-
Notifications
You must be signed in to change notification settings - Fork 0
160 lines (158 loc) · 6.07 KB
/
release.yaml
File metadata and controls
160 lines (158 loc) · 6.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
name: release
on:
push:
tags:
- v*.*.*
workflow_dispatch:
permissions:
contents: write
id-token: write
packages: write
env:
GITHUB_TOKEN: ${{ secrets.PR_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
PROVIDER: stackit
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PUBLISH_NPM: true
#NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
#NUGET_FEED_URL: https://api.nuget.org/v3/index.json
#PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
#PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
#PYPI_USERNAME: "__token__"
#PUBLISH_PYPI: true
#PUBLISH_NUGET: true
jobs:
publish_binary:
name: publish
runs-on: ubuntu-latest
steps:
# TODO: remove when this repo is made public
- name: Configure Git for Private Modules
run: |
git config --global url."https://oauth2:${{ secrets.PR_TOKEN }}@github.com".insteadOf "https://github.com"
# Sets GOPRIVATE and GONOSUMDB in order to use the git authetnication for go mod.
echo "GOPRIVATE=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV
echo "GONOSUMDB=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV
# TODO: remove end
- name: Checkout Repo
uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # tag=v4.2.2
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install pulumictl
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # tag=v2.1.0
with:
repo: pulumi/pulumictl
- name: Install Go Tools
uses: ./.github/actions/gotools
with:
go-version: ${{ matrix.goversion }}
#- name: Set PreRelease Version
# run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)" >> $GITHUB_ENV
- uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
- uses: anchore/sbom-action/download-syft@8e94d75ddd33f69f691467e42275782e4bfefe84 # v0.20.9
- name: Debugging what was changed
run: |
git status
git diff
git tag -n
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # tag=v6.3.0
with:
args: -p 3 release --clean --snapshot
version: '~> v2'
strategy:
fail-fast: true
matrix:
goversion:
- 1.24.x
publish_sdk:
name: Publish SDKs
runs-on: ubuntu-latest
needs: publish_binary
steps:
# TODO: remove when this repo is made public
- name: Configure Git for Private Modules
run: |
git config --global url."https://oauth2:${{ secrets.PR_TOKEN }}@github.com".insteadOf "https://github.com"
# Sets GOPRIVATE and GONOSUMDB in order to use the git authetnication for go mod.
echo "GOPRIVATE=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV
echo "GONOSUMDB=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV
# TODO: remove end
- name: Checkout Repo
uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # tag=v4.2.2
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install pulumictl
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # tag=v2.1.0
with:
repo: pulumi/pulumictl
- name: Install pulumi
uses: pulumi/actions@v6
- name: Install Go Tools
uses: ./.github/actions/gotools
with:
go-version: ${{ matrix.goversion }}
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # tag=v6.0.0
with:
node-version: ${{matrix.nodeversion}}
#registry-url: ${{env.NPM_REGISTRY_URL}}
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # tag=v5.0.0
with:
dotnet-version: ${{matrix.dotnetverson}}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # tag=v6.0.0
with:
python-version: ${{matrix.pythonversion}}
- name: Build SDK
run: make build_${{ matrix.language }}
- name: Check worktree clean
run: |
git update-index -q --refresh
if ! git diff-files --quiet; then
>&2 echo "error: working tree is not clean, aborting!"
git status
git diff
exit 1
fi
- if: ${{ matrix.language == 'nodejs' }}
name: Run type script unit tests
run: make test_ts
- if: ${{ matrix.language == 'python' && env.PUBLISH_PYPI == 'true' }}
name: Publish package to PyPI
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # tag=v1.13.0
with:
user: ${{ env.PYPI_USERNAME }}
password: ${{ env.PYPI_PASSWORD }}
packages_dir: ${{github.workspace}}/sdk/python/bin/dist
- if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }}
uses: JS-DevTools/npm-publish@7f8fe47b3bea1be0c3aec2b717c5ec1f3e03410b # tag=v4.1.1
with:
access: "public"
#token: ${{ env.NPM_TOKEN }}
token: ${{ secrets.PR_TOKEN }}
package: ${{github.workspace}}/sdk/nodejs/bin/package.json
provenance: true
- if: ${{ matrix.language == 'dotnet' && env.PUBLISH_NUGET == 'true' }}
name: publish nuget package
run: |
dotnet nuget push ${{github.workspace}}/sdk/dotnet/bin/Debug/*.nupkg -s ${{ env.NUGET_FEED_URL }} -k ${{ env.NUGET_PUBLISH_KEY }}
echo "done publishing packages"
strategy:
fail-fast: true
matrix:
dotnetversion:
- 9.0.x
goversion:
- 1.24.x
language:
- nodejs
- python
- dotnet
- go
nodeversion:
- 20.x
pythonversion:
- "3.9"