Pulumi Release #2

Workflow file for this run

.github/workflows/pulumi-release.yml at 4b64855

	---
	name: Pulumi Release

	on:
	push:
	tags:
	- "pulumi-*"

	permissions:
	contents: write
	id-token: write
	attestations: write

	jobs:
	prerequisites:
	name: Prerequisites
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version-file: pulumi/provider/go.mod
	cache: true

	- name: Run provider unit tests
	working-directory: pulumi
	run: make test

	- name: Generate schema artifacts
	working-directory: pulumi
	run: make tfgen

	- name: Schema drift gate
	run: \|
	git diff --exit-code \
	pulumi/provider/cmd/pulumi-resource-flashblade/schema.json \
	pulumi/provider/cmd/pulumi-resource-flashblade/bridge-metadata.json

	- name: Upload schema.json artifact
	uses: actions/upload-artifact@v4
	with:
	name: schema
	path: pulumi/provider/cmd/pulumi-resource-flashblade/schema.json

	- name: Upload bridge-metadata.json artifact
	uses: actions/upload-artifact@v4
	with:
	name: bridge-metadata
	path: pulumi/provider/cmd/pulumi-resource-flashblade/bridge-metadata.json

	release_provider:
	name: Release Provider
	needs: prerequisites
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version-file: pulumi/provider/go.mod
	cache: true

	- name: Download schema.json artifact
	uses: actions/download-artifact@v4
	with:
	name: schema
	path: pulumi/provider/cmd/pulumi-resource-flashblade/

	- name: Download bridge-metadata.json artifact
	uses: actions/download-artifact@v4
	with:
	name: bridge-metadata
	path: pulumi/provider/cmd/pulumi-resource-flashblade/

	- name: Install cosign
	uses: sigstore/cosign-installer@v3

	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@v6
	with:
	version: "~> v2"
	args: release --clean --config pulumi/.goreleaser.pulumi.yml
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Sign checksums with Cosign (keyless)
	run: \|
	VERSION="${GITHUB_REF_NAME#pulumi-}"
	cosign sign-blob --yes \
	--output-signature "dist/pulumi-resource-flashblade_${VERSION}_SHA256SUMS.sig" \
	--output-certificate "dist/pulumi-resource-flashblade_${VERSION}_SHA256SUMS.pem" \
	"dist/pulumi-resource-flashblade_${VERSION}_SHA256SUMS"

	- name: Upload signatures to release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	VERSION="${GITHUB_REF_NAME#pulumi-}"
	gh release upload "${GITHUB_REF_NAME}" \
	"dist/pulumi-resource-flashblade_${VERSION}_SHA256SUMS.sig" \
	"dist/pulumi-resource-flashblade_${VERSION}_SHA256SUMS.pem" \
	--clobber

	release_python_sdk:
	name: Release Python SDK
	# Depend on release_provider so the GitHub release exists before we upload the wheel.
	needs: release_provider
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version-file: pulumi/provider/go.mod
	cache: true

	- name: Setup Python
	uses: actions/setup-python@v5
	with:
	python-version: "3.12"

	- name: Download schema.json artifact
	uses: actions/download-artifact@v4
	with:
	name: schema
	path: pulumi/provider/cmd/pulumi-resource-flashblade/

	- name: Download bridge-metadata.json artifact
	uses: actions/download-artifact@v4
	with:
	name: bridge-metadata
	path: pulumi/provider/cmd/pulumi-resource-flashblade/

	- name: Generate Python SDK
	working-directory: pulumi
	run: make generate_python

	- name: Build Python wheel
	working-directory: pulumi
	run: make test_python_sdk

	- name: Upload wheel to release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	WHEEL_FILE=$(ls pulumi/sdk/python/dist/pulumi_flashblade-*.whl \| head -n1)
	if [ -z "$WHEEL_FILE" ]; then
	echo "Wheel file not found"
	exit 1
	fi
	gh release upload "${GITHUB_REF_NAME}" "$WHEEL_FILE" --clobber

	tag_go_sdk:
	name: Tag Go SDK
	needs: release_provider
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Push Go SDK tag
	run: \|
	VERSION="${GITHUB_REF_NAME#pulumi-}"
	GO_TAG="sdk/go/v${VERSION}"
	if git ls-remote --tags origin "refs/tags/${GO_TAG}" \| grep -q .; then
	echo "Tag ${GO_TAG} already exists on remote — skipping (idempotent rerun)"
	exit 0
	fi
	git tag "${GO_TAG}" "${GITHUB_SHA}"
	git push origin "${GO_TAG}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Pulumi Release #2

Workflow file

Pulumi Release #2

Uh oh!

Workflow file for this run