[internal] Update GitHub Actions workflow files

pulumi · Jul 4, 2024 · 368eace · 368eace
1 parent 8829852
commit 368eace
Show file tree

Hide file tree

Showing 8 changed files with 172 additions and 26 deletions.
diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml
@@ -0,0 +1,53 @@
+name: "Build Provider"
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: true
+        type: string
+        description: Version of the provider to build
+
+jobs:
+  build_provider:
+    name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }}
+    runs-on: ubuntu-latest
+    env:
+      PROVIDER_VERSION: ${{ inputs.version }}
+    strategy:
+      fail-fast: true
+      matrix:
+        platform:
+          - os: linux
+            arch: amd64
+          - os: linux
+            arch: arm64
+          - os: darwin
+            arch: amd64
+          - os: darwin
+            arch: arm64
+          - os: windows
+            arch: amd64
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+      - name: Setup tools
+        uses: ./.github/actions/setup-tools
+        with:
+          tools: pulumictl, go
+      - name: Download schema-embed.json
+        uses: actions/download-artifact@v4
+        with:
+          name: schema-embed.json
+          path: provider/cmd/pulumi-resource-okta/schema-embed.json
+      - name: Prepare for build
+        # This installs plugins and prepares upstream
+        run: make upstream
+      - name: Build & package provider
+        run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: pulumi-resource-okta-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz
+          path: bin/pulumi-resource-okta-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz
+          retention-days: 30
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
@@ -29,6 +29,13 @@ jobs:
       is_pr: ${{ github.event_name == 'pull_request' }}
       is_automated: ${{ github.actor == 'dependabot[bot]' }}
 
+  build_provider:
+    uses: ./.github/workflows/build_provider.yml
+    needs: prerequisites
+    secrets: inherit
+    with:
+      version: ${{ needs.prerequisites.outputs.version }}
+
   build_sdk:
     name: build_sdk
     needs: prerequisites
@@ -88,6 +95,7 @@ jobs:
     name: publish
     needs:
       - prerequisites
+      - build_provider
       - test
       - license_check
     uses: ./.github/workflows/publish.yml

diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
@@ -30,6 +30,13 @@ jobs:
       is_pr: ${{ github.event_name == 'pull_request' }}
       is_automated: ${{ github.actor == 'dependabot[bot]' }}
 
+  build_provider:
+    uses: ./.github/workflows/build_provider.yml
+    needs: prerequisites
+    secrets: inherit
+    with:
+      version: ${{ needs.prerequisites.outputs.version }}
+
   build_sdk:
     name: build_sdk
     needs: prerequisites
@@ -51,6 +58,7 @@ jobs:
     name: publish
     needs:
       - prerequisites
+      - build_provider
       - test
       - license_check
     uses: ./.github/workflows/publish.yml

diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml
@@ -96,3 +96,10 @@ jobs:
 
     - name: Upload bin
       uses: ./.github/actions/upload-bin
+
+    - name: Upload schema-embed.json
+      uses: actions/upload-artifact@v4
+      with:
+        name: schema-embed.json
+        path: provider/cmd/pulumi-resource-okta/schema-embed.json
+        retention-days: 30
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -48,19 +48,12 @@ jobs:
     - name: Validate skipGoSdk
       if: inputs.skipGoSdk && inputs.isPrerelease == false
       run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1
-    - name: Free Disk Space (Ubuntu)
-      uses: jlumbroso/[email protected]
-      with:
-        # this might remove tools that are actually needed,
-        # if set to "true" but frees about 6 GB
-        tool-cache: false
-        swap-storage: false
     - name: Checkout Repo
       uses: actions/checkout@v4
     - name: Setup tools
       uses: ./.github/actions/setup-tools
       with:
-        tools: pulumictl, pulumicli, go
+        tools: pulumictl, pulumicli, go, schema-tools
     - name: Configure AWS Credentials
       uses: aws-actions/configure-aws-credentials@v4
       with:
@@ -71,25 +64,44 @@ jobs:
         role-external-id: upload-pulumi-release
         role-session-name: okta@githubActions
         role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
-    - name: Run GoReleaser
+    - name: Create dist directory
+      run: mkdir -p dist
+    - name: Download provider assets
+      uses: actions/download-artifact@v4
+      with:
+        pattern: pulumi-resource-okta-v${{ inputs.version }}-*
+        path: dist
+        # Don't create a directory for each artifact
+        merge-multiple: true
+    - name: Calculate checksums
+      working-directory: dist
+      run: shasum ./*.tar.gz > pulumi-okta_${{ inputs.version }}_checksums.txt
+    - name: Get Schema Change Summary
+      id: schema-summary
+      shell: bash
+      run: |
+        # Get latest stable release. Return only first column from result (tag).
+        LAST_VERSION=$(gh release view --repo pulumi/pulumi-okta --json tagName -q .tagName)
+        {
+          echo 'summary<<EOF'
+          schema-tools compare --provider="okta" --old-commit="$LAST_VERSION" --new-commit="--local-path=provider/cmd/pulumi-resource-okta/schema.json"
+          echo 'EOF'
+        } >> "$GITHUB_OUTPUT"
+    - name: Upload Provider Binaries
+      run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive
+    - name: Create GH Release
+      uses: softprops/action-gh-release@v1
       if: inputs.isPrerelease == false
-      uses: goreleaser/goreleaser-action@v5
-      env:
-        GORELEASER_CURRENT_TAG: v${{ inputs.version }}
-        PROVIDER_VERSION: ${{ inputs.version }}
       with:
-        args: -p 3 release --rm-dist --timeout 60m0s
-        version: latest
-    - name: Run GoReleaser (prerelease)
-      if: inputs.isPrerelease == true
-      uses: goreleaser/goreleaser-action@v5
+        tag_name: v${{ inputs.version }}
+        prerelease: ${{ inputs.isPrerelease }}
+        # We keep pre-releases as drafts so they're not visible until we manually publish them.
+        draft: ${{ inputs.isPrerelease }}
+        body: ${{ steps.schema-summary.outputs.summary }}
+        generate_release_notes: true
+        files: dist/*
       env:
-        GORELEASER_CURRENT_TAG: v${{ inputs.version }}
-        PROVIDER_VERSION: ${{ inputs.version }}
-      with:
-        args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout
-          60m0s
-        version: latest
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
 
   publish_sdk:
     name: publish_sdk

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -29,6 +29,13 @@ jobs:
       is_pr: ${{ github.event_name == 'pull_request' }}
       is_automated: ${{ github.actor == 'dependabot[bot]' }}
 
+  build_provider:
+    uses: ./.github/workflows/build_provider.yml
+    needs: prerequisites
+    secrets: inherit
+    with:
+      version: ${{ needs.prerequisites.outputs.version }}
+
   build_sdk:
     name: build_sdk
     needs: prerequisites
@@ -50,6 +57,7 @@ jobs:
     name: publish
     needs:
       - prerequisites
+      - build_provider
       - test
       - license_check
     uses: ./.github/workflows/publish.yml

diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml
@@ -37,6 +37,13 @@ jobs:
       is_pr: ${{ github.event_name == 'pull_request' }}
       is_automated: ${{ github.actor == 'dependabot[bot]' }}
 
+  build_provider:
+    uses: ./.github/workflows/build_provider.yml
+    needs: prerequisites
+    secrets: inherit
+    with:
+      version: ${{ needs.prerequisites.outputs.version }}
+
   build_sdk:
     if: github.event_name == 'repository_dispatch' ||
       github.event.pull_request.head.repo.full_name == github.repository

diff --git a/Makefile b/Makefile
@@ -10,6 +10,7 @@ PROVIDER := pulumi-resource-$(PACK)
 JAVA_GEN := pulumi-java-gen
 TESTPARALLELISM := 10
 WORKING_DIR := $(shell pwd)
+PULUMI_PROVIDER_BUILD_PARALLELISM ?=
 PULUMI_CONVERT := 1
 PULUMI_MISSING_DOCS_ERROR := true
 
@@ -19,6 +20,11 @@ PROVIDER_VERSION ?= 4.0.0-alpha.0+dev
 # Use this normalised version everywhere rather than the raw input to ensure consistency.
 VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version "$(PROVIDER_VERSION)")
 
+LDFLAGS_PROJ_VERSION=-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC)
+LDFLAGS_UPSTREAM_VERSION=
+LDFLAGS_EXTRAS=
+LDFLAGS=$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_UPSTREAM_VERSION) $(LDFLAGS_EXTRAS)
+
 development: install_plugins provider build_sdks install_sdks
 
 build: install_plugins provider build_sdks install_sdks
@@ -127,7 +133,7 @@ lint_provider.fix:
 # `cmd/pulumi-resource-okta/schema.json` is valid and up to date.
 # To create a release ready binary, you should use `make provider`.
 provider_no_deps:
-	(cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER))
+	(cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "$(LDFLAGS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER))
 
 provider: tfgen provider_no_deps
 
@@ -154,7 +160,7 @@ tfgen_no_deps: tfgen_build_only
 	(cd provider && VERSION=$(VERSION_GENERIC) go generate cmd/$(PROVIDER)/main.go)
 
 tfgen_build_only:
-	(cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(TFGEN) -ldflags "-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(TFGEN))
+	(cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(TFGEN) -ldflags "$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_EXTRAS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(TFGEN))
 
 upstream:
 ifneq ("$(wildcard upstream)","")
@@ -196,3 +202,40 @@ debug_tfgen:
 	dlv  --listen=:2345 --headless=true --api-version=2  exec $(WORKING_DIR)/bin/$(TFGEN) -- schema --out provider/cmd/$(PROVIDER)
 
 .PHONY: development build build_sdks install_go_sdk install_java_sdk install_python_sdk install_sdks only_build build_dotnet build_go build_java build_nodejs build_python clean cleanup help install_dotnet_sdk install_nodejs_sdk install_plugins lint_provider provider provider_no_deps test tfgen upstream upstream.finalize upstream.rebase ci-mgmt test_provider debug_tfgen tfgen_build_only
+
+# Provider cross-platform build & packaging
+
+# These targets assume that the schema-embed.json exists - it's generated by tfgen.
+# We disable CGO to ensure that the binary is statically linked.
+bin/linux-amd64/$(PROVIDER): TARGET := linux-amd64
+bin/linux-arm64/$(PROVIDER): TARGET := linux-arm64
+bin/darwin-amd64/$(PROVIDER): TARGET := darwin-amd64
+bin/darwin-arm64/$(PROVIDER): TARGET := darwin-arm64
+bin/windows-amd64/$(PROVIDER).exe: TARGET := windows-amd64
+bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: provider/cmd/$(PROVIDER)/schema-embed.json
+	@# check the TARGET is set
+	test $(TARGET)
+	cd provider && \
+		export GOOS=$$(echo "$(TARGET)" | cut -d "-" -f 1) && \
+		export GOARCH=$$(echo "$(TARGET)" | cut -d "-" -f 2) && \
+		export CGO_ENABLED=0 && \
+		go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)"
+
+bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER)
+bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER)
+bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER)
+bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz: bin/darwin-arm64/$(PROVIDER)
+bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz: bin/windows-amd64/$(PROVIDER).exe
+bin/$(PROVIDER)-v$(VERSION_GENERIC)-%.tar.gz:
+	@mkdir -p dist
+	@# $< is the last dependency (the binary path from above) e.g. bin/linux-amd64/pulumi-resource-xyz
+	@# $@ is the current target e.g. bin/pulumi-resource-xyz-v1.2.3-linux-amd64.tar.gz
+	tar --gzip -cf $@ README.md LICENSE -C $$(dirname $<) .
+
+provider_dist-linux-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz
+provider_dist-linux-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz
+provider_dist-darwin-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz
+provider_dist-darwin-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz
+provider_dist-windows-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz
+provider_dist: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64
+.PHONY: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 provider_dist