# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt name: "Build SDK" on: workflow_call: inputs: version: required: true type: string env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} PYPI_USERNAME: __token__ SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} TF_APPEND_USER_AGENT: pulumi PROVIDER_VERSION: ${{ inputs.version }} jobs: build_sdk: name: build_sdk runs-on: ubuntu-latest strategy: # We normally fail fast unless this is a PR from Renovate in which case # we'll always build all SDKs in case there are any changes to commit. fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - dotnet - go - nodejs - python steps: - name: Checkout Repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Cache examples generation uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 with: path: | .pulumi/examples-cache key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} - name: Setup tools uses: ./.github/actions/setup-tools with: tools: pulumictl, pulumicli, ${{ matrix.language }} - name: Prepare local workspace run: make prepare_local_workspace - name: Download prerequisites uses: ./.github/actions/download-prerequisites - name: Update path run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - name: Restore makefile progress run: make --touch provider schema - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean id: worktreeClean uses: pulumi/git-status-check-action@v1 with: # Keep these in sync with the Renovate step below to avoid them getting checked in. allowed-changes: | sdk/**/pulumi-plugin.json sdk/dotnet/*.csproj sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate # If the worktree is dirty and this is a Renovate PR to bump # dependencies, commit the updated SDK and push it back to the PR. The # job will still be marked as a failure. if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request' shell: bash run: | git diff --quiet -- sdk && echo "no changes to sdk" && exit git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" # Stash local changes and check out the PR's branch directly. git stash git fetch git checkout "origin/$HEAD_REF" # Apply and add our changes, but don't commit any files we expect to # always change due to versioning. git stash pop git add sdk git reset \ sdk/python/*/pulumi-plugin.json \ sdk/python/pyproject.toml \ sdk/dotnet/pulumi-plugin.json \ sdk/dotnet/Pulumi.*.csproj \ sdk/go/*/pulumi-plugin.json \ sdk/go/*/internal/pulumiUtilities.go \ sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' # Push with pulumi-bot credentials to trigger a re-run of the # workflow. https://github.com/orgs/community/discussions/25702 git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} \ "HEAD:$HEAD_REF" env: # head_ref is untrusted so it's recommended to pass via env var to # avoid injections. HEAD_REF: ${{ github.head_ref }} - name: Upload SDK uses: ./.github/actions/upload-sdk with: language: ${{ matrix.language }}