diff --git a/provider-ci/Makefile b/provider-ci/Makefile index eab9292fbe..a2112c6ce9 100644 --- a/provider-ci/Makefile +++ b/provider-ci/Makefile @@ -37,7 +37,7 @@ format: # files for other bridged provider repositories should be ephemeral. .PHONY: test-providers test-provider/% -test-providers: test-provider/aws test-provider/docker test-provider/cloudflare test-provider/acme +test-providers: test-provider/aws test-provider/docker test-provider/cloudflare test-provider/acme test-provider/eks # 1. Delete all files except the .ci-mgmt.yaml file and run the provider-ci generate command. # 2. Copy the generated provider repository to a temporary git repo and run actionlint on it. diff --git a/provider-ci/internal/pkg/config.go b/provider-ci/internal/pkg/config.go index c1987fcd5c..2006cb9012 100644 --- a/provider-ci/internal/pkg/config.go +++ b/provider-ci/internal/pkg/config.go @@ -265,6 +265,10 @@ type Config struct { // MakeTemplate has no effect but is set by 78 providers. // https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22makeTemplate%3A%22&type=code MakeTemplate string `yaml:"makeTemplate"` + + // NoUpstream is a temporary hack to disable bridge-specific workflow steps + // as part of the work to consolidate these with native providers. + NoUpstream bool } // LoadLocalConfig loads the provider configuration at the given path with diff --git a/provider-ci/internal/pkg/generate.go b/provider-ci/internal/pkg/generate.go index 92a9030803..4218e195e1 100644 --- a/provider-ci/internal/pkg/generate.go +++ b/provider-ci/internal/pkg/generate.go @@ -45,6 +45,11 @@ func GeneratePackage(opts GenerateOpts) error { if err != nil { return fmt.Errorf("error getting template directories: %w", err) } + if opts.Config.Template == "generic" { + opts.Config.NoUpstream = true + opts.Config.CheckUpstreamUpgrade = false + } + // Clean up old workflows if requested if opts.Config.CleanGithubWorkflows { workflows, err := os.ReadDir(filepath.Join(opts.OutDir, ".github", "workflows")) @@ -102,6 +107,8 @@ func getTemplateDirs(templateName string) ([]string, error) { case "external-bridged-provider": // Render more specific templates last to allow them to override more general templates. return []string{"dev-container", "provider", "external-provider", "bridged-provider"}, nil + case "generic": + return []string{"provider", "pulumi-provider", "bridged-provider"}, nil default: return nil, fmt.Errorf("unknown template: %s", templateName) } diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml index 823a087769..112c10cd8f 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-bridge.yml @@ -1,3 +1,4 @@ +#{{ if not .Config.NoUpstream -}}# # WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt name: Upgrade bridge @@ -113,3 +114,4 @@ jobs: pr-reviewers: ${{ github.event.client_payload.pr-reviewers }} pr-description: ${{ github.event.client_payload.pr-description }} pr-title-prefix: ${{ github.event.client_payload.pr-title-prefix }} +#{{ end -}}# diff --git a/provider-ci/internal/pkg/templates/bridged-provider/Makefile b/provider-ci/internal/pkg/templates/bridged-provider/Makefile index d6c9d267d6..68087b28c6 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/Makefile +++ b/provider-ci/internal/pkg/templates/bridged-provider/Makefile @@ -35,7 +35,7 @@ VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version # Strips debug information from the provider binary to reduce its size and speed up builds LDFLAGS_STRIP_SYMBOLS=-s -w LDFLAGS_PROJ_VERSION=-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC)#{{if .Config.ProviderVersion}}# -X #{{ .Config.ProviderVersion }}#=$(VERSION_GENERIC)#{{end}}# -#{{- if .Config.ProviderVersion }}# +#{{- if and (not (eq .Config.ProviderVersion "")) (not .Config.NoUpstream) }}# LDFLAGS_UPSTREAM_VERSION=-X #{{ .Config.ProviderVersion }}#=v$(VERSION_GENERIC) #{{- else }}# LDFLAGS_UPSTREAM_VERSION= @@ -287,7 +287,11 @@ tfgen_build_only: bin/$(TFGEN) bin/$(TFGEN): provider/*.go provider/go.* .make/upstream (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(TFGEN) -ldflags "$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_EXTRAS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(TFGEN)) .PHONY: tfgen schema tfgen_no_deps tfgen_build_only - +#{{ if .Config.NoUpstream }}# +upstream: .make/upstream +.make/upstream: + @touch $@ +#{{- else }}# # Apply patches to the upstream submodule, if it exists upstream: .make/upstream # Re-run if the upstream commit or the patches change @@ -302,6 +306,7 @@ endif cd upstream-tools && yarn --silent run apply #{{- end }}# @touch $@ +#{{- end }}# .PHONY: upstream bin/pulumi-java-gen: .pulumi-java-gen.version diff --git a/provider-ci/internal/pkg/templates/bridged-provider/upstream.sh b/provider-ci/internal/pkg/templates/bridged-provider/upstream.sh index 736b985443..b3fb6db227 100755 --- a/provider-ci/internal/pkg/templates/bridged-provider/upstream.sh +++ b/provider-ci/internal/pkg/templates/bridged-provider/upstream.sh @@ -1,3 +1,4 @@ +#{{ if not .Config.NoUpstream -}}# #!/usr/bin/env bash # WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt @@ -400,3 +401,4 @@ case ${original_cmd} in exit 1 ;; esac +#{{ end -}}# diff --git a/provider-ci/providers.json b/provider-ci/providers.json index 0ebe54386b..07a710d0a7 100644 --- a/provider-ci/providers.json +++ b/provider-ci/providers.json @@ -23,6 +23,7 @@ "dnsimple", "docker", "ec", + "eks", "external", "f5bigip", "fastly", diff --git a/provider-ci/test-providers/eks/.ci-mgmt.yaml b/provider-ci/test-providers/eks/.ci-mgmt.yaml new file mode 100644 index 0000000000..23c7d95dbf --- /dev/null +++ b/provider-ci/test-providers/eks/.ci-mgmt.yaml @@ -0,0 +1,25 @@ +provider: eks +major-version: 3 +aws: true +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + PULUMI_ENABLE_RESOURCE_REFERENCES: 1 + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget +template: generic +freeDiskSpaceBeforeTest: true # TODO: https://github.com/pulumi/pulumi/issues/17718 diff --git a/provider-ci/test-providers/eks/.gitattributes b/provider-ci/test-providers/eks/.gitattributes new file mode 100644 index 0000000000..ff9aa4f9db --- /dev/null +++ b/provider-ci/test-providers/eks/.gitattributes @@ -0,0 +1 @@ +sdk/**/* linguist-generated=true diff --git a/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/bug.yaml b/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/bug.yaml new file mode 100644 index 0000000000..63d707268a --- /dev/null +++ b/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/bug.yaml @@ -0,0 +1,69 @@ +name: Bug Report +description: Report something that's not working correctly +labels: ["kind/bug", "needs-triage"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + You can also ask questions on our [Community Slack](https://slack.pulumi.com/). + - type: textarea + id: what-happened + attributes: + label: Describe what happened + description: Please summarize what happened, including what Pulumi commands you ran, as well as + an inline snippet of any relevant error or console output. + validations: + required: true + - type: textarea + id: sample-program + attributes: + label: Sample program + description: | +
Provide a reproducible sample program + If this is a bug you encountered while running a Pulumi command, please provide us with a minimal, + self-contained Pulumi program that reproduces this behavior so that we can investigate on our end. + Without a functional reproduction, we will not be able to prioritize this bug. + **Note:** If the program output is more than a few lines, please send us a Gist or a link to a file. +
+ validations: + required: true + - type: textarea + id: log-output + attributes: + label: Log output + description: | +
How to Submit Logs + If this is something that is dependent on your environment, please also provide us with the output of + `pulumi up --logtostderr --logflow -v=10` from the root of your project. + We may also ask you to supply us with debug output following [these steps](https://www.pulumi.com/docs/using-pulumi/pulumi-packages/debugging-provider-packages/). + **Note:** If the log output is more than a few lines, please send us a Gist or a link to a file. +
+ - type: textarea + id: resources + attributes: + label: Affected Resource(s) + description: Please list the affected Pulumi Resource(s) or Function(s). + validations: + required: false + - type: textarea + id: versions + attributes: + label: Output of `pulumi about` + description: Provide the output of `pulumi about` from the root of your project. + validations: + required: true + - type: textarea + id: ctx + attributes: + label: Additional context + description: Anything else you would like to add? + validations: + required: false + - type: textarea + id: voting + attributes: + label: Contributing + value: | + Vote on this issue by adding a πŸ‘ reaction. + To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already). \ No newline at end of file diff --git a/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/epic.md b/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/epic.md new file mode 100644 index 0000000000..27d4e3a440 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/ISSUE_TEMPLATE/epic.md @@ -0,0 +1,35 @@ +--- +name: Epic +about: Tracks a shippable unit of work +title: '[Epic] {your-title-here}' +labels: kind/epic +projects: ['pulumi/32'] +assignees: '' +type: Epic +--- + +## Overview + + +## Key KPIs + + +## Key Stakeholders +- Product and Engineering: +- Documentation: +- Marketing/Partnerships: +- Customers: + +## Key Deliverables + + +### References πŸ“” + + +- [ ] Project View +- [ ] PR/FAQ +- [ ] Design Doc +- [ ] UX Designs +- [ ] Decision Log + + diff --git a/provider-ci/test-providers/eks/.github/actions/download-bin/action.yml b/provider-ci/test-providers/eks/.github/actions/download-bin/action.yml new file mode 100644 index 0000000000..b70daa39a2 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/actions/download-bin/action.yml @@ -0,0 +1,23 @@ +name: Download the provider binary +description: Downloads the provider binary to `bin/`. + +runs: + using: "composite" + steps: + + - name: Download pulumi-resource-eks + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + pattern: pulumi-resource-eks-*-linux-amd64.tar.gz + path: ${{ github.workspace }}/bin + merge-multiple: true + + - name: Untar pulumi-resource-eks + shell: bash + run: | + tar -zxf ${{ github.workspace }}/bin/*amd64.tar.gz -C ${{ github.workspace}}/bin + + - name: Mark pulumi-resource-eks as executable + shell: bash + run: | + find ${{ github.workspace }} -name "pulumi-*-eks" -print -exec chmod +x {} \; diff --git a/provider-ci/test-providers/eks/.github/actions/download-sdk/action.yml b/provider-ci/test-providers/eks/.github/actions/download-sdk/action.yml new file mode 100644 index 0000000000..ec5a2f3082 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/actions/download-sdk/action.yml @@ -0,0 +1,19 @@ +name: Download SDK asset +description: Restores the SDK asset for a language. + +inputs: + language: + required: true + description: One of nodejs, python, dotnet, go, java + +runs: + using: "composite" + steps: + - name: Download ${{ inputs.language }} SDK + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: ${{ inputs.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress SDK folder + shell: bash + run: tar -zxf ${{ github.workspace }}/sdk/${{ inputs.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ inputs.language }} diff --git a/provider-ci/test-providers/eks/.github/actions/download-tfgen/action.yml b/provider-ci/test-providers/eks/.github/actions/download-tfgen/action.yml new file mode 100644 index 0000000000..44de0d5d63 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/actions/download-tfgen/action.yml @@ -0,0 +1,17 @@ +name: Download the tfgen binary +description: Downloads the tfgen binary to `bin/`. + +runs: + using: "composite" + steps: + + - name: Download pulumi-tfgen-eks + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: pulumi-tfgen-eks + path: ${{ github.workspace }}/bin + + - name: Ensure pulumi-tfgen-eks is executable + shell: bash + run: | + find ${{ github.workspace }} -name "pulumi-*-eks" -print -exec chmod +x {} \; diff --git a/provider-ci/test-providers/eks/.github/actions/setup-tools/action.yml b/provider-ci/test-providers/eks/.github/actions/setup-tools/action.yml new file mode 100644 index 0000000000..14cd282f75 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/actions/setup-tools/action.yml @@ -0,0 +1,91 @@ +name: Setup tools +description: Installs Go, Pulumi, pulumictl, schema-tools, Node.JS, Python, dotnet and Java. + +inputs: + tools: + description: | + Comma separated list of tools to install. The default of "all" installs all tools. Available tools are: + go + pulumicli + pulumictl + schema-tools + nodejs + python + dotnet + java + default: all + cache-go: + description: | + Whether to enable the GitHub cache for Go. Appropriate for disabling in + smaller jobs that typically completely before the "real" job has an + opportunity to populate the cache. + default: "true" + +runs: + using: "composite" + steps: + - name: Install Go + if: inputs.tools == 'all' || contains(inputs.tools, 'go') + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 + with: + go-version: "1.21.x" + cache-dependency-path: | + provider/*.sum + upstream/*.sum + sdk/go/*.sum + sdk/*.sum + *.sum + # TODO(https://github.com/actions/setup-go/issues/316): Restore but don't save the cache. + cache: ${{ inputs.cache-go }} + + - name: Install pulumictl + if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + tag: v0.0.46 + repo: pulumi/pulumictl + + - name: Install Pulumi CLI + if: inputs.tools == 'all' || contains(inputs.tools, 'pulumicli') + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6 + with: + pulumi-version: "dev" + + - name: Install Schema Tools + if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools') + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 + with: + repo: pulumi/schema-tools + + - name: Setup Node + if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs') + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 + with: + node-version: 20.x + registry-url: https://registry.npmjs.org + + - name: Setup DotNet + if: inputs.tools == 'all' || contains(inputs.tools, 'dotnet') + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + with: + dotnet-version: 6.0.x + + - name: Setup Python + if: inputs.tools == 'all' || contains(inputs.tools, 'python') + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: 3.11.8 + + - name: Setup Java + if: inputs.tools == 'all' || contains(inputs.tools, 'java') + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + with: + cache: gradle + distribution: temurin + java-version: 11 + + - name: Setup Gradle + if: inputs.tools == 'all' || contains(inputs.tools, 'java') + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + with: + gradle-version: 7.6 diff --git a/provider-ci/test-providers/eks/.github/actions/upload-sdk/action.yml b/provider-ci/test-providers/eks/.github/actions/upload-sdk/action.yml new file mode 100644 index 0000000000..bea11eed8d --- /dev/null +++ b/provider-ci/test-providers/eks/.github/actions/upload-sdk/action.yml @@ -0,0 +1,20 @@ +name: Upload SDK asset +description: Upload the SDK for a specific language as an asset for the workflow. + +inputs: + language: + required: true + description: One of nodejs, python, dotnet, go, java + +runs: + using: "composite" + steps: + - name: Compress SDK folder + shell: bash + run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: ${{ inputs.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz + retention-days: 30 diff --git a/provider-ci/test-providers/eks/.github/workflows/build_provider.yml b/provider-ci/test-providers/eks/.github/workflows/build_provider.yml new file mode 100644 index 0000000000..f37a8a83cf --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/build_provider.yml @@ -0,0 +1,73 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +name: "Build Provider" + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: Version of the provider to build + +jobs: + build_provider: + name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }} + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ inputs.version }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + strategy: + fail-fast: true + matrix: + platform: + - os: linux + arch: amd64 + - os: linux + arch: arm64 + - os: darwin + arch: amd64 + - os: darwin + arch: arm64 + - os: windows + arch: amd64 + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, go + - name: Prepare local workspace before restoring previously built + run: make prepare_local_workspace + - name: Download schema-embed.json + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + # Use a pattern to avoid failing if the artifact doesn't exist + pattern: schema-embed.* + # Avoid creating directories for each artifact + merge-multiple: true + path: provider/cmd/pulumi-resource-eks + - name: Restore makefile progress + run: make --touch provider schema + + - name: Build provider + run: make "provider-${{ matrix.platform.os }}-${{ matrix.platform.arch }}" + env: + AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }} + AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} + AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }} + AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} + SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' && secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID == '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }} + + - name: Package provider + run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} + + - name: Upload artifacts + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + path: bin/pulumi-resource-eks-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + retention-days: 30 diff --git a/provider-ci/test-providers/eks/.github/workflows/build_sdk.yml b/provider-ci/test-providers/eks/.github/workflows/build_sdk.yml new file mode 100644 index 0000000000..c3b9763975 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/build_sdk.yml @@ -0,0 +1,132 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +name: "Build SDK" + +on: + workflow_call: + inputs: + version: + required: true + type: string + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + PROVIDER_VERSION: ${{ inputs.version }} + +jobs: + build_sdk: + name: build_sdk + runs-on: ubuntu-latest + strategy: + # We normally fail fast unless this is a PR from Renovate in which case + # we'll always build all SDKs in case there are any changes to commit. + fail-fast: ${{ ! contains(github.actor, 'renovate') }} + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Cache examples generation + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Prepare local workspace + run: make prepare_local_workspace + - name: Download tfgen + uses: ./.github/actions/download-tfgen + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Restore makefile progress + run: make --touch provider schema + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + id: worktreeClean + uses: pulumi/git-status-check-action@v1 + with: + # Keep these in sync with the Renovate step below to avoid them getting checked in. + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + # If the worktree is dirty and this is a Renovate PR to bump + # dependencies, commit the updated SDK and push it back to the PR. The + # job will still be marked as a failure. + if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request' + shell: bash + run: | + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + git stash + git fetch + git checkout "origin/$HEAD_REF" + + # Apply and add our changes, but don't commit any files we expect to + # always change due to versioning. + git stash pop + git add sdk + git reset \ + sdk/python/*/pulumi-plugin.json \ + sdk/python/pyproject.toml \ + sdk/dotnet/pulumi-plugin.json \ + sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/pulumi-plugin.json \ + sdk/go/*/internal/pulumiUtilities.go \ + sdk/nodejs/package.json + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + # Push with pulumi-bot credentials to trigger a re-run of the + # workflow. https://github.com/orgs/community/discussions/25702 + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} \ + "HEAD:$HEAD_REF" + env: + # head_ref is untrusted so it's recommended to pass via env var to + # avoid injections. + HEAD_REF: ${{ github.head_ref }} + + - name: Upload SDK + uses: ./.github/actions/upload-sdk + with: + language: ${{ matrix.language }} diff --git a/provider-ci/test-providers/eks/.github/workflows/command-dispatch.yml b/provider-ci/test-providers/eks/.github/workflows/command-dispatch.yml new file mode 100644 index 0000000000..e74788d5fe --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/command-dispatch.yml @@ -0,0 +1,51 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + command-dispatch-for-testing: + name: command-dispatch-for-testing + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4 + with: + commands: | + run-acceptance-tests + release + issue-type: pull-request + permission: write + reaction-token: ${{ secrets.GITHUB_TOKEN }} + repository: pulumi/pulumi-eks + token: ${{ secrets.PULUMI_BOT_TOKEN }} +name: command-dispatch +on: + issue_comment: + types: + - created + - edited diff --git a/provider-ci/test-providers/eks/.github/workflows/community-moderation.yml b/provider-ci/test-providers/eks/.github/workflows/community-moderation.yml new file mode 100644 index 0000000000..8eefeb73ec --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/community-moderation.yml @@ -0,0 +1,45 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +jobs: + warn_codegen: + name: warn_codegen + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - id: schema_changed + name: Check for diff in schema + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + with: + filters: "changed: 'provider/cmd/**/schema.json'" + - id: sdk_changed + if: steps.schema_changed.outputs.changed == 'false' + name: Check for diff in sdk/** + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + with: + filters: "changed: 'sdk/**'" + - if: steps.sdk_changed.outputs.changed == 'true' && + github.event.pull_request.head.repo.full_name != github.repository + name: Send codegen warning as comment on PR + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + message: > + Hello and thank you for your pull request! :heart: :sparkles: + + It looks like you're directly modifying files in the language SDKs, many of which are autogenerated. + + Be sure any files you're editing do not begin with a code generation warning. + + For generated files, you will need to make changes in `resources.go` instead, and [generate the code](https://github.com/pulumi/${{ github.event.repository.name }}/blob/master/CONTRIBUTING.md#committing-generated-code). +name: warn-codegen +on: + pull_request_target: + branches: + - master + types: + - opened diff --git a/provider-ci/test-providers/eks/.github/workflows/license.yml b/provider-ci/test-providers/eks/.github/workflows/license.yml new file mode 100644 index 0000000000..4857589c55 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/license.yml @@ -0,0 +1,70 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +name: license_check + +on: + workflow_call: + inputs: {} + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + license_check: + name: License Check + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go + cache-go: false + - run: make prepare_local_workspace + continue-on-error: true + - uses: pulumi/license-check-action@main + with: + module-path: provider + ignore-modules: >- + github.com/aead/chacha20, + github.com/apache/arrow/go/v12, + github.com/apache/thrift/lib/go/thrift, + github.com/cloudflare/circl, + github.com/golang, + github.com/gorhill/cronexpr, + github.com/in-toto/in-toto-golang, + github.com/jmespath/go-jmespath, + github.com/keybase/go-crypto, + github.com/klauspost/compress, + github.com/mattn/go-localereader, + github.com/modern-go/reflect2, + github.com/pierrec/lz4, + github.com/pjbgf/sha1cd, + github.com/pulumi, + github.com/segmentio/asm, + golang.org diff --git a/provider-ci/test-providers/eks/.github/workflows/lint.yml b/provider-ci/test-providers/eks/.github/workflows/lint.yml new file mode 100644 index 0000000000..2cdb5e4287 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/lint.yml @@ -0,0 +1,61 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +name: lint + +on: + workflow_call: + inputs: {} + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + lint: + name: lint + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Install go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 + with: + # The versions of golangci-lint and setup-go here cross-depend and need to update together. + go-version: 1.23 + # Either this action or golangci-lint needs to disable the cache + cache: false + - name: disarm go:embed directives to enable lint + continue-on-error: true # this fails if there are no go:embed directives + run: | + git grep -l 'go:embed' -- provider | xargs sed -i 's/go:embed/ goembed/g' + - name: prepare workspace + continue-on-error: true + run: make prepare_local_workspace + - name: golangci-lint + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6 + with: + version: v1.60 + working-directory: provider diff --git a/provider-ci/test-providers/eks/.github/workflows/master.yml b/provider-ci/test-providers/eks/.github/workflows/master.yml new file mode 100644 index 0000000000..03d64b13a8 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/master.yml @@ -0,0 +1,159 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + generate_coverage_data: + continue-on-error: true + env: + COVERAGE_OUTPUT_DIR: ${{ secrets.COVERAGE_OUTPUT_DIR }} + name: generate_coverage_data + needs: prerequisites + runs-on: ubuntu-latest + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 + with: + tool-cache: false + swap-storage: false + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} + aws-region: us-west-2 + aws-secret-access-key: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, schema-tools + - name: Echo Coverage Output Dir + run: 'echo "Coverage output directory: ${{ env.COVERAGE_OUTPUT_DIR }}"' + - name: Generate Coverage Data + run: PULUMI_MISSING_DOCS_ERROR=true make tfgen + - name: Summarize Provider Coverage Results + run: cat ${{ env.COVERAGE_OUTPUT_DIR }}/shortSummary.txt + - name: Upload coverage data to S3 + run: >- + summaryName="${PROVIDER}_summary_$(date +"%Y-%m-%d_%H-%M-%S").json" + + s3FullURI="s3://${{ secrets.S3_COVERAGE_BUCKET_NAME }}/summaries/${summaryName}" + + aws s3 cp "${{ env.COVERAGE_OUTPUT_DIR }}/summary.json" "${s3FullURI}" --acl bucket-owner-full-control + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + skipGoSdk: true + skipJavaSdk: true + + tag_release_if_labeled_needs_release: + name: Tag release if labeled as needs-release + needs: publish + runs-on: ubuntu-latest + steps: + - name: check if this commit needs release + if: ${{ env.RELEASE_BOT_ENDPOINT != '' }} + uses: pulumi/action-release-by-pr-label@main + with: + command: "release-if-needed" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} + env: + RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} + RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + test: + uses: ./.github/workflows/test.yml + needs: + - prerequisites + - build_provider + - build_sdk + permissions: + contents: read + id-token: write + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + +name: master +on: + workflow_dispatch: {} + push: + branches: + - master + paths-ignore: + - "**.md" + tags-ignore: + - v* + - sdk/* + - "**" diff --git a/provider-ci/test-providers/eks/.github/workflows/prerelease.yml b/provider-ci/test-providers/eks/.github/workflows/prerelease.yml new file mode 100644 index 0000000000..8c10c40bf7 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/prerelease.yml @@ -0,0 +1,93 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +env: + IS_PRERELEASE: true + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + + test: + uses: ./.github/workflows/test.yml + needs: + - prerequisites + - build_provider + - build_sdk + permissions: + contents: read + id-token: write + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + +name: prerelease +on: + push: + tags: + - v*.*.*-** diff --git a/provider-ci/test-providers/eks/.github/workflows/prerequisites.yml b/provider-ci/test-providers/eks/.github/workflows/prerequisites.yml new file mode 100644 index 0000000000..98033db979 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/prerequisites.yml @@ -0,0 +1,117 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +name: "Prerequisites" + +on: + workflow_call: + inputs: + is_pr: + type: boolean + required: true + is_automated: + type: boolean + required: true + default_branch: + type: string + required: true + outputs: + version: + description: "Provider version being built" + value: ${{ jobs.prerequisites.outputs.version }} + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + prerequisites: + name: prerequisites + runs-on: ubuntu-latest + outputs: + version: ${{ steps.provider-version.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 + id: provider-version + with: + set-env: 'PROVIDER_VERSION' + - name: Cache examples generation + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go, pulumictl, pulumicli, schema-tools + - name: Prepare local workspace before restoring previously built files + run: make prepare_local_workspace + - name: Generate schema + run: make schema + - name: Build provider binary + run: make provider + - name: Unit-test provider code + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: inputs.is_pr + name: Check Schema is Valid + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + { + echo "SCHEMA_CHANGES<<$EOF"; + schema-tools compare -r github://api.github.com/pulumi -p eks -o "${{ inputs.default_branch }}" -n --local-path=provider/cmd/pulumi-resource-eks/schema.json; + echo "$EOF"; + } >> "$GITHUB_ENV" + - if: inputs.is_pr && inputs.is_automated == false && github.actor != 'dependabot[bot]' + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + comment-tag: schemaCheck + message: >+ + ${{ env.SCHEMA_CHANGES }} + + + Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes. + + - name: Upload pulumi-tfgen-eks + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: pulumi-tfgen-eks + path: ${{ github.workspace }}/bin/pulumi-tfgen-eks + retention-days: 30 + + - name: Upload schema-embed.json + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: schema-embed.json + path: provider/cmd/pulumi-resource-eks/schema-embed.json + retention-days: 30 diff --git a/provider-ci/test-providers/eks/.github/workflows/publish.yml b/provider-ci/test-providers/eks/.github/workflows/publish.yml new file mode 100644 index 0000000000..a20924f0ba --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/publish.yml @@ -0,0 +1,222 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt +name: Publish + +on: + workflow_call: + inputs: + version: + required: true + type: string + isPrerelease: + required: true + type: boolean + skipGoSdk: + default: false + type: boolean + description: Skip publishing & verifying the Go SDK + skipJavaSdk: + default: false + type: boolean + description: Skip publishing the Java SDK + +env: + IS_PRERELEASE: ${{ inputs.isPrerelease }} + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + publish: + name: publish + runs-on: ubuntu-latest + steps: + - name: Validate prerelease + if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) + run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1 + - name: Validate skipGoSdk + if: inputs.skipGoSdk && inputs.isPrerelease == false + run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, schema-tools + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-external-id: upload-pulumi-release + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Create dist directory + run: mkdir -p dist + - name: Download provider assets + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + pattern: pulumi-resource-eks-v${{ inputs.version }}-* + path: dist + # Don't create a directory for each artifact + merge-multiple: true + - name: Calculate checksums + working-directory: dist + run: shasum ./*.tar.gz > "pulumi-eks_${{ inputs.version }}_checksums.txt" + - name: Get Schema Change Summary + id: schema-summary + shell: bash + run: | + # Get latest stable release. Return only first column from result (tag). + LAST_VERSION=$(gh release view --repo pulumi/pulumi-eks --json tagName -q .tagName || echo "No stable release" ) + { + echo 'summary<> "$GITHUB_OUTPUT" + - name: Upload Provider Binaries + run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive + - name: Create GH Release + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 + if: inputs.isPrerelease == false + with: + tag_name: v${{ inputs.version }} + prerelease: ${{ inputs.isPrerelease }} + # We keep pre-releases as drafts so they're not visible until we manually publish them. + draft: ${{ inputs.isPrerelease }} + body: ${{ steps.schema-summary.outputs.summary }} + generate_release_notes: true + files: dist/* + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + publish_sdk: + name: publish_sdk + needs: publish + runs-on: ubuntu-latest + outputs: + python_version: ${{ steps.python_version.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + # Persist credentials so we can push back to the repo + persist-credentials: true + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java + - name: Publish SDKs + if: inputs.skipJavaSdk == false + uses: pulumi/pulumi-package-publisher@696a0fe98f86d86ada2a842d1859f3e8c40d6cd7 # v0.0.21 + with: + sdk: all + version: ${{ inputs.version }} + - name: Publish SDKs (except Java) + if: inputs.skipJavaSdk == true + uses: pulumi/pulumi-package-publisher@696a0fe98f86d86ada2a842d1859f3e8c40d6cd7 # v0.0.21 + with: + sdk: all,!java + version: ${{ inputs.version }} + - name: Download Go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - uses: pulumi/publish-go-sdk-action@v1 + if: inputs.skipGoSdk == false + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ inputs.version }} + additive: false + # Avoid including other language SDKs & artifacts in the commit + files: | + go.* + go/** + !*.tar.gz + - name: Extract python version + id: python_version + working-directory: sdk/python + run: | + pip install toml-cli==0.7.0 + version=$(toml get --toml-path pyproject.toml project.version) + echo "version=${version}" >> "$GITHUB_OUTPUT" + create_docs_build: + name: create_docs_build + needs: publish_sdk + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + runs-on: ubuntu-latest + steps: + - name: Dispatch Metadata build + uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: pulumi/registry + event-type: resource-provider + client-payload: |- + { + "project": "${{ github.repository }}", + "project-shortname": "eks", + "ref": "${{ github.ref_name }}" + } + + clean_up_release_labels: + name: Clean up release labels + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + needs: create_docs_build + + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Clean up release labels + uses: pulumi/action-release-by-pr-label@main + with: + command: "clean-up-release-labels" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} + pythonVersion: ${{ needs.publish_sdk.outputs.python_version }} diff --git a/provider-ci/test-providers/eks/.github/workflows/pull-request.yml b/provider-ci/test-providers/eks/.github/workflows/pull-request.yml new file mode 100644 index 0000000000..54bee5cac3 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/pull-request.yml @@ -0,0 +1,47 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + comment-on-pr: + if: github.event.pull_request.head.repo.full_name != github.repository + name: comment-on-pr + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Comment PR + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + message: > + PR is now waiting for a maintainer to run the acceptance tests. + + **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR +name: pull-request +on: + pull_request_target: {} diff --git a/provider-ci/test-providers/eks/.github/workflows/release.yml b/provider-ci/test-providers/eks/.github/workflows/release.yml new file mode 100644 index 0000000000..e4f7523dfb --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/release.yml @@ -0,0 +1,93 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt +name: release +on: + push: + tags: + - v*.*.* + - "!v*.*.*-**" + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + pull-requests: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: false + + test: + uses: ./.github/workflows/test.yml + needs: + - prerequisites + - build_provider + - build_sdk + permissions: + contents: read + id-token: write + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} diff --git a/provider-ci/test-providers/eks/.github/workflows/release_command.yml b/provider-ci/test-providers/eks/.github/workflows/release_command.yml new file mode 100644 index 0000000000..5712f40e5f --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/release_command.yml @@ -0,0 +1,45 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +name: release-command +on: + repository_dispatch: + types: + - release-command +jobs: + should_release: + name: Should release PR + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Should release PR + uses: pulumi/action-release-by-pr-label@main + with: + command: "should-release" + repo: ${{ github.repository }} + pr: ${{ github.event.client_payload.pull_request.number }} + version: ${{ github.event.client_payload.slash_command.args.all }} + slack_channel: ${{ secrets.RELEASE_OPS_STAGING_SLACK_CHANNEL }} + env: + RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} + RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - if: failure() + name: Notify failure + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + body: | + "release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + - if: success() + name: Notify success + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + comment-id: ${{ github.event.client_payload.github.payload.comment.id }} + reaction-type: hooray diff --git a/provider-ci/test-providers/eks/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/eks/.github/workflows/run-acceptance-tests.yml new file mode 100644 index 0000000000..f43e2cd790 --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/run-acceptance-tests.yml @@ -0,0 +1,141 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +name: run-acceptance-tests + +on: + pull_request: + paths-ignore: + - CHANGELOG.md + repository_dispatch: + types: + - run-acceptance-tests-command + +env: + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +# This should cancel any previous runs of the same workflow on the same branch which are still running. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + prerequisites: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + pull-requests: write + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + comment-notification: + if: github.event_name == 'repository_dispatch' + name: comment-notification + permissions: + pull-requests: write + runs-on: ubuntu-latest + steps: + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + with: + body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + token: ${{ secrets.GITHUB_TOKEN }} + lint: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + sentinel: + name: sentinel + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + statuses: write + needs: + - test + - build_provider + - license_check + - lint + runs-on: ubuntu-latest + steps: + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 + with: + authToken: ${{secrets.GITHUB_TOKEN}} + # Write an explicit status check called "Sentinel" which will only pass if this code really runs. + # This should always be a required check for PRs. + context: 'Sentinel' + description: 'All required checks passed' + state: 'success' + # Write to the PR commit SHA if it's available as we don't want the merge commit sha, + # otherwise use the current SHA for any other type of build. + sha: ${{ github.event.pull_request.head.sha || github.sha }} + + test: + # Don't run tests on PRs from forks. + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + uses: ./.github/workflows/test.yml + needs: + - prerequisites + - build_provider + - build_sdk + permissions: + contents: read + id-token: write + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit diff --git a/provider-ci/test-providers/eks/.github/workflows/test.yml b/provider-ci/test-providers/eks/.github/workflows/test.yml new file mode 100644 index 0000000000..f22fae42ce --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/test.yml @@ -0,0 +1,113 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +name: "Test Provider" + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: Version of the provider to test + +env: + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + test: + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ inputs.version }} + steps: + # Run as first step so we don't delete things that have just been installed + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 + with: + tool-cache: false + swap-storage: false + dotnet: false + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + ref: ${{ env.PR_COMMIT_SHA }} + persist-credentials: false + - name: Checkout p/examples + if: matrix.testTarget == 'pulumiExamples' + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + repository: pulumi/examples + path: p-examples + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Prepare local workspace + run: make prepare_local_workspace + - name: Download bin + uses: ./.github/actions/download-bin + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Restore makefile progress + run: make --touch provider schema build_${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: eks@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Run tests + if: matrix.testTarget == 'local' + run: cd examples && go test -v -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 . + - name: Run pulumi/examples tests + if: matrix.testTarget == 'pulumiExamples' + run: cd examples && go test -v -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -run TestPulumiExamples -parallel 4 . + strategy: + fail-fast: false + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + testTarget: [local] diff --git a/provider-ci/test-providers/eks/.github/workflows/verify-release.yml b/provider-ci/test-providers/eks/.github/workflows/verify-release.yml new file mode 100644 index 0000000000..89552c998d --- /dev/null +++ b/provider-ci/test-providers/eks/.github/workflows/verify-release.yml @@ -0,0 +1,93 @@ +name: "Verify Release" + +on: + workflow_dispatch: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacRunner: + description: "Enable the MacOS runner in addition to Linux and Windows. Defaults to 'false'." + required: false + type: boolean + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. Enable this when verifying a pre-release for which we don't publish the Go SDK (for PRs and the default branch)." + required: false + type: boolean + default: false + pythonVersion: + description: "Optional python SDK version to verify. Defaults to inputs.providerVersion." + type: string + required: false + workflow_call: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacosRunner: + description: "Enable the macos-latest runner in addition to ubuntu-latest and windows-latest. Defaults to 'false'." + required: false + type: boolean + default: false + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build." + required: false + type: boolean + default: false + pythonVersion: + description: "Optional python SDK version to verify. Defaults to inputs.providerVersion." + type: string + required: false + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + GOLANGCI_LINT_VERSION: v1.61.0 + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_ENABLE_RESOURCE_REFERENCES: "1" + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + verify-release: + name: verify-release + # We don't have any release verification configurations, so we never run this workflow. + # Configure your .ci-mgmt.yaml files to include the release verification configurations e.g. + # releaseVerification: + # nodejs: path/to/nodejs/project + # python: path/to/python/project + # dotnet: path/to/dotnet/project + # go: path/to/go/project + if: false + strategy: + matrix: + # We don't have any release verification configurations, so we only run on Linux to print warnings to help users configure the release verification. + runner: ["ubuntu-latest"] + runs-on: ${{ matrix.runner }} + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumicli, nodejs, python, dotnet, go, java diff --git a/provider-ci/test-providers/eks/.golangci.yml b/provider-ci/test-providers/eks/.golangci.yml new file mode 100644 index 0000000000..93b7d5032e --- /dev/null +++ b/provider-ci/test-providers/eks/.golangci.yml @@ -0,0 +1,35 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +linters: + enable: + - errcheck + - gci + - goconst + - gofmt + - gosec + - govet + - ineffassign + - lll + - gosimple + - staticcheck + - misspell + - nakedret + - revive + - unconvert + - unused + enable-all: false +issues: + exclude-files: + - schema.go + - pulumiManifest.go +run: + timeout: 20m +linters-settings: + gci: + sections: + - standard # Standard section: captures all standard library packages. + - blank # Blank section: contains all blank imports. + - default # Default section: contains all imports that could not be matched to another section type. + - prefix(github.com/pulumi/) # Custom section: groups all imports with the github.com/pulumi/ prefix. + - prefix(github.com/pulumi/pulumi-eks) # Custom section: local imports + custom-order: true diff --git a/provider-ci/test-providers/eks/.upgrade-config.yml b/provider-ci/test-providers/eks/.upgrade-config.yml new file mode 100644 index 0000000000..39389b55c8 --- /dev/null +++ b/provider-ci/test-providers/eks/.upgrade-config.yml @@ -0,0 +1,6 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +--- +upstream-provider-name: terraform-provider-eks +pulumi-infer-version: true +remove-plugins: true diff --git a/provider-ci/test-providers/eks/CODE-OF-CONDUCT.md b/provider-ci/test-providers/eks/CODE-OF-CONDUCT.md new file mode 100644 index 0000000000..995e13c009 --- /dev/null +++ b/provider-ci/test-providers/eks/CODE-OF-CONDUCT.md @@ -0,0 +1,80 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of experience, +education, socio-economic status, nationality, personal appearance, race, +religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members +* Contribute in a positive and constructive way + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Community Guidelines +* Be clear and stay on topic. Communicating with strangers on the Internet can make it hard to convey or read tone, and sarcasm is frequently misunderstood. Try to use clear language, and think about how the other person will receive it. +* Don’t cross-post the same thing in multiple GitHub Discussion topics or multiple Slack channels. This can make it difficult for people answering your questions and creates "scrollback spam". +* Public discussion is preferred to private. Avoid using Slack DMs for questions, and instead share them in public Slack channels or GitHub Discussion threads. This allows a larger audience to both share their knowledge as well as learn from your question or issue. If you're having a problem, chances are someone else is having a similar problem. Learning in public is a community contribution. +* Minimize notifications to other community members. Avoid tagging other community members in Slack messages or Discussion threads, unless you are replying to something specific. Community members are here to help each other, but are not "on call" for support, and we expect everyone to try to minimize "notification fatigue". If your issue is time-sensitive or critical, use methods like support@pulumi.com instead. + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, GitHub Discussions posts, +and other contributions that are not aligned to this Code of Conduct, or to ban +temporarily or permanently any contributor for other behaviors that they deem +inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces (including the Community Slack +and GitHub Discussions forums) and in public spaces when an individual is representing the +project or its community. Examples of representing a project or community include +using an official project e-mail address, posting via an official social media account, +or acting as an appointed representative at an online or offline event. Representation +of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at code-of-conduct@pulumi.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org diff --git a/provider-ci/test-providers/eks/Makefile b/provider-ci/test-providers/eks/Makefile new file mode 100644 index 0000000000..e18d7bad14 --- /dev/null +++ b/provider-ci/test-providers/eks/Makefile @@ -0,0 +1,379 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +PACK := eks +ORG := pulumi +PROJECT := github.com/$(ORG)/pulumi-$(PACK) +PROVIDER_PATH := provider/v3 +VERSION_PATH := $(PROVIDER_PATH)/pkg/version.Version +TFGEN := pulumi-tfgen-$(PACK) +PROVIDER := pulumi-resource-$(PACK) +JAVA_GEN := pulumi-java-gen +TESTPARALLELISM := 10 +WORKING_DIR := $(shell pwd) +PULUMI_PROVIDER_BUILD_PARALLELISM ?= +PULUMI_CONVERT := 0 +PULUMI_MISSING_DOCS_ERROR := true + +# Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable +# Local & branch builds will just used this fixed default version unless specified +PROVIDER_VERSION ?= 3.0.0-alpha.0+dev +# Use this normalised version everywhere rather than the raw input to ensure consistency. +VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version "$(PROVIDER_VERSION)") + +# Strips debug information from the provider binary to reduce its size and speed up builds +LDFLAGS_STRIP_SYMBOLS=-s -w +LDFLAGS_PROJ_VERSION=-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC) +LDFLAGS_UPSTREAM_VERSION= +LDFLAGS_EXTRAS= +LDFLAGS=$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_UPSTREAM_VERSION) $(LDFLAGS_EXTRAS) $(LDFLAGS_STRIP_SYMBOLS) + +# Create a `.make` directory for tracking targets which don't generate a single file output. This should be ignored by git. +# For targets which either don't generate a single file output, or the output file is committed, we use a "sentinel" +# file within `.make/` to track the staleness of the target and only rebuild when needed. +# For each phony target, we create an internal target with the same name, but prefixed with `.make/` where the work is performed. +# At the end of each internal target we run `@touch $@` to update the file which is the name of the target. + +# Ensure all directories exist before evaluating targets to avoid issues with `touch` creating directories. +_ := $(shell mkdir -p .make bin .pulumi/bin) + +# Build the provider and all SDKs and install ready for testing +build: install_plugins provider build_sdks install_sdks +# Keep aliases for old targets to ensure backwards compatibility +development: build +only_build: build +# Prepare the workspace for building the provider and SDKs +# Importantly this is run by CI ahead of restoring the bin directory and resuming SDK builds +prepare_local_workspace: install_plugins upstream +# Creates all generated files which need to be committed +generate: generate_sdks schema +generate_sdks: generate_nodejs generate_python generate_dotnet generate_go generate_java +build_sdks: build_nodejs build_python build_dotnet build_go build_java +install_sdks: install_nodejs_sdk install_python_sdk install_dotnet_sdk install_go_sdk install_java_sdk +.PHONY: development only_build build generate generate_sdks build_sdks install_sdks + +help: + @echo "Usage: make [target]" + @echo "" + @echo "Main Targets" + @echo " build (default) Build the provider and all SDKs and install for testing" + @echo " generate Generate all SDKs, documentation and schema" + @echo " provider Build the local provider binary" + @echo " lint_provider<.fix> Run the linter on the provider (& optionally fix)" + @echo " test_provider Run the provider tests" + @echo " test Run the example tests (must run 'build' first)" + @echo " clean Clean up generated files" + @echo "" + @echo "More Precise Targets" + @echo " schema Generate the schema" + @echo " generate_sdks Generate all SDKs" + @echo " build_sdks Build all SDKs" + @echo " install_sdks Install all SDKs" + @echo " provider_dist Build and package the provider for all platforms" + @echo "" + @echo "Tool Targets" + @echo " ci-mgmt Re-generate CI configuration from .ci-mgmt.yaml" + @echo " debug_tfgen Start a debug server for tfgen" + @echo "" + @echo "Internal Targets (automatically run as dependencies of other targets)" + @echo " prepare_local_workspace Prepare for building" + @echo " install_plugins Install plugin dependencies" + @echo " upstream Initialize the upstream submodule, if present" + @echo "" + @echo "Language-Specific Targets" + @echo " generate_[language] Generate the SDK files ready for committing" + @echo " build_[language] Build the SDK to check correctness" + @echo " install_[language]_sdk Install the SDK ready for testing" + @echo "" + @echo " [language] = nodejs python dotnet go java" + @echo "" +.PHONY: help + +GEN_PULUMI_HOME := $(WORKING_DIR)/.pulumi +GEN_PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(GEN_PULUMI_HOME)/examples-cache +GEN_ENVS := PULUMI_HOME=$(GEN_PULUMI_HOME) PULUMI_CONVERT_EXAMPLES_CACHE_DIR=$(GEN_PULUMI_CONVERT_EXAMPLES_CACHE_DIR) PULUMI_CONVERT=$(PULUMI_CONVERT) PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION=$(PULUMI_CONVERT) + +generate_dotnet: .make/generate_dotnet +build_dotnet: .make/build_dotnet +.make/generate_dotnet: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +.make/generate_dotnet: .make/install_plugins bin/$(TFGEN) + $(GEN_ENVS) $(WORKING_DIR)/bin/$(TFGEN) dotnet --out sdk/dotnet/ + cd sdk/dotnet/ && \ + printf "module fake_dotnet_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ + echo "$(VERSION_GENERIC)" >version.txt + @touch $@ +.make/build_dotnet: .make/generate_dotnet + cd sdk/dotnet/ && dotnet build + @touch $@ +.PHONY: generate_dotnet build_dotnet + +generate_go: .make/generate_go +build_go: .make/build_go +.make/generate_go: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +.make/generate_go: .make/install_plugins bin/$(TFGEN) + $(GEN_ENVS) $(WORKING_DIR)/bin/$(TFGEN) go --out sdk/go/ + @touch $@ +.make/build_go: .make/generate_go + cd sdk && go list "$$(grep -e "^module" go.mod | cut -d ' ' -f 2)/go/..." | xargs -I {} bash -c 'go build {} && go clean -i {}' + @touch $@ +.PHONY: generate_go build_go + +generate_java: .make/generate_java +build_java: .make/build_java +.make/generate_java: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +.make/generate_java: PACKAGE_VERSION := $(VERSION_GENERIC) +.make/generate_java: .make/install_plugins bin/pulumi-java-gen .make/schema + PULUMI_HOME=$(GEN_PULUMI_HOME) PULUMI_CONVERT_EXAMPLES_CACHE_DIR=$(GEN_PULUMI_CONVERT_EXAMPLES_CACHE_DIR) bin/$(JAVA_GEN) generate --schema provider/cmd/$(PROVIDER)/schema.json --out sdk/java --build gradle-nexus + printf "module fake_java_module // Exclude this directory from Go tools\n\ngo 1.17\n" > sdk/java/go.mod + @touch $@ +.make/build_java: PACKAGE_VERSION := $(VERSION_GENERIC) +.make/build_java: .make/generate_java + cd sdk/java/ && \ + gradle --console=plain build && \ + gradle --console=plain javadoc + @touch $@ +.PHONY: generate_java build_java + +generate_nodejs: .make/generate_nodejs +build_nodejs: .make/build_nodejs +.make/generate_nodejs: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +.make/generate_nodejs: .make/install_plugins bin/$(TFGEN) + $(GEN_ENVS) $(WORKING_DIR)/bin/$(TFGEN) nodejs --out sdk/nodejs/ + printf "module fake_nodejs_module // Exclude this directory from Go tools\n\ngo 1.17\n" > sdk/nodejs/go.mod + @touch $@ +.make/build_nodejs: .make/generate_nodejs + cd sdk/nodejs/ && \ + yarn install && \ + yarn run tsc && \ + cp ../../README.md ../../LICENSE* package.json yarn.lock ./bin/ + @touch $@ +.PHONY: generate_nodejs build_nodejs + +generate_python: .make/generate_python +build_python: .make/build_python +.make/generate_python: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +.make/generate_python: .make/install_plugins bin/$(TFGEN) + $(GEN_ENVS) $(WORKING_DIR)/bin/$(TFGEN) python --out sdk/python/ + printf "module fake_python_module // Exclude this directory from Go tools\n\ngo 1.17\n" > sdk/python/go.mod + cp README.md sdk/python/ + @touch $@ +.make/build_python: .make/generate_python + cd sdk/python/ && \ + rm -rf ./bin/ ../python.bin/ && cp -R . ../python.bin && mv ../python.bin ./bin && \ + rm ./bin/go.mod && \ + python3 -m venv venv && \ + ./venv/bin/python -m pip install build==1.2.1 && \ + cd ./bin && \ + ../venv/bin/python -m build . + @touch $@ +.PHONY: generate_python build_python + +clean: + rm -rf sdk/{dotnet,nodejs,go,python} + rm -rf bin/* + rm -rf .make/* + if dotnet nuget list source | grep "$(WORKING_DIR)/nuget"; then \ + dotnet nuget remove source "$(WORKING_DIR)/nuget" \ + ; fi +.PHONY: clean + +install_dotnet_sdk: .make/install_dotnet_sdk +.make/install_dotnet_sdk: .make/build_dotnet + mkdir -p nuget + find sdk/dotnet/bin -name '*.nupkg' -print -exec cp -p "{}" ${WORKING_DIR}/nuget \; + if ! dotnet nuget list source | grep "${WORKING_DIR}/nuget"; then \ + dotnet nuget add source "${WORKING_DIR}/nuget" --name "${WORKING_DIR}/nuget" \ + ; fi + @touch $@ +install_go_sdk: +install_java_sdk: +install_nodejs_sdk: .make/install_nodejs_sdk +.make/install_nodejs_sdk: .make/build_nodejs + yarn link --cwd $(WORKING_DIR)/sdk/nodejs/bin + @touch $@ +install_python_sdk: +.PHONY: install_dotnet_sdk install_go_sdk install_java_sdk install_nodejs_sdk install_python_sdk + +# Install Pulumi plugins required for TFGen to resolve references +install_plugins: .make/install_plugins +.make/install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +.make/install_plugins: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +.make/install_plugins: .pulumi/bin/pulumi + @touch $@ +.PHONY: install_plugins + +lint_provider: provider + cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml +# `lint_provider.fix` is a utility target meant to be run manually +# that will run the linter and fix errors when possible. +lint_provider.fix: + cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml --fix +.PHONY: lint_provider lint_provider.fix + +# `make provider_no_deps` builds the provider binary directly, without ensuring that +# `cmd/pulumi-resource-eks/schema.json` is valid and up to date. +# To create a release ready binary, you should use `make provider`. +build_provider_cmd = cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "$(LDFLAGS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER) +provider: bin/$(PROVIDER) +provider_no_deps: + $(call build_provider_cmd) +bin/$(PROVIDER): .make/schema + $(call build_provider_cmd) +.PHONY: provider provider_no_deps + +test: export PATH := $(WORKING_DIR)/bin:$(PATH) +test: + cd examples && go test -v -tags=all -parallel $(TESTPARALLELISM) -timeout 2h +.PHONY: test + +test_provider: + cd provider && go test -v -short \ + -coverprofile="coverage.txt" \ + -coverpkg="./...,github.com/hashicorp/terraform-provider-..." \ + -parallel $(TESTPARALLELISM) \ + ./... +.PHONY: test_provider + +tfgen: schema +schema: .make/schema +# This does actually have dependencies, but we're keeping it around for backwards compatibility for now +tfgen_no_deps: .make/schema +.make/schema: export PULUMI_HOME := $(WORKING_DIR)/.pulumi +.make/schema: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) +.make/schema: export PULUMI_CONVERT := $(PULUMI_CONVERT) +.make/schema: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache +.make/schema: export PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION := $(PULUMI_CONVERT) +.make/schema: export PULUMI_MISSING_DOCS_ERROR := $(PULUMI_MISSING_DOCS_ERROR) +.make/schema: bin/$(TFGEN) .make/install_plugins .make/upstream + $(WORKING_DIR)/bin/$(TFGEN) schema --out provider/cmd/$(PROVIDER) + (cd provider && VERSION=$(VERSION_GENERIC) go generate cmd/$(PROVIDER)/main.go) + @touch $@ +tfgen_build_only: bin/$(TFGEN) +bin/$(TFGEN): provider/*.go provider/go.* .make/upstream + (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(TFGEN) -ldflags "$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_EXTRAS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(TFGEN)) +.PHONY: tfgen schema tfgen_no_deps tfgen_build_only + +upstream: .make/upstream +.make/upstream: + @touch $@ +.PHONY: upstream + +bin/pulumi-java-gen: .pulumi-java-gen.version + pulumictl download-binary -n pulumi-language-java -v v$(shell cat .pulumi-java-gen.version) -r pulumi/pulumi-java + +# To make an immediately observable change to .ci-mgmt.yaml: +# +# - Edit .ci-mgmt.yaml +# - Run make ci-mgmt to apply the change locally. +# +ci-mgmt: .ci-mgmt.yaml + go run github.com/pulumi/ci-mgmt/provider-ci@master generate +.PHONY: ci-mgmt + +# Because some codegen depends on the version of the CLI used, we install a local CLI +# version pinned to the same version as `provider/go.mod`. +# +# This logic compares the version of .pulumi/bin/pulumi already installed. If it matches +# the desired version, we just print. Otherwise we (re)install pulumi at the desired +# version. +.pulumi/bin/pulumi: .pulumi/version + @if [ -x .pulumi/bin/pulumi ] && [ "v$$(cat .pulumi/version)" = "$$(.pulumi/bin/pulumi version)" ]; then \ + echo "pulumi/bin/pulumi version: v$$(cat .pulumi/version)"; \ + touch $@; \ + else \ + curl -fsSL https://get.pulumi.com | \ + HOME=$(WORKING_DIR) sh -s -- --version "$$(cat .pulumi/version)"; \ + fi + +# Compute the version of Pulumi to use by inspecting the Go dependencies of the provider. +.pulumi/version: provider/go.mod + cd provider && go list -f "{{slice .Version 1}}" -m github.com/pulumi/pulumi/pkg/v3 | tee ../$@ + +# Start debug server for tfgen +debug_tfgen: + dlv --listen=:2345 --headless=true --api-version=2 exec $(WORKING_DIR)/bin/$(TFGEN) -- schema --out provider/cmd/$(PROVIDER) +.PHONY: debug_tfgen + +# Provider cross-platform build & packaging + +# Set these variables to enable signing of the windows binary +AZURE_SIGNING_CLIENT_ID ?= +AZURE_SIGNING_CLIENT_SECRET ?= +AZURE_SIGNING_TENANT_ID ?= +AZURE_SIGNING_KEY_VAULT_URI ?= +SKIP_SIGNING ?= + +# These targets assume that the schema-embed.json exists - it's generated by tfgen. +# We disable CGO to ensure that the binary is statically linked. +bin/linux-amd64/$(PROVIDER): TARGET := linux-amd64 +bin/linux-arm64/$(PROVIDER): TARGET := linux-arm64 +bin/darwin-amd64/$(PROVIDER): TARGET := darwin-amd64 +bin/darwin-arm64/$(PROVIDER): TARGET := darwin-arm64 +bin/windows-amd64/$(PROVIDER).exe: TARGET := windows-amd64 +bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: bin/jsign-6.0.jar + @# check the TARGET is set + @test $(TARGET) + @cd provider && \ + export GOOS=$$(echo "$(TARGET)" | cut -d "-" -f 1) && \ + export GOARCH=$$(echo "$(TARGET)" | cut -d "-" -f 2) && \ + export CGO_ENABLED=0 && \ + go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)" + + @# Only sign windows binary if fully configured. + @# Test variables set by joining with | between and looking for || showing at least one variable is empty. + @# Move the binary to a temporary location and sign it there to avoid the target being up-to-date if signing fails. + @set -e; \ + if [[ "${TARGET}" = "windows-amd64" && "${SKIP_SIGNING}" != "true" ]]; then \ + if [[ "|${AZURE_SIGNING_CLIENT_ID}|${AZURE_SIGNING_CLIENT_SECRET}|${AZURE_SIGNING_TENANT_ID}|${AZURE_SIGNING_KEY_VAULT_URI}|" == *"||"* ]]; then \ + echo "Can't sign windows binaries as required configuration not set: AZURE_SIGNING_CLIENT_ID, AZURE_SIGNING_CLIENT_SECRET, AZURE_SIGNING_TENANT_ID, AZURE_SIGNING_KEY_VAULT_URI"; \ + echo "To rebuild with signing delete the unsigned $@ and rebuild with the fixed configuration"; \ + if [[ "${CI}" == "true" ]]; then exit 1; fi; \ + else \ + mv $@ $@.unsigned; \ + az login --service-principal \ + --username "${AZURE_SIGNING_CLIENT_ID}" \ + --password "${AZURE_SIGNING_CLIENT_SECRET}" \ + --tenant "${AZURE_SIGNING_TENANT_ID}" \ + --output none; \ + ACCESS_TOKEN=$$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken); \ + java -jar bin/jsign-6.0.jar \ + --storetype AZUREKEYVAULT \ + --keystore "PulumiCodeSigning" \ + --url "${AZURE_SIGNING_KEY_VAULT_URI}" \ + --storepass "$${ACCESS_TOKEN}" \ + $@.unsigned; \ + mv $@.unsigned $@; \ + az logout; \ + fi; \ + fi + +bin/jsign-6.0.jar: + wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar --output-document=bin/jsign-6.0.jar + +provider-linux-amd64: bin/linux-amd64/$(PROVIDER) +provider-linux-arm64: bin/linux-arm64/$(PROVIDER) +provider-darwin-amd64: bin/darwin-amd64/$(PROVIDER) +provider-darwin-arm64: bin/darwin-arm64/$(PROVIDER) +provider-windows-amd64: bin/windows-amd64/$(PROVIDER).exe +.PHONY: provider-linux-amd64 provider-linux-arm64 provider-darwin-amd64 provider-darwin-arm64 provider-windows-amd64 + +bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz: bin/darwin-arm64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz: bin/windows-amd64/$(PROVIDER).exe +bin/$(PROVIDER)-v$(VERSION_GENERIC)-%.tar.gz: + @mkdir -p dist + @# $< is the last dependency (the binary path from above) e.g. bin/linux-amd64/pulumi-resource-xyz + @# $@ is the current target e.g. bin/pulumi-resource-xyz-v1.2.3-linux-amd64.tar.gz + tar --gzip -cf $@ README.md LICENSE -C $$(dirname $<) . + +provider_dist-linux-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz +provider_dist-linux-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz +provider_dist-darwin-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz +provider_dist-darwin-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz +provider_dist-windows-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz +provider_dist: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 +.PHONY: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 provider_dist + +# Permit providers to extend the Makefile with provider-specific Make includes. +include $(wildcard .mk/*.mk)