generated from pulumi/pulumi-tf-provider-boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Release workflow based on pulumi/ci-mgmt
- Loading branch information
Showing
3 changed files
with
269 additions
and
124 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,168 @@ | ||
| # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt | ||
| name: Publish | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| version: | ||
| required: true | ||
| type: string | ||
| isPrerelease: | ||
| required: true | ||
| type: boolean | ||
| skipGoSdk: | ||
| default: false | ||
| type: boolean | ||
| description: Skip publishing & verifying the Go SDK | ||
|
|
||
| env: | ||
| IS_PRERELEASE: ${{ inputs.isPrerelease }} | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | ||
| PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | ||
| PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} | ||
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | ||
| PULUMI_API: https://api.pulumi-staging.io | ||
| PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | ||
| PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | ||
| PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | ||
| PYPI_USERNAME: __token__ | ||
| SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} | ||
| SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} | ||
| SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} | ||
| TF_APPEND_USER_AGENT: pulumi | ||
|
|
||
| jobs: | ||
| publish: | ||
| name: publish | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Validate prerelease | ||
| if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) | ||
| run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1 | ||
| - name: Validate skipGoSdk | ||
| if: inputs.skipGoSdk && inputs.isPrerelease == false | ||
| run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 | ||
| - name: Checkout Repo | ||
| uses: actions/checkout@v4 | ||
| - name: Setup tools | ||
| uses: ./.github/actions/setup-tools | ||
| with: | ||
| tools: pulumictl, pulumicli, go, schema-tools | ||
| - name: Configure AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws-region: us-east-2 | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| role-duration-seconds: 7200 | ||
| role-external-id: upload-pulumi-release | ||
| role-session-name: acme@githubActions | ||
| role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} | ||
| - name: Create dist directory | ||
| run: mkdir -p dist | ||
| - name: Download provider assets | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| pattern: pulumi-resource-acme-v${{ inputs.version }}-* | ||
| path: dist | ||
| # Don't create a directory for each artifact | ||
| merge-multiple: true | ||
| - name: Calculate checksums | ||
| working-directory: dist | ||
| run: shasum ./*.tar.gz > pulumi-acme_${{ inputs.version }}_checksums.txt | ||
| - name: Get Schema Change Summary | ||
| id: schema-summary | ||
| shell: bash | ||
| run: | | ||
| # Get latest stable release. Return only first column from result (tag). | ||
| LAST_VERSION=$(gh release view --repo pulumiverse/pulumi-acme --json tagName -q .tagName || echo "No stable release" ) | ||
| { | ||
| echo 'summary<<EOF' | ||
| if [[ "$LAST_VERSION" != "No stable release" ]]; then | ||
| schema-tools compare --provider="acme" --old-commit="$LAST_VERSION" --new-commit="--local-path=provider/cmd/pulumi-resource-acme/schema.json" | ||
| fi | ||
| echo 'EOF' | ||
| } >> "$GITHUB_OUTPUT" | ||
| - name: Upload Provider Binaries | ||
| run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive | ||
| - name: Create GH Release | ||
| uses: softprops/action-gh-release@v1 | ||
| if: inputs.isPrerelease == false | ||
| with: | ||
| tag_name: v${{ inputs.version }} | ||
| prerelease: ${{ inputs.isPrerelease }} | ||
| # We keep pre-releases as drafts so they're not visible until we manually publish them. | ||
| draft: ${{ inputs.isPrerelease }} | ||
| body: ${{ steps.schema-summary.outputs.summary }} | ||
| generate_release_notes: true | ||
| files: dist/* | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} | ||
|
|
||
| publish_sdk: | ||
| name: publish_sdk | ||
| needs: publish | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Repo | ||
| uses: actions/checkout@v4 | ||
| - name: Setup tools | ||
| uses: ./.github/actions/setup-tools | ||
| with: | ||
| tools: pulumictl, pulumicli, go, node, dotnet, python, java | ||
| - name: Publish SDKs | ||
| uses: pulumi/[email protected] | ||
| with: | ||
| sdk: all,!java | ||
| version: ${{ inputs.version }} | ||
| - name: Download Go SDK | ||
| uses: ./.github/actions/download-sdk | ||
| with: | ||
| language: go | ||
| - uses: pulumi/publish-go-sdk-action@v1 | ||
| if: inputs.skipGoSdk == false | ||
| with: | ||
| repository: ${{ github.repository }} | ||
| base-ref: ${{ github.sha }} | ||
| source: sdk | ||
| path: sdk | ||
| version: ${{ inputs.version }} | ||
| additive: false | ||
| # Avoid including other language SDKs & artifacts in the commit | ||
| files: | | ||
| go.* | ||
| go/** | ||
| !*.tar.gz | ||
| clean_up_release_labels: | ||
| name: Clean up release labels | ||
| # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped | ||
| if: inputs.isPrerelease == false | ||
|
|
||
| needs: publish_sdk | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Repo | ||
| uses: actions/checkout@v4 | ||
| - name: Clean up release labels | ||
| uses: pulumi/action-release-by-pr-label@main | ||
| with: | ||
| command: "clean-up-release-labels" | ||
| repo: ${{ github.repository }} | ||
| commit: ${{ github.sha }} | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| verify_release: | ||
| name: verify_release | ||
| needs: publish_sdk | ||
| uses: ./.github/workflows/verify-release.yml | ||
| secrets: inherit | ||
| with: | ||
| providerVersion: ${{ inputs.version }} | ||
| # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. | ||
| enableMacosRunner: ${{ inputs.isPrerelease == false }} | ||
| skipGoSdk: ${{ inputs.skipGoSdk }} |
Oops, something went wrong.