release #25
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| tags: | |
| - v*.*.* | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| id-token: write | |
| packages: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.PR_TOKEN }} | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| PROVIDER: stackit | |
| PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
| # TODO: change to true if ready to release | |
| PUBLISH_NPM: false | |
| #NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | |
| #NUGET_FEED_URL: https://api.nuget.org/v3/index.json | |
| #PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
| #PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }} | |
| #PYPI_USERNAME: "__token__" | |
| #PUBLISH_PYPI: true | |
| #PUBLISH_NUGET: true | |
| jobs: | |
| publish_binary: | |
| name: Publish provider | |
| runs-on: ubuntu-latest | |
| steps: | |
| # TODO: remove when this repo is made public | |
| - name: Configure Git for Private Modules | |
| run: | | |
| git config --global url."https://oauth2:${{ secrets.PR_TOKEN }}@github.com".insteadOf "https://github.com" | |
| # Sets GOPRIVATE and GONOSUMDB in order to use the git authetnication for go mod. | |
| echo "GOPRIVATE=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV | |
| echo "GONOSUMDB=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV | |
| # TODO: remove end | |
| - name: Checkout Repo | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # tag=v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Unshallow clone for tags | |
| run: git fetch --prune --unshallow --tags | |
| - name: Install pulumictl | |
| uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # tag=v2.1.0 | |
| with: | |
| repo: pulumi/pulumictl | |
| - name: Install Go Tools | |
| uses: ./.github/actions/gotools | |
| with: | |
| go-version: ${{ matrix.goversion }} | |
| - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| - uses: anchore/sbom-action/download-syft@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 | |
| - name: Debugging what was changed | |
| run: | | |
| git status | |
| git diff | |
| git tag -n | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # tag=v6.3.0 | |
| with: | |
| args: -p 3 release --clean | |
| version: '~> v2' | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| goversion: | |
| - 1.24.x | |
| publish_sdk: | |
| name: Publish SDKs to npm Registry, NuGet Gallery and Python Package Index | |
| runs-on: ubuntu-latest | |
| needs: publish_binary | |
| steps: | |
| # TODO: remove when this repo is made public | |
| - name: Configure Git for Private Modules | |
| run: | | |
| git config --global url."https://oauth2:${{ secrets.PR_TOKEN }}@github.com".insteadOf "https://github.com" | |
| # Sets GOPRIVATE and GONOSUMDB in order to use the git authetnication for go mod. | |
| echo "GOPRIVATE=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV | |
| echo "GONOSUMDB=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV | |
| # TODO: remove end | |
| - name: Checkout Repo | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # tag=v4.2.2 | |
| - name: Unshallow clone for tags | |
| run: git fetch --prune --unshallow --tags | |
| - name: Install Go Tools | |
| uses: ./.github/actions/gotools | |
| with: | |
| go-version: ${{ matrix.goversion }} | |
| - name: Install Pulumi Tools | |
| uses: ./.github/actions/pulumitools | |
| with: | |
| dotnet-version: ${{matrix.dotnetverson}} | |
| node-version: ${{matrix.nodeversion}} | |
| python-version: ${{matrix.pythonversion}} | |
| - name: Build SDK | |
| run: make build_${{ matrix.language }} | |
| - name: Check worktree clean | |
| run: | | |
| git update-index -q --refresh | |
| if ! git diff-files --quiet; then | |
| >&2 echo "error: working tree is not clean, aborting!" | |
| git status | |
| git diff | |
| exit 1 | |
| fi | |
| - if: ${{ matrix.language == 'nodejs' }} | |
| name: Run type script unit tests | |
| run: make test_ts | |
| - if: ${{ matrix.language == 'python' && env.PUBLISH_PYPI == 'true' }} | |
| name: Publish package to PyPI | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # tag=v1.13.0 | |
| with: | |
| user: ${{ env.PYPI_USERNAME }} | |
| password: ${{ env.PYPI_PASSWORD }} | |
| packages_dir: ${{github.workspace}}/sdk/python/bin/dist | |
| - if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }} | |
| uses: JS-DevTools/npm-publish@7f8fe47b3bea1be0c3aec2b717c5ec1f3e03410b # tag=v4.1.1 | |
| with: | |
| access: "public" | |
| # old way, we want to use Trusted publishers | |
| # token: ${{ env.NPM_TOKEN }} | |
| package: ${{github.workspace}}/sdk/nodejs/bin/package.json | |
| provenance: true | |
| - if: ${{ matrix.language == 'dotnet' && env.PUBLISH_NUGET == 'true' }} | |
| name: publish nuget package | |
| run: | | |
| dotnet nuget push ${{github.workspace}}/sdk/dotnet/bin/Debug/*.nupkg -s ${{ env.NUGET_FEED_URL }} -k ${{ env.NUGET_PUBLISH_KEY }} | |
| echo "done publishing packages" | |
| # TODO: publish go sdk to github | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| dotnetversion: | |
| - 9.0.x | |
| goversion: | |
| - 1.24.x | |
| language: | |
| - nodejs | |
| - python | |
| - dotnet | |
| - go | |
| nodeversion: | |
| - 20.x | |
| pythonversion: | |
| - "3.9" |