diff --git a/.ci-mgmt.yaml b/.ci-mgmt.yaml new file mode 100644 index 0000000..bff0dc0 --- /dev/null +++ b/.ci-mgmt.yaml @@ -0,0 +1,25 @@ +template: external-bridged-provider +provider: sentry +organization: pulumiverse +major-version: 0 +providerDefaultBranch: main +upstreamProviderOrg: jianyuan +publishRegistry: false +enableAutoRelease: false +plugins: + - name: terraform + version: "1.0.19" + kind: converter +languages: + - dotnet + - go + - nodejs + - python +publish: + sdk: "all,!java" + cdn: false +# license: +# ignore: +toolVersions: + go: "1.22.x" +pulumiConvert: 1 diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..7d46cd8 --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,12 @@ +FROM jetpackio/devbox:latest + +# Installing your devbox project +WORKDIR /code +COPY devbox.json devbox.json +COPY devbox.lock devbox.lock +RUN sudo chown -R "${DEVBOX_USER}:${DEVBOX_USER}" /code + + +RUN devbox run -- echo "Installed Packages." + +RUN devbox shellenv --init-hook >> ~/.profile diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..e7ae9f1 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,16 @@ +{ + "name": "Devbox Remote Container", + "build": { + "dockerfile": "./Dockerfile", + "context": ".." + }, + "customizations": { + "vscode": { + "settings": {}, + "extensions": [ + "jetpack-io.devbox" + ] + } + }, + "remoteUser": "devbox" +} \ No newline at end of file diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..ff9aa4f --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +sdk/**/* linguist-generated=true diff --git a/.github/actions/download-bin/action.yml b/.github/actions/download-bin/action.yml new file mode 100644 index 0000000..584bf44 --- /dev/null +++ b/.github/actions/download-bin/action.yml @@ -0,0 +1,16 @@ +name: Download binary assets +description: Downloads the provider and tfgen binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: sentry-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + shell: bash + run: | + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin + find ${{ github.workspace }} -name "pulumi-*-sentry" -print -exec chmod +x {} \; diff --git a/.github/actions/download-sdk/action.yml b/.github/actions/download-sdk/action.yml new file mode 100644 index 0000000..1fd5484 --- /dev/null +++ b/.github/actions/download-sdk/action.yml @@ -0,0 +1,19 @@ +name: Download SDK asset +description: Restores the SDK asset for a language. + +inputs: + language: + required: true + description: One of nodejs, python, dotnet, go, java + +runs: + using: "composite" + steps: + - name: Download ${{ inputs.language }} SDK + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress SDK folder + shell: bash + run: tar -zxf ${{ github.workspace }}/sdk/${{ inputs.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ inputs.language }} diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml new file mode 100644 index 0000000..4e30219 --- /dev/null +++ b/.github/actions/setup-tools/action.yml @@ -0,0 +1,81 @@ +name: Setup tools +description: Installs Go, Pulumi, pulumictl, schema-tools, Node.JS, Python, dotnet and Java. + +inputs: + tools: + description: | + Comma separated list of tools to install. The default of "all" installs all tools. Available tools are: + go + pulumicli + pulumictl + schema-tools + nodejs + python + dotnet + java + default: all + +runs: + using: "composite" + steps: + - name: Install Go + if: inputs.tools == 'all' || contains(inputs.tools, 'go') + uses: actions/setup-go@v5 + with: + go-version: "1.22.x" + cache-dependency-path: | + provider/*.sum + upstream/*.sum + sdk/*.sum + + - name: Install pulumictl + if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + tag: v0.0.46 + repo: pulumi/pulumictl + + - name: Install Pulumi CLI + if: inputs.tools == 'all' || contains(inputs.tools, 'pulumicli') + uses: pulumi/actions@v5 + with: + pulumi-version: "dev" + + - name: Install Schema Tools + if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools') + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/schema-tools + + - name: Setup Node + if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs') + uses: actions/setup-node@v4 + with: + node-version: 20.x + registry-url: https://registry.npmjs.org + + - name: Setup DotNet + if: inputs.tools == 'all' || contains(inputs.tools, 'dotnet') + uses: actions/setup-dotnet@v4 + with: + dotnet-version: 6.0.x + + - name: Setup Python + if: inputs.tools == 'all' || contains(inputs.tools, 'python') + uses: actions/setup-python@v5 + with: + python-version: 3.11.8 + + - name: Setup Java + if: inputs.tools == 'all' || contains(inputs.tools, 'java') + uses: actions/setup-java@v4 + with: + cache: gradle + distribution: temurin + java-version: 11 + + - name: Setup Gradle + if: inputs.tools == 'all' || contains(inputs.tools, 'java') + uses: gradle/gradle-build-action@v3 + with: + gradle-version: 7.6 diff --git a/.github/actions/upload-bin/action.yml b/.github/actions/upload-bin/action.yml new file mode 100644 index 0000000..33da799 --- /dev/null +++ b/.github/actions/upload-bin/action.yml @@ -0,0 +1,15 @@ +name: Upload bin assets +description: Uploads the provider and tfgen binaries to `bin/`. + +runs: + using: "composite" + steps: + - name: Tar provider binaries + shell: bash + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-sentry pulumi-tfgen-sentry + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: sentry-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + retention-days: 30 diff --git a/.github/actions/upload-sdk/action.yml b/.github/actions/upload-sdk/action.yml new file mode 100644 index 0000000..77d4849 --- /dev/null +++ b/.github/actions/upload-sdk/action.yml @@ -0,0 +1,20 @@ +name: Upload SDK asset +description: Upload the SDK for a specific language as an asset for the workflow. + +inputs: + language: + required: true + description: One of nodejs, python, dotnet, go, java + +runs: + using: "composite" + steps: + - name: Compress SDK folder + shell: bash + run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz + retention-days: 30 diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml new file mode 100644 index 0000000..53813de --- /dev/null +++ b/.github/workflows/build_provider.yml @@ -0,0 +1,58 @@ +name: "Build Provider" + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: Version of the provider to build + +jobs: + build_provider: + name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }} + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ inputs.version }} + strategy: + fail-fast: true + matrix: + platform: + - os: linux + arch: amd64 + - os: linux + arch: arm64 + - os: darwin + arch: amd64 + - os: darwin + arch: arm64 + - os: windows + arch: amd64 + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, go + - name: Download schema-embed.json + uses: actions/download-artifact@v4 + with: + # Use a pattern to avoid failing if the artifact doesn't exist + pattern: schema-embed.* + # Avoid creating directories for each artifact + merge-multiple: true + path: provider/cmd/pulumi-resource-sentry/schema-embed.json + - name: Prepare for build + # This installs plugins and prepares upstream + run: make upstream + - name: Build & package provider + run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: pulumi-resource-sentry-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + path: bin/pulumi-resource-sentry-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz + retention-days: 30 diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml new file mode 100644 index 0000000..ae54177 --- /dev/null +++ b/.github/workflows/build_sdk.yml @@ -0,0 +1,76 @@ +name: "Build SDK" + +on: + workflow_call: + inputs: + version: + required: true + type: string + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + PROVIDER_VERSION: ${{ inputs.version }} + +jobs: + build_sdk: + name: build_sdk + runs-on: ubuntu-latest + strategy: + fail-fast: true + matrix: + language: + - dotnet + - go + - nodejs + - python + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Cache examples generation + uses: actions/cache@v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Install plugins + run: make install_plugins + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + uses: pulumi/git-status-check-action@v1 + with: + allowed-changes: | + sdk/**/pulumi-plugin.json + sdk/dotnet/*.csproj + sdk/go/**/pulumiUtilities.go + sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Upload SDK + uses: ./.github/actions/upload-sdk + with: + language: ${{ matrix.language }} diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml new file mode 100644 index 0000000..ce6c5e4 --- /dev/null +++ b/.github/workflows/license.yml @@ -0,0 +1,61 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: license_check + +on: + workflow_call: + inputs: {} + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + license_check: + name: License Check + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go + - run: make upstream + - uses: pulumi/license-check-action@main + with: + module-path: provider + ignore-modules: >- + github.com/aead/chacha20, + github.com/apache/arrow/go/v12, + github.com/apache/thrift/lib/go/thrift, + github.com/cloudflare/circl, + github.com/golang, + github.com/gorhill/cronexpr, + github.com/in-toto/in-toto-golang, + github.com/jmespath/go-jmespath, + github.com/keybase/go-crypto, + github.com/klauspost/compress, + github.com/mattn/go-localereader, + github.com/modern-go/reflect2, + github.com/pierrec/lz4, + github.com/pjbgf/sha1cd, + github.com/pulumi, + github.com/segmentio/asm, + golang.org diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..988e3b2 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,54 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: lint + +on: + workflow_call: + inputs: {} + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + lint: + name: lint + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Install go + uses: actions/setup-go@v5 + with: + # The versions of golangci-lint and setup-go here cross-depend and need to update together. + go-version: 1.23 + # Either this action or golangci-lint needs to disable the cache + cache: false + - name: disarm go:embed directives to enable lint + continue-on-error: true # this fails if there are no go:embed directives + run: | + git grep -l 'go:embed' -- provider | xargs sed -i 's/go:embed/ goembed/g' + - name: prepare upstream + continue-on-error: true + run: make upstream + - name: golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: v1.60 + working-directory: provider diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4397acc..fe3d378 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,22 +1,191 @@ -name: main - -on: - push: - branches: - - main - - 'feature/**' - - 'dependabot/**' - tags-ignore: - - v* - workflow_dispatch: +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi jobs: prerequisites: - uses: pulumiverse/infra/.github/workflows/provider-prerequisites.yaml@main + uses: ./.github/workflows/prerequisites.yml + secrets: inherit with: - provider: sentry - build: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk needs: prerequisites - uses: pulumiverse/infra/.github/workflows/provider-build-sdk.yaml@main + uses: ./.github/workflows/build_sdk.yml + secrets: inherit with: - provider: sentry + version: ${{ needs.prerequisites.outputs.version }} + + generate_coverage_data: + continue-on-error: true + env: + COVERAGE_OUTPUT_DIR: ${{ secrets.COVERAGE_OUTPUT_DIR }} + name: generate_coverage_data + needs: prerequisites + runs-on: ubuntu-latest + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@v1.3.1 + with: + tool-cache: false + swap-storage: false + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} + aws-region: us-west-2 + aws-secret-access-key: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, schema-tools + - name: Echo Coverage Output Dir + run: 'echo "Coverage output directory: ${{ env.COVERAGE_OUTPUT_DIR }}"' + - name: Generate Coverage Data + run: PULUMI_MISSING_DOCS_ERROR=true make tfgen + - name: Summarize Provider Coverage Results + run: cat ${{ env.COVERAGE_OUTPUT_DIR }}/shortSummary.txt + - name: Upload coverage data to S3 + run: >- + summaryName="${PROVIDER}_summary_$(date +"%Y-%m-%d_%H-%M-%S").json" + + s3FullURI="s3://${{ secrets.S3_COVERAGE_BUCKET_NAME }}/summaries/${summaryName}" + + aws s3 cp "${{ env.COVERAGE_OUTPUT_DIR }}/summary.json" "${s3FullURI}" --acl bucket-owner-full-control + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + skipGoSdk: true + + tag_release_if_labeled_needs_release: + name: Tag release if labeled as needs-release + needs: publish + runs-on: ubuntu-latest + steps: + - name: check if this commit needs release + if: ${{ env.RELEASE_BOT_ENDPOINT != '' }} + uses: pulumi/action-release-by-pr-label@main + with: + command: "release-if-needed" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }} + env: + RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} + RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.5.0 + - name: Run tests + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 + strategy: + fail-fast: false + matrix: + language: + - dotnet + - go + - nodejs + - python +name: main +on: + workflow_dispatch: {} + push: + branches: + - main + paths-ignore: + - "**.md" + tags-ignore: + - v* + - sdk/* + - "**" diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml new file mode 100644 index 0000000..b561ef3 --- /dev/null +++ b/.github/workflows/prerelease.yml @@ -0,0 +1,127 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + IS_PRERELEASE: true + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi +jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, dotnet, go, nodejs, python + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.5.0 + - name: Run tests + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . + strategy: + fail-fast: false + matrix: + language: + - dotnet + - go + - nodejs + - python + +name: prerelease +on: + push: + tags: + - v*.*.*-** diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml new file mode 100644 index 0000000..32fc8be --- /dev/null +++ b/.github/workflows/prerequisites.yml @@ -0,0 +1,104 @@ +name: "Prerequisites" + +on: + workflow_call: + inputs: + is_pr: + type: boolean + required: true + is_automated: + type: boolean + required: true + default_branch: + type: string + required: true + outputs: + version: + description: "Provider version being built" + value: ${{ jobs.prerequisites.outputs.version }} + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + prerequisites: + name: prerequisites + runs-on: ubuntu-latest + outputs: + version: ${{ steps.provider-version.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - uses: pulumi/provider-version-action@v1 + id: provider-version + with: + set-env: 'PROVIDER_VERSION' + - name: Cache examples generation + uses: actions/cache@v4 + with: + path: | + .pulumi/examples-cache + key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} + - name: Prepare upstream code + run: make upstream + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: go, pulumictl, pulumicli, schema-tools + - name: Build schema generator binary + run: make tfgen_build_only + - name: Install plugins + run: make install_plugins + - name: Generate schema + run: make tfgen_no_deps + - name: Build provider binary + run: make provider_no_deps + - name: Unit-test provider code + run: make test_provider + - if: inputs.is_pr + name: Check Schema is Valid + run: | + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + { + echo "SCHEMA_CHANGES<<$EOF"; + schema-tools compare -r github://api.github.com/pulumiverse -p sentry -o "${{ inputs.default_branch }}" -n --local-path=provider/cmd/pulumi-resource-sentry/schema.json; + echo "$EOF"; + } >> "$GITHUB_ENV" + - if: inputs.is_pr && inputs.is_automated == false + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + comment_tag: schemaCheck + message: >+ + ${{ env.SCHEMA_CHANGES }} + + + Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes. + + - name: Upload bin + uses: ./.github/actions/upload-bin + + - name: Upload schema-embed.json + uses: actions/upload-artifact@v4 + with: + name: schema-embed.json + path: provider/cmd/pulumi-resource-sentry/schema-embed.json + retention-days: 30 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..6ddecaf --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,163 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: Publish + +on: + workflow_call: + inputs: + version: + required: true + type: string + isPrerelease: + required: true + type: boolean + skipGoSdk: + default: false + type: boolean + description: Skip publishing & verifying the Go SDK + +env: + IS_PRERELEASE: ${{ inputs.isPrerelease }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + publish: + name: publish + runs-on: ubuntu-latest + steps: + - name: Validate prerelease + if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) + run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1 + - name: Validate skipGoSdk + if: inputs.skipGoSdk && inputs.isPrerelease == false + run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, schema-tools + - name: Create dist directory + run: mkdir -p dist + - name: Download provider assets + uses: actions/download-artifact@v4 + with: + pattern: pulumi-resource-sentry-v${{ inputs.version }}-* + path: dist + # Don't create a directory for each artifact + merge-multiple: true + - name: Calculate checksums + working-directory: dist + run: shasum ./*.tar.gz > "pulumi-sentry_${{ inputs.version }}_checksums.txt" + - name: Get Schema Change Summary + id: schema-summary + shell: bash + run: | + # Get latest stable release. Return only first column from result (tag). + LAST_VERSION=$(gh release view --repo pulumiverse/pulumi-sentry --json tagName -q .tagName || echo "No stable release" ) + { + echo 'summary<> "$GITHUB_OUTPUT" + - name: Create GH Release + uses: softprops/action-gh-release@v2 + if: inputs.isPrerelease == false + with: + tag_name: v${{ inputs.version }} + prerelease: ${{ inputs.isPrerelease }} + # We keep pre-releases as drafts so they're not visible until we manually publish them. + draft: ${{ inputs.isPrerelease }} + body: ${{ steps.schema-summary.outputs.summary }} + generate_release_notes: true + files: dist/* + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + publish_sdk: + name: publish_sdk + needs: publish + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + # Persist credentials so we can push back to the repo + persist-credentials: true + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, dotnet, go, nodejs, python + - name: Publish SDKs + uses: pulumi/pulumi-package-publisher@v0.0.20 + with: + sdk: all,!java + version: ${{ inputs.version }} + - name: Download Go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - uses: pulumi/publish-go-sdk-action@v1 + if: inputs.skipGoSdk == false + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ inputs.version }} + additive: false + # Avoid including other language SDKs & artifacts in the commit + files: | + go.* + go/** + !*.tar.gz + + clean_up_release_labels: + name: Clean up release labels + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + + needs: publish_sdk + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Clean up release labels + uses: pulumi/action-release-by-pr-label@main + with: + command: "clean-up-release-labels" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml new file mode 100644 index 0000000..beb84a8 --- /dev/null +++ b/.github/workflows/pull-request.yml @@ -0,0 +1,40 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi +jobs: + comment-on-pr: + if: github.event.pull_request.head.repo.full_name != github.repository + name: comment-on-pr + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Comment PR + uses: thollander/actions-comment-pull-request@v2 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + message: > + PR is now waiting for a maintainer to run the acceptance tests. + + **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR +name: pull-request +on: + pull_request_target: {} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 097e5e1..aa6276f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,136 +1,127 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt name: release on: - push: - tags: - - v*.*.* + push: + tags: + - v*.*.* + - "!v*.*.*-**" + env: - # THIS GITHUB_TOKEN IS A REQUIREMENT TO BE ABLE TO WRITE TO GH RELEASES - GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }} - # IF YOU NEED TO PUBLISH A NPM PACKAGE THEN ENSURE A NPM_TOKEN SECRET IS SET - # AND PUBLISH_NPM: TRUE. IF YOU WANT TO PUBLISH TO A PRIVATE NPM REGISTRY - # THEN ENSURE THE NPM_REGISTRY_URL IS CHANGED - # Have no idea whether this is used or not: NODE_AUTH_TOKEN: ${{ YOUR NPM TOKEN HERE }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - PUBLISH_NPM: true - NPM_REGISTRY_URL: https://registry.npmjs.org - # IF YOU NEED TO PUBLISH A NUGET PACKAGE THEN ENSURE AN NUGET_PUBLISH_KEY - # SECRET IS SET AND PUBLISH_NUGET: TRUE. IF YOU WANT TO PUBLISH TO AN ALTERNATIVE - # NPM REGISTRY THEN ENSURE THE NPM_REGISTRY_URL IS CHANGED - NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} - NUGET_FEED_URL: https://api.nuget.org/v3/index.json - PUBLISH_NUGET: true - # IF YOU NEED TO PUBLISH A PYPI PACKAGE THEN ENSURE AN PYPI_API_TOKEN - # SECRET IS SET AND PUBLISH_PYPI: TRUE. IF YOU WANT TO PUBLISH TO AN ALTERNATIVE - # PYPI REGISTRY THEN ENSURE THE PYPI_REPOSITORY_URL IS SET. IF YOU ARE USING AN API_TOKEN THEN - # YOU DO NOT NEED TO CHANGE THE PYPI_USERNAME (__token__) , IF YOU ARE USING PASSWORD AUTHENTICATION THEN YOU WILL - # NEED TO CHANGE TO USE THE CORRECT PASSWORD - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} - PYPI_USERNAME: "__token__" - PYPI_REPOSITORY_URL: "" - PUBLISH_PYPI: true + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi jobs: - publish_binary: - name: publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v2 - - name: Unshallow clone for tags - run: git fetch --prune --unshallow --tags - - name: Install Go - uses: actions/setup-go@v2 - with: - go-version: ${{matrix.goversion}} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.5.0 - with: - repo: pulumi/pulumictl - - name: Set PreRelease Version - run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)" >> $GITHUB_ENV - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2 - with: - args: -p 3 release --rm-dist - version: latest - strategy: - fail-fast: true - matrix: - goversion: - - 1.17.x - publish_sdk: - name: Publish SDKs - runs-on: ubuntu-latest - needs: publish_binary - steps: - - name: Checkout Repo - uses: actions/checkout@v2 - - name: Unshallow clone for tags - run: git fetch --prune --unshallow --tags - - name: Install Go - uses: actions/setup-go@v2 - with: - go-version: ${{ matrix.goversion }} - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.5.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/action-install-pulumi-cli@v2.0.0 - - name: Setup Node - uses: actions/setup-node@v1 - with: - node-version: ${{matrix.nodeversion}} - registry-url: ${{env.NPM_REGISTRY_URL}} - - name: Setup DotNet - uses: actions/setup-dotnet@v1 - with: - dotnet-version: ${{matrix.dotnetverson}} - - name: Setup Python - uses: actions/setup-python@v1 - with: - python-version: ${{matrix.pythonversion}} - - name: Build SDK - run: make build_${{ matrix.language }} - - name: Check worktree clean - run: | - git update-index -q --refresh - if ! git diff-files --quiet; then - >&2 echo "error: working tree is not clean, aborting!" - git status - git diff - exit 1 - fi - - if: ${{ matrix.language == 'python' && env.PUBLISH_PYPI == 'true' }} - name: Publish package to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: ${{ env.PYPI_USERNAME }} - password: ${{ env.PYPI_PASSWORD }} - packages_dir: ${{github.workspace}}/sdk/python/bin/dist - - if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }} - uses: JS-DevTools/npm-publish@v1 - with: - access: "public" - token: ${{ env.NPM_TOKEN }} - package: ${{github.workspace}}/sdk/nodejs/bin/package.json - - if: ${{ matrix.language == 'dotnet' && env.PUBLISH_NUGET == 'true' }} - name: publish nuget package - run: | - dotnet nuget push ${{github.workspace}}/sdk/dotnet/bin/Debug/*.nupkg -s ${{ env.NUGET_FEED_URL }} -k ${{ env.NUGET_PUBLISH_KEY }} - echo "done publishing packages" - strategy: - fail-fast: true - matrix: - dotnetversion: - - 3.1.301 - goversion: - - 1.17.x - language: - - nodejs - - python - - dotnet - - go - nodeversion: - - 14.x - pythonversion: - - "3.9" + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + lint: + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit + + publish: + name: publish + permissions: + contents: write + pull-requests: write + needs: + - prerequisites + - build_provider + - test + - license_check + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: false + + test: + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.5.0 + - name: Run tests + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . + strategy: + fail-fast: false + matrix: + language: + - dotnet + - go + - nodejs + - python diff --git a/.github/workflows/resync-build.yml b/.github/workflows/resync-build.yml new file mode 100644 index 0000000..0ecdcab --- /dev/null +++ b/.github/workflows/resync-build.yml @@ -0,0 +1,89 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +env: + PULUMI_EXTRA_MAPPING_ERROR: true + PULUMI_MISSING_MAPPING_ERROR: true + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi +jobs: + resync_build: + name: resync-build + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + # Persist credentials so we can push a new branch. + persist-credentials: true + - name: Checkout repo + uses: actions/checkout@v4 + with: + path: ci-mgmt + repository: pulumi/ci-mgmt + persist-credentials: false + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, nodejs, dotnet, python + - name: Sync with ci-mgmt + run: cp -r "ci-mgmt/provider-ci/providers/$PROVIDER/repo/." . + - name: Remove ci-mgmt directory + run: rm -rf ci-mgmt + - name: Required entries for gitignore + run: |- + cat <<- EOF > "$RUNNER_TEMP/gitignore" + sdk/java/build + sdk/java/.gradle + sdk/java/gradle + sdk/java/gradlew + sdk/java/gradlew.bat + EOF + shell: bash + - name: Adding missing lines to .gitignore + run: | + comm -23 <(sort "$RUNNER_TEMP/gitignore") <(sort .gitignore) >> .gitignore.temp + cat .gitignore.temp >> .gitignore + rm .gitignore.temp + shell: bash + - name: Build + run: make build + - name: Create PR (no linked issue) + uses: peter-evans/create-pull-request@v3.12.0 + with: + author: pulumi-bot + base: main + body: This pull request was generated automatically by the resync-build workflow + in this repository. + branch: pulumi-bot/resync-${{ github.run_id}} + commit-message: Resync build for pulumi-sentry + committer: pulumi-bot + labels: impact/no-changelog-required + team-reviewers: platform-integrations + title: Fix up build for pulumi-sentry + token: ${{ secrets.PULUMI_BOT_TOKEN }} +name: Resync build +on: + workflow_dispatch: + inputs: + automerge: + default: false + description: Mark created PR for auto-merging? + required: true + type: boolean diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml new file mode 100644 index 0000000..eacde30 --- /dev/null +++ b/.github/workflows/run-acceptance-tests.yml @@ -0,0 +1,185 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: run-acceptance-tests + +on: + pull_request: + paths-ignore: + - CHANGELOG.md + repository_dispatch: + types: + - run-acceptance-tests-command + +env: + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +# This should cancel any previous runs of the same workflow on the same branch which are still running. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + prerequisites: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + pull-requests: write + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + + build_provider: + uses: ./.github/workflows/build_provider.yml + needs: prerequisites + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + build_sdk: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: build_sdk + needs: prerequisites + uses: ./.github/workflows/build_sdk.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + + comment-notification: + if: github.event_name == 'repository_dispatch' + name: comment-notification + permissions: + pull-requests: write + runs-on: ubuntu-latest + steps: + - id: run-url + name: Create URL to the run output + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@v1 + with: + body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + token: ${{ secrets.GITHUB_TOKEN }} + lint: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit + sentinel: + name: sentinel + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + permissions: + statuses: write + needs: + - test + - build_provider + - license_check + - lint + runs-on: ubuntu-latest + steps: + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 + with: + authToken: ${{secrets.GITHUB_TOKEN}} + # Write an explicit status check called "Sentinel" which will only pass if this code really runs. + # This should always be a required check for PRs. + context: 'Sentinel' + description: 'All required checks passed' + state: 'success' + # Write to the PR commit SHA if it's available as we don't want the merge commit sha, + # otherwise use the current SHA for any other type of build. + sha: ${{ github.event.pull_request.head.sha || github.sha }} + + test: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + name: test + needs: + - prerequisites + - build_sdk + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ env.PR_COMMIT_SHA }} + persist-credentials: false + - name: Checkout p/examples + if: matrix.testTarget == 'pulumiExamples' + uses: actions/checkout@v4 + with: + repository: pulumi/examples + path: p-examples + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, ${{ matrix.language }} + - name: Download bin + uses: ./.github/actions/download-bin + - name: Add NuGet source + if: matrix.language == 'dotnet' + run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Download SDK + uses: ./.github/actions/download-sdk + with: + language: ${{ matrix.language }} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Python deps + if: matrix.language == 'python' + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + version: v2.5.0 + - name: Run tests + if: matrix.testTarget == 'local' + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 . + - name: Run pulumi/examples tests + if: matrix.testTarget == 'pulumiExamples' + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -run TestPulumiExamples -parallel 4 . + strategy: + fail-fast: false + matrix: + language: + - dotnet + - go + - nodejs + - python + testTarget: [local] + license_check: + name: License Check + uses: ./.github/workflows/license.yml + secrets: inherit diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml new file mode 100644 index 0000000..79fc0f6 --- /dev/null +++ b/.github/workflows/verify-release.yml @@ -0,0 +1,78 @@ +name: "Verify Release" + +on: + workflow_dispatch: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacRunner: + description: "Enable the MacOS runner in addition to Linux and Windows. Defaults to 'false'." + required: false + type: boolean + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. Enable this when verifying a pre-release for which we don't publish the Go SDK (for PRs and the default branch)." + required: false + type: boolean + default: false + workflow_call: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacosRunner: + description: "Enable the macos-latest runner in addition to ubuntu-latest and windows-latest. Defaults to 'false'." + required: false + type: boolean + default: false + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build." + required: false + type: boolean + default: false + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + verify-release: + name: verify-release + # We don't have any release verification configurations, so we never run this workflow. + # Configure your .ci-mgmt.yaml files to include the release verification configurations e.g. + # releaseVerification: + # nodejs: path/to/nodejs/project + # python: path/to/python/project + # dotnet: path/to/dotnet/project + # go: path/to/go/project + if: false + strategy: + matrix: + # We don't have any release verification configurations, so we only run on Linux to print warnings to help users configure the release verification. + runner: ["ubuntu-latest"] + runs-on: ${{ matrix.runner }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumicli, dotnet, go, nodejs, python diff --git a/.gitignore b/.gitignore index a83f342..766fd93 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ **/obj/ Pulumi.*.yaml **/node_modules/ +**/package-lock.json .DS_Store **/command-output/ diff --git a/.golangci.yml b/.golangci.yml index ce66cf6..f900c8f 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,24 +1,35 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + linters: enable: - - deadcode - - errcheck - - goconst - - gofmt - - golint - - gosec - - govet - - ineffassign - - interfacer - - lll - - megacheck - - misspell - - nakedret - - structcheck - - unconvert - - varcheck + - errcheck + - gci + - goconst + - gofmt + - gosec + - govet + - ineffassign + - lll + - gosimple + - staticcheck + - misspell + - nakedret + - revive + - unconvert + - unused enable-all: false +issues: + exclude-files: + - schema.go + - pulumiManifest.go run: - skip-files: - - schema.go - - pulumiManifest.go - timeout: 10m + timeout: 20m +linters-settings: + gci: + sections: + - standard # Standard section: captures all standard library packages. + - blank # Blank section: contains all blank imports. + - default # Default section: contains all imports that could not be matched to another section type. + - prefix(github.com/pulumi/) # Custom section: groups all imports with the github.com/pulumi/ prefix. + - prefix(github.com/pulumiverse/pulumi-sentry) # Custom section: local imports + custom-order: true diff --git a/.goreleaser.yml b/.goreleaser.yml deleted file mode 100644 index 9c3c832..0000000 --- a/.goreleaser.yml +++ /dev/null @@ -1,29 +0,0 @@ -archives: - - id: archive - name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}" -before: - hooks: - - make provider -builds: - - binary: pulumi-resource-sentry - dir: provider - env: - - CGO_ENABLED=0 - goarch: - - amd64 - - arm64 - goos: - - darwin - - windows - - linux - ldflags: - # The line below MUST align with the module in current provider/go.mod - - -X github.com/pulumiverse/pulumi-sentry/provider/pkg/version.Version={{.Tag }} - main: ./cmd/pulumi-resource-sentry/ -changelog: - skip: true -release: - disable: false - prerelease: auto -snapshot: - name_template: "{{ .Tag }}-SNAPSHOT" diff --git a/CODE-OF-CONDUCT.md b/CODE-OF-CONDUCT.md new file mode 100644 index 0000000..995e13c --- /dev/null +++ b/CODE-OF-CONDUCT.md @@ -0,0 +1,80 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of experience, +education, socio-economic status, nationality, personal appearance, race, +religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members +* Contribute in a positive and constructive way + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Community Guidelines +* Be clear and stay on topic. Communicating with strangers on the Internet can make it hard to convey or read tone, and sarcasm is frequently misunderstood. Try to use clear language, and think about how the other person will receive it. +* Don’t cross-post the same thing in multiple GitHub Discussion topics or multiple Slack channels. This can make it difficult for people answering your questions and creates "scrollback spam". +* Public discussion is preferred to private. Avoid using Slack DMs for questions, and instead share them in public Slack channels or GitHub Discussion threads. This allows a larger audience to both share their knowledge as well as learn from your question or issue. If you're having a problem, chances are someone else is having a similar problem. Learning in public is a community contribution. +* Minimize notifications to other community members. Avoid tagging other community members in Slack messages or Discussion threads, unless you are replying to something specific. Community members are here to help each other, but are not "on call" for support, and we expect everyone to try to minimize "notification fatigue". If your issue is time-sensitive or critical, use methods like support@pulumi.com instead. + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, GitHub Discussions posts, +and other contributions that are not aligned to this Code of Conduct, or to ban +temporarily or permanently any contributor for other behaviors that they deem +inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces (including the Community Slack +and GitHub Discussions forums) and in public spaces when an individual is representing the +project or its community. Examples of representing a project or community include +using an official project e-mail address, posting via an official social media account, +or acting as an appointed representative at an online or offline event. Representation +of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at code-of-conduct@pulumi.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org diff --git a/Makefile b/Makefile index 355f5b1..aba0094 100644 --- a/Makefile +++ b/Makefile @@ -129,7 +129,7 @@ lint_provider.fix: cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml --fix # `make provider_no_deps` builds the provider binary directly, without ensuring that -# `cmd/pulumi-resource-cockroach/schema.json` is valid and up to date. +# `cmd/pulumi-resource-sentry/schema.json` is valid and up to date. # To create a release ready binary, you should use `make provider`. provider_no_deps: (cd provider && go build $(PULUMI_PROVIDER_BUILD_PARALLELISM) -o $(WORKING_DIR)/bin/$(PROVIDER) -ldflags "$(LDFLAGS)" $(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)) @@ -244,4 +244,4 @@ provider_dist: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist .PHONY: provider_dist-linux-amd64 provider_dist-linux-arm64 provider_dist-darwin-amd64 provider_dist-darwin-arm64 provider_dist-windows-amd64 provider_dist # Permit providers to extend the Makefile with provider-specific Make includes. -include $(wildcard .mk/*.mk) \ No newline at end of file +include $(wildcard .mk/*.mk) diff --git a/devbox.json b/devbox.json new file mode 100644 index 0000000..8b0c864 --- /dev/null +++ b/devbox.json @@ -0,0 +1,22 @@ +{ + "packages": [ + "yarn@latest", + "pulumictl@latest", + "go@1.22.", + "nodejs@20.", + "python3@3.11.8", + "dotnet-sdk@6.0.", + "gradle_7@7.6", + "curl@8" + ], + "shell": { + "init_hook": [ + "export PATH=\"$(pwd)/bin/:$PATH\"" + ], + "scripts": { + "test": [ + "echo \"Error: no test specified\" && exit 1" + ] + } + } +} diff --git a/devbox.lock b/devbox.lock new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/devbox.lock @@ -0,0 +1 @@ +{} diff --git a/upstream.sh b/upstream.sh new file mode 100755 index 0000000..f5609ac --- /dev/null +++ b/upstream.sh @@ -0,0 +1,375 @@ +#!/usr/bin/env bash +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +set -e + +original_exec="$0" +original_cmd="$1" + +usage() { + cat < [options] + +COMMANDS + init [-f] Initialize the upstream submodule and applies the + patches to the working directory. + checkout [-f] Create a branch in the upstream repository with the + patches applied as commits. + rebase [-o] [-i] Rebase the checked out patches. + check_in Write checkedout commits back to patches, add upstream + and patches changes to the git staging area and exit + checkout mode. + help Print this help message, plus examples. + +OPTIONS + -f Force the command to run even if the upstream submodule is modified + -o The new base commit to rebase the patches on top of + -i Run the rebase command interactively + -h Print this help message, plus examples +EOF +} + +extended_docs() { + cat < + ${original_exec} check_in + + Interactively edit the patches: + ${original_exec} checkout + ${original_exec} rebase -i + ${original_exec} check_in + + Add a new patch: + ${original_exec} checkout + # Make changes to the upstream repository + git commit -am "Add new feature" + ${original_exec} check_in +EOF +} + +assert_upstream_exists() { + if [[ ! -d upstream ]]; then + echo "No 'upstream' directory detected. Aborting." + exit 1 + fi +} + +assert_not_checked_out() { + current_branch=$(cd upstream && git --no-pager rev-parse --abbrev-ref HEAD) + if [[ "${current_branch}" == "pulumi/patch-checkout" ]]; then + cat <' to rebase the patches on top of the + new upstream commit. Resolve any conflicts and continue the rebase to completion. +3. '${original_exec} check_in' to create an updated set of patches from the commits + +Reset the upstream submodule to the previous known good upstream commit before +trying again. This can be done with: + + (cd upstream && git reset --hard ) + git add upstream + +EOF + exit 1 +} + +apply_patches() { + # Iterating over the patches folder in sorted order, + # apply the patch using a 3-way merge strategy. This mirrors the default behavior of 'git merge' + cd upstream + for patch in ../patches/*.patch; do + if ! git apply --3way "${patch}" --allow-empty; then + err_failed_to_apply "$(basename "${patch}")" + fi + done +} + +clean_rebases() { + # Clean up any previous in-progress rebases. + cd upstream + rebase_merge_dir=$(git rev-parse --git-path rebase-merge) + rebase_apply_dir=$(git rev-parse --git-path rebase-apply) + rm -rf "${rebase_merge_dir}" + rm -rf "${rebase_apply_dir}" + cd .. +} + +clean_branches() { + cd upstream + if git show-ref --verify --quiet refs/heads/pulumi/patch-checkout; then + git branch -D pulumi/patch-checkout + fi + if git show-ref --verify --quiet refs/heads/pulumi/checkout-base; then + git branch -D pulumi/checkout-base + fi + if git show-ref --verify --quiet refs/heads/pulumi/original-base; then + git branch -D pulumi/original-base + fi + cd .. +} + +init() { + # Parse additional flags + while getopts "f" flag; do + case "${flag}" in + f) force="true";; + *) echo "Unexpected option ${flag}"; exit 1;; + esac + done + + assert_upstream_exists + + if [[ "${force}" != "true" ]]; then + assert_not_checked_out + assert_no_rebase_in_progress + fi + + git submodule update --force --init + cd upstream && git clean -fxd && cd .. + + if [[ "${force}" == "true" ]]; then + clean_rebases + clean_branches + fi + apply_patches +} + +checkout() { + # Parse additional flags + while getopts "f" flag; do + case "${flag}" in + f) force="true";; + *) echo "Unexpected option ${flag}"; exit 1;; + esac + done + + assert_upstream_exists + + if [[ "${force}" != "true" ]]; then + assert_not_checked_out + assert_no_rebase_in_progress + fi + + git submodule update --force --init + if [[ "${force}" == "true" ]]; then + clean_rebases + clean_branches + fi + + cd upstream + git fetch --all + + # Set the 'pulumi/checkout-base' branch to the current commit of the upstream repository + # This is used to track the base commit of the patches + # If rebasing, then this must be moved to the new base commit. + git branch -f pulumi/checkout-base + # Create a new branch 'pulumi/patch-checkout' which will contain the commits for each patch + git checkout -B pulumi/patch-checkout + + for patch in ../patches/*.patch; do + if ! git am --3way "${patch}"; then + err_failed_to_apply "$(basename "${patch}")" + fi + done + + cat < + +Once you have finished editing the commits, run + ${original_exec} check_in + +EOF +} + +rebase() { + # Parse additional flags + onto="pulumi/checkout-base" + interactive="false" + while getopts "io:" flag; do + case "${flag}" in + i) interactive="true";; + o) onto="${OPTARG}";; + *) echo "Unexpected option ${flag}"; exit 1;; + esac + done + + assert_is_checked_out + + cd upstream + # Fetch the latest changes from the upstream repository + git fetch --all + # Set the "pulumi/original-base" branch to the current base commit of the patches + git branch -f pulumi/original-base pulumi/checkout-base + # Set the "pulumi/patch-checkout" branch to track the "pulumi/original-base" branch + git branch --set-upstream-to=pulumi/original-base pulumi/patch-checkout + # Set the "pulumi/checkout-base" branch to the new base commit ready for formatting the patches after + git branch -f pulumi/checkout-base "${onto}" + # Rebase the 'pulumi/patch-checkout' branch on top of the new base commit + interactive_flag="" + if [[ "${interactive}" == "true" ]]; then + interactive_flag="--interactive" + fi + if ! git rebase --onto "${onto}" ${interactive_flag}; then + echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory." + exit 1 + fi + cd .. +} + +export_patches() { + # Remove all existing patches before creating the new ones in case they've been renamed or removed. + rm -f patches/*.patch + + # Extract patches from the commits in the 'pulumi/patch-checkout' branch into the 'patches' directory. + # Use the 'pulumi/checkout-base' branch to determine the base commit of the patches. + (cd upstream && git format-patch pulumi/checkout-base -o ../patches --zero-commit --no-signature --no-stat --no-numbered) +} + +format_patches() { + assert_upstream_exists + assert_is_checked_out + assert_no_rebase_in_progress + + export_patches + cat <