# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
  PULUMI_API: https://api.pulumi-staging.io
  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
  PYPI_USERNAME: __token__
  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
  TF_APPEND_USER_AGENT: pulumi
jobs:
  prerequisites:
    uses: ./.github/workflows/prerequisites.yml
    secrets: inherit
    with:
      default_branch: ${{ github.event.repository.default_branch }}
      is_pr: ${{ github.event_name == 'pull_request' }}
      is_automated: ${{ github.actor == 'dependabot[bot]' }}

  build_provider:
    uses: ./.github/workflows/build_provider.yml
    needs: prerequisites
    secrets: inherit
    with:
      version: ${{ needs.prerequisites.outputs.version }}

  build_sdk:
    name: build_sdk
    needs: prerequisites
    uses: ./.github/workflows/build_sdk.yml
    secrets: inherit
    with:
      version: ${{ needs.prerequisites.outputs.version }}

  post_build:
    name: post_build
    needs: prerequisites
    uses: ./.github/workflows/main-post-build.yml
    secrets: inherit
    with:
      version: ${{ needs.prerequisites.outputs.version }}

  lint:
    name: lint
    uses: ./.github/workflows/lint.yml
    secrets: inherit
  license_check:
    name: License Check
    uses: ./.github/workflows/license.yml
    secrets: inherit

  publish:
    name: publish
    permissions:
      contents: write
      id-token: write
    needs:
      - prerequisites
      - build_provider
      - test
      - license_check
    uses: ./.github/workflows/publish.yml
    secrets: inherit
    with:
      version: ${{ needs.prerequisites.outputs.version }}
      isPrerelease: true
      skipGoSdk: true
      skipJavaSdk: true

  tag_release_if_labeled_needs_release:
    name: Tag release if labeled as needs-release
    needs: publish
    runs-on: ubuntu-latest
    steps:
    - name: check if this commit needs release
      if: ${{ env.RELEASE_BOT_ENDPOINT != '' }}
      uses: pulumi/action-release-by-pr-label@main
      with:
        command: "release-if-needed"
        repo: ${{ github.repository }}
        commit: ${{ github.sha }}
        slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }}
      env:
        RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
        RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  test:
    uses: ./.github/workflows/test.yml
    needs:
      - prerequisites
      - build_provider
      - build_sdk
    permissions:
      contents: read
      id-token: write
    secrets: inherit
    with:
      version: ${{ needs.prerequisites.outputs.version }}

name: main
on:
  workflow_dispatch: {}
  push:
    branches:
    - main
    paths-ignore:
    - "**.md"
    tags-ignore:
    - v*
    - sdk/*
    - "**"