Skip to content
Pull request

Publish Package Metadata juju@1.0.0-beta2 #9617

Sign in to view logs

Publish Package Metadata juju@1.0.0-beta2

Publish Package Metadata juju@1.0.0-beta2 #9617

Workflow file for this run

.github/workflows/pull-request.yml at 98f3be7
permissions: write-all # Equivalent to default permissions plus id-token: write
env:
ESC_ACTION_OIDC_AUTH: true
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
ESC_ACTION_ENVIRONMENT: github-secrets/pulumi-registry
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: false
name: Pull request
on:
pull_request:
branches:
- master
jobs:
sentinel:
# The name of this action cannot be "Sentinel", since this job exists to create an
# action result called "Sentinel".
name: Sentinel Tower
if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository
permissions:
statuses: write
needs:
- resourcedocsgen
- mktutorial
- lint-markdown
- lint-scripts
- test-provider-api-docs
- preview
- test-live-publish
runs-on: ubuntu-latest
steps:
- uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13
with:
authToken: ${{secrets.GITHUB_TOKEN}}
# Write an explicit status check called "Sentinel" which will only pass if this code really runs.
# This should always be a required check for PRs.
context: 'Sentinel'
description: 'All required checks passed'
state: 'success'
# Write to the PR commit SHA if it's available as we don't want the merge commit sha,
# otherwise use the current SHA for any other type of build.
sha: ${{ github.event.pull_request.head.sha || github.sha }}
resourcedocsgen:
uses: ./.github/workflows/check-go.yml
with:
path: tools/resourcedocsgen/
mktutorial:
uses: ./.github/workflows/check-go.yml
with:
path: tools/mktutorial/
lint-markdown:
name: Lint Markdown
runs-on: ubuntu-latest
steps:
- name: Install Node
uses: actions/setup-node@v4
with:
node-version: "23.x"
- name: Check out branch
uses: actions/checkout@v4
- name: Lint Markdown
run: |
yarn install
make lint-markdown
lint-scripts:
name: Lint Scripts
runs-on: ubuntu-latest
steps:
- name: Install Node
uses: actions/setup-node@v4
with:
node-version: "23.x"
- name: Check out branch
uses: actions/checkout@v4
- name: Yarn Install
run: yarn install
- name: Run Linter
run: yarn run lint
test-live-publish:
name: Test Live Registry Publish
runs-on: ubuntu-latest
steps:
- name: Fetch secrets from ESC
id: esc-secrets
uses: pulumi/esc-action@cf5b30703ffd5ad60cc3a880c09b3a9592b9372d # v1
- name: Check out branch
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v5
- run: uv run --with requests,pyyaml scripts/ci/push-registry.py --dry-run
env:
PULUMI_ACCESS_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_ACCESS_TOKEN }}
test-provider-api-docs:
name: Test Provider API Docs
runs-on: ubuntu-latest
steps:
- name: Check out branch
uses: actions/checkout@v4
- name: Install Node
uses: actions/setup-node@v4
with:
node-version: "23.x"
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: stable
- name: Install Hugo
uses: peaceiris/actions-hugo@v3
with:
hugo-version: "0.135.0"
extended: true
- name: Prepare
run: make ensure build-assets
- name: Run Provider Tests
run: make test_provider_api_docs
env:
GOPATH: ${{ github.workspace }}/go
# Preview runs a registry build into a commit specific S3 bucket to preview changes.
#
# A link to the generated build is appended to the PR on each commit.
preview:
name: Build and deploy preview
# Only run this job for events that originate on this repository and if the automation/merge label is not applied to the PR.
# PRs with the automation/tfgen-provider-docs label contain only metadata file changes and don't need a PR build.
if: github.event.pull_request.head.repo.full_name == github.repository && contains(github.event.pull_request.labels.*.name, 'automation/tfgen-provider-docs') != true
runs-on: pulumi-service-ubuntu-24.04-16core
environment: testing
env:
GOPATH: ${{ github.workspace }}/go
steps:
- name: Fetch secrets from ESC
id: esc-secrets
uses: pulumi/esc-action@cf5b30703ffd5ad60cc3a880c09b3a9592b9372d # v1
- name: Install Node
uses: actions/setup-node@v4
with:
node-version: "22.x"
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: 1.23.x
- name: Install Hugo
uses: peaceiris/actions-hugo@v3
with:
hugo-version: "0.135.0"
extended: true
- name: Check out branch
uses: actions/checkout@v4
- name: Validate JSON file syntax
uses: limitusus/json-syntax-check@v2
with:
pattern: "community-packages/package-list.json"
- name: Yarn Install
run: yarn install
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_CI_ROLE_ARN }}
role-session-name: PullRequestPreviewSession
- name: Build and deploy preview
run: make ci-pull-request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PULUMI_ACCESS_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_ACCESS_TOKEN }}
PULUMI_STACK_NAME: ${{ vars.PULUMI_STACK_NAME }}
NODE_OPTIONS: "--max_old_space_size=8192"
ALGOLIA_APP_ID: ${{ vars.ALGOLIA_APP_ID }}
ALGOLIA_APP_SEARCH_KEY: ${{ vars.ALGOLIA_APP_SEARCH_KEY }}
notify:
if: (github.event.pull_request.user.login == 'pulumi-bot') && failure()
name: Send slack notification
runs-on: ubuntu-latest
needs: [preview]
steps:
- name: Fetch secrets from ESC
id: esc-secrets
uses: pulumi/esc-action@cf5b30703ffd5ad60cc3a880c09b3a9592b9372d # v1
- name: Slack Notification
uses: docker://sholung/action-slack-notify:v2.3.0
env:
SLACK_CHANNEL: registry-ops
SLACK_COLOR: "#F54242"
SLACK_MESSAGE: "pull request build failure in pulumi/registry repo :meow_sad:"
SLACK_USERNAME: registrybot
SLACK_WEBHOOK: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_ICON: https://www.pulumi.com/logos/brand/avatar-on-white.png