# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt

env:
  PULUMI_API: https://api.pulumi-staging.io
  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
  PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }}
  PULUMI_PULUMI_ENABLE_JOURNALING: "true"
  TF_APPEND_USER_AGENT: pulumi

jobs:
  prerequisites:
    permissions:
      contents: read
      pull-requests: write
      id-token: write # For ESC secrets.
    uses: ./.github/workflows/prerequisites.yml
    secrets: inherit
    with:
      default_branch: ${{ github.event.repository.default_branch }}
      is_pr: ${{ github.event_name == 'pull_request' }}
      is_automated: ${{ github.actor == 'dependabot[bot]' }}

  build_provider:
    uses: ./.github/workflows/build_provider.yml
    needs: prerequisites
    secrets: inherit
    permissions:
      contents: read
      id-token: write # For ESC secrets.
    with:
      version: ${{ needs.prerequisites.outputs.version }}

  build_sdk:
    name: build_sdk
    needs: prerequisites
    uses: ./.github/workflows/build_sdk.yml
    secrets: inherit
    permissions:
      contents: write # For Renovate SDKs.
      id-token: write # For ESC secrets.
    with:
      version: ${{ needs.prerequisites.outputs.version }}

  post_build:
    name: post_build
    needs: prerequisites
    uses: ./.github/workflows/main-post-build.yml
    secrets: inherit
    permissions:
      contents: write # For Renovate SDKs.
      id-token: write # For ESC secrets.
    with:
      version: ${{ needs.prerequisites.outputs.version }}

  lint:
    name: lint
    uses: ./.github/workflows/lint.yml
    secrets: inherit
  license_check:
    name: License Check
    uses: ./.github/workflows/license.yml
    secrets: inherit

  publish:
    name: publish
    permissions:
      contents: write
      id-token: write
    needs:
      - prerequisites
      - build_provider
      - test
      - license_check
    uses: ./.github/workflows/publish.yml
    secrets: inherit
    with:
      version: ${{ needs.prerequisites.outputs.version }}
      isPrerelease: true
      setLatestRelease: false
      skipGoSdk: true
      skipJavaSdk: true

  tag_release_if_labeled_needs_release:
    name: Tag release if labeled as needs-release
    needs: publish
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        persist-credentials: false    
    - id: esc-secrets
      name: Map environment to ESC outputs
      uses: ./.github/actions/esc-action
    - name: check if this commit needs release
      if: ${{ env.RELEASE_BOT_ENDPOINT != '' }}
      uses: pulumi/action-release-by-pr-label@main
      with:
        command: "release-if-needed"
        repo: ${{ github.repository }}
        commit: ${{ github.sha }}
        slack_channel: C02MGR8JVST
      env:
        RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }}
        RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  test:
    uses: ./.github/workflows/test.yml
    needs:
      - prerequisites
      - build_provider
      - build_sdk
    permissions:
      contents: read
      id-token: write
    secrets: inherit
    with:
      version: ${{ needs.prerequisites.outputs.version }}

name: main
on:
  workflow_dispatch: {}
  push:
    branches:
    - main
    paths-ignore:
    - "**.md"
    tags-ignore:
    - v*
    - sdk/*
    - "**"