From 82af5995f43249fff991142f0135cc5fb4078821 Mon Sep 17 00:00:00 2001 From: Ringo De Smet Date: Fri, 13 Sep 2024 16:04:53 +0200 Subject: [PATCH] Adding `acme` as an example thirdparty package to test workflow generation --- provider-ci/Makefile | 2 +- provider-ci/test-providers/acme/.ci-mgmt.yaml | 19 + .../acme/.devcontainer/Dockerfile | 12 + .../acme/.devcontainer/devcontainer.json | 16 + .../test-providers/acme/.gitattributes | 1 + .../acme/.github/ISSUE_TEMPLATE/bug.yaml | 69 ++++ .../acme/.github/ISSUE_TEMPLATE/epic.md | 35 ++ .../.github/actions/download-bin/action.yml | 16 + .../.github/actions/download-sdk/action.yml | 19 + .../.github/actions/setup-tools/action.yml | 81 ++++ .../.github/actions/upload-bin/action.yml | 15 + .../.github/actions/upload-sdk/action.yml | 20 + .../acme/.github/workflows/build_provider.yml | 56 +++ .../acme/.github/workflows/build_sdk.yml | 74 ++++ .../workflows/check-upstream-upgrade.yml | 38 ++ .../.github/workflows/command-dispatch.yml | 42 ++ .../workflows/community-moderation.yml | 43 ++ .../acme/.github/workflows/license.yml | 60 +++ .../acme/.github/workflows/lint.yml | 52 +++ .../acme/.github/workflows/main.yml | 184 +++++++++ .../acme/.github/workflows/prerelease.yml | 123 ++++++ .../acme/.github/workflows/prerequisites.yml | 102 +++++ .../acme/.github/workflows/publish.yml | 156 ++++++++ .../acme/.github/workflows/pull-request.yml | 38 ++ .../acme/.github/workflows/release.yml | 122 ++++++ .../.github/workflows/release_command.yml | 43 ++ .../acme/.github/workflows/resync-build.yml | 85 ++++ .../workflows/run-acceptance-tests.yml | 175 ++++++++ .../acme/.github/workflows/upgrade-bridge.yml | 91 +++++ .../.github/workflows/upgrade-provider.yml | 23 ++ .../acme/.github/workflows/verify-release.yml | 76 ++++ provider-ci/test-providers/acme/.golangci.yml | 35 ++ .../test-providers/acme/.upgrade-config.yml | 7 + .../test-providers/acme/CODE-OF-CONDUCT.md | 80 ++++ provider-ci/test-providers/acme/Makefile | 244 ++++++++++++ provider-ci/test-providers/acme/devbox.json | 22 + provider-ci/test-providers/acme/devbox.lock | 1 + provider-ci/test-providers/acme/upstream.sh | 375 ++++++++++++++++++ 38 files changed, 2651 insertions(+), 1 deletion(-) create mode 100644 provider-ci/test-providers/acme/.ci-mgmt.yaml create mode 100644 provider-ci/test-providers/acme/.devcontainer/Dockerfile create mode 100644 provider-ci/test-providers/acme/.devcontainer/devcontainer.json create mode 100644 provider-ci/test-providers/acme/.gitattributes create mode 100644 provider-ci/test-providers/acme/.github/ISSUE_TEMPLATE/bug.yaml create mode 100644 provider-ci/test-providers/acme/.github/ISSUE_TEMPLATE/epic.md create mode 100644 provider-ci/test-providers/acme/.github/actions/download-bin/action.yml create mode 100644 provider-ci/test-providers/acme/.github/actions/download-sdk/action.yml create mode 100644 provider-ci/test-providers/acme/.github/actions/setup-tools/action.yml create mode 100644 provider-ci/test-providers/acme/.github/actions/upload-bin/action.yml create mode 100644 provider-ci/test-providers/acme/.github/actions/upload-sdk/action.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/build_provider.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/build_sdk.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/check-upstream-upgrade.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/command-dispatch.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/community-moderation.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/license.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/lint.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/main.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/prerelease.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/prerequisites.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/publish.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/pull-request.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/release.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/release_command.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/resync-build.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/run-acceptance-tests.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/upgrade-bridge.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml create mode 100644 provider-ci/test-providers/acme/.github/workflows/verify-release.yml create mode 100644 provider-ci/test-providers/acme/.golangci.yml create mode 100644 provider-ci/test-providers/acme/.upgrade-config.yml create mode 100644 provider-ci/test-providers/acme/CODE-OF-CONDUCT.md create mode 100644 provider-ci/test-providers/acme/Makefile create mode 100644 provider-ci/test-providers/acme/devbox.json create mode 100644 provider-ci/test-providers/acme/devbox.lock create mode 100755 provider-ci/test-providers/acme/upstream.sh diff --git a/provider-ci/Makefile b/provider-ci/Makefile index b64b605676..f22ad39947 100644 --- a/provider-ci/Makefile +++ b/provider-ci/Makefile @@ -37,7 +37,7 @@ format: # files for other bridged provider repositories should be ephemeral. .PHONY: test-providers test-provider/% -test-providers: test-provider/aws test-provider/docker test-provider/cloudflare +test-providers: test-provider/aws test-provider/docker test-provider/cloudflare test-provider/acme # 1. Delete all files except the .ci-mgmt.yaml file and run the provider-ci generate command. # 2. Copy the generated provider repository to a temporary git repo and run actionlint on it. diff --git a/provider-ci/test-providers/acme/.ci-mgmt.yaml b/provider-ci/test-providers/acme/.ci-mgmt.yaml new file mode 100644 index 0000000000..c7db3b0990 --- /dev/null +++ b/provider-ci/test-providers/acme/.ci-mgmt.yaml @@ -0,0 +1,19 @@ +provider: acme +organization: pulumiverse +major-version: 0 +providerDefaultBranch: main +upstreamProviderOrg: vancluever +publishRegistry: false +enableAutoRelease: false +languages: + - dotnet + - go + - nodejs + - python +publish: + sdk: "all,!java" + cdn: false +license: + ignore: + # Package is licensed under Apache 2.0 but license is not picked up correctly by the license detector + - github.com/OpenDNS/vegadns2client diff --git a/provider-ci/test-providers/acme/.devcontainer/Dockerfile b/provider-ci/test-providers/acme/.devcontainer/Dockerfile new file mode 100644 index 0000000000..7d46cd8078 --- /dev/null +++ b/provider-ci/test-providers/acme/.devcontainer/Dockerfile @@ -0,0 +1,12 @@ +FROM jetpackio/devbox:latest + +# Installing your devbox project +WORKDIR /code +COPY devbox.json devbox.json +COPY devbox.lock devbox.lock +RUN sudo chown -R "${DEVBOX_USER}:${DEVBOX_USER}" /code + + +RUN devbox run -- echo "Installed Packages." + +RUN devbox shellenv --init-hook >> ~/.profile diff --git a/provider-ci/test-providers/acme/.devcontainer/devcontainer.json b/provider-ci/test-providers/acme/.devcontainer/devcontainer.json new file mode 100644 index 0000000000..e7ae9f11fe --- /dev/null +++ b/provider-ci/test-providers/acme/.devcontainer/devcontainer.json @@ -0,0 +1,16 @@ +{ + "name": "Devbox Remote Container", + "build": { + "dockerfile": "./Dockerfile", + "context": ".." + }, + "customizations": { + "vscode": { + "settings": {}, + "extensions": [ + "jetpack-io.devbox" + ] + } + }, + "remoteUser": "devbox" +} \ No newline at end of file diff --git a/provider-ci/test-providers/acme/.gitattributes b/provider-ci/test-providers/acme/.gitattributes new file mode 100644 index 0000000000..ff9aa4f9db --- /dev/null +++ b/provider-ci/test-providers/acme/.gitattributes @@ -0,0 +1 @@ +sdk/**/* linguist-generated=true diff --git a/provider-ci/test-providers/acme/.github/ISSUE_TEMPLATE/bug.yaml b/provider-ci/test-providers/acme/.github/ISSUE_TEMPLATE/bug.yaml new file mode 100644 index 0000000000..63d707268a --- /dev/null +++ b/provider-ci/test-providers/acme/.github/ISSUE_TEMPLATE/bug.yaml @@ -0,0 +1,69 @@ +name: Bug Report +description: Report something that's not working correctly +labels: ["kind/bug", "needs-triage"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + You can also ask questions on our [Community Slack](https://slack.pulumi.com/). + - type: textarea + id: what-happened + attributes: + label: Describe what happened + description: Please summarize what happened, including what Pulumi commands you ran, as well as + an inline snippet of any relevant error or console output. + validations: + required: true + - type: textarea + id: sample-program + attributes: + label: Sample program + description: | +
Provide a reproducible sample program + If this is a bug you encountered while running a Pulumi command, please provide us with a minimal, + self-contained Pulumi program that reproduces this behavior so that we can investigate on our end. + Without a functional reproduction, we will not be able to prioritize this bug. + **Note:** If the program output is more than a few lines, please send us a Gist or a link to a file. +
+ validations: + required: true + - type: textarea + id: log-output + attributes: + label: Log output + description: | +
How to Submit Logs + If this is something that is dependent on your environment, please also provide us with the output of + `pulumi up --logtostderr --logflow -v=10` from the root of your project. + We may also ask you to supply us with debug output following [these steps](https://www.pulumi.com/docs/using-pulumi/pulumi-packages/debugging-provider-packages/). + **Note:** If the log output is more than a few lines, please send us a Gist or a link to a file. +
+ - type: textarea + id: resources + attributes: + label: Affected Resource(s) + description: Please list the affected Pulumi Resource(s) or Function(s). + validations: + required: false + - type: textarea + id: versions + attributes: + label: Output of `pulumi about` + description: Provide the output of `pulumi about` from the root of your project. + validations: + required: true + - type: textarea + id: ctx + attributes: + label: Additional context + description: Anything else you would like to add? + validations: + required: false + - type: textarea + id: voting + attributes: + label: Contributing + value: | + Vote on this issue by adding a πŸ‘ reaction. + To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already). \ No newline at end of file diff --git a/provider-ci/test-providers/acme/.github/ISSUE_TEMPLATE/epic.md b/provider-ci/test-providers/acme/.github/ISSUE_TEMPLATE/epic.md new file mode 100644 index 0000000000..27d4e3a440 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/ISSUE_TEMPLATE/epic.md @@ -0,0 +1,35 @@ +--- +name: Epic +about: Tracks a shippable unit of work +title: '[Epic] {your-title-here}' +labels: kind/epic +projects: ['pulumi/32'] +assignees: '' +type: Epic +--- + +## Overview + + +## Key KPIs + + +## Key Stakeholders +- Product and Engineering: +- Documentation: +- Marketing/Partnerships: +- Customers: + +## Key Deliverables + + +### References πŸ“” + + +- [ ] Project View +- [ ] PR/FAQ +- [ ] Design Doc +- [ ] UX Designs +- [ ] Decision Log + + diff --git a/provider-ci/test-providers/acme/.github/actions/download-bin/action.yml b/provider-ci/test-providers/acme/.github/actions/download-bin/action.yml new file mode 100644 index 0000000000..84891f9fd1 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/actions/download-bin/action.yml @@ -0,0 +1,16 @@ +name: Download binary assets +description: Downloads the provider and tfgen binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: acme-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + shell: bash + run: | + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin + find ${{ github.workspace }} -name "pulumi-*-acme" -print -exec chmod +x {} \; diff --git a/provider-ci/test-providers/acme/.github/actions/download-sdk/action.yml b/provider-ci/test-providers/acme/.github/actions/download-sdk/action.yml new file mode 100644 index 0000000000..1fd54841b4 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/actions/download-sdk/action.yml @@ -0,0 +1,19 @@ +name: Download SDK asset +description: Restores the SDK asset for a language. + +inputs: + language: + required: true + description: One of nodejs, python, dotnet, go, java + +runs: + using: "composite" + steps: + - name: Download ${{ inputs.language }} SDK + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress SDK folder + shell: bash + run: tar -zxf ${{ github.workspace }}/sdk/${{ inputs.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ inputs.language }} diff --git a/provider-ci/test-providers/acme/.github/actions/setup-tools/action.yml b/provider-ci/test-providers/acme/.github/actions/setup-tools/action.yml new file mode 100644 index 0000000000..642d1d223f --- /dev/null +++ b/provider-ci/test-providers/acme/.github/actions/setup-tools/action.yml @@ -0,0 +1,81 @@ +name: Setup tools +description: Installs Go, Pulumi, pulumictl, schema-tools, Node.JS, Python, dotnet and Java. + +inputs: + tools: + description: | + Comma separated list of tools to install. The default of "all" installs all tools. Available tools are: + go + pulumicli + pulumictl + schema-tools + nodejs + python + dotnet + java + default: all + +runs: + using: "composite" + steps: + - name: Install Go + if: inputs.tools == 'all' || contains(inputs.tools, 'go') + uses: actions/setup-go@v5 + with: + go-version: "1.21.x" + cache-dependency-path: | + provider/*.sum + upstream/*.sum + sdk/*.sum + + - name: Install pulumictl + if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + tag: v0.0.46 + repo: pulumi/pulumictl + + - name: Install Pulumi CLI + if: inputs.tools == 'all' || contains(inputs.tools, 'pulumicli') + uses: pulumi/actions@v5 + with: + pulumi-version: "dev" + + - name: Install Schema Tools + if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools') + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/schema-tools + + - name: Setup Node + if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs') + uses: actions/setup-node@v4 + with: + node-version: 20.x + registry-url: https://registry.npmjs.org + + - name: Setup DotNet + if: inputs.tools == 'all' || contains(inputs.tools, 'dotnet') + uses: actions/setup-dotnet@v4 + with: + dotnet-version: 6.0.x + + - name: Setup Python + if: inputs.tools == 'all' || contains(inputs.tools, 'python') + uses: actions/setup-python@v5 + with: + python-version: 3.11.8 + + - name: Setup Java + if: inputs.tools == 'all' || contains(inputs.tools, 'java') + uses: actions/setup-java@v4 + with: + cache: gradle + distribution: temurin + java-version: 11 + + - name: Setup Gradle + if: inputs.tools == 'all' || contains(inputs.tools, 'java') + uses: gradle/gradle-build-action@v3 + with: + gradle-version: 7.6 diff --git a/provider-ci/test-providers/acme/.github/actions/upload-bin/action.yml b/provider-ci/test-providers/acme/.github/actions/upload-bin/action.yml new file mode 100644 index 0000000000..c3cd198dcd --- /dev/null +++ b/provider-ci/test-providers/acme/.github/actions/upload-bin/action.yml @@ -0,0 +1,15 @@ +name: Upload bin assets +description: Uploads the provider and tfgen binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Tar provider binaries + shell: bash + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-acme pulumi-tfgen-acme + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: acme-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + retention-days: 30 diff --git a/provider-ci/test-providers/acme/.github/actions/upload-sdk/action.yml b/provider-ci/test-providers/acme/.github/actions/upload-sdk/action.yml new file mode 100644 index 0000000000..77d4849426 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/actions/upload-sdk/action.yml @@ -0,0 +1,20 @@ +name: Upload SDK asset +description: Upload the SDK for a specific language as an asset for the workflow. + +inputs: + language: + required: true + description: One of nodejs, python, dotnet, go, java + +runs: + using: "composite" + steps: + - name: Compress SDK folder + shell: bash + run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz + retention-days: 30 diff --git a/provider-ci/test-providers/acme/.github/workflows/build_provider.yml b/provider-ci/test-providers/acme/.github/workflows/build_provider.yml new file mode 100644 index 0000000000..849e0bbf1e --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/build_provider.yml @@ -0,0 +1,56 @@ +name: "Build Provider" + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: Version of the provider to build + +jobs: + build_provider: + name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }} + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ inputs.version }} + strategy: + fail-fast: true + matrix: + platform: + - os: linux + arch: amd64 + - os: linux + arch: arm64 + - os: darwin + arch: amd64 + - os: darwin + arch: arm64 + - os: windows + arch: amd64 + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, go + - name: Download schema-embed.json + uses: actions/download-artifact@v4 + with: + # Use a pattern to avoid failing if the artifact doesn't exist + pattern: schema-embed.* + # Avoid creating directories for each artifact + merge-multiple: true + path: provider/cmd/pulumi-resource-acme/schema-embed.json + - name: Prepare for build + # This installs plugins and prepares upstream + run: make upstream + - name: Build & package provider + run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: pulumi-resource-acme-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + path: bin/pulumi-resource-acme-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + retention-days: 30 diff --git a/provider-ci/test-providers/acme/.github/workflows/build_sdk.yml b/provider-ci/test-providers/acme/.github/workflows/build_sdk.yml new file mode 100644 index 0000000000..39e0eab56a --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/build_sdk.yml @@ -0,0 +1,74 @@ +name: "Build SDK" + +on: + workflow_call: + inputs: + version: + required: true + type: string + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + PROVIDER_VERSION: ${{ inputs.version }} + +jobs: + build_sdk: + name: build_sdk + runs-on: ubuntu-latest + strategy: + fail-fast: true + matrix: + language: + - dotnet + - go + - nodejs + - python + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Cache examples generation + uses: actions/cache@v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Install plugins + run: make install_plugins + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + uses: pulumi/git-status-check-action@v1 + with: + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/Pulumi.*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Upload SDK + uses: ./.github/actions/upload-sdk + with: + language: ${{ matrix.language }} diff --git a/provider-ci/test-providers/acme/.github/workflows/check-upstream-upgrade.yml b/provider-ci/test-providers/acme/.github/workflows/check-upstream-upgrade.yml new file mode 100644 index 0000000000..a4d997bc0c --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/check-upstream-upgrade.yml @@ -0,0 +1,38 @@ + +#WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} +jobs: + check_upgrade_provider: + name: Check for upstream provider upgrades + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go + - name: Install upgrade-provider + run: go install github.com/pulumi/upgrade-provider@main + shell: bash + - name: "Set up git identity: name" + run: git config --global user.name pulumi-bot + shell: bash + - name: "Set up git identity: email" + run: git config --global user.email bot@pulumi.com + shell: bash + - name: Run upgrade-provider upstream check + id: upstream_version + run: | + upgrade-provider "$REPO" --kind=check-upstream-version + env: + REPO: ${{ github.repository }} + shell: bash +name: Check upstream upgrade +on: + workflow_dispatch: {} #so we can run this manually if necessary. + schedule: + # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours. + - cron: 0 3 * * * diff --git a/provider-ci/test-providers/acme/.github/workflows/command-dispatch.yml b/provider-ci/test-providers/acme/.github/workflows/command-dispatch.yml new file mode 100644 index 0000000000..8a8a9debaa --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/command-dispatch.yml @@ -0,0 +1,42 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi +jobs: + command-dispatch-for-testing: + name: command-dispatch-for-testing + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - uses: peter-evans/slash-command-dispatch@v2 + with: + commands: | + run-acceptance-tests + release + issue-type: pull-request + permission: write + reaction-token: ${{ secrets.GITHUB_TOKEN }} + repository: pulumi/pulumi-acme + token: ${{ secrets.PULUMI_BOT_TOKEN }} +name: command-dispatch +on: + issue_comment: + types: + - created + - edited diff --git a/provider-ci/test-providers/acme/.github/workflows/community-moderation.yml b/provider-ci/test-providers/acme/.github/workflows/community-moderation.yml new file mode 100644 index 0000000000..4cc9a67de4 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/community-moderation.yml @@ -0,0 +1,43 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +jobs: + warn_codegen: + name: warn_codegen + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - id: schema_changed + name: Check for diff in schema + uses: dorny/paths-filter@v2 + with: + filters: "changed: 'provider/cmd/**/schema.json'" + - id: sdk_changed + if: steps.schema_changed.outputs.changed == 'false' + name: Check for diff in sdk/** + uses: dorny/paths-filter@v2 + with: + filters: "changed: 'sdk/**'" + - if: steps.sdk_changed.outputs.changed == 'true' && + github.event.pull_request.head.repo.full_name != github.repository + name: Send codegen warning as comment on PR + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + message: > + Hello and thank you for your pull request! :heart: :sparkles: + + It looks like you're directly modifying files in the language SDKs, many of which are autogenerated. + + Be sure any files you're editing do not begin with a code generation warning. + + For generated files, you will need to make changes in `resources.go` instead, and [generate the code](https://github.com/pulumi/${{ github.event.repository.name }}/blob/master/CONTRIBUTING.md#committing-generated-code). +name: warn-codegen +on: + pull_request_target: + branches: + - main + types: + - opened diff --git a/provider-ci/test-providers/acme/.github/workflows/license.yml b/provider-ci/test-providers/acme/.github/workflows/license.yml new file mode 100644 index 0000000000..d285937a01 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/license.yml @@ -0,0 +1,60 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: license_check + +on: + workflow_call: + inputs: {} + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + license_check: + name: License Check + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go + - run: make upstream + - uses: pulumi/license-check-action@main + with: + module-path: provider + ignore-modules: >- + github.com/OpenDNS/vegadns2client, + github.com/aead/chacha20, + github.com/apache/arrow/go/v12, + github.com/apache/thrift/lib/go/thrift, + github.com/cloudflare/circl, + github.com/golang, + github.com/gorhill/cronexpr, + github.com/in-toto/in-toto-golang, + github.com/jmespath/go-jmespath, + github.com/keybase/go-crypto, + github.com/klauspost/compress, + github.com/mattn/go-localereader, + github.com/modern-go/reflect2, + github.com/pierrec/lz4, + github.com/pjbgf/sha1cd, + github.com/pulumi, + github.com/segmentio/asm, + golang.org diff --git a/provider-ci/test-providers/acme/.github/workflows/lint.yml b/provider-ci/test-providers/acme/.github/workflows/lint.yml new file mode 100644 index 0000000000..f9f1b428c0 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/lint.yml @@ -0,0 +1,52 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: lint + +on: + workflow_call: + inputs: {} + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + lint: + name: lint + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Install go + uses: actions/setup-go@v5 + with: + # The versions of golangci-lint and setup-go here cross-depend and need to update together. + go-version: 1.23 + # Either this action or golangci-lint needs to disable the cache + cache: false + - name: disarm go:embed directives to enable lint + continue-on-error: true # this fails if there are no go:embed directives + run: | + git grep -l 'go:embed' -- provider | xargs sed -i 's/go:embed/ goembed/g' + - name: prepare upstream + continue-on-error: true + run: make upstream + - name: golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: v1.60 + working-directory: provider diff --git a/provider-ci/test-providers/acme/.github/workflows/main.yml b/provider-ci/test-providers/acme/.github/workflows/main.yml new file mode 100644 index 0000000000..3fbe1c730c --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/main.yml @@ -0,0 +1,184 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + generate_coverage_data: + continue-on-error: true + env: + COVERAGE_OUTPUT_DIR: ${{ secrets.COVERAGE_OUTPUT_DIR }} + name: generate_coverage_data + needs: prerequisites + runs-on: ubuntu-latest + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@v1.3.1 + with: + tool-cache: false + swap-storage: false + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} + aws-region: us-west-2 + aws-secret-access-key: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, schema-tools + - name: Echo Coverage Output Dir + run: 'echo "Coverage output directory: ${{ env.COVERAGE_OUTPUT_DIR }}"' + - name: Generate Coverage Data + run: PULUMI_MISSING_DOCS_ERROR=true make tfgen + - name: Summarize Provider Coverage Results + run: cat ${{ env.COVERAGE_OUTPUT_DIR }}/shortSummary.txt + - name: Upload coverage data to S3 + run: >- + summaryName="${PROVIDER}_summary_$(date +"%Y-%m-%d_%H-%M-%S").json" + + s3FullURI="s3://${{ secrets.S3_COVERAGE_BUCKET_NAME }}/summaries/${summaryName}" + + aws s3 cp "${{ env.COVERAGE_OUTPUT_DIR }}/summary.json" "${s3FullURI}" --acl bucket-owner-full-control + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + skipGoSdk: true + + tag_release_if_labeled_needs_release: + name: Tag release if labeled as needs-release + needs: publish + runs-on: ubuntu-latest + steps: + - name: check if this commit needs release + uses: pulumi/action-release-by-pr-label@main + with: + command: "release-if-needed" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} + env: + RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} + RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.5.0 + - name: Run tests + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 + strategy: + fail-fast: false + matrix: + language: + - dotnet + - go + - nodejs + - python +name: main +on: + workflow_dispatch: {} + push: + branches: + - main + paths-ignore: + - "**.md" + tags-ignore: + - v* + - sdk/* + - "**" diff --git a/provider-ci/test-providers/acme/.github/workflows/prerelease.yml b/provider-ci/test-providers/acme/.github/workflows/prerelease.yml new file mode 100644 index 0000000000..df0e21c454 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/prerelease.yml @@ -0,0 +1,123 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + IS_PRERELEASE: true + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, dotnet, go, nodejs, python + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.5.0 + - name: Run tests + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . + strategy: + fail-fast: false + matrix: + language: + - dotnet + - go + - nodejs + - python + +name: prerelease +on: + push: + tags: + - v*.*.*-** diff --git a/provider-ci/test-providers/acme/.github/workflows/prerequisites.yml b/provider-ci/test-providers/acme/.github/workflows/prerequisites.yml new file mode 100644 index 0000000000..c335c55f3b --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/prerequisites.yml @@ -0,0 +1,102 @@ +name: "Prerequisites" + +on: + workflow_call: + inputs: + is_pr: + type: boolean + required: true + is_automated: + type: boolean + required: true + default_branch: + type: string + required: true + outputs: + version: + description: "Provider version being built" + value: ${{ jobs.prerequisites.outputs.version }} + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + prerequisites: + name: prerequisites + runs-on: ubuntu-latest + outputs: + version: ${{ steps.provider-version.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - uses: pulumi/provider-version-action@v1 + id: provider-version + with: + set-env: 'PROVIDER_VERSION' + - name: Cache examples generation + uses: actions/cache@v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Prepare upstream code + run: make upstream + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go, pulumictl, pulumicli, schema-tools + - name: Build schema generator binary + run: make tfgen_build_only + - name: Install plugins + run: make install_plugins + - name: Generate schema + run: make tfgen_no_deps + - name: Build provider binary + run: make provider_no_deps + - name: Unit-test provider code + run: make test_provider + - if: inputs.is_pr + name: Check Schema is Valid + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + { + echo "SCHEMA_CHANGES<<$EOF"; + schema-tools compare -p acme -o ${{ inputs.default_branch }} -n --local-path=provider/cmd/pulumi-resource-acme/schema.json; + echo "$EOF"; + } >> "$GITHUB_ENV" + - if: inputs.is_pr && inputs.is_automated == false + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + comment_tag: schemaCheck + message: >+ + ${{ env.SCHEMA_CHANGES }} + + + Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes. + + - name: Upload bin + uses: ./.github/actions/upload-bin + + - name: Upload schema-embed.json + uses: actions/upload-artifact@v4 + with: + name: schema-embed.json + path: provider/cmd/pulumi-resource-acme/schema-embed.json + retention-days: 30 diff --git a/provider-ci/test-providers/acme/.github/workflows/publish.yml b/provider-ci/test-providers/acme/.github/workflows/publish.yml new file mode 100644 index 0000000000..ee05fd5278 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/publish.yml @@ -0,0 +1,156 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: Publish + +on: + workflow_call: + inputs: + version: + required: true + type: string + isPrerelease: + required: true + type: boolean + skipGoSdk: + default: false + type: boolean + description: Skip publishing & verifying the Go SDK + +env: + IS_PRERELEASE: ${{ inputs.isPrerelease }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + publish: + name: publish + runs-on: ubuntu-latest + steps: + - name: Validate prerelease + if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) + run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1 + - name: Validate skipGoSdk + if: inputs.skipGoSdk && inputs.isPrerelease == false + run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, schema-tools + - name: Create dist directory + run: mkdir -p dist + - name: Download provider assets + uses: actions/download-artifact@v4 + with: + pattern: pulumi-resource-acme-v${{ inputs.version }}-* + path: dist + # Don't create a directory for each artifact + merge-multiple: true + - name: Calculate checksums + working-directory: dist + run: shasum ./*.tar.gz > pulumi-acme_${{ inputs.version }}_checksums.txt + - name: Get Schema Change Summary + id: schema-summary + shell: bash + run: | + # Get latest stable release. Return only first column from result (tag). + LAST_VERSION=$(gh release view --repo pulumiverse/pulumi-acme --json tagName -q .tagName || echo "No stable release" ) + { + echo 'summary<> "$GITHUB_OUTPUT" + - name: Create GH Release + uses: softprops/action-gh-release@v1 + if: inputs.isPrerelease == false + with: + tag_name: v${{ inputs.version }} + prerelease: ${{ inputs.isPrerelease }} + # We keep pre-releases as drafts so they're not visible until we manually publish them. + draft: ${{ inputs.isPrerelease }} + body: ${{ steps.schema-summary.outputs.summary }} + generate_release_notes: true + files: dist/* + env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + + publish_sdk: + name: publish_sdk + needs: publish + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, dotnet, go, nodejs, python + - name: Publish SDKs + uses: pulumi/pulumi-package-publisher@v0.0.20 + with: + sdk: all,!java + version: ${{ inputs.version }} + - name: Download Go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - uses: pulumi/publish-go-sdk-action@v1 + if: inputs.skipGoSdk == false + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ inputs.version }} + additive: false + # Avoid including other language SDKs & artifacts in the commit + files: | + go.* + go/** + !*.tar.gz + + clean_up_release_labels: + name: Clean up release labels + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + + needs: publish_sdk + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Clean up release labels + uses: pulumi/action-release-by-pr-label@main + with: + command: "clean-up-release-labels" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/provider-ci/test-providers/acme/.github/workflows/pull-request.yml b/provider-ci/test-providers/acme/.github/workflows/pull-request.yml new file mode 100644 index 0000000000..bd321f5a27 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/pull-request.yml @@ -0,0 +1,38 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi +jobs: + comment-on-pr: + if: github.event.pull_request.head.repo.full_name != github.repository + name: comment-on-pr + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Comment PR + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + message: > + PR is now waiting for a maintainer to run the acceptance tests. + + **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR +name: pull-request +on: + pull_request_target: {} diff --git a/provider-ci/test-providers/acme/.github/workflows/release.yml b/provider-ci/test-providers/acme/.github/workflows/release.yml new file mode 100644 index 0000000000..9cb4ba5b1a --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/release.yml @@ -0,0 +1,122 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: release +on: + push: + tags: + - v*.*.* + - "!v*.*.*-**" + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: false + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.5.0 + - name: Run tests + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . + strategy: + fail-fast: false + matrix: + language: + - dotnet + - go + - nodejs + - python diff --git a/provider-ci/test-providers/acme/.github/workflows/release_command.yml b/provider-ci/test-providers/acme/.github/workflows/release_command.yml new file mode 100644 index 0000000000..2a8fff366c --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/release_command.yml @@ -0,0 +1,43 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: release-command +on: + repository_dispatch: + types: + - release-command +jobs: + should_release: + name: Should release PR + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Should release PR + uses: pulumi/action-release-by-pr-label@main + with: + command: "should-release" + repo: ${{ github.repository }} + pr: ${{ github.event.client_payload.pull_request.number }} + version: ${{ github.event.client_payload.slash_command.args.all }} + slack_channel: ${{ secrets.RELEASE_OPS_STAGING_SLACK_CHANNEL }} + env: + RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} + RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - if: failure() + name: Notify failure + uses: peter-evans/create-or-update-comment@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + body: | + "release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + - if: success() + name: Notify success + uses: peter-evans/create-or-update-comment@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + comment-id: ${{ github.event.client_payload.github.payload.comment.id }} + reaction-type: hooray diff --git a/provider-ci/test-providers/acme/.github/workflows/resync-build.yml b/provider-ci/test-providers/acme/.github/workflows/resync-build.yml new file mode 100644 index 0000000000..1cf1bb0316 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/resync-build.yml @@ -0,0 +1,85 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + PULUMI_EXTRA_MAPPING_ERROR: true + PULUMI_MISSING_MAPPING_ERROR: true + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi +jobs: + resync_build: + name: resync-build + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Checkout repo + uses: actions/checkout@v4 + with: + path: ci-mgmt + repository: pulumi/ci-mgmt + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, nodejs, dotnet, python + - name: Sync with ci-mgmt + run: cp -r "ci-mgmt/provider-ci/providers/$PROVIDER/repo/." . + - name: Remove ci-mgmt directory + run: rm -rf ci-mgmt + - name: Required entries for gitignore + run: |- + cat <<- EOF > "$RUNNER_TEMP/gitignore" + sdk/java/build + sdk/java/.gradle + sdk/java/gradle + sdk/java/gradlew + sdk/java/gradlew.bat + EOF + shell: bash + - name: Adding missing lines to .gitignore + run: | + comm -23 <(sort "$RUNNER_TEMP/gitignore") <(sort .gitignore) >> .gitignore.temp + cat .gitignore.temp >> .gitignore + rm .gitignore.temp + shell: bash + - name: Build + run: make build + - name: Create PR (no linked issue) + uses: peter-evans/create-pull-request@v3.12.0 + with: + author: pulumi-bot + base: main + body: This pull request was generated automatically by the resync-build workflow + in this repository. + branch: pulumi-bot/resync-${{ github.run_id}} + commit-message: Resync build for pulumi-acme + committer: pulumi-bot + labels: impact/no-changelog-required + team-reviewers: platform-integrations + title: Fix up build for pulumi-acme + token: ${{ secrets.PULUMI_BOT_TOKEN }} +name: Resync build +on: + workflow_dispatch: + inputs: + automerge: + default: false + description: Mark created PR for auto-merging? + required: true + type: boolean diff --git a/provider-ci/test-providers/acme/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/acme/.github/workflows/run-acceptance-tests.yml new file mode 100644 index 0000000000..808de03ba6 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/run-acceptance-tests.yml @@ -0,0 +1,175 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +# This should cancel any previous runs of the same workflow on the same branch which are still running. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +jobs: + prerequisites: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + comment-notification: + if: github.event_name == 'repository_dispatch' + name: comment-notification + runs-on: ubuntu-latest + steps: + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@v1 + with: + body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + token: ${{ secrets.PULUMI_BOT_TOKEN }} + lint: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + sentinel: + name: sentinel + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + needs: + - test + - build_provider + - license_check + - lint + runs-on: ubuntu-latest + steps: + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 + with: + authToken: ${{secrets.GITHUB_TOKEN}} + # Write an explicit status check called "Sentinel" which will only pass if this code really runs. + # This should always be a required check for PRs. + context: 'Sentinel' + description: 'All required checks passed' + state: 'success' + # Write to the PR commit SHA if it's available as we don't want the merge commit sha, + # otherwise use the current SHA for any other type of build. + sha: ${{ github.event.pull_request.head.sha || github.sha }} + + test: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + - name: Checkout p/examples + if: matrix.testTarget == 'pulumiExamples' + uses: actions/checkout@v4 + with: + repository: pulumi/examples + path: p-examples + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.5.0 + - name: Run tests + if: matrix.testTarget == 'local' + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 . + - name: Run pulumi/examples tests + if: matrix.testTarget == 'pulumiExamples' + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -run TestPulumiExamples -parallel 4 . + strategy: + fail-fast: false + matrix: + language: + - dotnet + - go + - nodejs + - python + testTarget: [local] + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit +name: run-acceptance-tests +on: + pull_request: + paths-ignore: + - CHANGELOG.md + repository_dispatch: + types: + - run-acceptance-tests-command diff --git a/provider-ci/test-providers/acme/.github/workflows/upgrade-bridge.yml b/provider-ci/test-providers/acme/.github/workflows/upgrade-bridge.yml new file mode 100644 index 0000000000..37b34914d9 --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/upgrade-bridge.yml @@ -0,0 +1,91 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: Upgrade bridge +on: + repository_dispatch: + types: + - upgrade-bridge + - upgrade-bridge-test + workflow_dispatch: + inputs: + kind: + description: Overrides the kind of upgrade. Must be one of `all`, `bridge`, `provider`, `code`, `pf`, or `pulumi`. + required: false + type: string + default: "bridge" + target-bridge-version: + description: pulumi-terraform-bridge version or hash reference + required: false + type: string + default: "latest" + target-pulumi-version: + description: | + Set the version of `pulumi/pkg` and `pulumi/sdk` to depend on for bridged providers. Currently, + these versions inform the linked runtime and SDK generation in all languages except Java. Valid + options are: + - "": Use the same version as pulumi-terraform-bridge + - A go version such as "v3.90.1" + - A commit SHA in pulumi/pulumi such as "ac71ebc1d34e5ccfd1a7fed61e6ff43a3160f3cb" + required: false + type: string + default: "" + pr-reviewers: + description: Reviewers to assign to the auto-opened pull request + required: false + type: string + default: "" + pr-description: + description: Extra description to add to the auto-opened pull request + required: false + type: string + default: "" + pr-title-prefix: + description: Prefix to add to the auto-opened pull request title + required: false + type: string + default: "" + automerge: + description: Mark created PR for auto-merging? + required: false + type: boolean + default: false +env: + GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +jobs: + upgrade_provider: + name: upgrade-provider + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, dotnet, go, nodejs, python + - name: Call upgrade provider action + if: github.event_name == 'workflow_dispatch' + uses: pulumi/pulumi-upgrade-provider-action@v0.0.12 + with: + kind: ${{ inputs.kind }} + email: bot@pulumi.com + username: pulumi-bot + automerge: ${{ inputs.automerge }} + target-bridge-version: ${{ inputs.target-bridge-version }} + target-pulumi-version: ${{ inputs.target-pulumi-version }} + pr-reviewers: ${{ inputs.pr-reviewers }} + pr-description: ${{ inputs.pr-description }} + pr-title-prefix: ${{ inputs.pr-title-prefix }} + - name: Call upgrade provider action + if: github.event_name == 'repository_dispatch' + uses: pulumi/pulumi-upgrade-provider-action@v0.0.12 + with: + kind: ${{ github.event.client_payload.kind || 'bridge' }} + email: bot@pulumi.com + username: pulumi-bot + automerge: ${{ github.event.client_payload.automerge }} + target-pulumi-version: ${{ github.event.client_payload.target-pulumi-version }} + target-bridge-version: ${{ github.event.client_payload.target-bridge-version }} + pr-reviewers: ${{ github.event.client_payload.pr-reviewers }} + pr-description: ${{ github.event.client_payload.pr-description }} + pr-title-prefix: ${{ github.event.client_payload.pr-title-prefix }} diff --git a/provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml b/provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml new file mode 100644 index 0000000000..02437beb9d --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml @@ -0,0 +1,23 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +jobs: + upgrade_provider: + if: ${{ (github.event.issue.user.login == 'pulumi-bot' && contains(github.event.issue.title, 'Upgrade terraform-provider-')) || github.event_name == 'workflow_dispatch' }} + name: upgrade-provider + runs-on: ubuntu-latest + steps: + - name: Call upgrade provider action + uses: pulumi/pulumi-upgrade-provider-action@v0.0.12 + with: + kind: all + email: bot@pulumi.com + username: pulumi-bot +name: Upgrade provider +on: + issues: + types: + - opened + workflow_dispatch: {} diff --git a/provider-ci/test-providers/acme/.github/workflows/verify-release.yml b/provider-ci/test-providers/acme/.github/workflows/verify-release.yml new file mode 100644 index 0000000000..50bbe0105e --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/verify-release.yml @@ -0,0 +1,76 @@ +name: "Verify Release" + +on: + workflow_dispatch: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacRunner: + description: "Enable the MacOS runner in addition to Linux and Windows. Defaults to 'false'." + required: false + type: boolean + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. Enable this when verifying a pre-release for which we don't publish the Go SDK (for PRs and the default branch)." + required: false + type: boolean + default: false + workflow_call: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacosRunner: + description: "Enable the macos-latest runner in addition to ubuntu-latest and windows-latest. Defaults to 'false'." + required: false + type: boolean + default: false + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build." + required: false + type: boolean + default: false + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + verify-release: + name: verify-release + # We don't have any release verification configurations, so we never run this workflow. + # Configure your .ci-mgmt.yaml files to include the release verification configurations e.g. + # releaseVerification: + # nodejs: path/to/nodejs/project + # python: path/to/python/project + # dotnet: path/to/dotnet/project + # go: path/to/go/project + if: false + strategy: + matrix: + # We don't have any release verification configurations, so we only run on Linux to print warnings to help users configure the release verification. + runner: ["ubuntu-latest"] + runs-on: ${{ matrix.runner }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumicli, dotnet, go, nodejs, python diff --git a/provider-ci/test-providers/acme/.golangci.yml b/provider-ci/test-providers/acme/.golangci.yml new file mode 100644 index 0000000000..37df19a067 --- /dev/null +++ b/provider-ci/test-providers/acme/.golangci.yml @@ -0,0 +1,35 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +linters: + enable: + - errcheck + - gci + - goconst + - gofmt + - gosec + - govet + - ineffassign + - lll + - gosimple + - staticcheck + - misspell + - nakedret + - revive + - unconvert + - unused + enable-all: false +issues: + exclude-files: + - schema.go + - pulumiManifest.go +run: + timeout: 20m +linters-settings: + gci: + sections: + - standard # Standard section: captures all standard library packages. + - blank # Blank section: contains all blank imports. + - default # Default section: contains all imports that could not be matched to another section type. + - prefix(github.com/pulumi/) # Custom section: groups all imports with the github.com/pulumi/ prefix. + - prefix(github.com/pulumiverse/pulumi-acme) # Custom section: local imports + custom-order: true diff --git a/provider-ci/test-providers/acme/.upgrade-config.yml b/provider-ci/test-providers/acme/.upgrade-config.yml new file mode 100644 index 0000000000..ee22c7784e --- /dev/null +++ b/provider-ci/test-providers/acme/.upgrade-config.yml @@ -0,0 +1,7 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +--- +upstream-provider-name: terraform-provider-acme +upstream-provider-org: vancluever +pulumi-infer-version: true +remove-plugins: true diff --git a/provider-ci/test-providers/acme/CODE-OF-CONDUCT.md b/provider-ci/test-providers/acme/CODE-OF-CONDUCT.md new file mode 100644 index 0000000000..995e13c009 --- /dev/null +++ b/provider-ci/test-providers/acme/CODE-OF-CONDUCT.md @@ -0,0 +1,80 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of experience, +education, socio-economic status, nationality, personal appearance, race, +religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members +* Contribute in a positive and constructive way + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Community Guidelines +* Be clear and stay on topic. Communicating with strangers on the Internet can make it hard to convey or read tone, and sarcasm is frequently misunderstood. Try to use clear language, and think about how the other person will receive it. +* Don’t cross-post the same thing in multiple GitHub Discussion topics or multiple Slack channels. This can make it difficult for people answering your questions and creates "scrollback spam". +* Public discussion is preferred to private. Avoid using Slack DMs for questions, and instead share them in public Slack channels or GitHub Discussion threads. This allows a larger audience to both share their knowledge as well as learn from your question or issue. If you're having a problem, chances are someone else is having a similar problem. Learning in public is a community contribution. +* Minimize notifications to other community members. Avoid tagging other community members in Slack messages or Discussion threads, unless you are replying to something specific. Community members are here to help each other, but are not "on call" for support, and we expect everyone to try to minimize "notification fatigue". If your issue is time-sensitive or critical, use methods like support@pulumi.com instead. + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, GitHub Discussions posts, +and other contributions that are not aligned to this Code of Conduct, or to ban +temporarily or permanently any contributor for other behaviors that they deem +inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces (including the Community Slack +and GitHub Discussions forums) and in public spaces when an individual is representing the +project or its community. Examples of representing a project or community include +using an official project e-mail address, posting via an official social media account, +or acting as an appointed representative at an online or offline event. Representation +of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at code-of-conduct@pulumi.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org diff --git a/provider-ci/test-providers/acme/Makefile b/provider-ci/test-providers/acme/Makefile new file mode 100644 index 0000000000..bbfdc4cd6e --- /dev/null +++ b/provider-ci/test-providers/acme/Makefile @@ -0,0 +1,244 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +PACK := acme +ORG := pulumiverse +PROJECT := github.com/$(ORG)/pulumi-$(PACK) +PROVIDER_PATH := provider +VERSION_PATH := $(PROVIDER_PATH)/pkg/version.Version +TFGEN := pulumi-tfgen-$(PACK) +PROVIDER := pulumi-resource-$(PACK) +JAVA_GEN := pulumi-java-gen +TESTPARALLELISM := 10 +WORKING_DIR := $(shell pwd) +PULUMI_PROVIDER_BUILD_PARALLELISM ?= +PULUMI_CONVERT := 0 +PULUMI_MISSING_DOCS_ERROR := true + +# Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable +# Local & branch builds will just used this fixed default version unless specified +PROVIDER_VERSION ?= 0.0.0-alpha.0+dev +# Use this normalised version everywhere rather than the raw input to ensure consistency. +VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version "$(PROVIDER_VERSION)") + +LDFLAGS_PROJ_VERSION=-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC) +LDFLAGS_UPSTREAM_VERSION= +LDFLAGS_EXTRAS= +LDFLAGS=$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_UPSTREAM_VERSION) $(LDFLAGS_EXTRAS) + +development: install_plugins provider build_sdks install_sdks + +build: install_plugins provider build_sdks install_sdks + +build_sdks: build_dotnet build_go build_nodejs build_python + +install_go_sdk: + +install_java_sdk: + +install_python_sdk: + +install_sdks: install_dotnet_sdk install_python_sdk install_nodejs_sdk install_java_sdk + +only_build: build + +build_dotnet: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +build_dotnet: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +build_dotnet: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +build_dotnet: upstream + PULUMI_CONVERT=$(PULUMI_CONVERT) PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION=$(PULUMI_CONVERT) $(WORKING_DIR)/bin/$(TFGEN) dotnet --out sdk/dotnet/ + cd sdk/dotnet/ && \ + printf "module fake_dotnet_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ + echo "$(VERSION_GENERIC)" >version.txt && \ + dotnet build + +build_go: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +build_go: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +build_go: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +build_go: upstream + PULUMI_CONVERT=$(PULUMI_CONVERT) PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION=$(PULUMI_CONVERT) $(WORKING_DIR)/bin/$(TFGEN) go --out sdk/go/ + cd sdk && go list "$$(grep -e "^module" go.mod | cut -d ' ' -f 2)/go/..." | xargs -I {} bash -c 'go build {} && go clean -i {}' + +build_java: PACKAGE_VERSION := $(VERSION_GENERIC) +build_java: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +build_java: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +build_java: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +build_java: bin/pulumi-java-gen upstream + $(WORKING_DIR)/bin/$(JAVA_GEN) generate --schema provider/cmd/$(PROVIDER)/schema.json --out sdk/java --build gradle-nexus + cd sdk/java/ && \ + printf "module fake_java_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ + gradle --console=plain build && \ + gradle --console=plain javadoc + +build_nodejs: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +build_nodejs: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +build_nodejs: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +build_nodejs: upstream + PULUMI_CONVERT=$(PULUMI_CONVERT) PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION=$(PULUMI_CONVERT) $(WORKING_DIR)/bin/$(TFGEN) nodejs --out sdk/nodejs/ + cd sdk/nodejs/ && \ + printf "module fake_nodejs_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ + yarn install && \ + yarn run tsc && \ + cp ../../README.md ../../LICENSE* package.json yarn.lock ./bin/ + +build_python: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +build_python: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +build_python: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +build_python: upstream + rm -rf sdk/python/ + PULUMI_CONVERT=$(PULUMI_CONVERT) PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION=$(PULUMI_CONVERT) $(WORKING_DIR)/bin/$(TFGEN) python --out sdk/python/ + cd sdk/python/ && \ + printf "module fake_python_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ + cp ../../README.md . && \ + rm -rf ./bin/ ../python.bin/ && cp -R . ../python.bin && mv ../python.bin ./bin && \ + rm ./bin/go.mod && \ + python3 -m venv venv && \ + ./venv/bin/python -m pip install build==1.2.1 && \ + cd ./bin && \ + ../venv/bin/python -m build . + +clean: + rm -rf sdk/{dotnet,nodejs,go,python} + +cleanup: + rm -r $(WORKING_DIR)/bin + rm -f provider/cmd/$(PROVIDER)/schema.go + +help: + @grep '^[^.#]\+:\s\+.*#' Makefile | \ + sed "s/\(.\+\):\s*\(.*\) #\s*\(.*\)/`printf "\033[93m"`\1`printf "\033[0m"` \3 [\2]/" | \ + expand -t20 + +install_dotnet_sdk: + mkdir -p $(WORKING_DIR)/nuget + find . -name '*.nupkg' -print -exec cp -p {} $(WORKING_DIR)/nuget \; + +install_nodejs_sdk: + yarn link --cwd $(WORKING_DIR)/sdk/nodejs/bin + +install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +install_plugins: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +install_plugins: .pulumi/bin/pulumi + +lint_provider: provider + cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml + +# `lint_provider.fix` is a utility target meant to be run manually +# that will run the linter and fix errors when possible. +lint_provider.fix: + cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml --fix + +# `make provider_no_deps` builds the provider binary directly, without ensuring that +# `cmd/pulumi-resource-acme/schema.json` is valid and up to date. +# To create a release ready binary, you should use `make provider`. +provider_no_deps: + (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "$(LDFLAGS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)) + +provider: tfgen provider_no_deps + +test: export PATH := $(WORKING_DIR)/bin:$(PATH) +test: + cd examples && go test -v -tags=all -parallel $(TESTPARALLELISM) -timeout 2h + +test_provider: + @echo "" + @echo "== test_provider ===================================================================" + @echo "" + cd provider && go test -v -short ./... -parallel $(TESTPARALLELISM) + +tfgen: install_plugins upstream tfgen_no_deps + +tfgen_no_deps: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +tfgen_no_deps: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +tfgen_no_deps: export PULUMI_CONVERT := $(PULUMI_CONVERT) +tfgen_no_deps: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +tfgen_no_deps: export PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION := $(PULUMI_CONVERT) +tfgen_no_deps: export PULUMI_MISSING_DOCS_ERROR := $(PULUMI_MISSING_DOCS_ERROR) +tfgen_no_deps: tfgen_build_only + $(WORKING_DIR)/bin/$(TFGEN) schema --out provider/cmd/$(PROVIDER) + (cd provider && VERSION=$(VERSION_GENERIC) go generate cmd/$(PROVIDER)/main.go) + +tfgen_build_only: + (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(TFGEN) -ldflags "$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_EXTRAS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(TFGEN)) + +upstream: +ifneq ("$(wildcard upstream)","") + ./upstream.sh init +endif + +bin/pulumi-java-gen: .pulumi-java-gen.version + pulumictl download-binary -n pulumi-language-java -v v$(shell cat .pulumi-java-gen.version) -r pulumi/pulumi-java + +# To make an immediately observable change to .ci-mgmt.yaml: +# +# - Edit .ci-mgmt.yaml +# - Run make ci-mgmt to apply the change locally. +# +ci-mgmt: .ci-mgmt.yaml + rm -f .github/workflows/*.yml # Copied from update-workflows.yml + go run github.com/pulumi/ci-mgmt/provider-ci@master generate \ + --name $(ORG)/pulumi-$(PACK) \ + --out . \ + --template bridged-provider \ + --config $< + +# Because some codegen depends on the version of the CLI used, we install a local CLI +# version pinned to the same version as `provider/go.mod`. +# +# This logic compares the version of .pulumi/bin/pulumi already installed. If it matches +# the desired version, we just print. Otherwise we (re)install pulumi at the desired +# version. +.pulumi/bin/pulumi: .pulumi/version + @if [ -x .pulumi/bin/pulumi ] && [ "v$$(cat .pulumi/version)" = "$$(.pulumi/bin/pulumi version)" ]; then \ + echo "pulumi/bin/pulumi version: v$$(cat .pulumi/version)"; \ + else \ + curl -fsSL https://get.pulumi.com | \ + HOME=$(WORKING_DIR) sh -s -- --version "$$(cat .pulumi/version)"; \ + fi + +# Compute the version of Pulumi to use by inspecting the Go dependencies of the provider. +.pulumi/version: provider/go.mod + @mkdir -p .pulumi + @cd provider && go list -f "{{slice .Version 1}}" -m github.com/pulumi/pulumi/pkg/v3 | tee ../$@ + +# Start debug server for tfgen +debug_tfgen: + dlv --listen=:2345 --headless=true --api-version=2 exec $(WORKING_DIR)/bin/$(TFGEN) -- schema --out provider/cmd/$(PROVIDER) + +.PHONY: development build build_sdks install_go_sdk install_java_sdk install_python_sdk install_sdks only_build build_dotnet build_go build_java build_nodejs build_python clean cleanup help install_dotnet_sdk install_nodejs_sdk install_plugins lint_provider provider provider_no_deps test tfgen upstream ci-mgmt test_provider debug_tfgen tfgen_build_only + +# Provider cross-platform build & packaging + +# These targets assume that the schema-embed.json exists - it's generated by tfgen. +# We disable CGO to ensure that the binary is statically linked. +bin/linux-amd64/$(PROVIDER): TARGET := linux-amd64 +bin/linux-arm64/$(PROVIDER): TARGET := linux-arm64 +bin/darwin-amd64/$(PROVIDER): TARGET := darwin-amd64 +bin/darwin-arm64/$(PROVIDER): TARGET := darwin-arm64 +bin/windows-amd64/$(PROVIDER).exe: TARGET := windows-amd64 +bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: + @# check the TARGET is set + test $(TARGET) + cd provider && \ + export GOOS=$$(echo "$(TARGET)" | cut -d "-" -f 1) && \ + export GOARCH=$$(echo "$(TARGET)" | cut -d "-" -f 2) && \ + export CGO_ENABLED=0 && \ + go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)" + +bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz: bin/darwin-arm64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz: bin/windows-amd64/$(PROVIDER).exe +bin/$(PROVIDER)-v$(VERSION_GENERIC)-%.tar.gz: + @mkdir -p dist + @# $< is the last dependency (the binary path from above) e.g. bin/linux-amd64/pulumi-resource-xyz + @# $@ is the current target e.g. bin/pulumi-resource-xyz-v1.2.3-linux-amd64.tar.gz + tar --gzip -cf $@ README.md LICENSE -C $$(dirname $<) . + +provider_dist-linux-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz +provider_dist-linux-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz +provider_dist-darwin-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz +provider_dist-darwin-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz +provider_dist-windows-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz +provider_dist: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 +.PHONY: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 provider_dist diff --git a/provider-ci/test-providers/acme/devbox.json b/provider-ci/test-providers/acme/devbox.json new file mode 100644 index 0000000000..1917bf7032 --- /dev/null +++ b/provider-ci/test-providers/acme/devbox.json @@ -0,0 +1,22 @@ +{ + "packages": [ + "yarn@latest", + "pulumictl@latest", + "go@1.21.", + "nodejs@20.", + "python3@3.11.8", + "dotnet-sdk@6.0.", + "gradle_7@7.6", + "curl@8" + ], + "shell": { + "init_hook": [ + "export PATH=\"$(pwd)/bin/:$PATH\"" + ], + "scripts": { + "test": [ + "echo \"Error: no test specified\" && exit 1" + ] + } + } +} diff --git a/provider-ci/test-providers/acme/devbox.lock b/provider-ci/test-providers/acme/devbox.lock new file mode 100644 index 0000000000..0967ef424b --- /dev/null +++ b/provider-ci/test-providers/acme/devbox.lock @@ -0,0 +1 @@ +{} diff --git a/provider-ci/test-providers/acme/upstream.sh b/provider-ci/test-providers/acme/upstream.sh new file mode 100755 index 0000000000..f5609ac627 --- /dev/null +++ b/provider-ci/test-providers/acme/upstream.sh @@ -0,0 +1,375 @@ +#!/usr/bin/env bash +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +set -e + +original_exec="$0" +original_cmd="$1" + +usage() { + cat < [options] + +COMMANDS + init [-f] Initialize the upstream submodule and applies the + patches to the working directory. + checkout [-f] Create a branch in the upstream repository with the + patches applied as commits. + rebase [-o] [-i] Rebase the checked out patches. + check_in Write checkedout commits back to patches, add upstream + and patches changes to the git staging area and exit + checkout mode. + help Print this help message, plus examples. + +OPTIONS + -f Force the command to run even if the upstream submodule is modified + -o The new base commit to rebase the patches on top of + -i Run the rebase command interactively + -h Print this help message, plus examples +EOF +} + +extended_docs() { + cat < + ${original_exec} check_in + + Interactively edit the patches: + ${original_exec} checkout + ${original_exec} rebase -i + ${original_exec} check_in + + Add a new patch: + ${original_exec} checkout + # Make changes to the upstream repository + git commit -am "Add new feature" + ${original_exec} check_in +EOF +} + +assert_upstream_exists() { + if [[ ! -d upstream ]]; then + echo "No 'upstream' directory detected. Aborting." + exit 1 + fi +} + +assert_not_checked_out() { + current_branch=$(cd upstream && git --no-pager rev-parse --abbrev-ref HEAD) + if [[ "${current_branch}" == "pulumi/patch-checkout" ]]; then + cat <' to rebase the patches on top of the + new upstream commit. Resolve any conflicts and continue the rebase to completion. +3. '${original_exec} check_in' to create an updated set of patches from the commits + +Reset the upstream submodule to the previous known good upstream commit before +trying again. This can be done with: + + (cd upstream && git reset --hard ) + git add upstream + +EOF + exit 1 +} + +apply_patches() { + # Iterating over the patches folder in sorted order, + # apply the patch using a 3-way merge strategy. This mirrors the default behavior of 'git merge' + cd upstream + for patch in ../patches/*.patch; do + if ! git apply --3way "${patch}" --allow-empty; then + err_failed_to_apply "$(basename "${patch}")" + fi + done +} + +clean_rebases() { + # Clean up any previous in-progress rebases. + cd upstream + rebase_merge_dir=$(git rev-parse --git-path rebase-merge) + rebase_apply_dir=$(git rev-parse --git-path rebase-apply) + rm -rf "${rebase_merge_dir}" + rm -rf "${rebase_apply_dir}" + cd .. +} + +clean_branches() { + cd upstream + if git show-ref --verify --quiet refs/heads/pulumi/patch-checkout; then + git branch -D pulumi/patch-checkout + fi + if git show-ref --verify --quiet refs/heads/pulumi/checkout-base; then + git branch -D pulumi/checkout-base + fi + if git show-ref --verify --quiet refs/heads/pulumi/original-base; then + git branch -D pulumi/original-base + fi + cd .. +} + +init() { + # Parse additional flags + while getopts "f" flag; do + case "${flag}" in + f) force="true";; + *) echo "Unexpected option ${flag}"; exit 1;; + esac + done + + assert_upstream_exists + + if [[ "${force}" != "true" ]]; then + assert_not_checked_out + assert_no_rebase_in_progress + fi + + git submodule update --force --init + cd upstream && git clean -fxd && cd .. + + if [[ "${force}" == "true" ]]; then + clean_rebases + clean_branches + fi + apply_patches +} + +checkout() { + # Parse additional flags + while getopts "f" flag; do + case "${flag}" in + f) force="true";; + *) echo "Unexpected option ${flag}"; exit 1;; + esac + done + + assert_upstream_exists + + if [[ "${force}" != "true" ]]; then + assert_not_checked_out + assert_no_rebase_in_progress + fi + + git submodule update --force --init + if [[ "${force}" == "true" ]]; then + clean_rebases + clean_branches + fi + + cd upstream + git fetch --all + + # Set the 'pulumi/checkout-base' branch to the current commit of the upstream repository + # This is used to track the base commit of the patches + # If rebasing, then this must be moved to the new base commit. + git branch -f pulumi/checkout-base + # Create a new branch 'pulumi/patch-checkout' which will contain the commits for each patch + git checkout -B pulumi/patch-checkout + + for patch in ../patches/*.patch; do + if ! git am --3way "${patch}"; then + err_failed_to_apply "$(basename "${patch}")" + fi + done + + cat < + +Once you have finished editing the commits, run + ${original_exec} check_in + +EOF +} + +rebase() { + # Parse additional flags + onto="pulumi/checkout-base" + interactive="false" + while getopts "io:" flag; do + case "${flag}" in + i) interactive="true";; + o) onto="${OPTARG}";; + *) echo "Unexpected option ${flag}"; exit 1;; + esac + done + + assert_is_checked_out + + cd upstream + # Fetch the latest changes from the upstream repository + git fetch --all + # Set the "pulumi/original-base" branch to the current base commit of the patches + git branch -f pulumi/original-base pulumi/checkout-base + # Set the "pulumi/patch-checkout" branch to track the "pulumi/original-base" branch + git branch --set-upstream-to=pulumi/original-base pulumi/patch-checkout + # Set the "pulumi/checkout-base" branch to the new base commit ready for formatting the patches after + git branch -f pulumi/checkout-base "${onto}" + # Rebase the 'pulumi/patch-checkout' branch on top of the new base commit + interactive_flag="" + if [[ "${interactive}" == "true" ]]; then + interactive_flag="--interactive" + fi + if ! git rebase --onto "${onto}" ${interactive_flag}; then + echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory." + exit 1 + fi + cd .. +} + +export_patches() { + # Remove all existing patches before creating the new ones in case they've been renamed or removed. + rm -f patches/*.patch + + # Extract patches from the commits in the 'pulumi/patch-checkout' branch into the 'patches' directory. + # Use the 'pulumi/checkout-base' branch to determine the base commit of the patches. + (cd upstream && git format-patch pulumi/checkout-base -o ../patches --zero-commit --no-signature --no-stat --no-numbered) +} + +format_patches() { + assert_upstream_exists + assert_is_checked_out + assert_no_rebase_in_progress + + export_patches + cat <