Fixes for upgrade-provider workflow

pulumiverse · Oct 11, 2024 · e9679d3 · e9679d3
1 parent 7b03800
commit e9679d3
Show file tree

Hide file tree

Showing 7 changed files with 261 additions and 56 deletions.
diff --git a/.ci-mgmt.yaml b/.ci-mgmt.yaml
@@ -18,3 +18,4 @@ license:
   ignore:
     # Package is licensed under Apache 2.0 but license is not picked up correctly by the license detector
     - github.com/OpenDNS/vegadns2client
+pr-assign: ringods
diff --git a/.github/workflows/check-upstream-upgrade.yml b/.github/workflows/check-upstream-upgrade.yml
diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
@@ -0,0 +1,125 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+env:
+  IS_PRERELEASE: true
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_API: https://api.pulumi-staging.io
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  PYPI_USERNAME: __token__
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  TF_APPEND_USER_AGENT: pulumi
+jobs:
+  prerequisites:
+    uses: ./.github/workflows/prerequisites.yml
+    secrets: inherit
+    with:
+      default_branch: ${{ github.event.repository.default_branch }}
+      is_pr: ${{ github.event_name == 'pull_request' }}
+      is_automated: ${{ github.actor == 'dependabot[bot]' }}
+
+  build_provider:
+    uses: ./.github/workflows/build_provider.yml
+    needs: prerequisites
+    secrets: inherit
+    with:
+      version: ${{ needs.prerequisites.outputs.version }}
+
+  build_sdk:
+    name: build_sdk
+    needs: prerequisites
+    uses: ./.github/workflows/build_sdk.yml
+    secrets: inherit
+    with:
+      version: ${{ needs.prerequisites.outputs.version }}
+
+  lint:
+    name: lint
+    uses: ./.github/workflows/lint.yml
+    secrets: inherit
+  license_check:
+    name: License Check
+    uses: ./.github/workflows/license.yml
+    secrets: inherit
+
+  publish:
+    name: publish
+    permissions:
+      contents: write
+    needs:
+      - prerequisites
+      - build_provider
+      - test
+      - license_check
+    uses: ./.github/workflows/publish.yml
+    secrets: inherit
+    with:
+      version: ${{ needs.prerequisites.outputs.version }}
+      isPrerelease: true
+
+  test:
+    name: test
+    needs:
+      - prerequisites
+      - build_sdk
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    env:
+      PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+    - name: Setup tools
+      uses: ./.github/actions/setup-tools
+      with:
+        tools: pulumictl, pulumicli, dotnet, go, nodejs, python
+    - name: Download bin
+      uses: ./.github/actions/download-bin
+    - name: Add NuGet source
+      if: matrix.language == 'dotnet'
+      run: dotnet nuget add source ${{ github.workspace }}/nuget
+    - name: Download SDK
+      uses: ./.github/actions/download-sdk
+      with:
+        language: ${{ matrix.language }}
+    - name: Update path
+      run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
+    - name: Install Python deps
+      if: matrix.language == 'python'
+      run: |-
+        pip3 install virtualenv==20.0.23
+        pip3 install pipenv
+    - name: Install dependencies
+      run: make install_${{ matrix.language}}_sdk
+    - name: Install gotestfmt
+      uses: GoTestTools/gotestfmt-action@v2
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        version: v2.5.0
+    - name: Run tests
+      run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+        - dotnet
+        - go
+        - nodejs
+        - python
+
+name: prerelease
+on:
+  push:
+    tags:
+    - v*.*.*-**
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -0,0 +1,38 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_API: https://api.pulumi-staging.io
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  PYPI_USERNAME: __token__
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  TF_APPEND_USER_AGENT: pulumi
+jobs:
+  comment-on-pr:
+    if: github.event.pull_request.head.repo.full_name != github.repository
+    name: comment-on-pr
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+    - name: Comment PR
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        message: >
+          PR is now waiting for a maintainer to run the acceptance tests.
+
+          **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR
+name: pull-request
+on:
+  pull_request_target: {}
diff --git a/.github/workflows/resync-build.yml b/.github/workflows/resync-build.yml
@@ -0,0 +1,85 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+env:
+  PULUMI_EXTRA_MAPPING_ERROR: true
+  PULUMI_MISSING_MAPPING_ERROR: true
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_API: https://api.pulumi-staging.io
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  PYPI_USERNAME: __token__
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  TF_APPEND_USER_AGENT: pulumi
+jobs:
+  resync_build:
+    name: resync-build
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+    - name: Checkout repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-mgmt
+        repository: pulumi/ci-mgmt
+    - id: run-url
+      name: Create URL to the run output
+      run:  echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT"
+    - name: Setup tools
+      uses: ./.github/actions/setup-tools
+      with:
+        tools: pulumictl, pulumicli, go, nodejs, dotnet, python
+    - name: Sync with ci-mgmt
+      run: cp -r "ci-mgmt/provider-ci/providers/$PROVIDER/repo/." .
+    - name: Remove ci-mgmt directory
+      run: rm -rf ci-mgmt
+    - name: Required entries for gitignore
+      run: |-
+        cat <<- EOF > "$RUNNER_TEMP/gitignore"
+        sdk/java/build
+        sdk/java/.gradle
+        sdk/java/gradle
+        sdk/java/gradlew
+        sdk/java/gradlew.bat
+        EOF
+      shell: bash
+    - name: Adding missing lines to .gitignore
+      run: |
+        comm -23 <(sort "$RUNNER_TEMP/gitignore") <(sort .gitignore) >> .gitignore.temp
+        cat .gitignore.temp >> .gitignore
+        rm .gitignore.temp
+      shell: bash
+    - name: Build
+      run: make build
+    - name: Create PR (no linked issue)
+      uses: peter-evans/[email protected]
+      with:
+        author: pulumi-bot <[email protected]>
+        base: main
+        body: This pull request was generated automatically by the resync-build workflow
+          in this repository.
+        branch: pulumi-bot/resync-${{ github.run_id}}
+        commit-message: Resync build for pulumi-acme
+        committer: pulumi-bot <[email protected]>
+        labels: impact/no-changelog-required
+        team-reviewers: platform-integrations
+        title: Fix up build for pulumi-acme
+        token: ${{ secrets.PULUMI_BOT_TOKEN }}
+name: Resync build
+on:
+  workflow_dispatch:
+    inputs:
+      automerge:
+        default: false
+        description: Mark created PR for auto-merging?
+        required: true
+        type: boolean
diff --git a/.github/workflows/upgrade-provider.yml b/.github/workflows/upgrade-provider.yml
@@ -2,38 +2,38 @@
 name: Upgrade provider
 
 on:
-  issues:
-    types:
-    - opened
   workflow_dispatch: {}
+  schedule:
+    # At 05:00 on Monday
+    - cron: 0 5 * * 1
 
 env:
   GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
 jobs:
   upgrade_provider:
-    if: ${{ (github.event.issue.user.login == 'pulumi-bot' && contains(github.event.issue.title, 'Upgrade terraform-provider-')) || github.event_name == 'workflow_dispatch' }}
     name: upgrade-provider
-    permissions:
-      contents: write
-      issues: write
-      pull-requests: write
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v4
       - name: Setup tools
         uses: ./.github/actions/setup-tools
         with:
-          tools: pulumictl, pulumicli, go, nodejs, dotnet, python, java
+          tools: pulumictl, pulumicli, dotnet, go, nodejs, python
       - name: Install upgrade-provider
         run: go install github.com/pulumi/upgrade-provider@main
         shell: bash
       - name: "Set up git identity: name"
         run: |
-          git config --global user.name '[email protected]'
-          git config --global user.email 'bot@pulumi.com'
+          git config --global user.name 'Github Actions'
+          git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com'
         shell: bash
       - name: Run upgrade-provider
         run: upgrade-provider "${{ github.repository }}" --kind="all" 

diff --git a/.upgrade-config.yml b/.upgrade-config.yml
@@ -3,5 +3,5 @@
 ---
 upstream-provider-name: terraform-provider-acme
 upstream-provider-org: vancluever
-pulumi-infer-version: true
 remove-plugins: true
+pr-assign: ringods