Skip to content

Bumping version to clear security alert (#438) #69

Bumping version to clear security alert (#438)

Bumping version to clear security alert (#438) #69

Workflow file for this run

name: release
on:
push:
tags:
- v*.*.*
- '!v*.*.*-**'
env:
PROVIDER: pulumiservice
AWS_REGION: us-west-2
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
# THIS GITHUB_TOKEN IS A REQUIREMENT TO BE ABLE TO WRITE TO GH RELEASES
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# IF YOU NEED TO PUBLISH A NPM PACKAGE THEN ENSURE A NPM_TOKEN SECRET IS SET
# AND PUBLISH_NPM: TRUE. IF YOU WANT TO PUBLISH TO A PRIVATE NPM REGISTRY
# THEN ENSURE THE NPM_REGISTRY_URL IS CHANGED
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
PUBLISH_NPM: true
NPM_REGISTRY_URL: https://registry.npmjs.org
# IF YOU NEED TO PUBLISH A NUGET PACKAGE THEN ENSURE AN NUGET_PUBLISH_KEY
# SECRET IS SET AND PUBLISH_NUGET: TRUE. IF YOU WANT TO PUBLISH TO AN ALTERNATIVE
# NPM REGISTRY THEN ENSURE THE NPM_REGISTRY_URL IS CHANGED
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
NUGET_FEED_URL: https://api.nuget.org/v3/index.json
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PUBLISH_NUGET: true
# IF YOU NEED TO PUBLISH A PYPI PACKAGE THEN ENSURE AN PYPI_API_TOKEN
# SECRET IS SET AND PUBLISH_PYPI: TRUE. IF YOU WANT TO PUBLISH TO AN ALTERNATIVE
# PYPI REGISTRY THEN ENSURE THE PYPI_REPOSITORY_URL IS SET. IF YOU ARE USING AN API_TOKEN THEN
# YOU DO NOT NEED TO CHANGE THE PYPI_USERNAME (__token__) , IF YOU ARE USING PASSWORD AUTHENTICATION THEN YOU WILL
# NEED TO CHANGE TO USE THE CORRECT PASSWORD
PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
PUBLISH_PYPI: true
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
TRAVIS_OS_NAME: linux
PUBLISH_MAVEN: true
OSSRH_REPO_URL: https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
# Include only last 8 hex digits of the key ID included, due to
# limitations of gradle.
SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
# Obtained by `gpg --armor --export-secret-key [email protected]`.
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
# Aka passphrase for the GPG key.
SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
GPR_USER: ${{ secrets.GPR_USER }}
GPR_TOKEN: ${{ secrets.GPR_TOKEN }}
# Need to pin this until codegen gets updated
PULUMI_JAVA_SDK_VERSION: 0.10.0
jobs:
create_docs_build:
name: create_docs_build
needs: tag_sdk
runs-on: ubuntu-latest
steps:
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
name: Dispatch Event
run: pulumictl create docs-build pulumi-${{ env.PROVIDER }}
${GITHUB_REF#refs/tags/}
publish_binary:
name: publish
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{matrix.goversion}}
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
args: -p 1 release --clean --timeout 90m0s --release-notes=CHANGELOG_PENDING.md
version: latest
strategy:
fail-fast: true
matrix:
goversion:
- 1.21.x
tag_sdk:
name: tag_sdk
needs: publish_sdk
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Add SDK version tag
run: git tag sdk/v$(pulumictl get version --language generic) && git push origin
sdk/v$(pulumictl get version --language generic)
publish_sdk:
name: Publish SDKs
runs-on: ubuntu-latest
needs: publish_binary
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.goversion }}
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Add version to environment
run: printf "SDK_VERSION=%s" $(pulumictl get version --language generic) >> $GITHUB_ENV
- name: Install Pulumi CLI
uses: pulumi/actions@v5
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: ${{matrix.nodeversion}}
registry-url: ${{env.NPM_REGISTRY_URL}}
- name: Setup DotNet
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{matrix.dotnetversion}}
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: ${{matrix.pythonversion}}
- name: Set up JDK 11
uses: actions/setup-java@v4
if: ${{ matrix.language == 'java' }}
with:
java-version: '11'
distribution: 'adopt'
cache: 'gradle'
- name: Validate Gradle wrapper
uses: gradle/actions/wrapper-validation@v3
if: ${{ matrix.language == 'java' }}
- name: Build gen and provider binary
run: make gen provider
- name: Generate SDK
run: make ${{ matrix.language }}_sdk
- name: Check worktree clean
run: |
git update-index -q --refresh
if ! git diff-files --quiet; then
>&2 echo "error: working tree is not clean, aborting!"
git status
git diff
exit 1
fi
- name: Compress SDK folder
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
overwrite: true
- if: ${{ matrix.language == 'python' && env.PUBLISH_PYPI == 'true' }}
name: Publish package to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: ${{ env.PYPI_USERNAME }}
password: ${{ env.PYPI_PASSWORD }}
packages_dir: ${{github.workspace}}/sdk/python/bin/dist
- if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }}
uses: JS-DevTools/npm-publish@v1
with:
access: "public"
token: ${{ env.NPM_TOKEN }}
package: ${{github.workspace}}/sdk/nodejs/bin/package.json
- if: ${{ matrix.language == 'dotnet' && env.PUBLISH_NUGET == 'true' }}
name: publish nuget package
run: |
dotnet nuget push ${{github.workspace}}/sdk/dotnet/bin/Debug/*.nupkg -s ${{ env.NUGET_FEED_URL }} -k ${{ env.NUGET_PUBLISH_KEY }}
echo "done publishing packages"
- name: Publish Provider Java SDK
if: ${{ matrix.language == 'java' && env.PUBLISH_MAVEN == 'true' }}
uses: gradle/gradle-build-action@v2
with:
arguments: publish
build-root-directory: sdk/java
gradle-version: 7.4.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SDK_VERSION: ${{ env.SDK_VERSION }}
strategy:
fail-fast: true
matrix:
dotnetversion:
- 3.1.301
goversion:
- 1.21.x
language:
- nodejs
- python
- dotnet
- go
- java
# yaml doesn't need an sdk :)
nodeversion:
- 20.x
pythonversion:
- "3.11"
javaversion:
- "11"