-
Notifications
You must be signed in to change notification settings - Fork 52
212 lines (203 loc) · 7.49 KB
/
run-acceptance-tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
name: run-acceptance-tests
on:
pull_request:
paths-ignore:
- CHANGELOG.md
repository_dispatch:
types:
- run-acceptance-tests-command
env:
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PULUMI_MISSING_DOCS_ERROR: true
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
PYPI_USERNAME: __token__
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
TF_APPEND_USER_AGENT: pulumi
# This should cancel any previous runs of the same workflow on the same branch which are still running.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
prerequisites:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
permissions:
pull-requests: write
uses: ./.github/workflows/prerequisites.yml
secrets: inherit
with:
default_branch: ${{ github.event.repository.default_branch }}
is_pr: ${{ github.event_name == 'pull_request' }}
is_automated: ${{ github.actor == 'dependabot[bot]' }}
build_provider:
uses: ./.github/workflows/build_provider.yml
needs: prerequisites
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}
build_sdk:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
name: build_sdk
needs: prerequisites
uses: ./.github/workflows/build_sdk.yml
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}
comment-notification:
if: github.event_name == 'repository_dispatch'
name: comment-notification
permissions:
pull-requests: write
runs-on: ubuntu-latest
steps:
- id: run-url
name: Create URL to the run output
run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT"
- name: Update with Result
uses: peter-evans/create-or-update-comment@v1
with:
body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}"
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
token: ${{ secrets.GITHUB_TOKEN }}
lint:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
name: lint
uses: ./.github/workflows/lint.yml
secrets: inherit
sentinel:
name: sentinel
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
permissions:
statuses: write
needs:
- test
- build_provider
- license_check
- lint
runs-on: ubuntu-latest
steps:
- uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76
with:
authToken: ${{secrets.GITHUB_TOKEN}}
# Write an explicit status check called "Sentinel" which will only pass if this code really runs.
# This should always be a required check for PRs.
context: 'Sentinel'
description: 'All required checks passed'
state: 'success'
# Write to the PR commit SHA if it's available as we don't want the merge commit sha,
# otherwise use the current SHA for any other type of build.
sha: ${{ github.event.pull_request.head.sha || github.sha }}
test:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
name: test
needs:
- prerequisites
- build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
env:
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
persist-credentials: false
- name: Checkout p/examples
if: matrix.testTarget == 'pulumiExamples'
uses: actions/checkout@v4
with:
repository: pulumi/examples
path: p-examples
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, ${{ matrix.language }}
- name: Download bin
uses: ./.github/actions/download-bin
- name: Add NuGet source
if: matrix.language == 'dotnet'
run: dotnet nuget add source ${{ github.workspace }}/nuget
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Python deps
if: matrix.language == 'python'
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@v2
with:
install_components: gke-gcloud-auth-plugin
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.5.0
- name: make upstream
run: |
make upstream
- name: Run provider tests
run: |
cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- name: Run tests
if: matrix.testTarget == 'local'
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 .
- name: Run pulumi/examples tests
if: matrix.testTarget == 'pulumiExamples'
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -run TestPulumiExamples -parallel 4 .
strategy:
fail-fast: false
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
testTarget: [local]
license_check:
name: License Check
uses: ./.github/workflows/license.yml
secrets: inherit