196 lines
7.0 KiB
YAML
196 lines
7.0 KiB
YAML
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
|
|
name: Publish
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
version:
|
|
required: true
|
|
type: string
|
|
isPrerelease:
|
|
required: true
|
|
type: boolean
|
|
skipGoSdk:
|
|
default: false
|
|
type: boolean
|
|
description: Skip publishing & verifying the Go SDK
|
|
skipJavaSdk:
|
|
default: false
|
|
type: boolean
|
|
description: Skip publishing the Java SDK
|
|
|
|
env:
|
|
IS_PRERELEASE: ${{ inputs.isPrerelease }}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
|
|
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
|
|
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
|
|
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
|
|
PULUMI_API: https://api.pulumi-staging.io
|
|
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
|
|
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
|
|
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
|
|
PYPI_USERNAME: __token__
|
|
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
|
|
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
|
|
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
|
|
TF_APPEND_USER_AGENT: pulumi
|
|
|
|
jobs:
|
|
publish:
|
|
name: publish
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Validate prerelease
|
|
if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+'))
|
|
run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1
|
|
- name: Validate skipGoSdk
|
|
if: inputs.skipGoSdk && inputs.isPrerelease == false
|
|
run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
persist-credentials: false
|
|
- name: Setup tools
|
|
uses: ./.github/actions/setup-tools
|
|
with:
|
|
tools: pulumictl, pulumicli, go, schema-tools
|
|
cache-go: false
|
|
- name: Create dist directory
|
|
run: mkdir -p dist
|
|
- name: Download provider assets
|
|
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
|
|
with:
|
|
pattern: pulumi-resource-xyz-v${{ inputs.version }}-*
|
|
path: dist
|
|
# Don't create a directory for each artifact
|
|
merge-multiple: true
|
|
- name: Download schema
|
|
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
|
|
with:
|
|
# Use a pattern to avoid failing if the artifact doesn't exist
|
|
pattern: schema-embed.*
|
|
# Avoid creating directories for each artifact
|
|
merge-multiple: true
|
|
path: dist
|
|
- name: Calculate checksums
|
|
working-directory: dist
|
|
run: shasum ./*.tar.gz > "pulumi-xyz_${{ inputs.version }}_checksums.txt"
|
|
- name: Get Schema Change Summary
|
|
id: schema-summary
|
|
shell: bash
|
|
run: |
|
|
# Get latest stable release. Return only first column from result (tag).
|
|
LAST_VERSION=$(gh release view --repo pulumi/pulumi-xyz --json tagName -q .tagName || echo "No stable release" )
|
|
{
|
|
echo 'summary<<EOF'
|
|
if [[ "$LAST_VERSION" != "No stable release" ]]; then
|
|
schema-tools compare --provider="xyz" --old-commit="$LAST_VERSION" --repository="github://api.github.com/pulumi" --new-commit="--local-path=provider/cmd/pulumi-resource-xyz/schema.json"
|
|
fi
|
|
echo 'EOF'
|
|
} >> "$GITHUB_OUTPUT"
|
|
- name: Create GH Release
|
|
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2
|
|
if: inputs.isPrerelease == false
|
|
with:
|
|
tag_name: v${{ inputs.version }}
|
|
prerelease: ${{ inputs.isPrerelease }}
|
|
# We keep pre-releases as drafts so they're not visible until we manually publish them.
|
|
draft: ${{ inputs.isPrerelease }}
|
|
body: ${{ steps.schema-summary.outputs.summary }}
|
|
generate_release_notes: true
|
|
files: dist/*
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
publish_sdk:
|
|
name: publish_sdk
|
|
needs: publish
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
python_version: ${{ steps.python_version.outputs.version }}
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
# Persist credentials so we can push back to the repo
|
|
persist-credentials: true
|
|
- name: Setup tools
|
|
uses: ./.github/actions/setup-tools
|
|
with:
|
|
tools: pulumictl, pulumicli, dotnet, go, nodejs, python
|
|
cache-go: false
|
|
- name: Publish SDKs
|
|
if: inputs.skipJavaSdk == false
|
|
uses: pulumi/pulumi-package-publisher@696a0fe98f86d86ada2a842d1859f3e8c40d6cd7 # v0.0.21
|
|
with:
|
|
sdk: all,!java
|
|
version: ${{ inputs.version }}
|
|
- name: Publish SDKs (except Java)
|
|
if: inputs.skipJavaSdk == true
|
|
uses: pulumi/pulumi-package-publisher@696a0fe98f86d86ada2a842d1859f3e8c40d6cd7 # v0.0.21
|
|
with:
|
|
sdk: all,!java,!java
|
|
version: ${{ inputs.version }}
|
|
- name: Download Go SDK
|
|
uses: ./.github/actions/download-sdk
|
|
with:
|
|
language: go
|
|
- uses: pulumi/publish-go-sdk-action@v1
|
|
if: inputs.skipGoSdk == false
|
|
with:
|
|
repository: ${{ github.repository }}
|
|
base-ref: ${{ github.sha }}
|
|
source: sdk
|
|
path: sdk
|
|
version: ${{ inputs.version }}
|
|
additive: false
|
|
# Avoid including other language SDKs & artifacts in the commit
|
|
files: |
|
|
go.*
|
|
go/**
|
|
!*.tar.gz
|
|
- name: Extract python version
|
|
id: python_version
|
|
working-directory: sdk/python
|
|
run: |
|
|
pip install toml-cli==0.7.0
|
|
version=$(toml get --toml-path pyproject.toml project.version)
|
|
echo "version=${version}" >> "$GITHUB_OUTPUT"
|
|
|
|
clean_up_release_labels:
|
|
name: Clean up release labels
|
|
# Only run for non-prerelease, if the publish_go_sdk job was successful or skipped
|
|
if: inputs.isPrerelease == false
|
|
|
|
needs: publish_sdk
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
persist-credentials: false
|
|
- name: Clean up release labels
|
|
uses: pulumi/action-release-by-pr-label@main
|
|
with:
|
|
command: "clean-up-release-labels"
|
|
repo: ${{ github.repository }}
|
|
commit: ${{ github.sha }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
verify_release:
|
|
name: verify_release
|
|
needs: publish_sdk
|
|
permissions:
|
|
contents: write
|
|
id-token: write
|
|
uses: ./.github/workflows/verify-release.yml
|
|
secrets: inherit
|
|
with:
|
|
providerVersion: ${{ inputs.version }}
|
|
skipGoSdk: ${{ inputs.skipGoSdk }}
|
|
pythonVersion: ${{ needs.publish_sdk.outputs.python_version }}
|