-
Notifications
You must be signed in to change notification settings - Fork 5
138 lines (122 loc) · 6.02 KB
/
test-provider-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Test Provider CI
on:
pull_request:
branches:
- master
merge_group: {}
workflow_dispatch: {}
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
name: Verify against testdata
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Install golangci-lint
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6
with:
working-directory: provider-ci
- name: Configure git
# Set the default branch to silence the warnings about the default branch name changing
# The branch doesn't matter here because it's only used for a temp repo for actionlint
run: git config --global init.defaultBranch master
- name: Build & test
run: cd provider-ci && make all
- name: Check worktree clean
uses: pulumi/git-status-check-action@v1
deploy:
uses: ./.github/workflows/update-workflows.yml
secrets: inherit
with:
bridged: true
provider_name: xyz
automerge: ${{ github.event_name == 'merge_group' }}
downstream_test: true
skip_closing_prs: true
caller_workflow: "pull-request"
downstream:
name: Test xyz
timeout-minutes: 240
runs-on: ubuntu-latest
needs: deploy
if: needs.deploy.outputs.pull_request_created == 'true'
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
strategy:
fail-fast: false
steps:
- name: Await PR opened for pulumi-xyz
run: |
echo Await PR opened for pulumi-xyz
until gh search prs --repo pulumi/pulumi-xyz --match body "This PR was automatically generated by the pull-request workflow in the pulumi/ci-mgmt repo, from commit ${{ github.sha }}." --json url | grep url; do sleep 30; done;
- name: Find PR number
id: pr_number
run: |
number=$(gh search prs --repo pulumi/pulumi-xyz --match body "This PR was automatically generated by the pull-request workflow in the pulumi/ci-mgmt repo, from commit ${{ github.sha }}." --json number --jq '.[0].number')
echo "PR number is $number"
echo "number=${number}" >> "${GITHUB_OUTPUT}"
- name: Add needs-release label
if: github.event_name == 'merge_group'
run: gh pr edit --repo "pulumi/pulumi-xyz" "${{ steps.pr_number.outputs.number }}" --add-label "needs-release/patch"
- name: Await first checks started
# Wait for at least 3 checks to be started before we start waiting for them to finish.
# There's a couple of quick checks like comment notification and changelog which are started before the PR checks.
run: while [[ $(gh pr checks --repo "pulumi/pulumi-xyz" "${{ steps.pr_number.outputs.number }}" | wc -l) -le 2 ]]; do sleep 1; done
- name: Await PR codegen tests succeed.
run: gh pr checks --repo "pulumi/pulumi-xyz" "${{ steps.pr_number.outputs.number }}" --watch --fail-fast
outputs:
pr_number: ${{ steps.pr_number.outputs.number }}
downstream_release:
name: Release xyz
timeout-minutes: 240
runs-on: ubuntu-latest
needs: downstream
if: github.event_name == 'merge_group'
steps:
- name: Await PR merged
run: while [[ $(gh pr view --repo "pulumi/pulumi-xyz" "${{ needs.downstream.outputs.pr_number }}" --json "state" --jq ".state") == "OPEN" ]]; do sleep 1; done
timeout-minutes: 5
- name: Get merge commit
id: merge_commit
run: |
merge_commit_oid=$(gh pr view --repo "pulumi/pulumi-xyz" "${{ needs.downstream.outputs.pr_number }}" --json "mergeCommit" --jq ".mergeCommit.oid")
if [[ -z "${merge_commit_oid}" ]]; then
echo "Failed to get merge commit"
exit 1
fi
echo "Merge commit oid is ${merge_commit_oid}"
echo "oid=${merge_commit_oid}" >> "${GITHUB_OUTPUT}"
- name: Await main build start
id: main_build
run: |
until (gh run list --repo "pulumi/pulumi-xyz" --workflow main --json headSha | grep -q "${{ steps.merge_commit.outputs.oid }}"); do sleep 1; done
database_id=$(gh run list --repo "pulumi/pulumi-xyz" --workflow main --json "number,headSha,databaseId" | jq '.[] | select(.headSha == "${{ steps.merge_commit.outputs.oid }}") | .databaseId')
echo "Main build started with database id ${database_id}"
echo "id=${database_id}" >> "${GITHUB_OUTPUT}"
timeout-minutes: 5
- name: Await main build success
run: gh run watch --repo "pulumi/pulumi-xyz" "${{ steps.main_build.outputs.id }}" --exit-status
- name: Get tag for release
id: release_tag
timeout-minutes: 5
run: |
until (git ls-remote --tags "https://github.com/pulumi/pulumi-xyz.git" | grep -q "${{ steps.merge_commit.outputs.oid }}"); do sleep 1; done
# Also handle annotated tags in the format refs/tags/v0.1.0^{}
tag=$(git ls-remote --tags "https://github.com/pulumi/pulumi-xyz.git" | grep "${{ steps.merge_commit.outputs.oid }}" | cut -d '/' -f 3 | sed -E 's/\^\{\}$//')
echo "Tag for release is ${tag}"
echo "tag=${tag}" >> "${GITHUB_OUTPUT}"
- name: Wait for release workflow run
id: release_workflow
timeout-minutes: 5
run: |
until (gh run list --repo "pulumi/pulumi-xyz" --workflow release --branch "${{ steps.release_tag.outputs.tag }}" --json headBranch | grep -q "${{ steps.release_tag.outputs.tag }}"); do sleep 1; done
database_id=$(gh run list --repo "pulumi/pulumi-xyz" --workflow release --branch "${{ steps.release_tag.outputs.tag }}" --json "databaseId" --jq '.[0].databaseId')
echo "Release workflow started with id ${database_id}"
echo "id=${database_id}" >> "${GITHUB_OUTPUT}"
- name: Await release workflow success
run: gh run watch --repo "pulumi/pulumi-xyz" "${{ steps.release_workflow.outputs.id }}" --exit-status