diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index 4b8ea2c..5295f18 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -14,19 +14,29 @@ inputs: dotnet java default: all + cache-go: + description: | + Whether to enable the GitHub cache for Go. Appropriate for disabling in + smaller jobs that typically completely before the "real" job has an + opportunity to populate the cache. + default: "true" runs: using: "composite" steps: - name: Install Go if: inputs.tools == 'all' || contains(inputs.tools, 'go') - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version: "1.22.x" cache-dependency-path: | provider/*.sum upstream/*.sum + sdk/go/*.sum sdk/*.sum + *.sum + # TODO(https://github.com/actions/setup-go/issues/316): Restore but don't save the cache. + cache: ${{ inputs.cache-go }} - name: Install pulumictl if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index f405643..660dca1 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -1,3 +1,5 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + name: "Build Provider" on: @@ -15,7 +17,6 @@ jobs: env: PROVIDER_VERSION: ${{ inputs.version }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SIGN: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI != '' }} strategy: fail-fast: true matrix: @@ -53,30 +54,13 @@ jobs: run: make --touch provider schema - name: Build provider - if: matrix.platform.os != 'windows' - run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-cockroach - - - name: Build windows provider - if: matrix.platform.os == 'windows' - run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-cockroach.exe - - - name: Sign windows provider - if: matrix.platform.os == 'windows' && env.SIGN == 'true' - run: | - az login --service-principal \ - -u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \ - -p ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} \ - -t ${{ secrets.AZURE_SIGNING_TENANT_ID }} \ - -o none; - - wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar; - - java -jar jsign-6.0.jar \ - --storetype AZUREKEYVAULT \ - --keystore "PulumiCodeSigning" \ - --url ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} \ - --storepass "$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken)" \ - bin/windows-amd64/pulumi-resource-cockroach.exe; + run: make "provider-${{ matrix.platform.os }}-${{ matrix.platform.arch }}" + env: + AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }} + AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} + AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }} + AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} + SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' && secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID == '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }} - name: Package provider run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index 805d82a..b132ef7 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -1,3 +1,5 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + name: "Build SDK" on: diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index c55ddd8..5806ff6 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -37,6 +37,7 @@ jobs: uses: ./.github/actions/setup-tools with: tools: go + cache-go: false - run: make upstream - uses: pulumi/license-check-action@main with: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 059766e..8efec38 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -34,7 +34,7 @@ jobs: with: persist-credentials: false - name: Install go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: # The versions of golangci-lint and setup-go here cross-depend and need to update together. go-version: 1.23 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8a9debd..6249694 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -126,7 +126,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} test: - name: test + uses: ./.github/workflows/test.yml needs: - prerequisites - build_provider @@ -134,52 +134,10 @@ jobs: permissions: contents: read id-token: write - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, ${{ matrix.language }} - - name: Prepare local workspace - run: make prepare_local_workspace - - name: Download bin - uses: ./.github/actions/download-bin - - name: Download SDK - uses: ./.github/actions/download-sdk - with: - language: ${{ matrix.language }} - - name: Restore makefile progress - run: make --touch provider schema build_${{ matrix.language }} - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Install Python deps - if: matrix.language == 'python' - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Install dependencies - run: make install_${{ matrix.language}}_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.5.0 - - name: Run tests - run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 - strategy: - fail-fast: false - matrix: - language: - - dotnet - - go - - nodejs - - python + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + name: main on: workflow_dispatch: {} diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 5ea8dad..8736a9f 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -67,7 +67,7 @@ jobs: isPrerelease: true test: - name: test + uses: ./.github/workflows/test.yml needs: - prerequisites - build_provider @@ -75,52 +75,9 @@ jobs: permissions: contents: read id-token: write - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, dotnet, go, nodejs, python - - name: Prepare local workspace - run: make prepare_local_workspace - - name: Download bin - uses: ./.github/actions/download-bin - - name: Download SDK - uses: ./.github/actions/download-sdk - with: - language: ${{ matrix.language }} - - name: Restore makefile progress - run: make --touch provider schema build_${{ matrix.language }} - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Install Python deps - if: matrix.language == 'python' - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Install dependencies - run: make install_${{ matrix.language}}_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.5.0 - - name: Run tests - run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . - strategy: - fail-fast: false - matrix: - language: - - dotnet - - go - - nodejs - - python + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} name: prerelease on: diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index be85602..a448970 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -1,3 +1,5 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + name: "Prerequisites" on: @@ -68,6 +70,10 @@ jobs: run: make provider - name: Unit-test provider code run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - if: inputs.is_pr name: Check Schema is Valid run: | diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index bea40da..0f29950 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -100,6 +100,8 @@ jobs: name: publish_sdk needs: publish runs-on: ubuntu-latest + outputs: + python_version: ${{ steps.python_version.outputs.version }} steps: - name: Checkout Repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -112,13 +114,13 @@ jobs: tools: pulumictl, pulumicli, dotnet, go, nodejs, python - name: Publish SDKs if: inputs.skipJavaSdk == false - uses: pulumi/pulumi-package-publisher@1c0359ba74243cf6651efacfd839c751d8ff87e2 # v0.0.20 + uses: pulumi/pulumi-package-publisher@696a0fe98f86d86ada2a842d1859f3e8c40d6cd7 # v0.0.21 with: sdk: all,!java version: ${{ inputs.version }} - name: Publish SDKs (except Java) if: inputs.skipJavaSdk == true - uses: pulumi/pulumi-package-publisher@1c0359ba74243cf6651efacfd839c751d8ff87e2 # v0.0.20 + uses: pulumi/pulumi-package-publisher@696a0fe98f86d86ada2a842d1859f3e8c40d6cd7 # v0.0.21 with: sdk: all,!java,!java version: ${{ inputs.version }} @@ -140,6 +142,13 @@ jobs: go.* go/** !*.tar.gz + - name: Extract python version + id: python_version + working-directory: sdk/python + run: | + pip install toml-cli==0.7.0 + version=$(toml get --toml-path pyproject.toml project.version) + echo "version=${version}" >> "$GITHUB_OUTPUT" clean_up_release_labels: name: Clean up release labels @@ -172,3 +181,4 @@ jobs: # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. enableMacosRunner: ${{ inputs.isPrerelease == false }} skipGoSdk: ${{ inputs.skipGoSdk }} + pythonVersion: ${{ needs.publish_sdk.outputs.python_version }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f0706d0..3720ee2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -73,7 +73,7 @@ jobs: isPrerelease: false test: - name: test + uses: ./.github/workflows/test.yml needs: - prerequisites - build_provider @@ -81,49 +81,6 @@ jobs: permissions: contents: read id-token: write - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, ${{ matrix.language }} - - name: Prepare local workspace - run: make prepare_local_workspace - - name: Download bin - uses: ./.github/actions/download-bin - - name: Download SDK - uses: ./.github/actions/download-sdk - with: - language: ${{ matrix.language }} - - name: Restore makefile progress - run: make --touch provider schema build_${{ matrix.language }} - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Install Python deps - if: matrix.language == 'python' - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Install dependencies - run: make install_${{ matrix.language}}_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.5.0 - - name: Run tests - run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . - strategy: - fail-fast: false - matrix: - language: - - dotnet - - go - - nodejs - - python + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index bc56a0f..8d4402f 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -113,9 +113,10 @@ jobs: sha: ${{ github.event.pull_request.head.sha || github.sha }} test: + # Don't run tests on PRs from forks. if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository - name: test + uses: ./.github/workflows/test.yml needs: - prerequisites - build_provider @@ -123,64 +124,10 @@ jobs: permissions: contents: read id-token: write - runs-on: ubuntu-latest - env: - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - steps: - - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ env.PR_COMMIT_SHA }} - persist-credentials: false - - name: Checkout p/examples - if: matrix.testTarget == 'pulumiExamples' - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - repository: pulumi/examples - path: p-examples - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, ${{ matrix.language }} - - name: Prepare local workspace - run: make prepare_local_workspace - - name: Download bin - uses: ./.github/actions/download-bin - - name: Download SDK - uses: ./.github/actions/download-sdk - with: - language: ${{ matrix.language }} - - name: Restore makefile progress - run: make --touch provider schema build_${{ matrix.language }} - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Install Python deps - if: matrix.language == 'python' - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Install dependencies - run: make install_${{ matrix.language}}_sdk - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - version: v2.5.0 - - name: Run tests - if: matrix.testTarget == 'local' - run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 . - - name: Run pulumi/examples tests - if: matrix.testTarget == 'pulumiExamples' - run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -run TestPulumiExamples -parallel 4 . - strategy: - fail-fast: false - matrix: - language: - - dotnet - - go - - nodejs - - python - testTarget: [local] + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + license_check: name: License Check uses: ./.github/workflows/license.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..5e05440 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,94 @@ +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt + +name: "Test Provider" + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: Version of the provider to test + +env: + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + test: + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ inputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + ref: ${{ env.PR_COMMIT_SHA }} + persist-credentials: false + - name: Checkout p/examples + if: matrix.testTarget == 'pulumiExamples' + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + repository: pulumi/examples + path: p-examples + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Prepare local workspace + run: make prepare_local_workspace + - name: Download bin + uses: ./.github/actions/download-bin + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Restore makefile progress + run: make --touch provider schema build_${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.5.0 + - name: Run tests + if: matrix.testTarget == 'local' + run: cd examples && go test -v -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 . + - name: Run pulumi/examples tests + if: matrix.testTarget == 'pulumiExamples' + run: cd examples && go test -v -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -run TestPulumiExamples -parallel 4 . + strategy: + fail-fast: false + matrix: + language: + - dotnet + - go + - nodejs + - python + testTarget: [local] diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index 56d259c..dec42ef 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -16,6 +16,10 @@ on: required: false type: boolean default: false + pythonVersion: + description: "Optional python SDK version to verify. Defaults to inputs.providerVersion." + type: string + required: false workflow_call: inputs: providerVersion: @@ -32,6 +36,10 @@ on: required: false type: boolean default: false + pythonVersion: + description: "Optional python SDK version to verify. Defaults to inputs.providerVersion." + type: string + required: false env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/Makefile b/Makefile index 7b6afa3..f0e31f1 100644 --- a/Makefile +++ b/Makefile @@ -227,7 +227,11 @@ test: .PHONY: test test_provider: - cd provider && go test -v -short ./... -parallel $(TESTPARALLELISM) + cd provider && go test -v -short \ + -coverprofile="coverage.txt" \ + -coverpkg="./...,github.com/hashicorp/terraform-provider-..." \ + -parallel $(TESTPARALLELISM) \ + ./... .PHONY: test_provider tfgen: schema @@ -297,6 +301,13 @@ debug_tfgen: # Provider cross-platform build & packaging +# Set these variables to enable signing of the windows binary +AZURE_SIGNING_CLIENT_ID ?= +AZURE_SIGNING_CLIENT_SECRET ?= +AZURE_SIGNING_TENANT_ID ?= +AZURE_SIGNING_KEY_VAULT_URI ?= +SKIP_SIGNING ?= + # These targets assume that the schema-embed.json exists - it's generated by tfgen. # We disable CGO to ensure that the binary is statically linked. bin/linux-amd64/$(PROVIDER): TARGET := linux-amd64 @@ -304,7 +315,7 @@ bin/linux-arm64/$(PROVIDER): TARGET := linux-arm64 bin/darwin-amd64/$(PROVIDER): TARGET := darwin-amd64 bin/darwin-arm64/$(PROVIDER): TARGET := darwin-arm64 bin/windows-amd64/$(PROVIDER).exe: TARGET := windows-amd64 -bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: +bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: bin/jsign-6.0.jar @# check the TARGET is set test $(TARGET) cd provider && \ @@ -313,6 +324,44 @@ bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: export CGO_ENABLED=0 && \ go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)" + @# Only sign windows binary if fully configured. + @# Test variables set by joining with | between and looking for || showing at least one variable is empty. + @# Move the binary to a temporary location and sign it there to avoid the target being up-to-date if signing fails. + set -e; \ + if [[ "${TARGET}" = "windows-amd64" && ${SKIP_SIGNING} != "true" ]]; then \ + if [[ "|${AZURE_SIGNING_CLIENT_ID}|${AZURE_SIGNING_CLIENT_SECRET}|${AZURE_SIGNING_TENANT_ID}|${AZURE_SIGNING_KEY_VAULT_URI}|" == *"||"* ]]; then \ + echo "Can't sign windows binaries as required configuration not set: AZURE_SIGNING_CLIENT_ID, AZURE_SIGNING_CLIENT_SECRET, AZURE_SIGNING_TENANT_ID, AZURE_SIGNING_KEY_VAULT_URI"; \ + echo "To rebuild with signing delete the unsigned $@ and rebuild with the fixed configuration"; \ + if [[ ${CI} == "true" ]]; then exit 1; fi; \ + else \ + mv $@ $@.unsigned; \ + az login --service-principal \ + --username "${AZURE_SIGNING_CLIENT_ID}" \ + --password "${AZURE_SIGNING_CLIENT_SECRET}" \ + --tenant "${AZURE_SIGNING_TENANT_ID}" \ + --output none; \ + ACCESS_TOKEN=$$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken); \ + java -jar bin/jsign-6.0.jar \ + --storetype AZUREKEYVAULT \ + --keystore "PulumiCodeSigning" \ + --url "${AZURE_SIGNING_KEY_VAULT_URI}" \ + --storepass "$${ACCESS_TOKEN}" \ + $@.unsigned; \ + mv $@.unsigned $@; \ + az logout; \ + fi; \ + fi + +bin/jsign-6.0.jar: + wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar --output-document=bin/jsign-6.0.jar + +provider-linux-amd64: bin/linux-amd64/$(PROVIDER) +provider-linux-arm64: bin/linux-arm64/$(PROVIDER) +provider-darwin-amd64: bin/darwin-amd64/$(PROVIDER) +provider-darwin-arm64: bin/darwin-arm64/$(PROVIDER) +provider-windows-amd64: bin/windows-amd64/$(PROVIDER).exe +.PHONY: provider-linux-amd64 provider-linux-arm64 provider-darwin-amd64 provider-darwin-arm64 provider-windows-amd64 + bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER) bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER) bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER)