Bumping version to clear security alert (#438) #69
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
push: | |
tags: | |
- v*.*.* | |
- '!v*.*.*-**' | |
env: | |
PROVIDER: pulumiservice | |
AWS_REGION: us-west-2 | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
# THIS GITHUB_TOKEN IS A REQUIREMENT TO BE ABLE TO WRITE TO GH RELEASES | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# IF YOU NEED TO PUBLISH A NPM PACKAGE THEN ENSURE A NPM_TOKEN SECRET IS SET | |
# AND PUBLISH_NPM: TRUE. IF YOU WANT TO PUBLISH TO A PRIVATE NPM REGISTRY | |
# THEN ENSURE THE NPM_REGISTRY_URL IS CHANGED | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
PUBLISH_NPM: true | |
NPM_REGISTRY_URL: https://registry.npmjs.org | |
# IF YOU NEED TO PUBLISH A NUGET PACKAGE THEN ENSURE AN NUGET_PUBLISH_KEY | |
# SECRET IS SET AND PUBLISH_NUGET: TRUE. IF YOU WANT TO PUBLISH TO AN ALTERNATIVE | |
# NPM REGISTRY THEN ENSURE THE NPM_REGISTRY_URL IS CHANGED | |
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | |
NUGET_FEED_URL: https://api.nuget.org/v3/index.json | |
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
PUBLISH_NUGET: true | |
# IF YOU NEED TO PUBLISH A PYPI PACKAGE THEN ENSURE AN PYPI_API_TOKEN | |
# SECRET IS SET AND PUBLISH_PYPI: TRUE. IF YOU WANT TO PUBLISH TO AN ALTERNATIVE | |
# PYPI REGISTRY THEN ENSURE THE PYPI_REPOSITORY_URL IS SET. IF YOU ARE USING AN API_TOKEN THEN | |
# YOU DO NOT NEED TO CHANGE THE PYPI_USERNAME (__token__) , IF YOU ARE USING PASSWORD AUTHENTICATION THEN YOU WILL | |
# NEED TO CHANGE TO USE THE CORRECT PASSWORD | |
PYPI_USERNAME: __token__ | |
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
PUBLISH_PYPI: true | |
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
TRAVIS_OS_NAME: linux | |
PUBLISH_MAVEN: true | |
OSSRH_REPO_URL: https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ | |
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
# Include only last 8 hex digits of the key ID included, due to | |
# limitations of gradle. | |
SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }} | |
# Obtained by `gpg --armor --export-secret-key [email protected]`. | |
SIGNING_KEY: ${{ secrets.SIGNING_KEY }} | |
# Aka passphrase for the GPG key. | |
SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }} | |
GPR_USER: ${{ secrets.GPR_USER }} | |
GPR_TOKEN: ${{ secrets.GPR_TOKEN }} | |
# Need to pin this until codegen gets updated | |
PULUMI_JAVA_SDK_VERSION: 0.10.0 | |
jobs: | |
create_docs_build: | |
name: create_docs_build | |
needs: tag_sdk | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: pulumi/pulumictl | |
- env: | |
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} | |
name: Dispatch Event | |
run: pulumictl create docs-build pulumi-${{ env.PROVIDER }} | |
${GITHUB_REF#refs/tags/} | |
publish_binary: | |
name: publish | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{matrix.goversion}} | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: pulumi/pulumictl | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: us-east-2 | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 7200 | |
role-session-name: ${{ env.PROVIDER }}@githubActions | |
role-external-id: upload-pulumi-release | |
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v2 | |
with: | |
args: -p 1 release --clean --timeout 90m0s --release-notes=CHANGELOG_PENDING.md | |
version: latest | |
strategy: | |
fail-fast: true | |
matrix: | |
goversion: | |
- 1.21.x | |
tag_sdk: | |
name: tag_sdk | |
needs: publish_sdk | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: pulumi/pulumictl | |
- name: Add SDK version tag | |
run: git tag sdk/v$(pulumictl get version --language generic) && git push origin | |
sdk/v$(pulumictl get version --language generic) | |
publish_sdk: | |
name: Publish SDKs | |
runs-on: ubuntu-latest | |
needs: publish_binary | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ matrix.goversion }} | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: pulumi/pulumictl | |
- name: Add version to environment | |
run: printf "SDK_VERSION=%s" $(pulumictl get version --language generic) >> $GITHUB_ENV | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@v5 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{matrix.nodeversion}} | |
registry-url: ${{env.NPM_REGISTRY_URL}} | |
- name: Setup DotNet | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: ${{matrix.dotnetversion}} | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{matrix.pythonversion}} | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v4 | |
if: ${{ matrix.language == 'java' }} | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
cache: 'gradle' | |
- name: Validate Gradle wrapper | |
uses: gradle/actions/wrapper-validation@v3 | |
if: ${{ matrix.language == 'java' }} | |
- name: Build gen and provider binary | |
run: make gen provider | |
- name: Generate SDK | |
run: make ${{ matrix.language }}_sdk | |
- name: Check worktree clean | |
run: | | |
git update-index -q --refresh | |
if ! git diff-files --quiet; then | |
>&2 echo "error: working tree is not clean, aborting!" | |
git status | |
git diff | |
exit 1 | |
fi | |
- name: Compress SDK folder | |
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz | |
overwrite: true | |
- if: ${{ matrix.language == 'python' && env.PUBLISH_PYPI == 'true' }} | |
name: Publish package to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
user: ${{ env.PYPI_USERNAME }} | |
password: ${{ env.PYPI_PASSWORD }} | |
packages_dir: ${{github.workspace}}/sdk/python/bin/dist | |
- if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }} | |
uses: JS-DevTools/npm-publish@v1 | |
with: | |
access: "public" | |
token: ${{ env.NPM_TOKEN }} | |
package: ${{github.workspace}}/sdk/nodejs/bin/package.json | |
- if: ${{ matrix.language == 'dotnet' && env.PUBLISH_NUGET == 'true' }} | |
name: publish nuget package | |
run: | | |
dotnet nuget push ${{github.workspace}}/sdk/dotnet/bin/Debug/*.nupkg -s ${{ env.NUGET_FEED_URL }} -k ${{ env.NUGET_PUBLISH_KEY }} | |
echo "done publishing packages" | |
- name: Publish Provider Java SDK | |
if: ${{ matrix.language == 'java' && env.PUBLISH_MAVEN == 'true' }} | |
uses: gradle/gradle-build-action@v2 | |
with: | |
arguments: publish | |
build-root-directory: sdk/java | |
gradle-version: 7.4.1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SDK_VERSION: ${{ env.SDK_VERSION }} | |
strategy: | |
fail-fast: true | |
matrix: | |
dotnetversion: | |
- 3.1.301 | |
goversion: | |
- 1.21.x | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
# yaml doesn't need an sdk :) | |
nodeversion: | |
- 20.x | |
pythonversion: | |
- "3.11" | |
javaversion: | |
- "11" |