From ca1938a24272a0029010785974277f27ed3f33fe Mon Sep 17 00:00:00 2001 From: Pulumi Bot <30351955+pulumi-bot@users.noreply.github.com> Date: Mon, 9 Dec 2024 18:13:26 -0800 Subject: [PATCH] Update GitHub Actions workflows. (#615) This PR was automatically generated by the update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt repo, from commit 7420998a8bb5f45102a45aadd31dde676da6d1d2. --- .github/actions/setup-tools/action.yml | 4 +-- .github/workflows/build_provider.yml | 30 +++++++++++++++++++++- .github/workflows/build_sdk.yml | 2 +- .github/workflows/community-moderation.yml | 2 +- .github/workflows/prerequisites.yml | 8 +++--- .github/workflows/pull-request.yml | 4 +-- upstream.sh | 2 +- 7 files changed, 40 insertions(+), 12 deletions(-) diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index 6a711d41..13f81583 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -30,7 +30,7 @@ runs: - name: Install pulumictl if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') - uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 with: tag: v0.0.46 repo: pulumi/pulumictl @@ -43,7 +43,7 @@ runs: - name: Install Schema Tools if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools') - uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 with: repo: pulumi/schema-tools diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index 06403553..d7857f3e 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -50,8 +50,36 @@ jobs: path: provider/cmd/pulumi-resource-rancher2 - name: Restore makefile progress run: make --touch provider schema - - name: Build & package provider + + - name: Build provider + if: matrix.platform.os != 'windows' + run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-rancher2 + + - name: Build windows provider + if: matrix.platform.os == 'windows' + run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-rancher2.exe + + - name: Sign windows provider + if: matrix.platform.os == 'windows' + run: | + az login --service-principal \ + -u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \ + -p ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} \ + -t ${{ secrets.AZURE_SIGNING_TENANT_ID }} \ + -o none; + + wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar; + + java -jar jsign-6.0.jar \ + --storetype AZUREKEYVAULT \ + --keystore "PulumiCodeSigning" \ + --url ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} \ + --storepass "$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken)" \ + bin/windows-amd64/pulumi-resource-rancher2.exe; + + - name: Package provider run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} + - name: Upload artifacts uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index 2e320fe3..925cd862 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -47,7 +47,7 @@ jobs: with: persist-credentials: false - name: Cache examples generation - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: | .pulumi/examples-cache diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml index c353895e..8eefeb73 100644 --- a/.github/workflows/community-moderation.yml +++ b/.github/workflows/community-moderation.yml @@ -25,7 +25,7 @@ jobs: - if: steps.sdk_changed.outputs.changed == 'true' && github.event.pull_request.head.repo.full_name != github.repository name: Send codegen warning as comment on PR - uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: > diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 54547a1a..13d744f7 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -53,7 +53,7 @@ jobs: with: set-env: 'PROVIDER_VERSION' - name: Cache examples generation - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: | .pulumi/examples-cache @@ -83,10 +83,10 @@ jobs: } >> "$GITHUB_ENV" - if: inputs.is_pr && inputs.is_automated == false name: Comment on PR with Details of Schema Check - uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - comment_tag: schemaCheck + github-token: ${{ secrets.GITHUB_TOKEN }} + comment-tag: schemaCheck message: >+ ${{ env.SCHEMA_CHANGES }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index d1358aad..80f6653d 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -30,9 +30,9 @@ jobs: with: persist-credentials: false - name: Comment PR - uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} message: > PR is now waiting for a maintainer to run the acceptance tests. diff --git a/upstream.sh b/upstream.sh index 640b8363..ce90039c 100755 --- a/upstream.sh +++ b/upstream.sh @@ -286,7 +286,7 @@ rebase() { interactive_flag="--interactive" fi if ! git rebase --onto "${onto}" ${interactive_flag}; then - echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory." + echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory. Once the rebase is complete, run '${original_exec} check_in' to write to commits back to patches." exit 1 fi cd ..