pulumi-incus/.github/workflows/build_sdk.yml

# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt

name: "Build SDK"

on:
  workflow_call:
    inputs:
      version:
        required: true
        type: string

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
  PULUMI_API: https://api.pulumi-staging.io
  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
  PYPI_USERNAME: __token__
  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
  TF_APPEND_USER_AGENT: pulumi
  PROVIDER_VERSION: ${{ inputs.version }}

jobs:
  build_sdk:
    name: build_sdk
    runs-on: ubuntu-latest
    strategy:
      # We normally fail fast unless this is a PR from Renovate in which case
      # we'll always build all SDKs in case there are any changes to commit.
      fail-fast: ${{ ! contains(github.actor, 'renovate') }}
      matrix:
        language:
        - dotnet
        - go
        - nodejs
        - python
    steps:
      - name: Checkout Repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Cache examples generation
        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4
        with:
          path: |
            .pulumi/examples-cache
          key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }}
      - name: Setup tools
        uses: ./.github/actions/setup-tools
        with:
          tools: pulumictl, pulumicli, ${{ matrix.language }}
      - name: Prepare local workspace
        run: make prepare_local_workspace
      - name: Download prerequisites
        uses: ./.github/actions/download-prerequisites
      - name: Update path
        run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
      - name: Restore makefile progress
        run: make --touch provider schema
      - name: Build SDK
        run: make build_${{ matrix.language }}
      - name: Check worktree clean
        id: worktreeClean
        uses: pulumi/git-status-check-action@v1
        with:
          # Keep these in sync with the Renovate step below to avoid them getting checked in.
          allowed-changes: |
            sdk/**/pulumi-plugin.json
            sdk/dotnet/*.csproj
            sdk/go/**/pulumiUtilities.go
            sdk/nodejs/package.json
            sdk/python/pyproject.toml
      - name: Commit ${{ matrix.language }} SDK changes for Renovate
        # If the worktree is dirty and this is a Renovate PR to bump
        # dependencies, commit the updated SDK and push it back to the PR. The
        # job will still be marked as a failure.
        if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request'
        shell: bash
        run: |
          git diff --quiet -- sdk && echo "no changes to sdk" && exit

          git config --global user.email "bot@pulumi.com"
          git config --global user.name "pulumi-bot"

          # Stash local changes and check out the PR's branch directly.
          git stash
          git fetch
          git checkout "origin/$HEAD_REF"

          # Apply and add our changes, but don't commit any files we expect to
          # always change due to versioning.
          git stash pop
          git add sdk
          git reset \
              sdk/python/*/pulumi-plugin.json \
              sdk/python/pyproject.toml \
              sdk/dotnet/pulumi-plugin.json \
              sdk/dotnet/Pulumi.*.csproj \
              sdk/go/*/pulumi-plugin.json \
              sdk/go/*/internal/pulumiUtilities.go \
              sdk/nodejs/package.json
          git commit -m 'Commit ${{ matrix.language }} SDK for Renovate'

          # Push with pulumi-bot credentials to trigger a re-run of the
          # workflow. https://github.com/orgs/community/discussions/25702
          git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} \
              "HEAD:$HEAD_REF"
        env:
          # head_ref is untrusted so it's recommended to pass via env var to
          # avoid injections.
          HEAD_REF: ${{ github.head_ref }}

      - name: Upload SDK
        uses: ./.github/actions/upload-sdk
        with:
          language: ${{ matrix.language }}