Bumping version to clear security alert (#438) #194

Workflow file for this run

	env:
	AWS_REGION: us-west-2
	PROVIDER: pulumiservice
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
	NPM_REGISTRY_URL: https://registry.npmjs.org
	PUBLISH_NPM: true

	NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
	NUGET_FEED_URL: https://api.nuget.org/v3/index.json
	PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget

	PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
	PULUMI_BACKEND_URL: https://api.pulumi-staging.io
	PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..

	PULUMI_TEST_OWNER: service-provider-test-org
	PULUMI_TEST_USE_SERVICE: true

	PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
	PYPI_USERNAME: __token__
	PUBLISH_PYPI: true
	TRAVIS_OS_NAME: linux

	PUBLISH_MAVEN: true
	OSSRH_REPO_URL: https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/
	OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
	OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
	# Include only last 8 hex digits of the key ID included, due to
	# limitations of gradle.
	SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
	# Obtained by `gpg --armor --export-secret-key [email protected]`.
	SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
	# Aka passphrase for the GPG key.
	SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}

	GPR_USER: ${{ secrets.GPR_USER }}
	GPR_TOKEN: ${{ secrets.GPR_TOKEN }}
	jobs:
	build_sdk:
	name: build_sdk
	needs: prerequisites
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repo
	uses: actions/checkout@v4
	- name: Checkout Scripts Repo
	uses: actions/checkout@v4
	with:
	path: ci-scripts
	repository: pulumi/scripts
	- name: Unshallow clone for tags
	run: git fetch --prune --unshallow --tags
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version: ${{matrix.goversion}}
	cache-dependency-path: provider/go.sum
	- name: Install pulumictl
	uses: jaxxstorm/[email protected]
	with:
	repo: pulumi/pulumictl
	- name: Install Pulumi CLI
	uses: pulumi/actions@v5
	- name: Setup Node
	uses: actions/setup-node@v4
	with:
	node-version: ${{matrix.nodeversion}}
	registry-url: https://registry.npmjs.org
	- name: Setup DotNet
	uses: actions/setup-dotnet@v4
	with:
	dotnet-version: ${{matrix.dotnetversion}}
	- name: Setup Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{matrix.pythonversion}}
	- name: Setup java
	uses: actions/setup-java@v4
	with:
	distribution: 'adopt' # could also be 'temurin'
	java-version: ${{matrix.javaversion}}
	- name: Download provider binaries
	uses: actions/download-artifact@v4
	with:
	name: ${{ env.PROVIDER }}-provider.tar.gz
	path: ${{ github.workspace }}/bin
	- name: Untar provider binaries
	run: \|-
	tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin
	find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \;
	- name: Update path
	run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
	- name: Build SDK
	run: make ${{ matrix.language }}_sdk
	- name: Check worktree clean
	run: ./ci-scripts/ci/check-worktree-is-clean
	- name: Compress SDK folder
	run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }}
	.
	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: ${{ matrix.language }}-sdk.tar.gz
	path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
	overwrite: true
	strategy:
	fail-fast: true
	matrix:
	dotnetversion: [3.1.301]
	goversion: [1.21.x]
	language: [nodejs, python, dotnet, java, go]
	nodeversion: [20.x]
	pythonversion: ["3.11"]
	javaversion: ["11"]
	prerequisites:
	name: prerequisites
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repo
	uses: actions/checkout@v4
	- name: Checkout Scripts Repo
	uses: actions/checkout@v4
	with:
	path: ci-scripts
	repository: jaxxstorm/scripts
	ref: third_party
	- name: Unshallow clone for tags
	run: git fetch --prune --unshallow --tags
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version: ${{matrix.goversion}}
	- name: Install pulumictl
	uses: jaxxstorm/[email protected]
	with:
	repo: pulumi/pulumictl
	- name: Install Pulumi CLI
	uses: pulumi/actions@v5
	- if: github.event_name == 'pull_request'
	name: Install Schema Tools
	uses: jaxxstorm/[email protected]
	with:
	repo: mikhailshilkov/schema-tools
	- name: Build provider + gen binaries
	run: make gen provider
	- name: Tar provider binaries
	run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace
	}}/bin/ pulumi-resource-${{ env.PROVIDER }}
	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: ${{ env.PROVIDER }}-provider.tar.gz
	path: ${{ github.workspace }}/bin/provider.tar.gz
	overwrite: true
	strategy:
	fail-fast: true
	matrix:
	goversion: [1.21.x]
	publish:
	name: publish
	needs: test
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repo
	uses: actions/checkout@v4
	- name: Unshallow clone for tags
	run: git fetch --prune --unshallow --tags
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version: ${{matrix.goversion}}
	- name: Install pulumictl
	uses: jaxxstorm/[email protected]
	with:
	repo: pulumi/pulumictl
	- name: Install Pulumi CLI
	uses: pulumi/actions@v5
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-region: us-east-2
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	role-duration-seconds: 3600
	role-external-id: upload-pulumi-release
	role-session-name: ${{ env.PROVIDER}}@githubActions
	role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
	- name: Set PreRelease Version
	run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)" >> $GITHUB_ENV
	- name: Check PreRelease Version and Exit if not Alpha, Beta, or RC
	run: \|
	if [[ ! "${GORELEASER_CURRENT_TAG}" =~ -(alpha\|beta\|rc) ]]; then
	echo "Error: GORELEASER_CURRENT_TAG does not contain -alpha, -beta, or -rc"
	exit 1
	fi
	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@v2
	with:
	args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout
	60m0s
	version: latest
	strategy:
	fail-fast: true
	matrix:
	goversion:
	- 1.21.x
	publish_sdk:
	name: publish_sdk
	needs: publish
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repo
	uses: actions/checkout@v4
	- name: Checkout Scripts Repo
	uses: actions/checkout@v4
	with:
	path: ci-scripts
	repository: jaxxstorm/scripts
	ref: third_party
	- name: Unshallow clone for tags
	run: git fetch --prune --unshallow --tags
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version: ${{matrix.goversion}}
	- name: Install pulumictl
	uses: jaxxstorm/[email protected]
	with:
	repo: pulumi/pulumictl
	- name: Install Pulumi CLI
	uses: pulumi/actions@v5
	- name: Setup Node
	uses: actions/setup-node@v4
	with:
	node-version: ${{matrix.nodeversion}}
	registry-url: https://registry.npmjs.org
	- name: Setup DotNet
	uses: actions/setup-dotnet@v4
	with:
	dotnet-version: ${{matrix.dotnetversion}}
	- name: Setup Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{matrix.pythonversion}}
	- name: Setup java
	uses: actions/setup-java@v4
	with:
	distribution: 'adopt' # could also be 'temurin'
	java-version: ${{matrix.javaversion}}
	- name: Download python SDK
	uses: actions/download-artifact@v4
	with:
	name: python-sdk.tar.gz
	path: ${{ github.workspace}}/sdk/
	- name: Uncompress python SDK
	run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python
	- name: Download dotnet SDK
	uses: actions/download-artifact@v4
	with:
	name: dotnet-sdk.tar.gz
	path: ${{ github.workspace}}/sdk/
	- name: Uncompress dotnet SDK
	run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet
	- name: Download nodejs SDK
	uses: actions/download-artifact@v4
	with:
	name: nodejs-sdk.tar.gz
	path: ${{ github.workspace}}/sdk/
	- name: Uncompress nodejs SDK
	run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C ${{github.workspace}}/sdk/nodejs
	- name: download java sdk
	uses: actions/download-artifact@v4
	with:
	name: java-sdk.tar.gz
	path: ${{ github.workspace }}/sdk/
	- name: uncompress java sdk
	run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C ${{github.workspace}}/sdk/java
	- run: python -m pip install pip twine==5.0.0
	- env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	name: Publish SDKs
	run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
	strategy:
	fail-fast: true
	matrix:
	dotnetversion: [3.1.301]
	goversion: [1.21.x]
	nodeversion: [20.x]
	pythonversion: ["3.11"]
	javaversion: ["11"]
	test:
	name: test
	needs: build_sdk
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repo
	uses: actions/checkout@v4
	- name: Checkout Scripts Repo
	uses: actions/checkout@v4
	with:
	path: ci-scripts
	repository: jaxxstorm/scripts
	ref: third_party
	- name: Unshallow clone for tags
	run: git fetch --prune --unshallow --tags
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version: ${{matrix.goversion}}
	- name: Install pulumictl
	uses: jaxxstorm/[email protected]
	with:
	repo: pulumi/pulumictl
	- name: Install Pulumi CLI
	uses: pulumi/actions@v5
	- name: Setup Node
	uses: actions/setup-node@v4
	with:
	node-version: ${{matrix.nodeversion}}
	registry-url: https://registry.npmjs.org
	- name: Setup DotNet
	uses: actions/setup-dotnet@v4
	with:
	dotnet-version: ${{matrix.dotnetversion}}
	- name: Setup Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{matrix.pythonversion}}
	- name: Setup java
	uses: actions/setup-java@v4
	with:
	distribution: 'adopt' # could also be 'temurin'
	java-version: ${{matrix.javaversion}}
	- name: Download provider binaries
	uses: actions/download-artifact@v4
	with:
	name: ${{ env.PROVIDER }}-provider.tar.gz
	path: ${{ github.workspace }}/bin
	- name: Untar provider binaries
	run: \|-
	tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin
	find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \;
	- run: dotnet nuget add source ${{ github.workspace }}/nuget
	- name: Download SDK
	if: ${{ matrix.language != 'yaml' }}
	uses: actions/download-artifact@v4
	with:
	name: ${{ matrix.language }}-sdk.tar.gz
	path: ${{ github.workspace}}/sdk/
	- name: Uncompress SDK folder
	if: ${{ matrix.language != 'yaml' }}
	run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{
	github.workspace }}/sdk/${{ matrix.language }}
	- name: Update path
	run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
	- name: Install Python deps
	run: \|-
	pip3 install virtualenv==20.0.23
	pip3 install pipenv
	- name: Set up gotestfmt
	uses: GoTestTools/gotestfmt-action@v2
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	- name: Install dependencies
	if: ${{ matrix.language != 'yaml' }}
	run: make install_${{ matrix.language}}_sdk
	env:
	# Right now we pin this, we should add a way to automatically upgrade
	PULUMI_JAVA_SDK_VERSION: '0.10.0'
	- name: Run tests
	run: \|
	set -euo pipefail
	cd examples && go test -json -v -count=1 -cover -timeout 2h -tags=${{ matrix.language
	}} -parallel 4 . 2>&1 \| tee /tmp/gotest.log \| gotestfmt
	strategy:
	fail-fast: true
	matrix:
	language: [nodejs, java, python, dotnet, go, yaml, dotnet]

	dotnetversion: [3.1.301]
	goversion: [1.21.x]
	nodeversion: [20.x]
	pythonversion: ["3.11"]
	javaversion: ["11"]
	name: main
	"on":
	push:
	branches:
	- main
	paths-ignore:
	- CHANGELOG.md
	- CHANGELOG_PENDING.md
	tags-ignore:
	- v*
	- sdk/*
	- '**'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bumping version to clear security alert (#438) #194

Workflow file

Bumping version to clear security alert (#438) #194

Jobs

Run details

Workflow file for this run