kiterun/pulumi-incus
2
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

chore: make ci-mgmt

Browse Source
This commit is contained in:
Brandon Kalinowski
2025-12-06 01:43:51 -05:00
parent ef3fde0b79
commit 4f829f9e0a
34 changed files with 623 additions and 467 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
.github/workflows/build_sdk.yml vendored
View File

@@ -10,21 +10,11 @@ on:
type: string
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
PYPI_USERNAME: __token__
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }}
PULUMI_PULUMI_ENABLE_JOURNALING: "true"
TF_APPEND_USER_AGENT: pulumi
PROVIDER_VERSION: ${{ inputs.version }}
@@ -38,27 +28,48 @@ jobs:
fail-fast: ${{ ! contains(github.actor, 'renovate') }}
matrix:
language:
- dotnet
- go
- nodejs
- python
permissions:
contents: write # For Renovate SDKs.
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with:
persist-credentials: false
persist-credentials: false
- id: esc-secrets
name: Map environment to ESC outputs
uses: ./.github/actions/esc-action
- name: Cache examples generation
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
with:
path: |
.pulumi/examples-cache
key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }}
- name: Setup tools
uses: ./.github/actions/setup-tools
- name: Setup mise
uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3
env:
MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s
with:
tools: pulumictl, pulumicli, ${{ matrix.language }}
version: 2025.11.6
github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
# only saving the cache in the prerequisites job
cache_save: false
- name: Setup Go Cache
if: matrix.language == 'go' || contains(matrix.language, 'go')
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
with:
cache-dependency-path: |
provider/*.sum
upstream/*.sum
sdk/go/*.sum
sdk/*.sum
*.sum
- name: Prepare local workspace
run: make prepare_local_workspace
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download prerequisites
uses: ./.github/actions/download-prerequisites
- name: Update path
@@ -67,6 +78,7 @@ jobs:
run: make --touch provider schema
- name: Build SDK
run: make build_${{ matrix.language }}
- name: Check worktree clean
id: worktreeClean
uses: pulumi/git-status-check-action@v1
@@ -78,6 +90,7 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit ${{ matrix.language }} SDK changes for Renovate
# If the worktree is dirty and this is a Renovate PR to bump
# dependencies, commit the updated SDK and push it back to the PR. The
@@ -111,7 +124,7 @@ jobs:
# Push with pulumi-bot credentials to trigger a re-run of the
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} \
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} \
"HEAD:$HEAD_REF"
env:
# head_ref is untrusted so it's recommended to pass via env var to