Prepare for v0.11.0 release (#1358) #3017
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| pull_request: | |
| paths-ignore: | |
| - 'CHANGELOG.md' | |
| - 'CHANGELOG_PENDING.md' | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - sdk/v*.*.* | |
| paths-ignore: | |
| - 'CHANGELOG.md' | |
| - 'CHANGELOG_PENDING.md' | |
| repository_dispatch: | |
| types: | |
| - run-acceptance-tests-command | |
| # TODO[pulumi/java#10] protect jobs from crypto mining PR attacks | |
| # before making the repo public. | |
| env: | |
| PULUMI_API: https://api.pulumi-staging.io | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| AWS_REGION: us-west-2 | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com | |
| GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci | |
| GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci | |
| GOOGLE_PROJECT_NUMBER: 895284651812 | |
| GOLANGCI_LINT_VERSION: v1.55.2 | |
| jobs: | |
| prerequisites: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| outputs: | |
| gotcloudcreds: ${{ steps.gotcloudcreds.outputs.gotcloudcreds }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - name: Fetch Tags | |
| run: git fetch --quiet --prune --unshallow --tags | |
| - name: Install pulumictl | |
| uses: jaxxstorm/action-install-gh-release@v1.10.0 | |
| with: | |
| repo: pulumi/pulumictl | |
| tag: v0.0.31 | |
| cache: enable | |
| - run: ./scripts/versions.sh | tee versions.txt | |
| - name: Setup versioning env vars | |
| run: cat versions.txt | tee $GITHUB_ENV | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Validate Gradle wrapper | |
| uses: gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: stable | |
| - name: Configure Go cache | |
| id: go-cache-paths | |
| run: | | |
| echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" | |
| echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" | |
| - name: Set up Go cache | |
| uses: actions/cache@v3 | |
| id: go-cache | |
| with: | |
| path: | | |
| ${{ steps.go-cache-paths.outputs.go-build }} | |
| ${{ steps.go-cache-paths.outputs.go-mod }} | |
| key: go-cache-${{ hashFiles('**/go.sum') }} | |
| - name: Build and unit-test Pulumi Java SDK | |
| uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 | |
| with: | |
| arguments: build | |
| build-root-directory: sdk/java | |
| - run: make build_go | |
| - run: make bin/pulumi-java-gen | |
| - run: make bin/pulumi-language-java | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: versions.txt | |
| path: versions.txt | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: go-binaries | |
| path: bin/ | |
| - name: Publish Pulumi Java SDK to Maven Local | |
| uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 | |
| with: | |
| arguments: publishToMavenLocal | |
| build-root-directory: sdk/java | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: java-sdk | |
| path: ~/.m2/repository/com/pulumi | |
| - name: Check whether cloud creds for test envs are available | |
| id: gotcloudcreds | |
| env: | |
| KEY: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| run: | | |
| echo "Enable testing against cloud environments: ${{ env.KEY != '' }}" | |
| echo "gotcloudcreds=${{ env.KEY != '' }}" >> "$GITHUB_OUTPUT" | |
| strategy: | |
| fail-fast: true | |
| # Run Go tests, most notably codegen tests. These are in a separate | |
| # job not to block other validations. | |
| go-tests: | |
| runs-on: ubuntu-latest | |
| needs: prerequisites | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Validate Gradle wrapper | |
| uses: gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: stable | |
| - name: Download go-binaries | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: go-binaries | |
| path: ~/bin | |
| - name: Activate go-binaries | |
| run: | | |
| chmod a+x ~/bin/pulumi-language-java | |
| chmod a+x ~/bin/pulumi-java-gen | |
| - name: Download versions.txt | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: versions.txt | |
| path: artifacts | |
| - name: Setup versioning env vars | |
| run: cat artifacts/versions.txt | tee $GITHUB_ENV | |
| - name: Publish Pulumi Java SDK to Maven Local to enable codegen tests | |
| uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 | |
| env: | |
| # Override to match gen_test.go | |
| PULUMI_JAVA_SDK_VERSION: 0.0.1 | |
| with: | |
| arguments: publishToMavenLocal | |
| build-root-directory: sdk/java | |
| - name: Configure Go cache | |
| id: go-cache-paths | |
| run: | | |
| echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" | |
| echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" | |
| - name: Set up Go cache | |
| uses: actions/cache@v3 | |
| id: go-cache | |
| with: | |
| path: | | |
| ${{ steps.go-cache-paths.outputs.go-build }} | |
| ${{ steps.go-cache-paths.outputs.go-mod }} | |
| key: go-cache-test-go-${{ hashFiles('**/go.sum') }} | |
| - name: Download Java SDK | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: java-sdk | |
| path: ~/.m2/repository/com/pulumi | |
| - run: cd pkg && go test -timeout 25m ./... | |
| examples: | |
| runs-on: ubuntu-latest | |
| needs: prerequisites | |
| if: needs.prerequisites.outputs.gotcloudcreds == 'true' | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| example: | |
| - aws-java-eks-minimal | |
| - aws-java-webserver | |
| - aws-native-java-s3-folder | |
| - azure-java-appservice-sql | |
| - azure-java-static-website | |
| - gcp-java-gke-hello-world | |
| - minimal | |
| - minimalsbt | |
| - random | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - run: make clone_examples | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Validate Gradle wrapper | |
| uses: gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: stable | |
| - name: Configure Go cache | |
| id: go-cache-paths | |
| run: | | |
| echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" | |
| echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" | |
| - name: Set up Go cache | |
| uses: actions/cache@v3 | |
| id: go-cache | |
| with: | |
| path: | | |
| ${{ steps.go-cache-paths.outputs.go-build }} | |
| ${{ steps.go-cache-paths.outputs.go-mod }} | |
| key: go-cache-examples-${{ hashFiles('**/go.sum') }} | |
| - name: Install Pulumi CLI | |
| uses: pulumi/actions@v4 | |
| - name: Download versions.txt | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: versions.txt | |
| path: artifacts | |
| - name: Setup versioning env vars | |
| run: cat artifacts/versions.txt | tee $GITHUB_ENV | |
| - name: Download Java SDK | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: java-sdk | |
| path: ~/.m2/repository/com/pulumi | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-duration-seconds: 3600 | |
| role-session-name: ${{ env.PROVIDER }}@githubActions | |
| role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER | |
| }}/locations/global/workloadIdentityPools/${{ | |
| env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ | |
| env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} | |
| - name: Setup gcloud auth | |
| uses: google-github-actions/setup-gcloud@v1 | |
| with: | |
| install_components: gke-gcloud-auth-plugin | |
| - name: Run ${{ matrix.example }} example | |
| env: | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| run: make test_example.${{ matrix.example }} | |
| go-lint: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| name: Lint pkg | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ env.PR_COMMIT_SHA }} | |
| submodules: recursive | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: stable | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v3 | |
| with: | |
| version: ${{ env.GOLANGCI_LINT_VERSION }} | |
| working-directory: pkg | |
| args: --config ../.golangci.yml ./... | |
| - name: Ensure no pulumi/pkg | |
| run: make lint_pkg_dependencies | |
| test_integrations: | |
| runs-on: ubuntu-latest | |
| needs: prerequisites | |
| timeout-minutes: 10 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| integration: | |
| - stack-reference | |
| - stack-transformation | |
| - adopt-into-component | |
| - rename | |
| - rename-component | |
| - rename-component-and-child | |
| - retype-component | |
| - retype-parents | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Validate Gradle wrapper | |
| uses: gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: stable | |
| - name: Configure Go cache | |
| id: go-cache-paths | |
| run: | | |
| echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" | |
| echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" | |
| - name: Set up Go cache | |
| uses: actions/cache@v3 | |
| id: go-cache | |
| with: | |
| path: | | |
| ${{ steps.go-cache-paths.outputs.go-build }} | |
| ${{ steps.go-cache-paths.outputs.go-mod }} | |
| key: go-cache-integrations-${{ hashFiles('**/go.sum') }} | |
| - name: Install Pulumi CLI | |
| uses: pulumi/action-install-pulumi-cli@v2 | |
| - name: Download versions.txt | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: versions.txt | |
| path: artifacts | |
| - name: Setup versioning env vars | |
| run: cat artifacts/versions.txt | tee $GITHUB_ENV | |
| - name: Download Java SDK | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: java-sdk | |
| path: ~/.m2/repository/com/pulumi | |
| - name: Run ${{ matrix.integration }} integration | |
| env: | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| run: make test_integration.${{ matrix.integration }} | |
| test_templates: | |
| runs-on: ubuntu-latest | |
| needs: prerequisites | |
| if: needs.prerequisites.outputs.gotcloudcreds == 'true' | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - run: make clone_templates | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: stable | |
| - name: Configure Go cache | |
| id: go-cache-paths | |
| run: | | |
| echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" | |
| echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" | |
| - name: Set up Go cache | |
| uses: actions/cache@v3 | |
| id: go-cache | |
| with: | |
| path: | | |
| ${{ steps.go-cache-paths.outputs.go-build }} | |
| ${{ steps.go-cache-paths.outputs.go-mod }} | |
| key: go-cache-templates-${{ hashFiles('**/go.sum') }} | |
| - name: Download versions.txt | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: versions.txt | |
| path: artifacts | |
| - name: Setup versioning env vars | |
| run: cat artifacts/versions.txt | tee $GITHUB_ENV | |
| - name: Download Java SDK | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: java-sdk | |
| path: ~/.m2/repository/com/pulumi | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-duration-seconds: 3600 | |
| role-session-name: ${{ env.PROVIDER }}@githubActions | |
| role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER | |
| }}/locations/global/workloadIdentityPools/${{ | |
| env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ | |
| env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} | |
| - name: Setup gcloud auth | |
| uses: google-github-actions/setup-gcloud@v1 | |
| with: | |
| install_components: gke-gcloud-auth-plugin | |
| - env: | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| run: make test_templates |