.mk diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index e6437b7bb..642d1d223 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -22,9 +22,7 @@ runs: if: inputs.tools == 'all' || contains(inputs.tools, 'go') uses: actions/setup-go@v5 with: - # TODO: here pulumi-eks diverges from the 1.21.x standard, to upgrade separately. - # go-version: "1.21.x" - go-version: "1.18.x" + go-version: "1.21.x" cache-dependency-path: | provider/*.sum upstream/*.sum @@ -53,8 +51,7 @@ runs: if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs') uses: actions/setup-node@v4 with: - # TODO: here pulumi-eks diverges from 20.x standard; will need to update. - node-version: 18.x + node-version: 20.x registry-url: https://registry.npmjs.org - name: Setup DotNet diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index c30d3286f..1e084dc3e 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -1,19 +1,51 @@ -name: Command Dispatch for testing -on: - issue_comment: - types: [created, edited] +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi jobs: command-dispatch-for-testing: + name: command-dispatch-for-testing runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Run Build - uses: peter-evans/slash-command-dispatch@v4 - with: - token: ${{ secrets.PULUMI_BOT_TOKEN }} - reaction-token: ${{ secrets.GITHUB_TOKEN }} - commands: run-acceptance-tests - permission: write - issue-type: pull-request - repository: pulumi/pulumi-eks + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - uses: peter-evans/slash-command-dispatch@v4 + with: + commands: | + run-acceptance-tests + release + issue-type: pull-request + permission: write + reaction-token: ${{ secrets.GITHUB_TOKEN }} + repository: pulumi/pulumi-eks + token: ${{ secrets.PULUMI_BOT_TOKEN }} +name: command-dispatch +on: + issue_comment: + types: + - created + - edited diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml index 2afb297c2..fc701df62 100644 --- a/.github/workflows/community-moderation.yml +++ b/.github/workflows/community-moderation.yml @@ -1,4 +1,4 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 6d12e18d9..d140a7d4c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,4 +1,4 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt name: lint diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index e84a417e0..90ab4c386 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -1,8 +1,10 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} GOLANGCI_LINT_VERSION: v1.61.0 NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} @@ -12,186 +14,58 @@ env: PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - PYPI_USERNAME: __token__ - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - PULUMI_ENABLE_RESOURCE_REFERENCES: 1 - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - GOVERSION: "1.21.x" - DOTNETVERSION: "6.x" - PYTHONVERSION: "3.8" - JAVAVERSION: "11" + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi jobs: - lint: - name: Lint and unit test - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Run nodejs linter - run: make lint - - name: golangci-lint - uses: golangci/golangci-lint-action@v6 - with: - version: ${{ env.GOLANGCI_LINT_VERSION }} - args: -c ../.golangci.yml - working-directory: provider - - name: Run unit tests - run: make test_unit_tests prerequisites: - name: prerequisites - runs-on: ubuntu-latest - outputs: - version: ${{ steps.provider-version.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - uses: pulumi/provider-version-action@v1 - id: provider-version - with: - set-env: "PROVIDER_VERSION" - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Build provider binary + schema - run: make schema provider - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Tar provider binaries - run: - tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin/ pulumi-resource-${{ env.PROVIDER }} - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin/provider.tar.gz - - if: failure() && github.event_name == 'push' - name: Notify Slack - uses: 8398a7/action-slack@v3 - with: - author_name: Failure in building provider prerequisites - fields: repo,commit,author,action - status: ${{ job.status }} - strategy: - fail-fast: true + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: name: build_sdk - runs-on: ubuntu-latest needs: prerequisites - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Java - uses: actions/setup-java@v4 - with: - cache: gradle - distribution: temurin - java-version: ${{ env.JAVAVERSION }} - - name: Setup Gradle - uses: gradle/gradle-build-action@v3.5.0 - with: - gradle-version: "7.6" - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Build SDK - run: make build_${{ matrix.language }} - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Compress ${{ matrix.language }} SDK folder - run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }}/ . - - name: Upload ${{ matrix.language }} artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz - strategy: - fail-fast: true - matrix: - language: - - nodejs - - python - - dotnet - - java - - go + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit publish: name: publish + permissions: + contents: write needs: - prerequisites - - test-nodejs - - test-python - - test-dotnet - - test-go + - build_provider + - test + - license_check uses: ./.github/workflows/publish.yml secrets: inherit with: @@ -199,394 +73,42 @@ jobs: isPrerelease: true skipGoSdk: true - test-nodejs: - name: Run NodeJS Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install dependencies - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: tests - flags: -tags=nodejs - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd tests && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt - strategy: - fail-fast: false - max-parallel: 10 - matrix: - total: [15] - index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14] - test-python: - name: Run Python Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Install Python deps - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Download Python SDK - uses: actions/download-artifact@v4 - with: - name: python-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Python SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python - - name: Install dependencies - run: make install_python_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: tests - flags: -tags=python - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd tests && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt - strategy: - fail-fast: false - max-parallel: 4 - matrix: - total: [6] - index: [0, 1, 2, 3, 4, 5] - test-dotnet: - name: Run DotNet Tests - needs: - - prerequisites - - build_sdk + tag_release_if_labeled_needs_release: + name: Tag release if labeled as needs-release + needs: publish runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Download DotNet SDK - uses: actions/download-artifact@v4 - with: - name: dotnet-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress DotNet SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet - - name: Install dependencies - run: make install_dotnet_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - run: dotnet nuget add source ${{ github.workspace }}/nuget - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd tests && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt - test-go: - name: Run Go Tests + - name: check if this commit needs release + if: ${{ env.RELEASE_BOT_ENDPOINT != '' }} + uses: pulumi/action-release-by-pr-label@main + with: + command: "release-if-needed" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} + env: + RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} + RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + test: + uses: ./.github/workflows/test.yml needs: - prerequisites - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Go SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/go.tar.gz -C ${{github.workspace}}/sdk/go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd tests && go test -tags=go -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + name: master -"on": +on: + workflow_dispatch: {} push: branches: - - master - - feature/1.x + - master paths-ignore: - - CHANGELOG.md + - "**.md" tags-ignore: - - v* - - sdk/* - - "**" - workflow_dispatch: {} + - v* + - sdk/* + - "**" diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 81845a329..505c62225 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -74,70 +74,13 @@ jobs: isPrerelease: true test: - name: test + uses: ./.github/workflows/test.yml needs: - prerequisites - build_sdk - permissions: - contents: read - id-token: write - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - # Run as first step so we don't delete things that have just been installed - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be - with: - tool-cache: false - swap-storage: false - dotnet: false - - name: Checkout Repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java - - name: Download bin - uses: ./.github/actions/download-bin - - name: Add NuGet source - if: matrix.language == 'dotnet' - run: dotnet nuget add source ${{ github.workspace }}/nuget - - name: Download SDK - uses: ./.github/actions/download-sdk - with: - language: ${{ matrix.language }} - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Install Python deps - if: matrix.language == 'python' - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: eks@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Install dependencies - run: make install_${{ matrix.language}}_sdk - - name: Run example tests - run: make test_${{ matrix.language }} - strategy: - fail-fast: false - matrix: - language: - - nodejs - - python - - dotnet - - go - - java + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} name: prerelease on: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9ab165483..334f20f95 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,4 +1,4 @@ -# WARNING: This file was adapted from pulumi-aws and needs to be folded back into https://github.com/pulumi/ci-mgmt +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt name: Publish on: @@ -17,15 +17,20 @@ on: env: IS_PRERELEASE: ${{ inputs.isPrerelease }} + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} @@ -33,48 +38,12 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi jobs: - - # TODO this job is specific for EKS and needs to be retrofitted to be part of prerequisites so that test run against - # the actual provider build being published, not a separate set of binaries. Inserting a separate job temporarily. - dist: - name: dist - runs-on: ubuntu-latest - strategy: - matrix: - os: [linux, darwin, windows] - arch: [amd64, arm64] - exclude: - - os: windows - arch: arm64 - env: - PROVIDER_VERSION: ${{ inputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - uses: MOZGIII/install-ldid-action@v1 - with: - tag: v2.1.5-procursus2 - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Make Provider Binary - run: make dist/pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.os }}-${{ matrix.arch }}.tar.gz - - name: Upload - uses: actions/upload-artifact@v4 - with: - name: pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.os }}-${{ matrix.arch }}.tar.gz - path: dist/pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.os }}-${{ matrix.arch }}.tar.gz - retention-days: 30 - publish: name: publish - needs: - - dist runs-on: ubuntu-latest steps: - name: Validate prerelease @@ -85,6 +54,8 @@ jobs: run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 - name: Checkout Repo uses: actions/checkout@v4 + with: + persist-credentials: false - name: Setup tools uses: ./.github/actions/setup-tools with: @@ -97,7 +68,7 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 role-external-id: upload-pulumi-release - role-session-name: aws@githubActions + role-session-name: eks@githubActions role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - name: Create dist directory run: mkdir -p dist @@ -110,7 +81,7 @@ jobs: merge-multiple: true - name: Calculate checksums working-directory: dist - run: shasum ./*.tar.gz > pulumi-eks_${{ inputs.version }}_checksums.txt + run: shasum ./*.tar.gz > "pulumi-eks_${{ inputs.version }}_checksums.txt" - name: Get Schema Change Summary id: schema-summary shell: bash @@ -120,7 +91,7 @@ jobs: { echo 'summary<> "$GITHUB_OUTPUT" @@ -138,7 +109,7 @@ jobs: generate_release_notes: true files: dist/* env: - GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} publish_sdk: name: publish_sdk @@ -148,7 +119,8 @@ jobs: - name: Checkout Repo uses: actions/checkout@v4 with: - submodules: true + # Persist credentials so we can push back to the repo + persist-credentials: true - name: Setup tools uses: ./.github/actions/setup-tools with: @@ -201,11 +173,13 @@ jobs: # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped if: inputs.isPrerelease == false needs: create_docs_build - + runs-on: ubuntu-latest steps: - name: Checkout Repo uses: actions/checkout@v4 + with: + persist-credentials: false - name: Clean up release labels uses: pulumi/action-release-by-pr-label@main with: @@ -214,3 +188,14 @@ jobs: commit: ${{ github.sha }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 8a1c03d6e..c490a4fe0 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,21 +1,47 @@ -name: pull-request -"on": - pull_request_target: +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi jobs: comment-on-pr: - # We only care about commenting on a PR if the PR is from a fork if: github.event.pull_request.head.repo.full_name != github.repository + name: comment-on-pr runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Comment PR - uses: thollander/actions-comment-pull-request@main - with: - message: | - PR is now waiting for a maintainer to run the acceptance tests. This PR will only perform build and linting. - **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Comment PR + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + message: > + PR is now waiting for a maintainer to run the acceptance tests. + + **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR +name: pull-request +on: + pull_request_target: {} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index deb65b9cb..eeb01e5ec 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,16 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: release +on: + push: + tags: + - v*.*.* + - "!v*.*.*-**" + env: ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} GOLANGCI_LINT_VERSION: v1.61.0 NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} @@ -12,566 +20,70 @@ env: PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - PYPI_USERNAME: __token__ - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - PULUMI_ENABLE_RESOURCE_REFERENCES: 1 - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - GOVERSION: "1.21.x" - DOTNETVERSION: "6.x" - PYTHONVERSION: "3.8" - JAVAVERSION: "11" + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi jobs: - lint: - name: Lint and unit test - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Run nodejs linter - run: make lint - - name: golangci-lint - uses: golangci/golangci-lint-action@v6 - with: - version: ${{ env.GOLANGCI_LINT_VERSION }} - args: -c ../.golangci.yml - working-directory: provider - - name: Run unit tests - run: make test_unit_tests + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: name: build_sdk - runs-on: ubuntu-latest needs: prerequisites - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Java - uses: actions/setup-java@v4 - with: - cache: gradle - distribution: temurin - java-version: ${{ env.JAVAVERSION }} - - name: Setup Gradle - uses: gradle/gradle-build-action@v3.5.0 - with: - gradle-version: "7.6" - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Build SDK - run: make build_${{ matrix.language }} - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Compress ${{ matrix.language }} SDK folder - run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }}/ . - - name: Upload ${{ matrix.language }} artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz - strategy: - fail-fast: true - matrix: - language: - - nodejs - - python - - dotnet - - java - - go - prerequisites: - name: prerequisites - runs-on: ubuntu-latest - outputs: - version: ${{ steps.provider-version.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - uses: pulumi/provider-version-action@v1 - id: provider-version - with: - set-env: "PROVIDER_VERSION" - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Build provider binary + schema - run: make schema provider - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Tar provider binaries - run: - tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin/ pulumi-resource-${{ env.PROVIDER }} - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin/provider.tar.gz - strategy: - fail-fast: true + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit publish: name: publish + permissions: + contents: write + pull-requests: write needs: - prerequisites - - test-nodejs - - test-python - - test-dotnet - - test-go + - build_provider + - test + - license_check uses: ./.github/workflows/publish.yml secrets: inherit with: version: ${{ needs.prerequisites.outputs.version }} - isPrerelease: ${{ contains(github.ref_name,'-') || github.event_name == 'workflow_dispatch' }} + isPrerelease: false - test-nodejs: - name: Run NodeJS Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install dependencies - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: tests - flags: -tags=nodejs - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd tests && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt - strategy: - fail-fast: false - max-parallel: 10 - matrix: - total: [15] - index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14] - test-python: - name: Run Python Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install Python deps - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Download Python SDK - uses: actions/download-artifact@v4 - with: - name: python-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Python SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python - - name: Install dependencies - run: make install_python_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: tests - flags: -tags=python - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd tests && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt - strategy: - fail-fast: false - max-parallel: 4 - matrix: - total: [6] - index: [0, 1, 2, 3, 4, 5] - test-dotnet: - name: Run DotNet Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Download DotNet SDK - uses: actions/download-artifact@v4 - with: - name: dotnet-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress DotNet SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet - - name: Install dependencies - run: make install_dotnet_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - run: dotnet nuget add source ${{ github.workspace }}/nuget - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd tests && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt - test-go: - name: Run Go Tests + test: + uses: ./.github/workflows/test.yml needs: - prerequisites - build_sdk - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Go SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/go.tar.gz -C ${{github.workspace}}/sdk/go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd tests && go test -tags=go -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt -name: release -"on": - push: - tags: - - v*.*.* - workflow_dispatch: {} + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} diff --git a/.github/workflows/release_command.yml b/.github/workflows/release_command.yml index 4029f32a7..f199952c8 100644 --- a/.github/workflows/release_command.yml +++ b/.github/workflows/release_command.yml @@ -1,4 +1,4 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt name: release-command on: diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index ff8463929..78a9fe024 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -1,10 +1,17 @@ -name: Run Acceptance Tests from PR +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: run-acceptance-tests + on: + pull_request: + paths-ignore: + - CHANGELOG.md repository_dispatch: - types: [run-acceptance-tests-command] - pull_request: {} + types: + - run-acceptance-tests-command env: + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 @@ -12,693 +19,116 @@ env: GOLANGCI_LINT_VERSION: v1.61.0 NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} PROVIDER: eks PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - PULUMI_ENABLE_RESOURCE_REFERENCES: 1 - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - GOVERSION: "1.21.x" - DOTNETVERSION: "6.x" - PYTHONVERSION: "3.8" - JAVAVERSION: "11" + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +# This should cancel any previous runs of the same workflow on the same branch which are still running. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: - comment-notification: - if: github.event_name == 'repository_dispatch' - runs-on: ubuntu-latest - steps: - - name: Create URL to the run output - id: vars - run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" - - name: Update with Result - uses: peter-evans/create-or-update-comment@v4 - with: - token: ${{ secrets.PULUMI_BOT_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - issue-number: ${{ github.event.client_payload.github.payload.issue.number }} - body: | - Please view the PR build - ${{ steps.vars.outputs.run-url }} - lint: - name: Lint and unit test - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Run nodejs linter - run: make lint - - name: golangci-lint - uses: golangci/golangci-lint-action@v6 - with: - version: ${{ env.GOLANGCI_LINT_VERSION }} - args: -c ../.golangci.yml - working-directory: provider - - name: Run unit tests - run: make test_unit_tests prerequisites: - name: prerequisites - runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - outputs: - version: ${{ steps.provider-version.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - uses: pulumi/provider-version-action@v1 - id: provider-version - with: - set-env: "PROVIDER_VERSION" - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Schema Tools - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/schema-tools - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Build provider binary + schema - run: make schema provider - - name: Check Schema is Valid - run: | - EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) - { - echo "SCHEMA_CHANGES<<$EOF" - schema-tools compare -p eks -o ${{ github.base_ref || 'master' }} -n --local-path=provider/cmd/pulumi-resource-eks/schema.json - echo "$EOF" - } >> "$GITHUB_ENV" - - if: github.event_name == 'pull_request' - name: Comment on PR with Details of Schema Check - uses: thollander/actions-comment-pull-request@v2 - with: - comment_tag: schemaCheck - message: | - ${{ env.SCHEMA_CHANGES }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Tar provider binaries - run: - tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin/ pulumi-resource-${{ env.PROVIDER }} - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin/provider.tar.gz - strategy: - fail-fast: true + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + pull-requests: write + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: - name: Build ${{ matrix.language }} SDK - runs-on: ubuntu-latest + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: build_sdk needs: prerequisites - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - ref: ${{ env.PR_COMMIT_SHA }} - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Java - uses: actions/setup-java@v4 - with: - cache: gradle - distribution: temurin - java-version: ${{ env.JAVAVERSION }} - - name: Setup Gradle - uses: gradle/gradle-build-action@v3.5.0 - with: - gradle-version: "7.6" - - name: Install Yarn - run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.22 - - name: Update PATH for Yarn - run: | - echo "$HOME/.yarn/bin" >> "$GITHUB_PATH" - echo "$HOME/.config/yarn/global/node_modules/.bin" >> "$GITHUB_PATH" - - name: Build SDK - run: make build_${{ matrix.language }} - - name: Check worktree clean - uses: pulumi/git-status-check-action@v1 - with: - allowed-changes: | - sdk/**/pulumi-plugin.json - sdk/dotnet/Pulumi.*.csproj - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Compress ${{ matrix.language }} SDK folder - run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }}/ . - - name: Upload ${{ matrix.language }} artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz - strategy: - fail-fast: true - matrix: - language: - - nodejs - - python - - dotnet - - go - - java - test-nodejs-upgrade: - name: Run NodeJS Upgrade Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - ref: ${{ env.PR_COMMIT_SHA }} - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install Kubectl - run: | - curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" - chmod +x ./kubectl - sudo mv kubectl /usr/local/bin - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/action-install-pulumi-cli@v2.0.0 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install dependencies - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Clear GitHub Actions Ubuntu runner disk space - uses: jlumbroso/free-disk-space@v1.3.1 - with: - tool-cache: false - dotnet: false - android: true - haskell: true - swap-storage: true - large-packages: false - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run upgrade tests - run: make test_nodejs_upgrade + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} - test-nodejs: - name: Run NodeJS Tests - needs: - - prerequisites - - build_sdk - runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - ref: ${{ env.PR_COMMIT_SHA }} - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install Kubectl - run: | - curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" - chmod +x ./kubectl - sudo mv kubectl /usr/local/bin - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install dependencies - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: tests - flags: -tags=nodejs - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd tests && go test -tags=nodejs -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt - strategy: - fail-fast: false - max-parallel: 10 - matrix: - total: [15] - index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14] - test-python: - name: Run Python Tests - needs: - - prerequisites - - build_sdk + comment-notification: + if: github.event_name == 'repository_dispatch' + name: comment-notification + permissions: + pull-requests: write runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Install Python deps - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Download Python SDK - uses: actions/download-artifact@v4 - with: - name: python-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Python SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python - - name: Install dependencies - run: make install_python_sdk - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Generate go test Slice - id: test_split - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: tests - flags: -tags=python - total: ${{ matrix.total }} - index: ${{ matrix.index }} - - name: Run tests - run: cd tests && go test -tags=python -v -json -count=1 -cover -timeout 3h -parallel 6 . --run="${{ steps.test_split.outputs.run}}" 2>&1 | tee /tmp/gotest.log | gotestfmt - strategy: - fail-fast: false - max-parallel: 4 - matrix: - total: [6] - index: [0, 1, 2, 3, 4, 5] - test-dotnet: - name: Run DotNet Tests + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@v1 + with: + body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + token: ${{ secrets.GITHUB_TOKEN }} + lint: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + test: + uses: ./.github/workflows/test.yml needs: - prerequisites - build_sdk - runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Download DotNet SDK - uses: actions/download-artifact@v4 - with: - name: dotnet-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress DotNet SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet - - name: Install dependencies - run: make install_dotnet_sdk - - run: dotnet nuget add source ${{ github.workspace }}/nuget - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd tests && go test -tags=dotnet -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt - test-go: - name: Run Go Tests + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + sentinel: + name: sentinel + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + statuses: write needs: - - prerequisites - - build_sdk + - test + - build_provider + - license_check + - lint runs-on: ubuntu-latest - if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVERSION }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: .node-version - registry-url: https://registry.npmjs.org - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Install awscli - run: | - python -m pip install --upgrade pip - pip install awscli --upgrade - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Download provider binary - uses: actions/download-artifact@v4 - with: - name: ${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace - }}/bin - - name: Restore binary perms - run: - find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Download NodeJS SDK - uses: actions/download-artifact@v4 - with: - name: nodejs-sdk.tar.gz - path: ${{ github.workspace}} - - name: Uncompress NodeJS SDK folder - run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs - - name: Install NodeJS SDK - run: make install_nodejs_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.4.0 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress Go SDK folder - run: tar -zxf ${{ github.workspace}}/sdk/go.tar.gz -C ${{github.workspace}}/sdk/go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: ${{ env.AWS_REGION }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-session-name: ${{ env.PROVIDER }}@githubActions - role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - - name: Link nodejs binary for testing - run: | - cd ${{ github.workspace }}/bin - yarn install && yarn link @pulumi/eks - - name: Run tests - run: cd tests && go test -tags=go -v -json -count=1 -cover -timeout 3h -parallel 6 . 2>&1 | tee /tmp/gotest.log | gotestfmt + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 + with: + authToken: ${{secrets.GITHUB_TOKEN}} + # Write an explicit status check called "Sentinel" which will only pass if this code really runs. + # This should always be a required check for PRs. + context: 'Sentinel' + description: 'All required checks passed' + state: 'success' + # Write to the PR commit SHA if it's available as we don't want the merge commit sha, + # otherwise use the current SHA for any other type of build. + sha: ${{ github.event.pull_request.head.sha || github.sha }} + + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 000000000..444c35671 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,140 @@ +name: "Test Provider" + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: Version of the provider to test + +env: + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + test: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: test + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ inputs.version }} + steps: + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + with: + tool-cache: false + swap-storage: false + dotnet: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, nodejs, python, dotnet, java + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download nodejs SDK + uses: ./.github/actions/download-sdk + with: + language: nodejs + - name: Download python SDK + uses: ./.github/actions/download-sdk + with: + language: python + - name: Download dotnet SDK + uses: ./.github/actions/download-sdk + with: + language: dotnet + - name: Download go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - name: Download java SDK + uses: ./.github/actions/download-sdk + with: + language: java + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Install dependencies + run: make install_sdks + + # TODO: This should be a make target. + - name: Generate shard + id: shard + uses: hashicorp-forge/go-test-split-action@v2.0.0 + with: + working-directory: examples # TODO: Parameterize this. + flags: -tags=all + total: ${{ matrix.total }} + index: ${{ matrix.index }} + - name: Run example tests + run: make test_shard + env: + TAGS: all + TESTS: ${{ steps.shard.outputs.run}} + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + strategy: + fail-fast: false + matrix: + total: + - 10 + index: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + - 8 + - 9 diff --git a/.mk/defaults.mk b/.mk/defaults.mk deleted file mode 100644 index 590ef127a..000000000 --- a/.mk/defaults.mk +++ /dev/null @@ -1,246 +0,0 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made -# via https://github.com/pulumi/ci-mgmt. -# -# This file contains default make targets consumed by CI workflows. This targets are no-ops and are intended to be -# -# does not -# make any assumptions about the provider such as its language, file structure, -# etc. -# -# A top-level `Makefile` is required and must implement provider-specific -# targets like `test`. -# -# In order to use these targets, the top-level Makefile must include this file: -# -# include .mk/defaults.mk -# -# If the top-level Makefile implements a target like `test`, then this will be -# invoked in CI. Otherwise, the `default.test` target will be used. - -include .mk/vars.mk - -# Implement `prerequisites` to run custom logic before all SDK and provider build steps. -default.prebuild: - @echo "No prerequisites to build" - -default.development: install_plugins provider build_sdks install_sdks - -default.build: install_plugins provider build_sdks install_sdks - -default.build_sdks: build_nodejs build_python build_dotnet build_go build_java - -default.install_go_sdk: - -default.install_java_sdk: - -default.install_python_sdk: - -default.install_sdks: install_dotnet_sdk install_python_sdk install_nodejs_sdk install_java_sdk - - -default.build_dotnet: export PULUMI_HOME := $(WORKING_DIR)/.pulumi -default.build_dotnet: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) -default.build_dotnet: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache -default.build_dotnet: prebuild - rm -rf sdk/dotnet - PULUMI_CONVERT=$(PULUMI_CONVERT) PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION=$(PULUMI_CONVERT) $(WORKING_DIR)/bin/$(TFGEN) dotnet --out sdk/dotnet/ - cd sdk/dotnet/ && \ - printf "module fake_dotnet_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ - echo "$(VERSION_GENERIC)" >version.txt && \ - dotnet build - -default.build_go: export PULUMI_HOME := $(WORKING_DIR)/.pulumi -default.build_go: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) -default.build_go: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache -default.build_go: prebuild - PULUMI_CONVERT=$(PULUMI_CONVERT) PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION=$(PULUMI_CONVERT) $(WORKING_DIR)/bin/$(TFGEN) go --out sdk/go/ - cd sdk && go list "$$(grep -e "^module" go.mod | cut -d ' ' -f 2)/go/..." | xargs -I {} bash -c 'go build {} && go clean -i {}' - -default.build_java: PACKAGE_VERSION := $(VERSION_GENERIC) -default.build_java: export PULUMI_HOME := $(WORKING_DIR)/.pulumi -default.build_java: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) -default.build_java: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache -default.build_java: bin/pulumi-java-gen -default.build_java: prebuild - rm -rf sdk/java/ - $(WORKING_DIR)/bin/$(JAVA_GEN) generate --schema $(SCHEMA_PATH) --out sdk/java --build gradle-nexus - cd sdk/java/ && \ - printf "module fake_java_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ - gradle --console=plain build && \ - gradle --console=plain javadoc - -default.build_nodejs: export PULUMI_HOME := $(WORKING_DIR)/.pulumi -default.build_nodejs: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) -default.build_nodejs: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache -default.build_nodejs: prebuild - rm -rf sdk/nodejs/ - cd sdk/nodejs/ && \ - printf "module fake_nodejs_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ - yarn install && \ - yarn run tsc && \ - cp ../../README.md ../../LICENSE* package.json yarn.lock ./bin/ - -default.build_python: export PULUMI_HOME := $(WORKING_DIR)/.pulumi -default.build_python: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) -default.build_python: export PULggUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache -default.build_python: prebuild - rm -rf sdk/python/ - cd sdk/python/ && \ - printf "module fake_python_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ - cp ../../README.md . && \ - rm -rf ./bin/ ../python.bin/ && cp -R . ../python.bin && mv ../python.bin ./bin && \ - rm ./bin/go.mod && \ - python3 -m venv venv && \ - ./venv/bin/python -m pip install build==1.2.1 && \ - cd ./bin && \ - ../venv/bin/python -m build . - -default.clean: - rm -rf sdk/{dotnet,nodejs,go,python} - rm -rf $(WORKING_DIR)/bin - -default.docs: - @echo "Define a `docs` target to generate docs." - -default.install_dotnet_sdk: - mkdir -p $(WORKING_DIR)/nuget - find . -name '*.nupkg' -print -exec cp -p {} $(WORKING_DIR)/nuget \; - -default.install_nodejs_sdk: - yarn link --cwd $(WORKING_DIR)/sdk/nodejs/bin - -default.install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi -default.install_plugins: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) -default.install_plugins: .pulumi/bin/pulumi - -default.lint_provider: provider - cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml - -# `lint_provider.fix` is a utility target meant to be run manually -# that will run the linter and fix errors when possible. -default.lint_provider.fix: - cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml --fix - -# `make provider_no_deps` builds the provider binary directly, without ensuring that -# `cmd/pulumi-resource-eks/schema.json` is valid and up to date. -# To create a release ready binary, you should use `make provider`. -default.provider: - (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "$(LDFLAGS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)) - -default.test: export PATH := $(WORKING_DIR)/bin:$(PATH) -default.test: - cd examples && go test -v -tags=all -parallel $(TESTPARALLELISM) -timeout 2h . - -default.test_provider: - @echo "" - @echo "== test_provider ===================================================================" - @echo "" - cd provider && go test -v -count 1 -short -coverprofile="coverage.txt" -coverpkg=./... -parallel $(TESTPARALLELISM) ./... - -default.test_nodejs: PATH := $(WORKING_DIR)/bin:$(PATH) -default.test_nodejs: intall_provider install_nodejs_sdk - cd examples && \ - go test -tags=nodejs -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} ./... - -default.test_python: install_provider install_python_sdk - cd examples && \ - go test -tags=python -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} ./... - -default.test_dotnet: install_provider install_dotnet_sdk - cd examples && \ - go test -tags=dotnet -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} ./... - -default.test_java: install_provider install_java_sdk - cd examples && \ - go test -tags=java -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} ./... - -default.test_shard: install_provider install_sdks - cd examples && \ - go test -tags=$(TAGS) -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} -run $(TESTS) ./... - -default.bin/pulumi-java-gen: - mkdir -p bin/ - pulumictl download-binary -n pulumi-language-java -v $(JAVA_GEN_VERSION) -r pulumi/pulumi-java - -# To make an immediately observable change to .ci-mgmt.yaml: -# -# - Edit .ci-mgmt.yaml -# - Run make ci-mgmt to apply the change locally. -# -default.ci-mgmt: .ci-mgmt.yaml - go run github.com/pulumi/ci-mgmt/provider-ci@master generate \ - --name $(ORG)/pulumi-$(PACK) \ - --out . \ - --template generic \ - --config $< - -# Because some codegen depends on the version of the CLI used, we install a local CLI -# version pinned to the same version as `provider/go.mod`. -# -# This logic compares the version of .pulumi/bin/pulumi already installed. If it matches -# the desired version, we just print. Otherwise we (re)install pulumi at the desired -# version. -default..pulumi/bin/pulumi: .pulumi/version - @if [ -x .pulumi/bin/pulumi ] && [ "v$$(cat .pulumi/version)" = "$$(.pulumi/bin/pulumi version)" ]; then \ - echo "pulumi/bin/pulumi version: v$$(cat .pulumi/version)"; \ - else \ - curl -fsSL https://get.pulumi.com | \ - HOME=$(WORKING_DIR) sh -s -- --version "$$(cat .pulumi/version)"; \ - fi - -# Compute the version of Pulumi to use by inspecting the Go dependencies of the provider. -default..pulumi/version: provider/go.mod - @mkdir -p .pulumi - @cd provider && go list -f "{{slice .Version 1}}" -m github.com/pulumi/pulumi/pkg/v3 | tee ../$@ - -.PHONY: development build build_sdks install_go_sdk install_java_sdk install_python_sdk install_sdks only_build build_dotnet build_go build_java build_nodejs build_python clean cleanup help install_dotnet_sdk install_nodejs_sdk install_plugins lint_provider provider provider_no_deps test prerequisites ci-mgmt test_provider - -# Provider cross-platform build & packaging - -# These targets assume that the schema-embed.json exists - it's generated by tfgen. -# We disable CGO to ensure that the binary is statically linked. -bin/linux-amd64/$(PROVIDER): TARGET := linux-amd64 -bin/linux-arm64/$(PROVIDER): TARGET := linux-arm64 -bin/darwin-amd64/$(PROVIDER): TARGET := darwin-amd64 -bin/darwin-arm64/$(PROVIDER): TARGET := darwin-arm64 -bin/windows-amd64/$(PROVIDER).exe: TARGET := windows-amd64 -bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: - @# check the TARGET is set - test $(TARGET) - cd provider && \ - export GOOS=$$(echo "$(TARGET)" | cut -d "-" -f 1) && \ - export GOARCH=$$(echo "$(TARGET)" | cut -d "-" -f 2) && \ - export CGO_ENABLED=0 && \ - go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)" - -bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER) -bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER) -bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER) -bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz: bin/darwin-arm64/$(PROVIDER) -bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz: bin/windows-amd64/$(PROVIDER).exe -bin/$(PROVIDER)-v$(VERSION_GENERIC)-%.tar.gz: - @mkdir -p dist - @# $< is the last dependency (the binary path from above) e.g. bin/linux-amd64/pulumi-resource-xyz - @# $@ is the current target e.g. bin/pulumi-resource-xyz-v1.2.3-linux-amd64.tar.gz - tar --gzip -cf $@ README.md LICENSE -C $$(dirname $<) . - -provider_dist-linux-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz -provider_dist-linux-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz -provider_dist-darwin-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz -provider_dist-darwin-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz -provider_dist-windows-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz -provider_dist: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 -.PHONY: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 provider_dist - -help: - grep '^[^.#]\+:\s\+.*#' Makefile | \ - sed "s/\(.\+\):\s*\(.*\) #\s*\(.*\)/`printf "\033[93m"`\1`printf "\033[0m"` \3 [\2]/" | \ - expand -t20 - - -# Delegate any undefined target "foo" to its respective "default.foo" target, -# if it exists. -%: - @$(MAKE) -f defaults.mk "default.$@" - - diff --git a/.mk/vars.mk b/.mk/vars.mk deleted file mode 100644 index e7be74cc9..000000000 --- a/.mk/vars.mk +++ /dev/null @@ -1,33 +0,0 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made -# via https://github.com/pulumi/ci-mgmt. -# -# This file contains default variables consumed by CI workflows. -# -PACK := eks -ORG := pulumi -PROJECT := github.com/$(ORG)/pulumi-$(PACK) -PROVIDER_PATH := provider/v3 -VERSION_PATH := $(PROVIDER_PATH)/pkg/version.Version -SCHEMA_PATH := provider/cmd/$(PROVIDER)/schema.json -PROVIDER := pulumi-resource-$(PACK) -JAVA_GEN := pulumi-java-gen -JAVA_GEN_VERSION := v0.16.1 -TESTPARALLELISM ?= 10 -TAGS ?= all -TESTSHARDS ?= 20 -WORKING_DIR := $(shell pwd) -PULUMI_PROVIDER_BUILD_PARALLELISM ?= -PULUMI_CONVERT := 0 -PULUMI_MISSING_DOCS_ERROR := true - -# Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable -# Local & branch builds will just used this fixed default version unless specified -PROVIDER_VERSION ?= 3.0.0-alpha.0+dev -# Use this normalised version everywhere rather than the raw input to ensure consistency. -VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version "$(PROVIDER_VERSION)") - -LDFLAGS_PROJ_VERSION=-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC) -LDFLAGS_UPSTREAM_VERSION= -LDFLAGS_EXTRAS= -LDFLAGS=$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_UPSTREAM_VERSION) $(LDFLAGS_EXTRAS) - From 9623791c37c185962301883e15aaf67bd40f03e8 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Fri, 15 Nov 2024 14:07:55 -0800 Subject: [PATCH 36/44] update .pulumi/version --- .pulumi/version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pulumi/version b/.pulumi/version index 58efbe7b4..ff605e205 100644 --- a/.pulumi/version +++ b/.pulumi/version @@ -1 +1 @@ -3.124.0 +3.138.0 From 203ddbc94c15800f6eb1fc3208265cb24c62b50d Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Fri, 15 Nov 2024 14:20:59 -0800 Subject: [PATCH 37/44] fix test directory --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 00ae1570c..a9baa60f9 100644 --- a/Makefile +++ b/Makefile @@ -226,7 +226,7 @@ test_provider: (cd nodejs/eks && yarn list --pattern @pulumi/pulumi --json --no-progress | jq -r '.data.trees[].name' | cut -d'@' -f3 > ../../.pulumi/version) test_shard: - cd examples && \ + cd tests && \ go test -tags=$(TAGS) -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} -run "${TESTS}" ./... install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi From 47c86a806b4e9de1a162558d8f261e2f5d675d06 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Fri, 15 Nov 2024 15:27:45 -0800 Subject: [PATCH 38/44] shard target --- .github/workflows/test.yml | 15 ++++----------- Makefile | 7 ++++++- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 444c35671..f8db8cd4a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -104,20 +104,13 @@ jobs: - name: Install dependencies run: make install_sdks - # TODO: This should be a make target. - name: Generate shard - id: shard - uses: hashicorp-forge/go-test-split-action@v2.0.0 - with: - working-directory: examples # TODO: Parameterize this. - flags: -tags=all - total: ${{ matrix.total }} - index: ${{ matrix.index }} + run: make shard >> "$GITHUB_ENV" + env: + TOTAL: ${{ matrix.total }} + INDEX: ${{ matrix.index }} - name: Run example tests run: make test_shard - env: - TAGS: all - TESTS: ${{ steps.shard.outputs.run}} - name: Upload coverage reports to Codecov uses: codecov/codecov-action@v4 env: diff --git a/Makefile b/Makefile index a9baa60f9..f266db2aa 100644 --- a/Makefile +++ b/Makefile @@ -225,9 +225,14 @@ test_provider: .pulumi/version: nodejs/eks/yarn.lock (cd nodejs/eks && yarn list --pattern @pulumi/pulumi --json --no-progress | jq -r '.data.trees[].name' | cut -d'@' -f3 > ../../.pulumi/version) + +shard: + cd tests && \ + go run github.com/blampe/shard@output --total $(TOTAL) --index $(INDEX) --output env + test_shard: cd tests && \ - go test -tags=$(TAGS) -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} -run "${TESTS}" ./... + go test -tags=all -v -count=1 -coverprofile="coverage.txt" -coverpkg=./... -timeout 3h -parallel ${TESTPARALLELISM} -run "$(SHARD_TESTS)" $(SHARD_PATHS) install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi install_plugins: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) From 0aa1daa8c8628885a9658f6ddccf196ecb0d6dd3 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Fri, 15 Nov 2024 15:50:37 -0800 Subject: [PATCH 39/44] hm --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index f266db2aa..1173c9c46 100644 --- a/Makefile +++ b/Makefile @@ -227,8 +227,7 @@ test_provider: shard: - cd tests && \ - go run github.com/blampe/shard@output --total $(TOTAL) --index $(INDEX) --output env + cd tests && go run github.com/blampe/shard@output --total $(TOTAL) --index $(INDEX) --output env test_shard: cd tests && \ From acbc56f53d1db31c16e30a80b1f43920cf53ee07 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Fri, 15 Nov 2024 16:22:29 -0800 Subject: [PATCH 40/44] doh --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1173c9c46..5caf9071b 100644 --- a/Makefile +++ b/Makefile @@ -227,7 +227,7 @@ test_provider: shard: - cd tests && go run github.com/blampe/shard@output --total $(TOTAL) --index $(INDEX) --output env + @(cd tests && go run github.com/blampe/shard@5d213788e1a3 --total $(TOTAL) --index $(INDEX) --output env) test_shard: cd tests && \ From c97347a13a86586bfd8944d61760e7753f8067d9 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Fri, 15 Nov 2024 16:59:46 -0800 Subject: [PATCH 41/44] quoting --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5caf9071b..f0e79ec73 100644 --- a/Makefile +++ b/Makefile @@ -227,7 +227,7 @@ test_provider: shard: - @(cd tests && go run github.com/blampe/shard@5d213788e1a3 --total $(TOTAL) --index $(INDEX) --output env) + @(cd tests && go run github.com/blampe/shard@output --total $(TOTAL) --index $(INDEX) --output env) test_shard: cd tests && \ From 1eda8199a1abf5697c8aff8ac75eead317fa07db Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Fri, 15 Nov 2024 17:29:29 -0800 Subject: [PATCH 42/44] bump --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index f0e79ec73..65577a296 100644 --- a/Makefile +++ b/Makefile @@ -227,7 +227,7 @@ test_provider: shard: - @(cd tests && go run github.com/blampe/shard@output --total $(TOTAL) --index $(INDEX) --output env) + @(cd tests && go run github.com/blampe/shard@9d1f3b21786e18caa1989e19502595143985d61b --total $(TOTAL) --index $(INDEX) --output env) test_shard: cd tests && \ From e05412fb552c773b9707c83d7be8e27f1d01ceea Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Mon, 18 Nov 2024 10:05:49 -0800 Subject: [PATCH 43/44] test prerelease flow --- .github/workflows/prerelease.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 505c62225..0ef70f57e 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -84,6 +84,9 @@ jobs: name: prerelease on: + pull_request: + paths-ignore: + - CHANGELOG.md push: tags: - v*.*.*-** From cb1ddd9f290e509431fbcbf354cd76924aef2891 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Mon, 18 Nov 2024 12:59:12 -0800 Subject: [PATCH 44/44] hard-code an alpha version for testing --- .github/workflows/prerelease.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 0ef70f57e..75ffdad9c 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -39,7 +39,7 @@ jobs: needs: prerequisites secrets: inherit with: - version: ${{ needs.prerequisites.outputs.version }} + version: 3.2.0-alpha.1 build_sdk: name: build_sdk @@ -47,7 +47,7 @@ jobs: uses: ./.github/workflows/build_sdk.yml secrets: inherit with: - version: ${{ needs.prerequisites.outputs.version }} + version: 3.2.0-alpha.1 lint: name: lint @@ -70,7 +70,7 @@ jobs: uses: ./.github/workflows/publish.yml secrets: inherit with: - version: ${{ needs.prerequisites.outputs.version }} + version: 3.2.0-alpha.1 isPrerelease: true test: @@ -80,7 +80,7 @@ jobs: - build_sdk secrets: inherit with: - version: ${{ needs.prerequisites.outputs.version }} + version: 3.2.0-alpha.1 name: prerelease on: