Update GitHub Actions workflows. #4059
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt | |
| name: run-acceptance-tests | |
| on: | |
| repository_dispatch: | |
| types: | |
| - run-acceptance-tests-command | |
| pull_request: | |
| paths-ignore: | |
| - CHANGELOG.md | |
| workflow_dispatch: {} | |
| env: | |
| PROVIDER: docker-build | |
| PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
| TRAVIS_OS_NAME: linux | |
| PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
| GOVERSION: "1.21.x" | |
| NODEVERSION: "20.x" | |
| PYTHONVERSION: "3.11.8" | |
| DOTNETVERSION: "8.0.x" | |
| JAVAVERSION: "11" | |
| ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e | |
| ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 | |
| ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 | |
| AWS_REGION: us-west-2 | |
| AZURE_LOCATION: westus | |
| GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected] | |
| GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci | |
| GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci | |
| GOOGLE_PROJECT: pulumi-ci-gcp-provider | |
| GOOGLE_PROJECT_NUMBER: "895284651812" | |
| GOOGLE_REGION: us-central1 | |
| GOOGLE_ZONE: us-central1-a | |
| PULUMI_API: https://api.pulumi-staging.io | |
| PULUMI_PULUMI_ENABLE_JOURNALING: "true" | |
| PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} | |
| jobs: | |
| comment-notification: | |
| if: github.event_name == 'repository_dispatch' | |
| runs-on: ubuntu-latest | |
| name: comment-notification | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| lfs: true | |
| persist-credentials: false | |
| ref: ${{ env.PR_COMMIT_SHA }} | |
| - name: Create URL to the run output | |
| id: vars | |
| run: echo | |
| "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" | |
| >> "$GITHUB_OUTPUT" | |
| - name: Update with Result | |
| uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| repository: ${{ github.event.client_payload.github.payload.repository.full_name }} | |
| issue-number: ${{ github.event.client_payload.github.payload.issue.number }} | |
| body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}" | |
| prerequisites: | |
| runs-on: ubuntu-latest | |
| name: prerequisites | |
| permissions: | |
| id-token: write # For ESC secrets. | |
| pull-requests: write # For schema check comment. | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| lfs: true | |
| persist-credentials: false | |
| ref: ${{ env.PR_COMMIT_SHA }} | |
| - env: | |
| ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} | |
| ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" | |
| ESC_ACTION_OIDC_AUTH: "true" | |
| ESC_ACTION_OIDC_ORGANIZATION: pulumi | |
| ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization | |
| id: esc-secrets | |
| name: Fetch secrets from ESC | |
| uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b | |
| - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 | |
| id: app-auth | |
| with: | |
| app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} | |
| private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| - id: version | |
| name: Set Provider Version | |
| uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 | |
| with: | |
| set-env: PROVIDER_VERSION | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Tools | |
| uses: ./.github/actions/setup-tools | |
| with: | |
| cache: 'true' | |
| github_token: ${{ steps.app-auth.outputs.token }} | |
| - if: github.event_name == 'pull_request' | |
| name: Install Schema Tools | |
| uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 | |
| with: | |
| repo: pulumi/schema-tools | |
| - name: Build codegen binaries | |
| run: make codegen | |
| - name: Build Schema | |
| run: make generate_schema | |
| - if: github.event_name == 'pull_request' | |
| name: Check Schema is Valid | |
| run: >- | |
| { | |
| echo 'SCHEMA_CHANGES<<EOF'; | |
| schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json; | |
| echo 'EOF'; | |
| } >> "$GITHUB_ENV" | |
| env: | |
| GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} | |
| - if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' | |
| name: Comment on PR with Details of Schema Check | |
| uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 | |
| with: | |
| message: | | |
| ${{ env.SCHEMA_CHANGES }} | |
| comment-tag: schemaCheck | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && | |
| github.actor == 'pulumi-bot' | |
| name: Add label if no breaking changes | |
| uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 | |
| with: | |
| labels: impact/no-changelog-required | |
| number: ${{ github.event.issue.number }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Provider | |
| run: make provider | |
| - name: Check worktree clean | |
| id: worktreeClean | |
| uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 | |
| with: | |
| allowed-changes: |- | |
| sdk/**/pulumi-plugin.json | |
| sdk/dotnet/*.*.csproj | |
| sdk/dotnet/version.txt | |
| sdk/go/**/pulumiUtilities.go | |
| sdk/nodejs/package.json | |
| sdk/python/pyproject.toml | |
| sdk/java/build.gradle | |
| # This worktree check is a safeguard against someone forgetting to | |
| # re-build and commit locally, but we handle that commit automatically in | |
| # the case of dependency bumps. | |
| continue-on-error: ${{ contains(github.actor, 'renovate') }} | |
| - name: Commit SDK changes for Renovate | |
| if: steps.worktreeClean.outcome == 'failure' && | |
| contains(github.actor, 'renovate') && github.event_name == | |
| 'pull_request' | |
| shell: bash | |
| run: > | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "pulumi-bot" | |
| # Stash local changes and check out the PR's branch directly. | |
| git stash | |
| git fetch | |
| git checkout "origin/$HEAD_REF" | |
| # Apply and add our changes, but don't commit any files we expect to | |
| # always change due to versioning. | |
| git stash pop | |
| git add sdk provider/cmd/pulumi-resource-docker-build/schema.json | |
| git reset sdk/python/*/pulumi-plugin.json \ | |
| sdk/python/pyproject.toml \ | |
| sdk/dotnet/pulumi-plugin.json \ | |
| sdk/dotnet/*.*.csproj \ | |
| sdk/dotnet/version.txt \ | |
| sdk/go/*/pulumi-plugin.json \ | |
| sdk/go/*/internal/pulumiUtilities.go \ | |
| sdk/nodejs/package.json | |
| git commit -m 'Commit SDK for Renovate' | |
| # Push with pulumi-bot credentials to trigger a re-run of the | |
| # workflow. https://github.com/orgs/community/discussions/25702 | |
| git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" | |
| env: | |
| HEAD_REF: ${{ github.head_ref }} | |
| - run: git status --porcelain | |
| - name: Tar provider binaries | |
| run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
| github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} | |
| pulumi-gen-${{ env.PROVIDER}} | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: pulumi-${{ env.PROVIDER }}-provider.tar.gz | |
| path: ${{ github.workspace }}/bin/provider.tar.gz | |
| - name: Test Provider Library | |
| run: make test_provider | |
| env: | |
| ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }} | |
| DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }} | |
| DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload coverage reports to Codecov | |
| uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 | |
| env: | |
| CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }} | |
| - if: failure() && github.event_name == 'push' | |
| name: Notify Slack | |
| uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0 | |
| with: | |
| author_name: Failure in building provider prerequisites | |
| fields: repo,commit,author,action | |
| status: ${{ job.status }} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} | |
| if: github.event_name == 'repository_dispatch' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| build_sdks: | |
| needs: prerequisites | |
| runs-on: pulumi-ubuntu-8core | |
| strategy: | |
| fail-fast: ${{ ! contains(github.actor, 'renovate') }} | |
| matrix: | |
| language: | |
| - nodejs | |
| - python | |
| - dotnet | |
| - go | |
| - java | |
| name: build_sdks | |
| permissions: | |
| contents: read | |
| id-token: write # For ESC secrets. | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| lfs: true | |
| persist-credentials: false | |
| ref: ${{ env.PR_COMMIT_SHA }} | |
| - env: | |
| ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} | |
| ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" | |
| ESC_ACTION_OIDC_AUTH: "true" | |
| ESC_ACTION_OIDC_ORGANIZATION: pulumi | |
| ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization | |
| id: esc-secrets | |
| name: Fetch secrets from ESC | |
| uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b | |
| - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 | |
| id: app-auth | |
| with: | |
| app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} | |
| private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| - id: version | |
| name: Set Provider Version | |
| uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 | |
| with: | |
| set-env: PROVIDER_VERSION | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Tools | |
| uses: ./.github/actions/setup-tools | |
| with: | |
| github_token: ${{ steps.app-auth.outputs.token }} | |
| - name: Download provider | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: pulumi-${{ env.PROVIDER }}-provider.tar.gz | |
| path: ${{ github.workspace }}/bin | |
| - name: UnTar provider binaries | |
| run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
| github.workspace}}/bin | |
| - name: Restore Binary Permissions | |
| run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print | |
| -exec chmod +x {} \; | |
| - name: Generate SDK | |
| run: make generate_${{ matrix.language }} | |
| - name: Build SDK | |
| run: make build_${{ matrix.language }} | |
| - name: Check worktree clean | |
| id: worktreeClean | |
| uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 | |
| with: | |
| allowed-changes: |- | |
| sdk/**/pulumi-plugin.json | |
| sdk/dotnet/*.*.csproj | |
| sdk/dotnet/version.txt | |
| sdk/go/**/pulumiUtilities.go | |
| sdk/nodejs/package.json | |
| sdk/python/pyproject.toml | |
| sdk/java/build.gradle | |
| continue-on-error: ${{ contains(github.actor, 'renovate') }} | |
| - name: Commit SDK changes for Renovate | |
| if: steps.worktreeClean.outcome == 'failure' && | |
| contains(github.actor, 'renovate') && github.event_name == | |
| 'pull_request' | |
| shell: bash | |
| run: > | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "pulumi-bot" | |
| # Stash local changes and check out the PR's branch directly. | |
| git stash | |
| git fetch | |
| git checkout "origin/$HEAD_REF" | |
| # Apply and add our changes, but don't commit any files we expect to | |
| # always change due to versioning. | |
| git stash pop | |
| git add sdk provider/cmd/pulumi-resource-docker-build/schema.json | |
| git reset sdk/python/*/pulumi-plugin.json \ | |
| sdk/python/pyproject.toml \ | |
| sdk/dotnet/pulumi-plugin.json \ | |
| sdk/dotnet/*.*.csproj \ | |
| sdk/dotnet/version.txt \ | |
| sdk/go/*/pulumi-plugin.json \ | |
| sdk/go/*/internal/pulumiUtilities.go \ | |
| sdk/nodejs/package.json | |
| git commit -m 'Commit SDK for Renovate' | |
| # Push with pulumi-bot credentials to trigger a re-run of the | |
| # workflow. https://github.com/orgs/community/discussions/25702 | |
| git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" | |
| env: | |
| HEAD_REF: ${{ github.head_ref }} | |
| - run: git status --porcelain | |
| - name: Tar SDK folder | |
| run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: ${{ matrix.language }}-sdk.tar.gz | |
| path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz | |
| retention-days: 30 | |
| - if: failure() && github.event_name == 'push' | |
| name: Notify Slack | |
| uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0 | |
| with: | |
| author_name: Failure while building SDKs | |
| fields: repo,commit,author,action | |
| status: ${{ job.status }} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} | |
| if: github.event_name == 'repository_dispatch' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| test: | |
| runs-on: pulumi-ubuntu-8core | |
| needs: | |
| - build_sdks | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| language: | |
| - nodejs | |
| - python | |
| - dotnet | |
| - go | |
| - java | |
| - yaml | |
| name: test | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| lfs: true | |
| persist-credentials: false | |
| ref: ${{ env.PR_COMMIT_SHA }} | |
| - env: | |
| ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} | |
| ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" | |
| ESC_ACTION_OIDC_AUTH: "true" | |
| ESC_ACTION_OIDC_ORGANIZATION: pulumi | |
| ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization | |
| id: esc-secrets | |
| name: Fetch secrets from ESC | |
| uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b | |
| - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 | |
| id: app-auth | |
| with: | |
| app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} | |
| private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| - id: version | |
| name: Set Provider Version | |
| uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 | |
| with: | |
| set-env: PROVIDER_VERSION | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Tools | |
| uses: ./.github/actions/setup-tools | |
| with: | |
| github_token: ${{ steps.app-auth.outputs.token }} | |
| - name: Download provider | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: pulumi-${{ env.PROVIDER }}-provider.tar.gz | |
| path: ${{ github.workspace }}/bin | |
| - name: UnTar provider binaries | |
| run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
| github.workspace}}/bin | |
| - name: Restore Binary Permissions | |
| run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print | |
| -exec chmod +x {} \; | |
| - name: Download SDK | |
| if: ${{ matrix.language != 'yaml' }} | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: ${{ matrix.language }}-sdk.tar.gz | |
| path: ${{ github.workspace}}/sdk/ | |
| - name: UnTar SDK folder | |
| if: ${{ matrix.language != 'yaml' }} | |
| run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ | |
| github.workspace}}/sdk/${{ matrix.language}} | |
| - name: Update path | |
| run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
| - name: Install Node dependencies | |
| run: yarn global add typescript | |
| - run: dotnet nuget add source ${{ github.workspace }}/nuget | |
| - name: Install Python deps | |
| run: |- | |
| pip3 install virtualenv==20.0.23 | |
| pip3 install pipenv | |
| - name: Install dependencies | |
| if: ${{ matrix.language != 'yaml' }} | |
| run: make install_${{ matrix.language}}_sdk | |
| - name: Generate Pulumi Access Token | |
| id: generate_pulumi_token | |
| uses: pulumi/auth-actions@1c89817aab0c66407723cdef72b05266e7376640 # v1.0.1 | |
| with: | |
| organization: pulumi | |
| requested-token-type: urn:pulumi:token-type:access_token:organization | |
| export-environment-variables: false | |
| - name: Export AWS Credentials | |
| uses: pulumi/esc-action@6cf9520e68354d86f81c455e8d43eabd58f5c9f5 # v1.5.0 | |
| env: | |
| PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }} | |
| with: | |
| environment: logins/pulumi-ci | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 | |
| with: | |
| workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER | |
| }}/locations/global/workloadIdentityPools/${{ | |
| env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ | |
| env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} | |
| - name: Setup gcloud auth | |
| uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 | |
| with: | |
| install_components: gke-gcloud-auth-plugin | |
| - name: Install gotestfmt | |
| uses: GoTestTools/gotestfmt-action@v2 | |
| with: | |
| version: v2.5.0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run tests | |
| run: >- | |
| set -euo pipefail | |
| cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - if: failure() && github.event_name == 'push' | |
| name: Notify Slack | |
| uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0 | |
| with: | |
| author_name: Failure in SDK tests | |
| fields: repo,commit,author,action | |
| status: ${{ job.status }} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} | |
| if: github.event_name == 'repository_dispatch' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| sentinel: | |
| runs-on: ubuntu-latest | |
| name: sentinel | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| lfs: true | |
| persist-credentials: false | |
| ref: ${{ env.PR_COMMIT_SHA }} | |
| - env: | |
| ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} | |
| ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" | |
| ESC_ACTION_OIDC_AUTH: "true" | |
| ESC_ACTION_OIDC_ORGANIZATION: pulumi | |
| ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization | |
| id: esc-secrets | |
| name: Fetch secrets from ESC | |
| uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b | |
| - name: Mark workflow as successful | |
| uses: guibranco/github-status-action-v2@631f55ea0251f0fb284525ad86c30e9f7a8dd284 # v1.1.14 | |
| with: | |
| authToken: ${{ secrets.GITHUB_TOKEN }} | |
| context: Sentinel | |
| state: success | |
| description: Sentinel checks passed | |
| sha: ${{ github.event.pull_request.head.sha || github.sha }} | |
| permissions: | |
| statuses: write | |
| id-token: write # For ESC secrets. | |
| if: github.event_name == 'repository_dispatch' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| needs: | |
| - test | |
| - prerequisites | |
| - lint | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| lfs: true | |
| persist-credentials: false | |
| ref: ${{ env.PR_COMMIT_SHA }} | |
| - name: Setup Tools | |
| uses: ./.github/actions/setup-tools | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Disarm go:embed directives to enable linters that compile source code | |
| run: git grep -l 'go:embed' -- provider | xargs --no-run-if-empty sed -i | |
| 's/go:embed/ goembed/g' | |
| - name: golangci-lint provider pkg | |
| uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2 | |
| with: | |
| install-mode: none # Handled by mise. | |
| working-directory: . | |
| name: lint | |
| if: github.event_name == 'repository_dispatch' || | |
| github.event.pull_request.head.repo.full_name == github.repository |