-
Notifications
You must be signed in to change notification settings - Fork 0
149 lines (147 loc) · 5.55 KB
/
release.yaml
File metadata and controls
149 lines (147 loc) · 5.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: release
on:
push:
tags:
- v*.*.*
workflow_dispatch:
permissions:
contents: write
id-token: write
packages: write
env:
GITHUB_TOKEN: ${{ secrets.PR_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
PROVIDER: stackit
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
# TODO: change to true if ready to release
PUBLISH_NPM: false
#NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
#NUGET_FEED_URL: https://api.nuget.org/v3/index.json
#PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
#PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
#PYPI_USERNAME: "__token__"
#PUBLISH_PYPI: true
#PUBLISH_NUGET: true
jobs:
publish_binary:
name: Publish provider
runs-on: ubuntu-latest
steps:
# TODO: remove when this repo is made public
- name: Configure Git for Private Modules
run: |
git config --global url."https://oauth2:${{ secrets.PR_TOKEN }}@github.com".insteadOf "https://github.com"
# Sets GOPRIVATE and GONOSUMDB in order to use the git authetnication for go mod.
echo "GOPRIVATE=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV
echo "GONOSUMDB=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV
# TODO: remove end
- name: Checkout Repo
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # tag=v4.2.2
with:
fetch-depth: 0
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install pulumictl
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # tag=v2.1.0
with:
repo: pulumi/pulumictl
- name: Install Go Tools
uses: ./.github/actions/gotools
with:
go-version: ${{ matrix.goversion }}
- uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
- uses: anchore/sbom-action/download-syft@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10
- name: Debugging what was changed
run: |
git status
git diff
git tag -n
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # tag=v6.3.0
with:
args: -p 3 release --clean
version: '~> v2'
strategy:
fail-fast: true
matrix:
goversion:
- 1.24.x
publish_sdk:
name: Publish SDKs to npm Registry, NuGet Gallery and Python Package Index
runs-on: ubuntu-latest
needs: publish_binary
steps:
# TODO: remove when this repo is made public
- name: Configure Git for Private Modules
run: |
git config --global url."https://oauth2:${{ secrets.PR_TOKEN }}@github.com".insteadOf "https://github.com"
# Sets GOPRIVATE and GONOSUMDB in order to use the git authetnication for go mod.
echo "GOPRIVATE=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV
echo "GONOSUMDB=github.com/${{ github.repository }}/*,github.com/stackitcloud/*" >> $GITHUB_ENV
# TODO: remove end
- name: Checkout Repo
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # tag=v4.2.2
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go Tools
uses: ./.github/actions/gotools
with:
go-version: ${{ matrix.goversion }}
- name: Install Pulumi Tools
uses: ./.github/actions/pulumitools
with:
dotnet-version: ${{matrix.dotnetverson}}
node-version: ${{matrix.nodeversion}}
python-version: ${{matrix.pythonversion}}
- name: Build SDK
run: make build_${{ matrix.language }}
- name: Check worktree clean
run: |
git update-index -q --refresh
if ! git diff-files --quiet; then
>&2 echo "error: working tree is not clean, aborting!"
git status
git diff
exit 1
fi
- if: ${{ matrix.language == 'nodejs' }}
name: Run type script unit tests
run: make test_ts
- if: ${{ matrix.language == 'python' && env.PUBLISH_PYPI == 'true' }}
name: Publish package to PyPI
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # tag=v1.13.0
with:
user: ${{ env.PYPI_USERNAME }}
password: ${{ env.PYPI_PASSWORD }}
packages_dir: ${{github.workspace}}/sdk/python/bin/dist
- if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }}
uses: JS-DevTools/npm-publish@7f8fe47b3bea1be0c3aec2b717c5ec1f3e03410b # tag=v4.1.1
with:
access: "public"
# old way, we want to use Trusted publishers
# token: ${{ env.NPM_TOKEN }}
package: ${{github.workspace}}/sdk/nodejs/bin/package.json
provenance: true
- if: ${{ matrix.language == 'dotnet' && env.PUBLISH_NUGET == 'true' }}
name: publish nuget package
run: |
dotnet nuget push ${{github.workspace}}/sdk/dotnet/bin/Debug/*.nupkg -s ${{ env.NUGET_FEED_URL }} -k ${{ env.NUGET_PUBLISH_KEY }}
echo "done publishing packages"
# TODO: publish go sdk to github
strategy:
fail-fast: true
matrix:
dotnetversion:
- 9.0.x
goversion:
- 1.24.x
language:
- nodejs
- python
- dotnet
- go
nodeversion:
- 20.x
pythonversion:
- "3.9"