name: "Verify Release"

on:
  workflow_dispatch:
    inputs:
      providerVersion:
        description: "The version of the provider to verify"
        required: true
        type: string
      enableMacRunner:
        description: "Enable the MacOS runner in addition to Linux and Windows. Defaults to 'false'."
        required: false
        type: boolean
      skipGoSdk:
        description: "Skip the Go SDK verification. Defaults to 'false'. Enable this when verifying a pre-release for which we don't publish the Go SDK (for PRs and the default branch)."
        required: false
        type: boolean
        default: false
      pythonVersion:
        description: "Optional python SDK version to verify. Defaults to inputs.providerVersion."
        type: string
        required: false
  workflow_call:
    inputs:
      providerVersion:
        description: "The version of the provider to verify"
        required: true
        type: string
      skipGoSdk:
        description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build."
        required: false
        type: boolean
        default: false
      pythonVersion:
        description: "Optional python SDK version to verify. Defaults to inputs.providerVersion."
        type: string
        required: false

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
  PULUMI_API: https://api.pulumi-staging.io
  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
  PYPI_USERNAME: __token__
  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
  TF_APPEND_USER_AGENT: pulumi

jobs:
  verify-release:
    name: verify-release
    # We don't have any release verification configurations, so we never run this workflow.
    # Configure your .ci-mgmt.yaml files to include the release verification configurations e.g.
    # releaseVerification:
    #   nodejs: path/to/nodejs/project
    #   python: path/to/python/project
    #   dotnet: path/to/dotnet/project
    #   go: path/to/go/project
    if: false
    strategy:
      matrix:
        # We don't have any release verification configurations, so we only run on Linux to print warnings to help users configure the release verification.
        runner: ["ubuntu-latest"]
    runs-on: ${{ matrix.runner }}
    steps:
      - name: Configure Git to checkout files with long names
        run: git config --global core.longpaths true
      - name: Checkout Repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Setup tools
        uses: ./.github/actions/setup-tools
        with:
          tools: pulumicli, dotnet, go, nodejs, python