Build kitchen sink for arm64 #1335
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI Build | |
on: | |
workflow_dispatch: | |
inputs: | |
pulumi_version: | |
description: The version of Pulumi to use to build the Docker images. Full semver, e.g. "3.18.1". | |
type: string | |
repository_dispatch: | |
types: | |
- ci-build | |
pull_request: | |
paths-ignore: | |
- "CONTRIBUTING.md" | |
- "LICENSE" | |
- "README.md" | |
# "Push" is a somewhat unintuitive name - the event will fire after a PR is | |
# merged to the main branch. | |
push: | |
branches: | |
- "main" | |
concurrency: | |
# Use github.run_id on main branch | |
# Use github.event.pull_request.number on pull requests, so it's unique per pull request | |
# Use github.ref on other branches, so it's unique per branch | |
group: ${{ github.workflow }}-${{ github.ref == 'refs/heads/main' && github.run_id || github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} # Used by test-containers.sh\ | |
# The organization in the Pulumi SaaS service against which the integration | |
# tests will run: | |
PULUMI_ORG: "pulumi-test" | |
DOCKER_ORG: pulumi | |
PULUMI_VERSION: ${{ github.event.inputs.pulumi_version || github.event.client_payload.ref }} | |
# Do not depend on C library for the tests. | |
CGO_ENABLED: "0" | |
# Azure credentials for the tests | |
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
AWS_REGION: "us-west-2" | |
# GCP | |
GCP_SERVICE_ACCOUNT_EMAIL: "[email protected]" | |
GCP_PROJECT_NAME: "pulumi-ci-gcp-provider" | |
GCP_PROJECT_NUMBER: "895284651812" | |
GCP_WORKLOAD_IDENTITY_POOL: "pulumi-ci" | |
GCP_WORKLOAD_IDENTITY_PROVIDER: "pulumi-ci" | |
GCP_REGION: "us-central1" | |
GCP_ZONE: "us-central1-a" | |
jobs: | |
comment-notification: | |
if: github.event_name == 'repository_dispatch' && github.event.client_payload.github.payload.issue.number | |
runs-on: ubuntu-latest | |
steps: | |
- name: Create URL to the run output | |
id: vars | |
run: echo run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID >> "$GITHUB_OUTPUT" | |
- name: Update with Result | |
uses: peter-evans/create-or-update-comment@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
repository: ${{ github.event.client_payload.github.payload.repository.full_name }} | |
issue-number: ${{ github.event.client_payload.github.payload.issue.number }} | |
body: | | |
Please view the results of the Downstream Containers Tests [Here][1] | |
[1]: ${{ steps.vars.outputs.run-url }} | |
kitchen-sink: | |
name: All SDKs image | |
strategy: | |
matrix: | |
arch: ["arm64", "amd64"] | |
include: | |
- arch: amd64 | |
runner: ubuntu-24.04 | |
- arch: arm64 | |
runner: ubuntu-24.04-arm | |
runs-on: ${{ matrix.runner }} | |
permissions: | |
id-token: write | |
steps: | |
# If no version of Pulumi is supplied by the incoming event (e.g. in the | |
# case of a PR or merge to main), we use the latest production version: | |
- name: Set version to latest | |
if: ${{ !env.PULUMI_VERSION }} | |
run: | | |
echo "PULUMI_VERSION=$(curl https://www.pulumi.com/latest-version)" >> $GITHUB_ENV | |
- uses: actions/checkout@master | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
tool-cache: false | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
install: true | |
- name: Build | |
# We only build the "kitchen sink" image for AMD64 as it's rather large | |
# and we want to steer users to use the single SDK images going forward: | |
run: | | |
docker build \ | |
-f docker/pulumi/Dockerfile \ | |
--platform linux/${{ matrix.arch }} \ | |
-t ${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }}-${{ matrix.arch }} \ | |
--target base \ | |
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \ | |
--load \ | |
docker/pulumi | |
- name: Image Info | |
run: | | |
docker image ls ${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }}-${{ matrix.arch }} | |
docker history ${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }}-${{ matrix.arch }} | |
- name: Build nonroot variant | |
run: | | |
docker build \ | |
-f docker/pulumi/Dockerfile \ | |
--platform linux/amd64 \ | |
-t ${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }}-nonroot-${{ matrix.arch }} \ | |
--target nonroot \ | |
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \ | |
--load \ | |
docker/pulumi | |
- name: Image Info | |
run: | | |
docker image ls ${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }}-${{ matrix.arch }}-nonroot | |
docker history ${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }}-${{ matrix.arch }}-nonroot | |
- name: Install go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22" | |
cache-dependency-path: tests/go.sum | |
- name: Compile tests | |
working-directory: tests | |
run: | | |
GOOS=linux GOARCH=amd64 go test -c -o /tmp/pulumi-test-containers ./... | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
role-duration-seconds: 14400 # 4 hours | |
role-session-name: pulumi-docker-containers@githubActions | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v2 | |
with: | |
service_account: ${{ env.GCP_SERVICE_ACCOUNT_EMAIL }} | |
workload_identity_provider: projects/${{ env.GCP_PROJECT_NUMBER | |
}}/locations/global/workloadIdentityPools/${{ env.GCP_WORKLOAD_IDENTITY_POOL | |
}}/providers/${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
- name: 'Set up Cloud SDK' | |
uses: 'google-github-actions/setup-gcloud@v2' | |
- name: Tests | |
# Note we use /src/pulumi-test-containers as entrypoint and not bash to avoid bash | |
# changing the environment in some way. | |
run: | | |
chmod o+r $GOOGLE_APPLICATION_CREDENTIALS | |
docker run \ | |
-e RUN_CONTAINER_TESTS=true \ | |
-e IMAGE_VARIANT=pulumi \ | |
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \ | |
-e PULUMI_ORG=${PULUMI_ORG} \ | |
-e ARM_CLIENT_ID=${ARM_CLIENT_ID} \ | |
-e ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET} \ | |
-e ARM_TENANT_ID=${ARM_TENANT_ID} \ | |
-e ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID} \ | |
-e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \ | |
-e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \ | |
-e AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \ | |
-e AWS_REGION=${AWS_REGION} \ | |
-e GCP_PROJECT_NAME=${GCP_PROJECT_NAME} \ | |
-e GCP_PROJECT_NUMBER=${GCP_PROJECT_NUMBER} \ | |
-e GOOGLE_APPLICATION_CREDENTIALS=/src/creds.json \ | |
--mount type=bind,source=$GOOGLE_APPLICATION_CREDENTIALS,target=/src/creds.json \ | |
--volume /tmp:/src \ | |
--entrypoint /src/pulumi-test-containers \ | |
${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }} \ | |
-test.timeout=1h -test.v | sed 's/.*/[root] &/' & | |
docker run \ | |
-e RUN_CONTAINER_TESTS=true \ | |
-e IMAGE_VARIANT=pulumi-nonroot \ | |
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \ | |
-e PULUMI_ORG=${PULUMI_ORG} \ | |
-e ARM_CLIENT_ID=${ARM_CLIENT_ID} \ | |
-e ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET} \ | |
-e ARM_TENANT_ID=${ARM_TENANT_ID} \ | |
-e ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID} \ | |
-e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \ | |
-e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \ | |
-e AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \ | |
-e AWS_REGION=${AWS_REGION} \ | |
-e GCP_PROJECT_NAME=${GCP_PROJECT_NAME} \ | |
-e GCP_PROJECT_NUMBER=${GCP_PROJECT_NUMBER} \ | |
-e GOOGLE_APPLICATION_CREDENTIALS=/src/creds.json \ | |
--mount type=bind,source=$GOOGLE_APPLICATION_CREDENTIALS,target=/src/creds.json \ | |
--volume /tmp:/src \ | |
--entrypoint /src/pulumi-test-containers \ | |
${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }}-nonroot \ | |
-test.timeout=1h -test.v | sed 's/.*/[nonroot] &/' & | |
wait | |
provider-build-environment: | |
name: Provider Build Environment image | |
strategy: | |
matrix: | |
arch: ["arm64", "amd64"] | |
include: | |
- arch: amd64 | |
runner: ubuntu-24.04 | |
- arch: arm64 | |
runner: ubuntu-24.04-arm | |
runs-on: ${{ matrix.runner }} | |
permissions: | |
id-token: write | |
steps: | |
# If no version of Pulumi is supplied by the incoming event (e.g. in the | |
# case of a PR or merge to main), we use the latest production version: | |
- name: Set version to latest | |
if: ${{ !env.PULUMI_VERSION }} | |
run: | | |
echo "PULUMI_VERSION=$(curl https://www.pulumi.com/latest-version)" >> $GITHUB_ENV | |
- uses: actions/checkout@master | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
tool-cache: false | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
install: true | |
- name: Build | |
# This image is only built for AMD64 for the same reasons as | |
# the "kitchen sink" image, listed above. | |
run: | | |
docker build \ | |
-f docker/pulumi/Dockerfile \ | |
--platform linux/amd64 \ | |
-t ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }}-${{ matrix.arch }} \ | |
--target build-environment \ | |
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \ | |
--load \ | |
docker/pulumi | |
- name: Image Info | |
run: | | |
docker image ls ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }}-${{ matrix.arch }} | |
docker history ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }}-${{ matrix.arch }} | |
- name: Install go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22" | |
cache-dependency-path: tests/go.sum | |
- name: Compile tests | |
working-directory: tests | |
run: | | |
GOOS=linux GOARCH=amd64 go test -c -o /tmp/pulumi-test-containers ./... | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
role-duration-seconds: 14400 # 4 hours | |
role-session-name: pulumi-docker-containers@githubActions | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v2 | |
with: | |
service_account: ${{ env.GCP_SERVICE_ACCOUNT_EMAIL }} | |
workload_identity_provider: projects/${{ env.GCP_PROJECT_NUMBER | |
}}/locations/global/workloadIdentityPools/${{ env.GCP_WORKLOAD_IDENTITY_POOL | |
}}/providers/${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
- name: 'Set up Cloud SDK' | |
uses: 'google-github-actions/setup-gcloud@v2' | |
- name: Tests | |
run: | | |
docker run \ | |
-e RUN_CONTAINER_TESTS=true \ | |
-e IMAGE_VARIANT=pulumi \ | |
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \ | |
-e PULUMI_ORG=${PULUMI_ORG} \ | |
-e ARM_CLIENT_ID=${ARM_CLIENT_ID} \ | |
-e ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET} \ | |
-e ARM_TENANT_ID=${ARM_TENANT_ID} \ | |
-e ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID} \ | |
-e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \ | |
-e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \ | |
-e AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \ | |
-e AWS_REGION=${AWS_REGION} \ | |
-e GCP_PROJECT_NAME=${GCP_PROJECT_NAME} \ | |
-e GCP_PROJECT_NUMBER=${GCP_PROJECT_NUMBER} \ | |
-e GOOGLE_APPLICATION_CREDENTIALS=/src/creds.json \ | |
--mount type=bind,source=$GOOGLE_APPLICATION_CREDENTIALS,target=/src/creds.json \ | |
--volume /tmp:/src \ | |
--entrypoint /src/pulumi-test-containers \ | |
${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }}-${{ matrix.arch }} \ | |
-test.parallel=1 -test.timeout=1h -test.v | |
base: | |
name: Base image | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
os: ["debian", "ubi"] | |
steps: | |
# If no version of Pulumi is supplied by the incoming event (e.g. in the | |
# case of a PR or merge to main), we use the latest production version: | |
- name: Set version to latest | |
if: ${{ !env.PULUMI_VERSION }} | |
run: | | |
echo "PULUMI_VERSION=$(curl https://www.pulumi.com/latest-version)" >> $GITHUB_ENV | |
- uses: actions/checkout@master | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
install: true | |
- name: Build | |
run: | | |
docker build \ | |
-f docker/base/Dockerfile.${{ matrix.os }} \ | |
--platform linux/arm64,linux/amd64 \ | |
. \ | |
-t ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-${{ matrix.os }} \ | |
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \ | |
define-matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.define-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@master | |
- name: Define Matrix | |
id: define-matrix | |
run: | | |
echo matrix=$(python ./.github/scripts/matrix/gen-matrix.py) >> "$GITHUB_OUTPUT" | |
debian-sdk: | |
name: Debian SDK images | |
needs: define-matrix | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON(needs.define-matrix.outputs.matrix) }} | |
runs-on: ${{ matrix.runner }} | |
permissions: | |
id-token: write | |
steps: | |
# If no version of Pulumi is supplied by the incoming event (e.g. in the | |
# case of a PR or merge to main), we use the latest production version: | |
- name: Set version to latest | |
if: ${{ !env.PULUMI_VERSION }} | |
run: | | |
echo "PULUMI_VERSION=$(curl https://www.pulumi.com/latest-version)" >> $GITHUB_ENV | |
- name: Set image name | |
run: | | |
echo "IMAGE_NAME=${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}${{ matrix.suffix }}:${{ env.PULUMI_VERSION }}-debian-${{ matrix.arch }}" >> $GITHUB_ENV | |
- uses: actions/checkout@master | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
install: true | |
- name: Build | |
run: | | |
docker build \ | |
-f docker/${{ matrix.sdk }}/Dockerfile.debian \ | |
--platform linux/${{ matrix.arch }} \ | |
-t ${{ env.IMAGE_NAME }} \ | |
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \ | |
--build-arg LANGUAGE_VERSION=${{ matrix.language_version }} \ | |
docker/${{ matrix.sdk }} \ | |
--load | |
- name: Image Info | |
run: | | |
docker image ls ${{ env.IMAGE_NAME }} | |
docker history ${{ env.IMAGE_NAME }} | |
- name: Install go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22" | |
cache-dependency-path: tests/go.sum | |
- name: Compile tests | |
working-directory: tests | |
run: | | |
GOOS=linux GOARCH=${{ matrix.arch }} go test -c -o /tmp/pulumi-test-containers ./... | |
- name: Set SDKS_TO_TEST (dotnet) | |
if: ${{ matrix.sdk == 'dotnet' }} | |
run: echo "SDKS_TO_TEST=csharp" >> $GITHUB_ENV | |
- name: Set SDKS_TO_TEST (nodejs) | |
if: ${{ matrix.sdk == 'nodejs' }} | |
run: echo "SDKS_TO_TEST=typescript" >> $GITHUB_ENV | |
- name: Set SDKS_TO_TEST (default) | |
if: ${{ matrix.sdk != 'dotnet' && matrix.sdk != 'nodejs' }} | |
run: echo "SDKS_TO_TEST=${{ matrix.sdk}}" >> $GITHUB_ENV | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
role-duration-seconds: 14400 # 4 hours | |
role-session-name: pulumi-docker-containers@githubActions | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v2 | |
with: | |
service_account: ${{ env.GCP_SERVICE_ACCOUNT_EMAIL }} | |
workload_identity_provider: projects/${{ env.GCP_PROJECT_NUMBER | |
}}/locations/global/workloadIdentityPools/${{ env.GCP_WORKLOAD_IDENTITY_POOL | |
}}/providers/${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
- name: 'Set up Cloud SDK' | |
uses: 'google-github-actions/setup-gcloud@v2' | |
- name: Tests | |
run: | | |
docker run \ | |
-e RUN_CONTAINER_TESTS=true \ | |
-e IMAGE_VARIANT=pulumi-debian-${{ matrix.sdk }} \ | |
-e LANGUAGE_VERSION=${{ matrix.language_version }} \ | |
-e SDKS_TO_TEST=${SDKS_TO_TEST} \ | |
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \ | |
-e PULUMI_ORG=${PULUMI_ORG} \ | |
-e ARM_CLIENT_ID=${ARM_CLIENT_ID} \ | |
-e ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET} \ | |
-e ARM_TENANT_ID=${ARM_TENANT_ID} \ | |
-e ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID} \ | |
-e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \ | |
-e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \ | |
-e AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \ | |
-e AWS_REGION=${AWS_REGION} \ | |
-e GCP_PROJECT_NAME=${GCP_PROJECT_NAME} \ | |
-e GCP_PROJECT_NUMBER=${GCP_PROJECT_NUMBER} \ | |
-e GOOGLE_APPLICATION_CREDENTIALS=/src/creds.json \ | |
--mount type=bind,source=$GOOGLE_APPLICATION_CREDENTIALS,target=/src/creds.json \ | |
--volume /tmp:/src \ | |
--entrypoint /src/pulumi-test-containers \ | |
--platform ${{ matrix.arch }} \ | |
${{ env.IMAGE_NAME }} \ | |
-test.parallel=1 -test.timeout=1h -test.v -test.run "TestPulumiTemplateTests|TestEnvironment" | |
define-ubi-matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.define-matrix-sdk-manifests.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@master | |
- name: Define Matrix for UBI SDK Manifests | |
id: define-matrix-sdk-manifests | |
run: | | |
echo matrix=$(python ./.github/scripts/matrix/gen-matrix.py --no-arch) >> "$GITHUB_OUTPUT" | |
ubi-sdk: | |
name: UBI SDK images | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
needs: define-ubi-matrix | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON(needs.define-ubi-matrix.outputs.matrix) }} | |
steps: | |
# If no version of Pulumi is supplied by the incoming event (e.g. in the | |
# case of a PR or merge to main), we use the latest production version: | |
- name: Set version to latest | |
if: ${{ !env.PULUMI_VERSION }} | |
run: | | |
echo "PULUMI_VERSION=$(curl https://www.pulumi.com/latest-version)" >> $GITHUB_ENV | |
- name: Set image name | |
run: | | |
echo "IMAGE_NAME=${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}${{ matrix.suffix }}:${{ env.PULUMI_VERSION }}-ubi" >> $GITHUB_ENV | |
- uses: actions/checkout@master | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
install: true | |
- name: Build | |
# We only build UBI for amd64 due to arm64 builds hanging on `npm | |
# install -g yarn` with no additional output, plus the apparent | |
# requirement of a paid subscription in order to file a bug with RedHat. | |
run: | | |
docker build \ | |
-f docker/${{ matrix.sdk }}/Dockerfile.ubi \ | |
--platform linux/amd64 \ | |
-t ${{ env.IMAGE_NAME }} \ | |
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \ | |
--build-arg LANGUAGE_VERSION=${{ matrix.language_version }} \ | |
docker/${{ matrix.sdk }} \ | |
--load | |
- name: Image Info | |
run: | | |
docker image ls ${{ env.IMAGE_NAME }} | |
docker history ${{ env.IMAGE_NAME }} | |
- name: Install go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22" | |
cache-dependency-path: tests/go.sum | |
- name: Compile tests | |
working-directory: tests | |
run: | | |
GOOS=linux GOARCH=amd64 go test -c -o /tmp/pulumi-test-containers ./... | |
- name: Set SDKS_TO_TEST (dotnet) | |
if: ${{ matrix.sdk == 'dotnet' }} | |
run: echo "SDKS_TO_TEST=csharp" >> $GITHUB_ENV | |
- name: Set SDKS_TO_TEST (nodejs) | |
if: ${{ matrix.sdk == 'nodejs' }} | |
run: echo "SDKS_TO_TEST=typescript" >> $GITHUB_ENV | |
- name: Set SDKS_TO_TEST (default) | |
if: ${{ matrix.sdk != 'dotnet' && matrix.sdk != 'nodejs' }} | |
run: echo "SDKS_TO_TEST=${{ matrix.sdk}}" >> $GITHUB_ENV | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
role-duration-seconds: 14400 # 4 hours | |
role-session-name: pulumi-docker-containers@githubActions | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v2 | |
with: | |
service_account: ${{ env.GCP_SERVICE_ACCOUNT_EMAIL }} | |
workload_identity_provider: projects/${{ env.GCP_PROJECT_NUMBER | |
}}/locations/global/workloadIdentityPools/${{ env.GCP_WORKLOAD_IDENTITY_POOL | |
}}/providers/${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
- name: 'Set up Cloud SDK' | |
uses: 'google-github-actions/setup-gcloud@v2' | |
- name: Tests | |
run: | | |
docker run \ | |
-e RUN_CONTAINER_TESTS=true \ | |
-e IMAGE_VARIANT=pulumi-ubi-${{ matrix.sdk }} \ | |
-e LANGUAGE_VERSION=${{ matrix.language_version }} \ | |
-e SDKS_TO_TEST=${SDKS_TO_TEST} \ | |
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \ | |
-e PULUMI_ORG=${PULUMI_ORG} \ | |
-e ARM_CLIENT_ID=${ARM_CLIENT_ID} \ | |
-e ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET} \ | |
-e ARM_TENANT_ID=${ARM_TENANT_ID} \ | |
-e ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID} \ | |
-e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \ | |
-e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \ | |
-e AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \ | |
-e AWS_REGION=${AWS_REGION} \ | |
-e GCP_PROJECT_NAME=${GCP_PROJECT_NAME} \ | |
-e GCP_PROJECT_NUMBER=${GCP_PROJECT_NUMBER} \ | |
-e GOOGLE_APPLICATION_CREDENTIALS=/src/creds.json \ | |
--mount type=bind,source=$GOOGLE_APPLICATION_CREDENTIALS,target=/src/creds.json \ | |
--volume /tmp:/src \ | |
--entrypoint /src/pulumi-test-containers \ | |
${{ env.IMAGE_NAME }} \ | |
-test.parallel=1 -test.timeout=1h -test.v -test.run "TestPulumiTemplateTests|TestEnvironment" | |
ci-ok: | |
name: ci-ok | |
needs: [kitchen-sink, provider-build-environment, base, debian-sdk, ubi-sdk] | |
if: always() | |
runs-on: ubuntu-latest | |
steps: | |
- name: CI succeeded | |
run: exit 0 |