From 368eace34643fe0fb7eacbd9fca063cc29c4b95c Mon Sep 17 00:00:00 2001 From: Pulumi Bot Date: Thu, 4 Jul 2024 07:02:11 +0000 Subject: [PATCH] [internal] Update GitHub Actions workflow files --- .github/workflows/build_provider.yml | 53 +++++++++++++++++++ .github/workflows/master.yml | 8 +++ .github/workflows/prerelease.yml | 8 +++ .github/workflows/prerequisites.yml | 7 +++ .github/workflows/publish.yml | 60 +++++++++++++--------- .github/workflows/release.yml | 8 +++ .github/workflows/run-acceptance-tests.yml | 7 +++ Makefile | 47 ++++++++++++++++- 8 files changed, 172 insertions(+), 26 deletions(-) create mode 100644 .github/workflows/build_provider.yml diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml new file mode 100644 index 00000000..72310804 --- /dev/null +++ b/.github/workflows/build_provider.yml @@ -0,0 +1,53 @@ +name: "Build Provider" + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: Version of the provider to build + +jobs: + build_provider: + name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }} + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ inputs.version }} + strategy: + fail-fast: true + matrix: + platform: + - os: linux + arch: amd64 + - os: linux + arch: arm64 + - os: darwin + arch: amd64 + - os: darwin + arch: arm64 + - os: windows + arch: amd64 + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, go + - name: Download schema-embed.json + uses: actions/download-artifact@v4 + with: + name: schema-embed.json + path: provider/cmd/pulumi-resource-okta/schema-embed.json + - name: Prepare for build + # This installs plugins and prepares upstream + run: make upstream + - name: Build & package provider + run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: pulumi-resource-okta-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + path: bin/pulumi-resource-okta-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + retention-days: 30 diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index ec1b25a7..0e58cb20 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -29,6 +29,13 @@ jobs: is_pr: ${{ github.event_name == 'pull_request' }} is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: name: build_sdk needs: prerequisites @@ -88,6 +95,7 @@ jobs: name: publish needs: - prerequisites + - build_provider - test - license_check uses: ./.github/workflows/publish.yml diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 51568672..3eec2e09 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -30,6 +30,13 @@ jobs: is_pr: ${{ github.event_name == 'pull_request' }} is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: name: build_sdk needs: prerequisites @@ -51,6 +58,7 @@ jobs: name: publish needs: - prerequisites + - build_provider - test - license_check uses: ./.github/workflows/publish.yml diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 7be963a7..a673009c 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -96,3 +96,10 @@ jobs: - name: Upload bin uses: ./.github/actions/upload-bin + + - name: Upload schema-embed.json + uses: actions/upload-artifact@v4 + with: + name: schema-embed.json + path: provider/cmd/pulumi-resource-okta/schema-embed.json + retention-days: 30 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 033ac753..8eb1d0ab 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -48,19 +48,12 @@ jobs: - name: Validate skipGoSdk if: inputs.skipGoSdk && inputs.isPrerelease == false run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - name: Checkout Repo uses: actions/checkout@v4 - name: Setup tools uses: ./.github/actions/setup-tools with: - tools: pulumictl, pulumicli, go + tools: pulumictl, pulumicli, go, schema-tools - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: @@ -71,25 +64,44 @@ jobs: role-external-id: upload-pulumi-release role-session-name: okta@githubActions role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser + - name: Create dist directory + run: mkdir -p dist + - name: Download provider assets + uses: actions/download-artifact@v4 + with: + pattern: pulumi-resource-okta-v${{ inputs.version }}-* + path: dist + # Don't create a directory for each artifact + merge-multiple: true + - name: Calculate checksums + working-directory: dist + run: shasum ./*.tar.gz > pulumi-okta_${{ inputs.version }}_checksums.txt + - name: Get Schema Change Summary + id: schema-summary + shell: bash + run: | + # Get latest stable release. Return only first column from result (tag). + LAST_VERSION=$(gh release view --repo pulumi/pulumi-okta --json tagName -q .tagName) + { + echo 'summary<> "$GITHUB_OUTPUT" + - name: Upload Provider Binaries + run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive + - name: Create GH Release + uses: softprops/action-gh-release@v1 if: inputs.isPrerelease == false - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ inputs.version }} - PROVIDER_VERSION: ${{ inputs.version }} with: - args: -p 3 release --rm-dist --timeout 60m0s - version: latest - - name: Run GoReleaser (prerelease) - if: inputs.isPrerelease == true - uses: goreleaser/goreleaser-action@v5 + tag_name: v${{ inputs.version }} + prerelease: ${{ inputs.isPrerelease }} + # We keep pre-releases as drafts so they're not visible until we manually publish them. + draft: ${{ inputs.isPrerelease }} + body: ${{ steps.schema-summary.outputs.summary }} + generate_release_notes: true + files: dist/* env: - GORELEASER_CURRENT_TAG: v${{ inputs.version }} - PROVIDER_VERSION: ${{ inputs.version }} - with: - args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 60m0s - version: latest + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} publish_sdk: name: publish_sdk diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b3b37f9a..11190ff6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,6 +29,13 @@ jobs: is_pr: ${{ github.event_name == 'pull_request' }} is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: name: build_sdk needs: prerequisites @@ -50,6 +57,7 @@ jobs: name: publish needs: - prerequisites + - build_provider - test - license_check uses: ./.github/workflows/publish.yml diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index cd87efcf..875937ff 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -37,6 +37,13 @@ jobs: is_pr: ${{ github.event_name == 'pull_request' }} is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + build_sdk: if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository diff --git a/Makefile b/Makefile index c52b0309..dcf47f0a 100644 --- a/Makefile +++ b/Makefile @@ -10,6 +10,7 @@ PROVIDER := pulumi-resource-$(PACK) JAVA_GEN := pulumi-java-gen TESTPARALLELISM := 10 WORKING_DIR := $(shell pwd) +PULUMI_PROVIDER_BUILD_PARALLELISM ?= PULUMI_CONVERT := 1 PULUMI_MISSING_DOCS_ERROR := true @@ -19,6 +20,11 @@ PROVIDER_VERSION ?= 4.0.0-alpha.0+dev # Use this normalised version everywhere rather than the raw input to ensure consistency. VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version "$(PROVIDER_VERSION)") +LDFLAGS_PROJ_VERSION=-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC) +LDFLAGS_UPSTREAM_VERSION= +LDFLAGS_EXTRAS= +LDFLAGS=$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_UPSTREAM_VERSION) $(LDFLAGS_EXTRAS) + development: install_plugins provider build_sdks install_sdks build: install_plugins provider build_sdks install_sdks @@ -127,7 +133,7 @@ lint_provider.fix: # `cmd/pulumi-resource-okta/schema.json` is valid and up to date. # To create a release ready binary, you should use `make provider`. provider_no_deps: - (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)) + (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "$(LDFLAGS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)) provider: tfgen provider_no_deps @@ -154,7 +160,7 @@ tfgen_no_deps: tfgen_build_only (cd provider && VERSION=$(VERSION_GENERIC) go generate cmd/$(PROVIDER)/main.go) tfgen_build_only: - (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(TFGEN) -ldflags "-X $(PROJECT)/$(VERSION_PATH)=$(VERSION_GENERIC)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(TFGEN)) + (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(TFGEN) -ldflags "$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_EXTRAS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(TFGEN)) upstream: ifneq ("$(wildcard upstream)","") @@ -196,3 +202,40 @@ debug_tfgen: dlv --listen=:2345 --headless=true --api-version=2 exec $(WORKING_DIR)/bin/$(TFGEN) -- schema --out provider/cmd/$(PROVIDER) .PHONY: development build build_sdks install_go_sdk install_java_sdk install_python_sdk install_sdks only_build build_dotnet build_go build_java build_nodejs build_python clean cleanup help install_dotnet_sdk install_nodejs_sdk install_plugins lint_provider provider provider_no_deps test tfgen upstream upstream.finalize upstream.rebase ci-mgmt test_provider debug_tfgen tfgen_build_only + +# Provider cross-platform build & packaging + +# These targets assume that the schema-embed.json exists - it's generated by tfgen. +# We disable CGO to ensure that the binary is statically linked. +bin/linux-amd64/$(PROVIDER): TARGET := linux-amd64 +bin/linux-arm64/$(PROVIDER): TARGET := linux-arm64 +bin/darwin-amd64/$(PROVIDER): TARGET := darwin-amd64 +bin/darwin-arm64/$(PROVIDER): TARGET := darwin-arm64 +bin/windows-amd64/$(PROVIDER).exe: TARGET := windows-amd64 +bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: provider/cmd/$(PROVIDER)/schema-embed.json + @# check the TARGET is set + test $(TARGET) + cd provider && \ + export GOOS=$$(echo "$(TARGET)" | cut -d "-" -f 1) && \ + export GOARCH=$$(echo "$(TARGET)" | cut -d "-" -f 2) && \ + export CGO_ENABLED=0 && \ + go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)" + +bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz: bin/linux-amd64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz: bin/linux-arm64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz: bin/darwin-amd64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz: bin/darwin-arm64/$(PROVIDER) +bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz: bin/windows-amd64/$(PROVIDER).exe +bin/$(PROVIDER)-v$(VERSION_GENERIC)-%.tar.gz: + @mkdir -p dist + @# $< is the last dependency (the binary path from above) e.g. bin/linux-amd64/pulumi-resource-xyz + @# $@ is the current target e.g. bin/pulumi-resource-xyz-v1.2.3-linux-amd64.tar.gz + tar --gzip -cf $@ README.md LICENSE -C $$(dirname $<) . + +provider_dist-linux-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-amd64.tar.gz +provider_dist-linux-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-linux-arm64.tar.gz +provider_dist-darwin-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-amd64.tar.gz +provider_dist-darwin-arm64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-darwin-arm64.tar.gz +provider_dist-windows-amd64: bin/$(PROVIDER)-v$(VERSION_GENERIC)-windows-amd64.tar.gz +provider_dist: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 +.PHONY: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 provider_dist