diff --git a/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/run-acceptance-tests.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/run-acceptance-tests.yml similarity index 98% rename from provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/run-acceptance-tests.yml rename to provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/run-acceptance-tests.yml index 7ddd2fcd1..e435a3073 100644 --- a/provider-ci/internal/pkg/templates/pulumi-provider/.github/workflows/run-acceptance-tests.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/run-acceptance-tests.yml @@ -1,5 +1,15 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: run-acceptance-tests + +on: + pull_request: + paths-ignore: + - CHANGELOG.md + repository_dispatch: + types: + - run-acceptance-tests-command + env: PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} #{{ .Config.env | toYaml | indent 2 }}# @@ -8,6 +18,7 @@ env: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true + jobs: prerequisites: if: github.event_name == 'repository_dispatch' || @@ -39,6 +50,8 @@ jobs: comment-notification: if: github.event_name == 'repository_dispatch' name: comment-notification + permissions: + pull-requests: write runs-on: #{{ .Config.runner.default }}# steps: - id: run-url @@ -50,7 +63,7 @@ jobs: body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" issue-number: ${{ github.event.client_payload.github.payload.issue.number }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - token: ${{ secrets.PULUMI_BOT_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} #{{ if .Config.lint -}}# lint: if: github.event_name == 'repository_dispatch' || @@ -230,11 +243,3 @@ jobs: #{{- if .Config.extraTests }}# #{{ .Config.extraTests | toYaml | indent 2 }}# #{{ end }}# -name: run-acceptance-tests -on: - pull_request: - paths-ignore: - - CHANGELOG.md - repository_dispatch: - types: - - run-acceptance-tests-command diff --git a/provider-ci/test-providers/acme/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/acme/.github/workflows/run-acceptance-tests.yml new file mode 100644 index 000000000..e093eefea --- /dev/null +++ b/provider-ci/test-providers/acme/.github/workflows/run-acceptance-tests.yml @@ -0,0 +1,180 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: run-acceptance-tests + +on: + pull_request: + paths-ignore: + - CHANGELOG.md + repository_dispatch: + types: + - run-acceptance-tests-command + +env: + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +# This should cancel any previous runs of the same workflow on the same branch which are still running. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + prerequisites: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + comment-notification: + if: github.event_name == 'repository_dispatch' + name: comment-notification + permissions: + pull-requests: write + runs-on: ubuntu-latest + steps: + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@v1 + with: + body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + token: ${{ secrets.GITHUB_TOKEN }} + lint: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + sentinel: + name: sentinel + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + needs: + - test + - build_provider + - license_check + - lint + runs-on: ubuntu-latest + steps: + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 + with: + authToken: ${{secrets.GITHUB_TOKEN}} + # Write an explicit status check called "Sentinel" which will only pass if this code really runs. + # This should always be a required check for PRs. + context: 'Sentinel' + description: 'All required checks passed' + state: 'success' + # Write to the PR commit SHA if it's available as we don't want the merge commit sha, + # otherwise use the current SHA for any other type of build. + sha: ${{ github.event.pull_request.head.sha || github.sha }} + + test: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + - name: Checkout p/examples + if: matrix.testTarget == 'pulumiExamples' + uses: actions/checkout@v4 + with: + repository: pulumi/examples + path: p-examples + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.5.0 + - name: Run tests + if: matrix.testTarget == 'local' + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 . + - name: Run pulumi/examples tests + if: matrix.testTarget == 'pulumiExamples' + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -run TestPulumiExamples -parallel 4 . + strategy: + fail-fast: false + matrix: + language: + - dotnet + - go + - nodejs + - python + testTarget: [local] + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit diff --git a/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml index df29a7a03..d57c3076f 100644 --- a/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml +++ b/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml @@ -1,5 +1,15 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: run-acceptance-tests + +on: + pull_request: + paths-ignore: + - CHANGELOG.md + repository_dispatch: + types: + - run-acceptance-tests-command + env: PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} AWS_REGION: us-west-2 @@ -26,6 +36,7 @@ env: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true + jobs: prerequisites: if: github.event_name == 'repository_dispatch' || @@ -57,6 +68,8 @@ jobs: comment-notification: if: github.event_name == 'repository_dispatch' name: comment-notification + permissions: + pull-requests: write runs-on: ubuntu-latest steps: - id: run-url @@ -68,7 +81,7 @@ jobs: body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" issue-number: ${{ github.event.client_payload.github.payload.issue.number }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - token: ${{ secrets.PULUMI_BOT_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} sentinel: name: sentinel if: github.event_name == 'repository_dispatch' || @@ -403,11 +416,3 @@ jobs: make provider-lint timeout-minutes: 60 -name: run-acceptance-tests -on: - pull_request: - paths-ignore: - - CHANGELOG.md - repository_dispatch: - types: - - run-acceptance-tests-command diff --git a/provider-ci/test-providers/cloudflare/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/cloudflare/.github/workflows/run-acceptance-tests.yml index d485bada3..61f17298a 100644 --- a/provider-ci/test-providers/cloudflare/.github/workflows/run-acceptance-tests.yml +++ b/provider-ci/test-providers/cloudflare/.github/workflows/run-acceptance-tests.yml @@ -1,5 +1,15 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: run-acceptance-tests + +on: + pull_request: + paths-ignore: + - CHANGELOG.md + repository_dispatch: + types: + - run-acceptance-tests-command + env: PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} @@ -25,6 +35,7 @@ env: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true + jobs: prerequisites: if: github.event_name == 'repository_dispatch' || @@ -56,6 +67,8 @@ jobs: comment-notification: if: github.event_name == 'repository_dispatch' name: comment-notification + permissions: + pull-requests: write runs-on: ubuntu-latest steps: - id: run-url @@ -67,7 +80,7 @@ jobs: body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" issue-number: ${{ github.event.client_payload.github.payload.issue.number }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - token: ${{ secrets.PULUMI_BOT_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} lint: if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository @@ -174,11 +187,3 @@ jobs: name: License Check uses: ./.github/workflows/license.yml secrets: inherit -name: run-acceptance-tests -on: - pull_request: - paths-ignore: - - CHANGELOG.md - repository_dispatch: - types: - - run-acceptance-tests-command diff --git a/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml index 3a1dafbf0..44039b338 100644 --- a/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml +++ b/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml @@ -1,5 +1,15 @@ # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: run-acceptance-tests + +on: + pull_request: + paths-ignore: + - CHANGELOG.md + repository_dispatch: + types: + - run-acceptance-tests-command + env: PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e @@ -38,6 +48,7 @@ env: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true + jobs: prerequisites: if: github.event_name == 'repository_dispatch' || @@ -69,6 +80,8 @@ jobs: comment-notification: if: github.event_name == 'repository_dispatch' name: comment-notification + permissions: + pull-requests: write runs-on: ubuntu-latest steps: - id: run-url @@ -80,7 +93,7 @@ jobs: body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" issue-number: ${{ github.event.client_payload.github.payload.issue.number }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - token: ${{ secrets.PULUMI_BOT_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} lint: if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository @@ -208,11 +221,3 @@ jobs: name: License Check uses: ./.github/workflows/license.yml secrets: inherit -name: run-acceptance-tests -on: - pull_request: - paths-ignore: - - CHANGELOG.md - repository_dispatch: - types: - - run-acceptance-tests-command