Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
acec9cb
feat: add subcategory support to codegen
migara Feb 12, 2026
313d1bd
feat: add release automation script
migara Feb 12, 2026
4910609
fix: correct Makefile config path and accumulate metadata flags
migara Feb 12, 2026
a8cb805
fix: remove panos prefix from template filenames
migara Feb 12, 2026
63756aa
Merge main into feature/subcategory-automation
migara Feb 24, 2026
12c047d
Merge branch 'feature/subcategory-automation'
migara Feb 24, 2026
1a26abc
feat(codegen): Mark sensitive variables with sensitive flag
migara Mar 6, 2026
4c5e18e
feat(ci): Add automated release pipeline
migara Apr 8, 2026
ade3f61
fix(ci): Pin all GitHub Actions to commit SHAs
migara Apr 8, 2026
5df7b0c
feat(codegen): Add skip_subcategory support for specs without subcate…
migara Apr 8, 2026
a49b308
Merge remote-tracking branch 'origin/main' into sensitive-vars
migara Apr 8, 2026
6c82859
fix(examples): Fix undeclared resource reference in virtual_wire example
migara Apr 8, 2026
d54c9a1
fix(ci): Drop local pango replace directive before go get in CI
migara Apr 8, 2026
3df5fc6
fix(ci): Exclude go.mod/go.sum from rsync to avoid local replace dire…
migara Apr 8, 2026
3323087
fix(ci): Add Terraform setup for provider doc generation
migara Apr 8, 2026
1a6b076
fix(ci): Include go.mod in rsync, strip replace directive with sed
migara Apr 8, 2026
944655d
fix(ci): Add tfplugindocs tool dependency for doc generation
migara Apr 8, 2026
e63c296
fix(ci): Use go install for tfplugindocs to survive go mod tidy
migara Apr 8, 2026
e5a9d16
fix(ci): Run go generate before go mod tidy
migara Apr 8, 2026
e292f07
fix(ci): Add tfplugindocs dependency before go generate
migara Apr 8, 2026
aab0bb3
fix(ci): Reuse existing PR instead of bumping version on re-runs
migara Apr 8, 2026
606369f
Merge origin/main into sensitive-vars
migara Apr 8, 2026
c3742d6
fix(examples): Replace undeclared variables with literals in virtual_…
migara Apr 8, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 68 additions & 14 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ jobs:
version: ${{ steps.version.outputs.version }}
last_tag: ${{ steps.version.outputs.last_tag }}
since_date: ${{ steps.version.outputs.since_date }}
existing_pr: ${{ steps.version.outputs.existing_pr }}
steps:
- name: Checkout pan-os-codegen
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
Expand Down Expand Up @@ -58,9 +59,22 @@ jobs:
LAST_TAG=$(gh release view --repo PaloAltoNetworks/terraform-provider-panos --json tagName -q '.tagName' 2>/dev/null || echo "v0.0.0")
SINCE_DATE=$(gh release view "$LAST_TAG" --repo PaloAltoNetworks/terraform-provider-panos --json publishedAt -q '.publishedAt' 2>/dev/null || echo "")

# Check for existing open auto-release PR (skip if version is manually overridden)
EXISTING_PR=""
if [ -z "${{ inputs.version_override }}" ]; then
EXISTING_PR=$(gh pr list --repo PaloAltoNetworks/terraform-provider-panos \
--state open --json number,headRefName \
--jq '[.[] | select(.headRefName | startswith("auto-release/"))][0].number // empty' 2>/dev/null || echo "")
if [ -n "$EXISTING_PR" ]; then
EXISTING_BRANCH=$(gh pr view "$EXISTING_PR" --repo PaloAltoNetworks/terraform-provider-panos --json headRefName -q '.headRefName')
VERSION="${EXISTING_BRANCH#auto-release/}"
echo "::notice::Found existing unmerged PR #${EXISTING_PR} for ${VERSION} - reusing version"
fi
fi

if [ -n "${{ inputs.version_override }}" ]; then
VERSION="${{ inputs.version_override }}"
else
elif [ -z "$EXISTING_PR" ]; then
VERSION=$(bash scripts/determine-version.sh --last-tag "$LAST_TAG")
if [ "$VERSION" = "NO_BUMP" ]; then
echo "::error::No version-bumping commits found since $LAST_TAG"
Expand All @@ -71,15 +85,20 @@ jobs:
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "last_tag=$LAST_TAG" >> $GITHUB_OUTPUT
echo "since_date=$SINCE_DATE" >> $GITHUB_OUTPUT
echo "existing_pr=$EXISTING_PR" >> $GITHUB_OUTPUT
echo "## Version" >> $GITHUB_STEP_SUMMARY
echo "- Current: $LAST_TAG" >> $GITHUB_STEP_SUMMARY
echo "- Next: $VERSION" >> $GITHUB_STEP_SUMMARY
if [ -n "$EXISTING_PR" ]; then
echo "- Reusing existing PR: #$EXISTING_PR" >> $GITHUB_STEP_SUMMARY
fi

- name: Generate release notes
run: |
bash scripts/generate-release-notes.sh \
"${{ steps.version.outputs.version }}" \
"${{ steps.version.outputs.since_date }}" \
--since-tag "${{ steps.version.outputs.last_tag }}" \
--since-date "${{ steps.version.outputs.since_date }}" \
> target/release-notes.md
echo "## Release Notes" >> $GITHUB_STEP_SUMMARY
cat target/release-notes.md >> $GITHUB_STEP_SUMMARY
Expand Down Expand Up @@ -198,6 +217,11 @@ jobs:
with:
go-version: "1.23"

- name: Set up Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
with:
terraform_wrapper: false

- name: Checkout provider
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
Expand All @@ -223,13 +247,21 @@ jobs:
- name: Update pango dependency and generate docs
working-directory: provider
run: |
# Remove local replace directive used for local dev (points to ../pango)
sed -i '/^replace.*pango.*=>.*\.\.\/pango/d' go.mod

# Fetch the latest pango from main (just pushed in previous job)
go get github.com/PaloAltoNetworks/pango@main
go mod tidy

# Add tfplugindocs tool dependency (not in generated go.mod, needed by go:generate)
go get github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs

# Generate terraform plugin documentation
go generate ./...

# Clean up after generation
go mod tidy

- name: Validate subcategories in provider
run: |
SKIP_FILE="generated/terraform/.subcategory-skip"
Expand All @@ -248,11 +280,12 @@ jobs:
exit 1
fi

- name: Create PR
- name: Create or update PR
id: create-pr
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
VERSION: ${{ needs.generate-and-test.outputs.version }}
EXISTING_PR: ${{ needs.generate-and-test.outputs.existing_pr }}
working-directory: provider
run: |
BRANCH="auto-release/${VERSION}"
Expand All @@ -263,19 +296,23 @@ jobs:
git add .

if git diff --staged --quiet; then
if [ -n "$EXISTING_PR" ]; then
echo "::notice::No new changes; existing PR #${EXISTING_PR} is up to date"
PR_URL=$(gh pr view "$EXISTING_PR" --repo PaloAltoNetworks/terraform-provider-panos --json url -q '.url')
echo "pr_url=$PR_URL" >> $GITHUB_OUTPUT
echo "## Provider PR" >> $GITHUB_STEP_SUMMARY
echo "Up to date: $PR_URL" >> $GITHUB_STEP_SUMMARY
exit 0
fi
echo "::error::No changes to commit in provider"
exit 1
fi

git commit -m "chore(release): auto-generated ${VERSION}"
git push -u origin "$BRANCH"

RELEASE_NOTES=$(cat ../generated/release-notes.md)

PR_URL=$(gh pr create \
--repo PaloAltoNetworks/terraform-provider-panos \
--title "chore(release): ${VERSION}" \
--body "$(cat <<PREOF
PR_BODY=$(cat <<PREOF
## Release ${VERSION}

**Automated by pan-os-codegen release pipeline**
Expand All @@ -291,11 +328,27 @@ jobs:
${RELEASE_NOTES}
<!-- RELEASE_NOTES_END -->
PREOF
)")
)

if [ -n "$EXISTING_PR" ]; then
# Force push to update existing branch and PR body
git push --force origin "$BRANCH"
gh pr edit "$EXISTING_PR" \
--repo PaloAltoNetworks/terraform-provider-panos \
--body "$PR_BODY"
PR_URL=$(gh pr view "$EXISTING_PR" --repo PaloAltoNetworks/terraform-provider-panos --json url -q '.url')
echo "::notice::Updated existing PR: $PR_URL"
else
git push -u origin "$BRANCH"
PR_URL=$(gh pr create \
--repo PaloAltoNetworks/terraform-provider-panos \
--title "chore(release): ${VERSION}" \
--body "$PR_BODY")
fi

echo "pr_url=$PR_URL" >> $GITHUB_OUTPUT
echo "## Provider PR" >> $GITHUB_STEP_SUMMARY
echo "Created: $PR_URL" >> $GITHUB_STEP_SUMMARY
echo "${EXISTING_PR:+Updated}${EXISTING_PR:-Created}: $PR_URL" >> $GITHUB_STEP_SUMMARY

tag-codegen:
name: Tag Codegen
Expand All @@ -311,6 +364,7 @@ jobs:
env:
VERSION: ${{ needs.generate-and-test.outputs.version }}
run: |
git tag "release/${VERSION}"
git push origin "release/${VERSION}"
echo "Tagged pan-os-codegen with release/${VERSION}"
TAG="release/${VERSION}"
git tag -f "$TAG"
git push origin "$TAG" --force
echo "Tagged pan-os-codegen with $TAG"
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@ resource "panos_template" "tmpl" {

resource "panos_ethernet_interface" "iface1" {
location = { template = { name = panos_template.tmpl.name, vsys = "vsys1" } }
name = var.interface1
name = "ethernet1/1"
virtual_wire = {}
}

resource "panos_ethernet_interface" "iface2" {
location = { template = { name = panos_template.tmpl.name, vsys = "vsys1" } }
name = var.interface2
name = "ethernet1/2"
virtual_wire = {}
}

Expand Down
Loading