Add Security Group to NLBs (#1285) #46
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
env: | |
AWS_REGION: us-west-2 | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
LOCAL_PLAT: linux-amd64 | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | |
PROVIDER: awsx | |
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
PULUMI_API: https://api.pulumi-staging.io | |
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
PYPI_USERNAME: __token__ | |
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} | |
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} | |
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} | |
GOVERSION: "1.21.x" | |
DOTNETVERSION: "6.x" | |
PYTHONVERSION: "3.8" | |
NODEVERSION: "18.x" | |
JAVAVERSION: "11" | |
jobs: | |
lint: | |
name: lint | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v4 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.10.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
registry-url: https://registry.npmjs.org | |
- name: Install Yarn | |
run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 | |
- name: Update PATH for Yarn | |
run: | | |
echo "$HOME/.yarn/bin" >> $GITHUB_PATH | |
echo "$HOME/.config/yarn/global/node_modules/.bin" >> $GITHUB_PATH | |
- name: Lint AWSX Code | |
run: make lint | |
- name: Lint classic AWSX Code | |
run: make lint_classic | |
- name: Check worktree clean | |
run: ./ci-scripts/ci/check-worktree-is-clean | |
build-provider: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: ${{ env.AWS_REGION }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 3600 | |
role-session-name: ${{ env.PROVIDER }}@githubActions | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v4 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{env.NODEVERSION}} | |
registry-url: https://registry.npmjs.org | |
- name: Install Yarn | |
run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 | |
- name: Update PATH for Yarn | |
run: | | |
echo "$HOME/.yarn/bin" >> $GITHUB_PATH | |
echo "$HOME/.config/yarn/global/node_modules/.bin" >> $GITHUB_PATH | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.10.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/action-install-pulumi-cli@v2 | |
- name: Build provider | |
run: make provider | |
- name: Test provider | |
run: make test_provider | |
- name: Check worktree clean | |
run: ./ci-scripts/ci/check-worktree-is-clean | |
- name: Upload bin | |
uses: actions/upload-artifact@v3 | |
with: | |
name: bin | |
path: bin | |
- name: Tar provider bin | |
run: tar -zcf ${{ github.workspace }}/provider.tar.gz -C ${{ github.workspace }}/${{ env.PROVIDER }}/bin/ . | |
- name: Upload provider bin | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.PROVIDER }}-provider.tar.gz | |
path: ${{ github.workspace }}/provider.tar.gz | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in building provider | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
acceptance-test: | |
needs: build-provider | |
runs-on: ubuntu-latest | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@v1.3.1 | |
with: | |
tool-cache: false | |
swap-storage: false | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v4 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.10.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Languages & Frameworks | |
uses: ./.github/actions/install | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v3 | |
with: | |
gradle-version: "8.4" | |
- name: Install Python deps | |
run: |- | |
pip3 install virtualenv==20.0.23 | |
pip3 install pipenv | |
- name: Download bin | |
uses: actions/download-artifact@v3 | |
with: | |
name: bin | |
path: bin | |
- name: Restore bin and avoid rebuilding | |
run: | | |
chmod +x bin/* | |
make provider --touch | |
- name: Build SDK | |
run: make build_${{ matrix.language }} | |
- name: Check worktree clean | |
run: ./ci-scripts/ci/check-worktree-is-clean | |
- name: Compress SDK folder | |
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} | |
. | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: ${{ env.AWS_REGION }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 3600 | |
role-session-name: ${{ env.PROVIDER }}@githubActions | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
- name: Run tests | |
# Tell make to not rebuild the provider bin | |
run: make test_${{ matrix.language }} | |
strategy: | |
fail-fast: false | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
publish: | |
name: publish | |
needs: acceptance-test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: us-east-2 | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 3600 | |
role-external-id: upload-pulumi-release | |
role-session-name: ${{ env.PROVIDER}}@githubActions | |
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} | |
- uses: MOZGIII/install-ldid-action@v1 | |
with: | |
tag: v2.1.5-procursus2 | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.10.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/action-install-pulumi-cli@v2 | |
- name: Download provider binary | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ env.PROVIDER }}-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: Untar provider binaries | |
run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace | |
}}/bin | |
- name: Restore binary perms | |
run: find ${{ github.workspace }}/bin -name "pulumi-*-${{ env.PROVIDER }}" -print | |
-exec chmod +x {} \; | |
- name: Test provider | |
run: make test_provider | |
- name: Create Provider Binaries | |
run: make dist | |
- name: Upload Provider Binaries | |
run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive | |
- name: Create GH Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: | | |
dist/*.tar.gz | |
env: | |
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} | |
publish_sdk: | |
name: publish_sdk | |
needs: publish | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v4 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.10.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Languages & Frameworks | |
uses: ./.github/actions/install | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v3 | |
with: | |
gradle-version: "8.4" | |
- name: Download python SDK | |
uses: actions/download-artifact@v3 | |
with: | |
name: python-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress python SDK | |
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python | |
- name: Download dotnet SDK | |
uses: actions/download-artifact@v3 | |
with: | |
name: dotnet-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress dotnet SDK | |
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet | |
- name: Download nodejs SDK | |
uses: actions/download-artifact@v3 | |
with: | |
name: nodejs-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress nodejs SDK | |
run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C ${{github.workspace}}/sdk/nodejs | |
- run: python -m pip install pip twine | |
- env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
name: Publish SDK | |
run: ./scripts/publish_packages.sh | |
- name: Download java SDK | |
uses: actions/download-artifact@v3 | |
with: | |
name: java-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress java SDK | |
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C ${{github.workspace}}/sdk/java | |
- name: Set PACKAGE_VERSION to Env | |
run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >> | |
$GITHUB_ENV | |
- name: Publish Java SDK | |
uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa | |
with: | |
arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository | |
build-root-directory: ./sdk/java | |
gradle-version: 7.4.1 | |
tag_sdk: | |
name: tag_sdk | |
needs: publish_sdk | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.10.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Add SDK version tag | |
run: git tag sdk/v$(pulumictl get version --language generic) && git push origin | |
sdk/v$(pulumictl get version --language generic) | |
create_docs_build: | |
name: Create docs build | |
needs: tag_sdk | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.10.0 | |
with: | |
repo: pulumi/pulumictl | |
- env: | |
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} | |
name: Dispatch event | |
run: pulumictl create docs-build pulumi-${{ env.PROVIDER }} ${GITHUB_REF#refs/tags/} --schema-path schema.json | |
name: release | |
"on": | |
push: | |
tags: | |
- v*.*.* | |
- "!v*.*.*-**" | |
- "!v0.x.x" |