# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt

name: run-acceptance-tests

on:
  pull_request:
    paths-ignore:
    - CHANGELOG.md
  repository_dispatch:
    types:
    - run-acceptance-tests-command

env:
  PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
  PULUMI_API: https://api.pulumi-staging.io
  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
  PYPI_USERNAME: __token__
  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
  TF_APPEND_USER_AGENT: pulumi

# This should cancel any previous runs of the same workflow on the same branch which are still running.
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  prerequisites:
    if: github.event_name == 'repository_dispatch' ||
      github.event.pull_request.head.repo.full_name == github.repository
    permissions:
      contents: read
      pull-requests: write
    uses: ./.github/workflows/prerequisites.yml
    secrets: inherit
    with:
      default_branch: ${{ github.event.repository.default_branch }}
      is_pr: ${{ github.event_name == 'pull_request' }}
      is_automated: ${{ github.actor == 'dependabot[bot]' }}

  build_provider:
    uses: ./.github/workflows/build_provider.yml
    needs: prerequisites
    secrets: inherit
    with:
      version: ${{ needs.prerequisites.outputs.version }}
      matrix: |
        {
          "platform": [
            {"os": "linux", "arch": "amd64"},
            {"os": "windows", "arch": "amd64"}
          ]
        }

  build_sdk:
    if: github.event_name == 'repository_dispatch' ||
      github.event.pull_request.head.repo.full_name == github.repository
    name: build_sdk
    needs: prerequisites
    uses: ./.github/workflows/build_sdk.yml
    secrets: inherit
    with:
      version: ${{ needs.prerequisites.outputs.version }}

  comment-notification:
    if: github.event_name == 'repository_dispatch'
    name: comment-notification
    permissions:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
    - id: run-url
      name: Create URL to the run output
      run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT"
    - name: Update with Result
      uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
      with:
        body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}"
        issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
        repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
        token: ${{ secrets.GITHUB_TOKEN }}
  lint:
    if: github.event_name == 'repository_dispatch' ||
      github.event.pull_request.head.repo.full_name == github.repository
    name: lint
    uses: ./.github/workflows/lint.yml
    secrets: inherit
  sentinel:
    name: sentinel
    if: github.event_name == 'repository_dispatch' ||
      github.event.pull_request.head.repo.full_name == github.repository
    permissions:
      statuses: write
    needs:
    - test
    - build_provider
    - license_check
    - lint
    runs-on: ubuntu-latest
    steps:
    - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13
      with:
        authToken: ${{secrets.GITHUB_TOKEN}}
        # Write an explicit status check called "Sentinel" which will only pass if this code really runs.
        # This should always be a required check for PRs.
        context: 'Sentinel'
        description: 'All required checks passed'
        state: 'success'
        # Write to the PR commit SHA if it's available as we don't want the merge commit sha,
        # otherwise use the current SHA for any other type of build.
        sha: ${{ github.event.pull_request.head.sha || github.sha }}

  test:
    # Don't run tests on PRs from forks.
    if: github.event_name == 'repository_dispatch' ||
      github.event.pull_request.head.repo.full_name == github.repository
    uses: ./.github/workflows/test.yml
    needs:
      - prerequisites
      - build_provider
      - build_sdk
    permissions:
      contents: read
      id-token: write
    secrets: inherit
    with:
      version: ${{ needs.prerequisites.outputs.version }}

  license_check:
    name: License Check
    uses: ./.github/workflows/license.yml
    secrets: inherit