diff --git a/.ci-mgmt.yaml b/.ci-mgmt.yaml index cd348941f18..27110db0fd5 100644 --- a/.ci-mgmt.yaml +++ b/.ci-mgmt.yaml @@ -86,6 +86,33 @@ extraTests: env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + upstream_lint: + name: Run upstream provider-lint + runs-on: ubuntu-latest + timeout-minutes: 60 + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + with: + swap-storage: false + tool-cache: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + submodules: true + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: "1.22.x" + cache: false + - name: Make upstream + run: make upstream + - name: upstream lint + run: | + cd upstream + make provider-lint + test_oidc: name: test_oidc needs: build_sdk diff --git a/.github/actions/download-bin/action.yml b/.github/actions/download-bin/action.yml new file mode 100644 index 00000000000..68f0db20837 --- /dev/null +++ b/.github/actions/download-bin/action.yml @@ -0,0 +1,16 @@ +name: Download binary assets +description: Downloads the provider and tfgen binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: aws-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + shell: bash + run: | + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin + find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; diff --git a/.github/actions/download-sdk/action.yml b/.github/actions/download-sdk/action.yml new file mode 100644 index 00000000000..1fd54841b40 --- /dev/null +++ b/.github/actions/download-sdk/action.yml @@ -0,0 +1,19 @@ +name: Download SDK asset +description: Restores the SDK asset for a language. + +inputs: + language: + required: true + description: One of nodejs, python, dotnet, go, java + +runs: + using: "composite" + steps: + - name: Download ${{ inputs.language }} SDK + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress SDK folder + shell: bash + run: tar -zxf ${{ github.workspace }}/sdk/${{ inputs.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ inputs.language }} diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index a3f170c839b..ec2dddec60f 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -26,6 +26,7 @@ runs: cache-dependency-path: | provider/*.sum upstream/*.sum + sdk/*.sum - name: Install pulumictl if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') diff --git a/.github/actions/upload-bin/action.yml b/.github/actions/upload-bin/action.yml new file mode 100644 index 00000000000..89b8a7363f3 --- /dev/null +++ b/.github/actions/upload-bin/action.yml @@ -0,0 +1,15 @@ +name: Upload bin assets +description: Uploads the provider and tfgen binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Tar provider binaries + shell: bash + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-aws pulumi-tfgen-aws + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: aws-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + retention-days: 30 diff --git a/.github/actions/upload-sdk/action.yml b/.github/actions/upload-sdk/action.yml new file mode 100644 index 00000000000..77d4849426b --- /dev/null +++ b/.github/actions/upload-sdk/action.yml @@ -0,0 +1,20 @@ +name: Upload SDK asset +description: Upload the SDK for a specific language as an asset for the workflow. + +inputs: + language: + required: true + description: One of nodejs, python, dotnet, go, java + +runs: + using: "composite" + steps: + - name: Compress SDK folder + shell: bash + run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz + retention-days: 30 diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index 1c7f099082b..5e209851e11 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -26,7 +26,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi PROVIDER_VERSION: ${{ inputs.version }} @@ -58,17 +57,8 @@ jobs: uses: ./.github/actions/setup-tools with: tools: pulumictl, pulumicli, go, node, dotnet, python, java - - name: Download provider + tfgen binaries - uses: actions/download-artifact@v4 - with: - name: aws-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: >- - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ - github.workspace}}/bin - - find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; + - name: Download bin + uses: ./.github/actions/download-bin - name: Install plugins run: make install_plugins - name: Update path @@ -84,11 +74,7 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml - - name: Compress SDK folder - run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . - - name: Upload artifacts - uses: actions/upload-artifact@v4 + - name: Upload SDK + uses: ./.github/actions/upload-sdk with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz - retention-days: 30 + language: ${{ matrix.language }} diff --git a/.github/workflows/check-upstream-upgrade.yml b/.github/workflows/check-upstream-upgrade.yml index f2de64f81af..d79f5127e2f 100644 --- a/.github/workflows/check-upstream-upgrade.yml +++ b/.github/workflows/check-upstream-upgrade.yml @@ -8,16 +8,14 @@ jobs: name: Check for upstream provider upgrades runs-on: ubuntu-latest steps: - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: "1.21.x" - cache-dependency-path: | - sdk/go.sum - name: Checkout Repo uses: actions/checkout@v4 with: submodules: true + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go - name: Install upgrade-provider run: go install github.com/pulumi/upgrade-provider@main shell: bash @@ -34,17 +32,6 @@ jobs: env: REPO: ${{ github.repository }} shell: bash - - name: Send Check Version Failure To Slack - if: failure() - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_CHANNEL: provider-upgrade-publish-status - SLACK_COLOR: "#FF0000" - SLACK_ICON_EMOJI: ":owl:" - SLACK_MESSAGE: " Failed to check upstream for a new version " - SLACK_TITLE: ${{ github.event.repository.name }} upstream version check - SLACK_USERNAME: provider-bot - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} name: Check upstream upgrade on: workflow_dispatch: {} #so we can run this manually if necessary. diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index a43b28af672..91906bf0d61 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -19,7 +19,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: command-dispatch-for-testing: diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index e721c81f262..b146f85e5a1 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -26,7 +26,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: @@ -38,12 +37,10 @@ jobs: uses: actions/checkout@v4 with: ref: ${{ env.PR_COMMIT_SHA }} - - name: Install Go - uses: actions/setup-go@v5 + - name: Setup tools + uses: ./.github/actions/setup-tools with: - cache-dependency-path: | - sdk/go.sum - go-version: "1.21.x" + tools: go - run: make upstream - uses: pulumi/license-check-action@main with: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 533013658a6..f8edde6f8cf 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -25,7 +25,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 58becf5eed8..8d082f4782a 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -19,7 +19,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: prerequisites: @@ -61,26 +60,10 @@ jobs: aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} aws-region: us-west-2 aws-secret-access-key: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} - - name: Install Go - uses: actions/setup-go@v5 + - name: Setup tools + uses: ./.github/actions/setup-tools with: - go-version: "1.21.x" - cache-dependency-path: | - sdk/go.sum - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - tag: v0.0.46 - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - with: - pulumi-version: "dev" - - if: github.event_name == 'pull_request' - name: Install Schema Tools - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - repo: pulumi/schema-tools + tools: pulumictl, pulumicli, go, schema-tools - name: Echo Coverage Output Dir run: 'echo "Coverage output directory: ${{ env.COVERAGE_OUTPUT_DIR }}"' - name: Generate Coverage Data @@ -108,85 +91,17 @@ jobs: - go_test_shim - provider_test - test_oidc - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: "1.21.x" - cache-dependency-path: | - sdk/go.sum - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - tag: v0.0.46 - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - with: - pulumi-version: "dev" - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: aws@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 1 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 150m0s - version: latest - - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.18 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} - dotnet-version: "6.0.x" - java-version: "11" - node-version: "20.x" - python-version: "3.11.8" - - env: - SLACK_CHANNEL: provider-upgrade-publish-status - SLACK_COLOR: "#FF0000" - SLACK_ICON_EMOJI: ":taco:" - SLACK_MESSAGE: "Publish failed :x:" - SLACK_TITLE: ${{ github.event.repository.name }} upgrade result - SLACK_USERNAME: provider-bot - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - if: failure() - name: Send Publish Failure To Slack - uses: rtCamp/action-slack-notify@v2 + - upstream_lint + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + skipGoSdk: true tag_release_if_labeled_needs_release: name: Tag release if labeled as needs-release - needs: publish_sdk + needs: publish runs-on: ubuntu-latest steps: - name: check if this commit needs release @@ -223,64 +138,17 @@ jobs: uses: actions/checkout@v4 with: submodules: true - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: "1.21.x" - cache-dependency-path: | - sdk/go.sum - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - tag: v0.0.46 - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - with: - pulumi-version: "dev" - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: "20.x" - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: "6.0.x" - - name: Setup Python - uses: actions/setup-python@v5 + - name: Setup tools + uses: ./.github/actions/setup-tools with: - python-version: "3.11.8" - - name: Setup Java - uses: actions/setup-java@v4 - with: - cache: gradle - distribution: temurin - java-version: "11" - - name: Setup Gradle - uses: gradle/gradle-build-action@v3 - with: - gradle-version: "7.6" - - name: Download provider + tfgen binaries - uses: actions/download-artifact@v4 - with: - name: aws-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: >- - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ - github.workspace}}/bin - - find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; + tools: pulumictl, pulumicli, go, node, dotnet, python, java + - name: Download bin + uses: ./.github/actions/download-bin - run: dotnet nuget add source ${{ github.workspace }}/nuget - name: Download SDK - uses: actions/download-artifact@v4 + uses: ./.github/actions/download-sdk with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ - github.workspace }}/sdk/${{ matrix.language }} + language: ${{ matrix.language }} - name: Update path run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - name: Install Python deps @@ -508,9 +376,36 @@ jobs: matrix: language: - nodejs + upstream_lint: + name: Run upstream provider-lint + runs-on: ubuntu-latest + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + with: + swap-storage: false + tool-cache: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + submodules: true + - name: Install Go + uses: actions/setup-go@v5 + with: + cache: false + go-version: 1.22.x + - name: Make upstream + run: make upstream + - name: upstream lint + run: | + cd upstream + make provider-lint + timeout-minutes: 60 name: master on: + workflow_dispatch: {} push: branches: - master diff --git a/.github/workflows/nightly-test.yml b/.github/workflows/nightly-test.yml index 7f5ec756c08..ef2323bebda 100644 --- a/.github/workflows/nightly-test.yml +++ b/.github/workflows/nightly-test.yml @@ -19,7 +19,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: prerequisites: @@ -60,64 +59,17 @@ jobs: uses: actions/checkout@v4 with: submodules: true - - name: Install Go - uses: actions/setup-go@v5 + - name: Setup tools + uses: ./.github/actions/setup-tools with: - go-version: "1.21.x" - cache-dependency-path: | - sdk/go.sum - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - tag: v0.0.46 - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - with: - pulumi-version: "dev" - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: "20.x" - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: "6.0.x" - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: "3.11.8" - - name: Setup Java - uses: actions/setup-java@v4 - with: - cache: gradle - distribution: temurin - java-version: "11" - - name: Setup Gradle - uses: gradle/gradle-build-action@v3 - with: - gradle-version: "7.6" - - name: Download provider + tfgen binaries - uses: actions/download-artifact@v4 - with: - name: aws-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: >- - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ - github.workspace}}/bin - - find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; + tools: pulumictl, pulumicli, go, node, dotnet, python, java + - name: Download bin + uses: ./.github/actions/download-bin - run: dotnet nuget add source ${{ github.workspace }}/nuget - name: Download SDK - uses: actions/download-artifact@v4 + uses: ./.github/actions/download-sdk with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ - github.workspace }}/sdk/${{ matrix.language }} + language: ${{ matrix.language }} - name: Update path run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - name: Install Python deps diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 0653c571300..a0379e8b99c 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -20,7 +20,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: prerequisites: @@ -53,118 +52,13 @@ jobs: - go_test_shim - provider_test - test_oidc - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: "1.21.x" - cache-dependency-path: | - sdk/go.sum - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - tag: v0.0.46 - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - with: - pulumi-version: "dev" - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: aws@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 1 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 150m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.18 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} - dotnet-version: "6.0.x" - java-version: "11" - node-version: "20.x" - python-version: "3.11.8" - - env: - SLACK_CHANNEL: provider-upgrade-publish-status - SLACK_COLOR: "#FF0000" - SLACK_ICON_EMOJI: ":taco:" - SLACK_MESSAGE: "Publish failed :x:" - SLACK_TITLE: ${{ github.event.repository.name }} upgrade result - SLACK_USERNAME: provider-bot - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - if: failure() - name: Send Publish Failure To Slack - uses: rtCamp/action-slack-notify@v2 - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - tag: v0.0.46 - repo: pulumi/pulumictl - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz + - upstream_lint + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + test: name: test needs: @@ -187,64 +81,17 @@ jobs: uses: actions/checkout@v4 with: submodules: true - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: "1.21.x" - cache-dependency-path: | - sdk/go.sum - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - tag: v0.0.46 - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - with: - pulumi-version: "dev" - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: "20.x" - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: "6.0.x" - - name: Setup Python - uses: actions/setup-python@v5 + - name: Setup tools + uses: ./.github/actions/setup-tools with: - python-version: "3.11.8" - - name: Setup Java - uses: actions/setup-java@v4 - with: - cache: gradle - distribution: temurin - java-version: "11" - - name: Setup Gradle - uses: gradle/gradle-build-action@v3 - with: - gradle-version: "7.6" - - name: Download provider + tfgen binaries - uses: actions/download-artifact@v4 - with: - name: aws-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: >- - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ - github.workspace}}/bin - - find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; + tools: pulumictl, pulumicli, go, node, dotnet, python, java + - name: Download bin + uses: ./.github/actions/download-bin - run: dotnet nuget add source ${{ github.workspace }}/nuget - name: Download SDK - uses: actions/download-artifact@v4 + uses: ./.github/actions/download-sdk with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ - github.workspace }}/sdk/${{ matrix.language }} + language: ${{ matrix.language }} - name: Update path run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - name: Install Python deps @@ -472,20 +319,33 @@ jobs: matrix: language: - nodejs + upstream_lint: + name: Run upstream provider-lint + runs-on: ubuntu-latest + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + with: + swap-storage: false + tool-cache: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + submodules: true + - name: Install Go + uses: actions/setup-go@v5 + with: + cache: false + go-version: 1.22.x + - name: Make upstream + run: make upstream + - name: upstream lint + run: | + cd upstream + make provider-lint + timeout-minutes: 60 - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. - enableMacosRunner: false name: prerelease on: diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 1769bf0c68e..7190133a88f 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -36,7 +36,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: @@ -103,13 +102,5 @@ jobs: Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes. - - name: Tar provider binaries - run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ - github.workspace }}/bin/ pulumi-resource-aws - pulumi-tfgen-aws - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: aws-provider.tar.gz - path: ${{ github.workspace }}/bin/provider.tar.gz - retention-days: 30 + - name: Upload bin + uses: ./.github/actions/upload-bin diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000000..4cbebe2f3a8 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,180 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: Publish + +on: + workflow_call: + inputs: + version: + required: true + type: string + isPrerelease: + required: true + type: boolean + skipGoSdk: + default: false + type: boolean + description: Skip publishing & verifying the Go SDK + +env: + IS_PRERELEASE: ${{ inputs.isPrerelease }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PULUMI_MISSING_DOCS_ERROR: true + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + publish: + name: publish + runs-on: ubuntu-latest + steps: + - name: Validate prerelease + if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) + run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1 + - name: Validate skipGoSdk + if: inputs.skipGoSdk && inputs.isPrerelease == false + run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@v1.3.1 + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: false + swap-storage: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + submodules: true + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-external-id: upload-pulumi-release + role-session-name: aws@githubActions + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Run GoReleaser + if: inputs.isPrerelease == false + uses: goreleaser/goreleaser-action@v5 + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p 1 release --rm-dist --timeout 150m0s + version: latest + - name: Run GoReleaser (prerelease) + if: inputs.isPrerelease == true + uses: goreleaser/goreleaser-action@v5 + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p 1 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout + 150m0s + version: latest + + publish_sdk: + name: publish_sdk + needs: publish + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + submodules: true + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, node, dotnet, python, java + - name: Publish SDKs + uses: pulumi/pulumi-package-publisher@v0.0.19 + with: + sdk: all + version: ${{ inputs.version }} + - name: Download Go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - uses: pulumi/publish-go-sdk-action@v1 + if: inputs.skipGoSdk == false + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ inputs.version }} + additive: false + # Avoid including other language SDKs & artifacts in the commit + files: | + go.* + go/** + !*.tar.gz + create_docs_build: + name: create_docs_build + needs: publish_sdk + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + runs-on: ubuntu-latest + steps: + - name: Dispatch Metadata build + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: pulumi/registry + event-type: resource-provider + client-payload: |- + { + "project": "${{ github.repository }}", + "project-shortname": "aws", + "ref": "${{ github.ref_name }}" + } + + clean_up_release_labels: + name: Clean up release labels + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + needs: create_docs_build + + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Clean up release labels + uses: pulumi/action-release-by-pr-label@main + with: + command: "clean-up-release-labels" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index b54bb47717f..5b20f8ee261 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -19,7 +19,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: comment-on-pr: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 75d9a0e3333..aa19c8df880 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: prerequisites: @@ -38,23 +37,6 @@ jobs: with: version: ${{ needs.prerequisites.outputs.version }} - create_docs_build: - name: create_docs_build - needs: publish_go_sdk - runs-on: ubuntu-latest - steps: - - name: Dispatch Metadata build - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.PULUMI_BOT_TOKEN }} - repository: pulumi/registry - event-type: resource-provider - client-payload: |- - { - "project": "${{ github.repository }}", - "project-shortname": "aws", - "ref": "${{ github.ref_name }}" - } license_check: name: License Check uses: ./.github/workflows/license.yml @@ -69,134 +51,12 @@ jobs: - go_test_shim - provider_test - test_oidc - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: "1.21.x" - cache-dependency-path: | - sdk/go.sum - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - tag: v0.0.46 - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - with: - pulumi-version: "dev" - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: aws@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 1 release --rm-dist --timeout 150m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.18 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} - dotnet-version: "6.0.x" - java-version: "11" - node-version: "20.x" - python-version: "3.11.8" - - env: - SLACK_CHANNEL: provider-upgrade-publish-status - SLACK_COLOR: "#FF0000" - SLACK_ICON_EMOJI: ":taco:" - SLACK_MESSAGE: "Publish failed :x:" - SLACK_TITLE: ${{ github.event.repository.name }} upgrade result - SLACK_USERNAME: provider-bot - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - if: failure() - name: Send Publish Failure To Slack - uses: rtCamp/action-slack-notify@v2 - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - submodules: true - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - tag: v0.0.46 - repo: pulumi/pulumictl - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz - - clean_up_release_labels: - name: Clean up release labels - needs: create_docs_build - - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Clean up release labels - uses: pulumi/action-release-by-pr-label@main - with: - command: "clean-up-release-labels" - repo: ${{ github.repository }} - commit: ${{ github.sha }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - upstream_lint + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: false test: name: test @@ -220,64 +80,17 @@ jobs: uses: actions/checkout@v4 with: submodules: true - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: "1.21.x" - cache-dependency-path: | - sdk/go.sum - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - tag: v0.0.46 - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 + - name: Setup tools + uses: ./.github/actions/setup-tools with: - pulumi-version: "dev" - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: "20.x" - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: "6.0.x" - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: "3.11.8" - - name: Setup Java - uses: actions/setup-java@v4 - with: - cache: gradle - distribution: temurin - java-version: "11" - - name: Setup Gradle - uses: gradle/gradle-build-action@v3 - with: - gradle-version: "7.6" - - name: Download provider + tfgen binaries - uses: actions/download-artifact@v4 - with: - name: aws-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: >- - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ - github.workspace}}/bin - - find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; + tools: pulumictl, pulumicli, go, node, dotnet, python, java + - name: Download bin + uses: ./.github/actions/download-bin - run: dotnet nuget add source ${{ github.workspace }}/nuget - name: Download SDK - uses: actions/download-artifact@v4 + uses: ./.github/actions/download-sdk with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ - github.workspace }}/sdk/${{ matrix.language }} + language: ${{ matrix.language }} - name: Update path run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - name: Install Python deps @@ -505,19 +318,33 @@ jobs: matrix: language: - nodejs + upstream_lint: + name: Run upstream provider-lint + runs-on: ubuntu-latest + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + with: + swap-storage: false + tool-cache: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + submodules: true + - name: Install Go + uses: actions/setup-go@v5 + with: + cache: false + go-version: 1.22.x + - name: Make upstream + run: make upstream + - name: upstream lint + run: | + cd upstream + make provider-lint + timeout-minutes: 60 - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - enableMacosRunner: true name: release on: diff --git a/.github/workflows/resync-build.yml b/.github/workflows/resync-build.yml index e463a7fbdbb..21cd27e98a4 100644 --- a/.github/workflows/resync-build.yml +++ b/.github/workflows/resync-build.yml @@ -21,7 +21,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: resync_build: @@ -40,34 +39,10 @@ jobs: - id: run-url name: Create URL to the run output run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" - - name: Install Go - uses: actions/setup-go@v5 + - name: Setup tools + uses: ./.github/actions/setup-tools with: - go-version: "1.21.x" - cache-dependency-path: | - sdk/go.sum - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.11.0 - with: - tag: v0.0.46 - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@v5 - with: - pulumi-version: "dev" - - name: Setup DotNet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: "6.0.x" - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: "20.x" - registry-url: https://registry.npmjs.org - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: "3.11.8" + tools: pulumictl, pulumicli, go, node, dotnet, python - name: Sync with ci-mgmt run: cp -r "ci-mgmt/provider-ci/providers/$PROVIDER/repo/." . - name: Remove ci-mgmt directory diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 9d0be6d6895..4e78ade105a 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -20,7 +20,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi # This should cancel any previous runs of the same workflow on the same branch which are still running. @@ -73,6 +72,7 @@ jobs: - go_test_shim - provider_test - test_oidc + - upstream_lint runs-on: ubuntu-latest steps: - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 @@ -122,26 +122,13 @@ jobs: uses: ./.github/actions/setup-tools with: tools: pulumictl, pulumicli, go, node, dotnet, python, java - - name: Download provider + tfgen binaries - uses: actions/download-artifact@v4 - with: - name: aws-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: Untar provider binaries - run: >- - tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ - github.workspace}}/bin - - find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; + - name: Download bin + uses: ./.github/actions/download-bin - run: dotnet nuget add source ${{ github.workspace }}/nuget - name: Download SDK - uses: actions/download-artifact@v4 + uses: ./.github/actions/download-sdk with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: Uncompress SDK folder - run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ - github.workspace }}/sdk/${{ matrix.language }} + language: ${{ matrix.language }} - name: Update path run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - name: Install Python deps @@ -379,6 +366,32 @@ jobs: matrix: language: - nodejs + upstream_lint: + name: Run upstream provider-lint + runs-on: ubuntu-latest + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + with: + swap-storage: false + tool-cache: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + submodules: true + - name: Install Go + uses: actions/setup-go@v5 + with: + cache: false + go-version: 1.22.x + - name: Make upstream + run: make upstream + - name: upstream lint + run: | + cd upstream + make provider-lint + timeout-minutes: 60 name: run-acceptance-tests on: diff --git a/.github/workflows/upgrade-bridge.yml b/.github/workflows/upgrade-bridge.yml index 3a840722873..69c476ffbca 100644 --- a/.github/workflows/upgrade-bridge.yml +++ b/.github/workflows/upgrade-bridge.yml @@ -83,27 +83,3 @@ jobs: pr-reviewers: ${{ github.event.client_payload.pr-reviewers }} pr-description: ${{ github.event.client_payload.pr-description }} pr-title-prefix: ${{ github.event.client_payload.pr-title-prefix }} - - env: - SLACK_CHANNEL: provider-upgrade-publish-status - SLACK_COLOR: "#7CFC00" - SLACK_ICON_EMOJI: ":taco:" - SLACK_MESSAGE: >- - Upgrade succeeded :heart_decoration: - - PR opened at github.com/pulumi/${{ github.event.repository.name }}/pulls - SLACK_TITLE: ${{ github.event.repository.name }} upgrade result - SLACK_USERNAME: provider-bot - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - name: Send Upgrade Success To Slack - uses: rtCamp/action-slack-notify@v2 - - env: - SLACK_CHANNEL: provider-upgrade-publish-status - SLACK_COLOR: "#FF0000" - SLACK_ICON_EMOJI: ":taco:" - SLACK_MESSAGE: " Upgrade failed :x:" - SLACK_TITLE: ${{ github.event.repository.name }} upgrade result - SLACK_USERNAME: provider-bot - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - if: failure() - name: Send Upgrade Failure To Slack - uses: rtCamp/action-slack-notify@v2 diff --git a/.github/workflows/upgrade-provider.yml b/.github/workflows/upgrade-provider.yml index 04f7d6aba1e..02437beb9dc 100644 --- a/.github/workflows/upgrade-provider.yml +++ b/.github/workflows/upgrade-provider.yml @@ -15,30 +15,6 @@ jobs: kind: all email: bot@pulumi.com username: pulumi-bot - - env: - SLACK_CHANNEL: provider-upgrade-publish-status - SLACK_COLOR: "#7CFC00" - SLACK_ICON_EMOJI: ":taco:" - SLACK_MESSAGE: >- - Upgrade succeeded :heart_decoration: - - PR opened at github.com/pulumi/${{ github.event.repository.name }}/pulls - SLACK_TITLE: ${{ github.event.repository.name }} upgrade result - SLACK_USERNAME: provider-bot - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - name: Send Upgrade Success To Slack - uses: rtCamp/action-slack-notify@v2 - - env: - SLACK_CHANNEL: provider-upgrade-publish-status - SLACK_COLOR: "#FF0000" - SLACK_ICON_EMOJI: ":taco:" - SLACK_MESSAGE: " Upgrade failed :x:" - SLACK_TITLE: ${{ github.event.repository.name }} upgrade result - SLACK_USERNAME: provider-bot - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - if: failure() - name: Send Upgrade Failure To Slack - uses: rtCamp/action-slack-notify@v2 name: Upgrade provider on: issues: diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index 9ebd3f6b764..c9c7dbe8055 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -22,6 +22,11 @@ on: required: false type: boolean default: false + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build." + required: false + type: boolean + default: false env: AWS_REGION: us-west-2 @@ -42,7 +47,6 @@ env: SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: @@ -66,3 +70,5 @@ jobs: uses: actions/checkout@v4 - name: Setup tools uses: ./.github/actions/setup-tools + with: + tools: pulumicli, go, node, dotnet, python, java diff --git a/.upgrade-config.yml b/.upgrade-config.yml index 749c6fa2eeb..1c2df133e15 100644 --- a/.upgrade-config.yml +++ b/.upgrade-config.yml @@ -4,4 +4,3 @@ upstream-provider-name: terraform-provider-aws pulumi-infer-version: true remove-plugins: true -pr-reviewers: iwahbe # Team: pulumi/Providers diff --git a/patches/0009-Add-ECR-credentials_data_source.patch b/patches/0009-Add-ECR-credentials_data_source.patch index fec572dc4f7..eb9d9144c68 100644 --- a/patches/0009-Add-ECR-credentials_data_source.patch +++ b/patches/0009-Add-ECR-credentials_data_source.patch @@ -31,10 +31,10 @@ index 650a8e25fb..81babf4a9c 100644 }, diff --git a/internal/service/ecr/credentials_data_source.go b/internal/service/ecr/credentials_data_source.go new file mode 100644 -index 0000000000..572754846f +index 0000000000..b6e19a7283 --- /dev/null +++ b/internal/service/ecr/credentials_data_source.go -@@ -0,0 +1,69 @@ +@@ -0,0 +1,68 @@ +package ecr + +import ( @@ -57,7 +57,6 @@ index 0000000000..572754846f + "registry_id": { + Type: schema.TypeString, + Required: true, -+ ForceNew: true, + }, + "authorization_token": { + Type: schema.TypeString, diff --git a/patches/0023-Provide-context-to-conns.patch b/patches/0023-Provide-context-to-conns.patch index baa5e0aa6cc..f1e7cafb996 100644 --- a/patches/0023-Provide-context-to-conns.patch +++ b/patches/0023-Provide-context-to-conns.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Provide context to conns diff --git a/internal/service/ecr/credentials_data_source.go b/internal/service/ecr/credentials_data_source.go -index 572754846f..9dd9fd0e8c 100644 +index b6e19a7283..9176fa0a16 100644 --- a/internal/service/ecr/credentials_data_source.go +++ b/internal/service/ecr/credentials_data_source.go @@ -1,6 +1,7 @@ @@ -16,7 +16,7 @@ index 572754846f..9dd9fd0e8c 100644 "log" "time" -@@ -39,7 +40,8 @@ func DataSourceCredentials() *schema.Resource { +@@ -38,7 +39,8 @@ func DataSourceCredentials() *schema.Resource { } func dataSourceAwsEcrCredentialsRead(d *schema.ResourceData, meta interface{}) error { diff --git a/patches/0030-Optimize-startup-performance.patch b/patches/0030-Optimize-startup-performance.patch index 1b199abebf6..92523030f4a 100644 --- a/patches/0030-Optimize-startup-performance.patch +++ b/patches/0030-Optimize-startup-performance.patch @@ -28,10 +28,10 @@ index 92763850ac..ef67582664 100644 // Ensure that the schema look OK. diff --git a/internal/provider/provider_tagcheck.go b/internal/provider/provider_tagcheck.go new file mode 100644 -index 0000000000..35202ebd58 +index 0000000000..8cea6059ba --- /dev/null +++ b/internal/provider/provider_tagcheck.go -@@ -0,0 +1,28 @@ +@@ -0,0 +1,37 @@ +package provider + +import ( @@ -52,9 +52,18 @@ index 0000000000..35202ebd58 + switch flag := flag.(type) { + case bool: + if flag { ++ //lintignore:S013 + return map[string]*schema.Schema{ -+ names.AttrTags: &schema.Schema{Computed: tagsComputed}, -+ names.AttrTagsAll: &schema.Schema{Computed: true}, ++ names.AttrTags: { ++ Type: schema.TypeMap, ++ Computed: tagsComputed, ++ Elem: &schema.Schema{Type: schema.TypeString}, ++ }, ++ names.AttrTagsAll: { ++ Type: schema.TypeMap, ++ Computed: true, ++ Elem: &schema.Schema{Type: schema.TypeString}, ++ }, + } + } + } diff --git a/patches/0034-Fail-fast-when-PF-resources-are-dropped.patch b/patches/0034-Fail-fast-when-PF-resources-are-dropped.patch index 3d18e814a65..649566006d0 100644 --- a/patches/0034-Fail-fast-when-PF-resources-are-dropped.patch +++ b/patches/0034-Fail-fast-when-PF-resources-are-dropped.patch @@ -5,16 +5,17 @@ Subject: [PATCH] Fail fast when PF resources are dropped diff --git a/internal/provider/fwprovider/provider.go b/internal/provider/fwprovider/provider.go -index 257f831fbb..2d28d90310 100644 +index 257f831fbb..d9930aee64 100644 --- a/internal/provider/fwprovider/provider.go +++ b/internal/provider/fwprovider/provider.go -@@ -448,9 +448,7 @@ func (p *fwprovider) Resources(ctx context.Context) []func() resource.Resource { +@@ -448,9 +448,8 @@ func (p *fwprovider) Resources(ctx context.Context) []func() resource.Resource { } if err := errors.Join(errs...); err != nil { - tflog.Warn(ctx, "registering resources", map[string]interface{}{ - "error": err.Error(), - }) ++ //lintignore:R009 + panic(err) } diff --git a/patches/0050-Normalize-retentionDays-in-aws_controltower_landing_.patch b/patches/0050-Normalize-retentionDays-in-aws_controltower_landing_.patch index 23e2d54d6aa..6e89198d09e 100644 --- a/patches/0050-Normalize-retentionDays-in-aws_controltower_landing_.patch +++ b/patches/0050-Normalize-retentionDays-in-aws_controltower_landing_.patch @@ -134,7 +134,7 @@ index c2f2830b9c..299e7653c1 100644 +} diff --git a/internal/service/controltower/landing_zone_internals_test.go b/internal/service/controltower/landing_zone_internals_test.go new file mode 100644 -index 0000000000..a8bb57939e +index 0000000000..7c97e09ce2 --- /dev/null +++ b/internal/service/controltower/landing_zone_internals_test.go @@ -0,0 +1,50 @@ @@ -151,7 +151,7 @@ index 0000000000..a8bb57939e + actual, err := resourceLandingZoneNormalizeManifest(` + { + "governedRegions": [ -+ "ap-southeast-2" ++ "REGION" + ], + "organizationStructure": { + "security": { @@ -164,7 +164,7 @@ index 0000000000..a8bb57939e + "accessLoggingBucket": { + "retentionDays": "3650" + }, -+ "kmsKeyArn": "arn:aws:kms:ap-southeast-2:89XXXXXXXX25:key/10e27ec4-5555-4444-b408-777777777777", ++ "kmsKeyArn": "arn:PARTITION:kms:REGION:89XXXXXXXX25:key/10e27ec4-5555-4444-b408-777777777777", + "loggingBucket": { + "retentionDays": "365" + } @@ -181,7 +181,7 @@ index 0000000000..a8bb57939e + if err != nil { + t.Error(err) + } -+ expected := `{"accessManagement":{"enabled":true},"centralizedLogging":{"accountId":"89XXXXXXXX39","configurations":{"accessLoggingBucket":{"retentionDays":3650},"kmsKeyArn":"arn:aws:kms:ap-southeast-2:89XXXXXXXX25:key/10e27ec4-5555-4444-b408-777777777777","loggingBucket":{"retentionDays":365}},"enabled":true},"governedRegions":["ap-southeast-2"],"organizationStructure":{"security":{"name":"Security"}},"securityRoles":{"accountId":"89XXXXXXXX42"}}` ++ expected := `{"accessManagement":{"enabled":true},"centralizedLogging":{"accountId":"89XXXXXXXX39","configurations":{"accessLoggingBucket":{"retentionDays":3650},"kmsKeyArn":"arn:PARTITION:kms:REGION:89XXXXXXXX25:key/10e27ec4-5555-4444-b408-777777777777","loggingBucket":{"retentionDays":365}},"enabled":true},"governedRegions":["REGION"],"organizationStructure":{"security":{"name":"Security"}},"securityRoles":{"accountId":"89XXXXXXXX42"}}` + if expected != actual { + t.Logf("Expected: %s", expected) + t.Logf("Actual: %s", actual) diff --git a/provider/cmd/pulumi-resource-aws/schema.json b/provider/cmd/pulumi-resource-aws/schema.json index ed2a2704321..b4e3bf40598 100644 --- a/provider/cmd/pulumi-resource-aws/schema.json +++ b/provider/cmd/pulumi-resource-aws/schema.json @@ -379039,8 +379039,7 @@ "description": "A collection of arguments for invoking getCredentials.\n", "properties": { "registryId": { - "type": "string", - "willReplaceOnChanges": true + "type": "string" } }, "type": "object",