diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e2e47799..7adba4ef 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -97,7 +97,7 @@ jobs: - name: Upload Provider Binaries run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive - name: Create GH Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 if: inputs.isPrerelease == false with: tag_name: v${{ inputs.version }} diff --git a/Makefile b/Makefile index dfe181b4..ff40619a 100644 --- a/Makefile +++ b/Makefile @@ -29,7 +29,7 @@ LDFLAGS=$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_UPSTREAM_VERSION) $(LDFLAGS_EXTRAS) $( # Create a `.make` directory for tracking targets which don't generate a single file output. This should be ignored by git. # For targets which either don't generate a single file output, or the output file is committed, we use a "sentinel" -# file within `.make/` to track the staleness of the target and only rebuild when needed. +# file within `.make/` to track the staleness of the target and only rebuild when needed. # For each phony target, we create an internal target with the same name, but prefixed with `.make/` where the work is performed. # At the end of each internal target we run `@touch $@` to update the file which is the name of the target. @@ -324,22 +324,22 @@ bin/darwin-arm64/$(PROVIDER): TARGET := darwin-arm64 bin/windows-amd64/$(PROVIDER).exe: TARGET := windows-amd64 bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: bin/jsign-6.0.jar @# check the TARGET is set - test $(TARGET) - cd provider && \ + @test $(TARGET) + @cd provider && \ export GOOS=$$(echo "$(TARGET)" | cut -d "-" -f 1) && \ export GOARCH=$$(echo "$(TARGET)" | cut -d "-" -f 2) && \ export CGO_ENABLED=0 && \ go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)" - @# Only sign windows binary if fully configured. + @# Only sign windows binary if fully configured. @# Test variables set by joining with | between and looking for || showing at least one variable is empty. @# Move the binary to a temporary location and sign it there to avoid the target being up-to-date if signing fails. - set -e; \ - if [[ "${TARGET}" = "windows-amd64" && ${SKIP_SIGNING} != "true" ]]; then \ + @set -e; \ + if [[ "${TARGET}" = "windows-amd64" && "${SKIP_SIGNING}" != "true" ]]; then \ if [[ "|${AZURE_SIGNING_CLIENT_ID}|${AZURE_SIGNING_CLIENT_SECRET}|${AZURE_SIGNING_TENANT_ID}|${AZURE_SIGNING_KEY_VAULT_URI}|" == *"||"* ]]; then \ echo "Can't sign windows binaries as required configuration not set: AZURE_SIGNING_CLIENT_ID, AZURE_SIGNING_CLIENT_SECRET, AZURE_SIGNING_TENANT_ID, AZURE_SIGNING_KEY_VAULT_URI"; \ echo "To rebuild with signing delete the unsigned $@ and rebuild with the fixed configuration"; \ - if [[ ${CI} == "true" ]]; then exit 1; fi; \ + if [[ "${CI}" == "true" ]]; then exit 1; fi; \ else \ mv $@ $@.unsigned; \ az login --service-principal \