Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create dev release | |
| permissions: | |
| # To create a draft release | |
| contents: write | |
| # To sign artifacts. | |
| id-token: write | |
| on: | |
| workflow_call: | |
| inputs: | |
| version: | |
| required: true | |
| description: "Version to use for the release" | |
| type: string | |
| ref: | |
| required: true | |
| description: "GitHub ref to use" | |
| type: string | |
| project: | |
| required: true | |
| description: "Project name, e.g.: the repository name" | |
| type: string | |
| push: | |
| branches: | |
| - 'tg/release-dev-releases' | |
| jobs: | |
| gather-info: | |
| name: gather-info | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ inputs.ref }} | |
| - name: Git describe | |
| id: ghd | |
| uses: proudust/gh-describe@v1 | |
| outputs: | |
| describe: "${{ steps.ghd.outputs.describe }}" | |
| version: 3.94.2 #TODO replace with inputs.version | |
| build-release: | |
| name: build-release | |
| needs: [gather-info] | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| os: ["linux", "darwin"] | |
| arch: ["amd64", "arm64"] | |
| build-platform: ["ubuntu-latest"] | |
| uses: ./.github/workflows/ci-build-binaries.yml | |
| with: | |
| ref: ${{ inputs.ref }} | |
| version: ${{ needs.gather-info.outputs.version }} | |
| dev-version: ${{ needs.gather-info.outputs.describe }} | |
| os: ${{ matrix.os }} | |
| arch: ${{ matrix.arch }} | |
| build-platform: ${{ matrix.build-platform }} | |
| version-set: v1.21.0 #TODO | |
| enable-coverage: false | |
| secrets: inherit | |
| sign: | |
| name: sign | |
| needs: [build-release, gather-info] | |
| uses: ./.github/workflows/sign.yml | |
| with: | |
| ref: ${{ inputs.ref }} | |
| version: ${{ needs.gather-info.outputs.version }} | |
| s3-blobs: | |
| name: s3 blobs | |
| runs-on: ubuntu-latest | |
| needs: [sign, gather-info] | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-region: us-east-2 | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-duration-seconds: 3600 | |
| role-external-id: upload-pulumi-release | |
| role-session-name: pulumi@githubActions | |
| role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} | |
| - name: Make artifacts directory | |
| run: | | |
| mkdir -p artifacts.tmp | |
| - name: Download artifacts from previous step | |
| uses: actions/download-artifact@v2 | |
| with: | |
| path: artifacts.tmp | |
| - name: Flatten artifact directories | |
| run: | | |
| mkdir -p ./artifacts | |
| mv ./artifacts.tmp/artifacts/artifacts/* ./artifacts | |
| - name: Flatten signatures directories | |
| run: | | |
| find ./artifacts.tmp | |
| mv ./artifacts.tmp/artifacts/sigs.tmp/pulumi-* ./artifacts | |
| - name: Find artifacts | |
| run: | | |
| find artifacts | |
| - name: Rename artifacts | |
| run: | | |
| ( | |
| cd artifacts | |
| for file in *; do | |
| mv $file $(echo $file | sed 's/${{ needs.gather-info.outputs.version }}/${{ needs.gather-info.outputs.describe }}/') | |
| done | |
| ) | |
| - name: Find artifacts | |
| run: | | |
| find artifacts | |
| # - name: Download release artifacts | |
| # run: | | |
| # mkdir -p artifacts | |
| # gh release download "v${PULUMI_VERSION}" --dir ./artifacts --pattern 'pulumi-*' | |
| # find artifacts | |
| # - name: Publish Blobs | |
| # run: | | |
| # aws s3 sync artifacts s3://get.pulumi.com/releases/sdk --acl public-read | |
| # publish: | |
| # name: release | |
| # needs: [sign] | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@v3 | |
| # with: | |
| # ref: ${{ inputs.ref }} | |
| # - name: Get commit hash | |
| # id: commit-info | |
| # run: | | |
| # SHA=$(git rev-parse HEAD) | |
| # ./.github/scripts/set-output sha "$SHA" | |
| # - name: Download all artifacts | |
| # uses: actions/download-artifact@v2 | |
| # with: | |
| # path: artifacts.tmp | |
| # - name: Rename SDKs | |
| # # This step must match the rename SDKs step in the "sign" job above. | |
| # run: | | |
| # ( | |
| # cd artifacts.tmp/artifacts-python-sdk | |
| # for file in *.whl ; do | |
| # mv -vT "$file" "sdk-python-$file" | |
| # done | |
| # ) | |
| # ( | |
| # cd artifacts.tmp/artifacts-nodejs-sdk | |
| # for file in *.tgz ; do | |
| # mv -vT "$file" "sdk-nodejs-$file" | |
| # done | |
| # ) | |
| # - name: Flatten artifact directories | |
| # run: | | |
| # mkdir -p ./artifacts | |
| # mv ./artifacts.tmp/artifacts-*/* ./artifacts | |
| # - uses: ncipollo/release-action@3d2de22e3d0beab188d8129c27f103d8e91bf13a | |
| # with: | |
| # token: ${{ secrets.PULUMI_BOT_TOKEN }} | |
| # name: v${{ inputs.version }} | |
| # tag: v${{ inputs.version }} | |
| # commit: "${{ fromJSON(steps.commit-info.outputs.sha) }}" | |
| # draft: ${{ inputs.draft }} | |
| # prerelease: ${{ inputs.prerelease }} | |
| # allowUpdates: true | |
| # body: | | |
| # ${{ inputs.release-notes }} | |
| # removeArtifacts: true | |
| # replacesArtifacts: true | |
| # artifactErrorsFailBuild: true | |
| # artifacts: | | |
| # artifacts/* |