diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index 6a711d41..13f81583 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -30,7 +30,7 @@ runs: - name: Install pulumictl if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') - uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 with: tag: v0.0.46 repo: pulumi/pulumictl @@ -43,7 +43,7 @@ runs: - name: Install Schema Tools if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools') - uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 with: repo: pulumi/schema-tools diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index 7d33d5ee..e82e5851 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -50,8 +50,36 @@ jobs: path: provider/cmd/pulumi-resource-docker - name: Restore makefile progress run: make --touch provider schema - - name: Build & package provider + + - name: Build provider + if: matrix.platform.os != 'windows' + run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-docker + + - name: Build windows provider + if: matrix.platform.os == 'windows' + run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-docker.exe + + - name: Sign windows provider + if: matrix.platform.os == 'windows' + run: | + az login --service-principal \ + -u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \ + -p ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} \ + -t ${{ secrets.AZURE_SIGNING_TENANT_ID }} \ + -o none; + + wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar; + + java -jar jsign-6.0.jar \ + --storetype AZUREKEYVAULT \ + --keystore "PulumiCodeSigning" \ + --url ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} \ + --storepass "$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken)" \ + bin/windows-amd64/pulumi-resource-docker.exe; + + - name: Package provider run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} + - name: Upload artifacts uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index db0db43b..85a98901 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -27,6 +27,7 @@ env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PRIVATE_SSH_KEY_FOR_DIGITALOCEAN: ${{ secrets.PRIVATE_SSH_KEY_FOR_DIGITALOCEAN }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} @@ -60,7 +61,7 @@ jobs: with: persist-credentials: false - name: Cache examples generation - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: | .pulumi/examples-cache diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index 91b6b9d2..b9a18e24 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -20,6 +20,7 @@ env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PRIVATE_SSH_KEY_FOR_DIGITALOCEAN: ${{ secrets.PRIVATE_SSH_KEY_FOR_DIGITALOCEAN }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml index c353895e..8eefeb73 100644 --- a/.github/workflows/community-moderation.yml +++ b/.github/workflows/community-moderation.yml @@ -25,7 +25,7 @@ jobs: - if: steps.sdk_changed.outputs.changed == 'true' && github.event.pull_request.head.repo.full_name != github.repository name: Send codegen warning as comment on PR - uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: > diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index b7be1af4..040bba24 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -26,6 +26,7 @@ env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PRIVATE_SSH_KEY_FOR_DIGITALOCEAN: ${{ secrets.PRIVATE_SSH_KEY_FOR_DIGITALOCEAN }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ca39b58e..c24251de 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,6 +26,7 @@ env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PRIVATE_SSH_KEY_FOR_DIGITALOCEAN: ${{ secrets.PRIVATE_SSH_KEY_FOR_DIGITALOCEAN }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 84bf7261..136506e1 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -37,6 +37,7 @@ env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PRIVATE_SSH_KEY_FOR_DIGITALOCEAN: ${{ secrets.PRIVATE_SSH_KEY_FOR_DIGITALOCEAN }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} @@ -66,7 +67,7 @@ jobs: with: set-env: 'PROVIDER_VERSION' - name: Cache examples generation - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: | .pulumi/examples-cache @@ -96,10 +97,10 @@ jobs: } >> "$GITHUB_ENV" - if: inputs.is_pr && inputs.is_automated == false name: Comment on PR with Details of Schema Check - uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - comment_tag: schemaCheck + github-token: ${{ secrets.GITHUB_TOKEN }} + comment-tag: schemaCheck message: >+ ${{ env.SCHEMA_CHANGES }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 66d4116e..922a011d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -40,6 +40,7 @@ env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PRIVATE_SSH_KEY_FOR_DIGITALOCEAN: ${{ secrets.PRIVATE_SSH_KEY_FOR_DIGITALOCEAN }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 24a59c1b..5b601fea 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -20,6 +20,7 @@ env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PRIVATE_SSH_KEY_FOR_DIGITALOCEAN: ${{ secrets.PRIVATE_SSH_KEY_FOR_DIGITALOCEAN }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} @@ -43,9 +44,9 @@ jobs: with: persist-credentials: false - name: Comment PR - uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} message: > PR is now waiting for a maintainer to run the acceptance tests. diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index afcd9a51..5c0956b8 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -207,7 +207,7 @@ jobs: version: v2.5.0 - name: Run tests if: matrix.testTarget == 'local' - run: cd examples && go test -count=1 -v -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 . + run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 . - name: Run pulumi/examples tests if: matrix.testTarget == 'pulumiExamples' run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -run TestPulumiExamples -parallel 4 . diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index ebc705c4..93620f66 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -53,6 +53,7 @@ env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PRIVATE_SSH_KEY_FOR_DIGITALOCEAN: ${{ secrets.PRIVATE_SSH_KEY_FOR_DIGITALOCEAN }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} diff --git a/examples/dockerfile-go/go.mod b/examples/dockerfile-go/go.mod index f8457980..76948e7b 100644 --- a/examples/dockerfile-go/go.mod +++ b/examples/dockerfile-go/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( github.com/pulumi/pulumi-docker/sdk/v4 v4.0.0-00010101000000-000000000000 - github.com/pulumi/pulumi/sdk/v3 v3.140.0 + github.com/pulumi/pulumi/sdk/v3 v3.142.0 ) replace github.com/pulumi/pulumi-docker/sdk/v4 => ../../sdk diff --git a/examples/dockerfile-go/go.sum b/examples/dockerfile-go/go.sum index d20591eb..0cae9633 100644 --- a/examples/dockerfile-go/go.sum +++ b/examples/dockerfile-go/go.sum @@ -150,8 +150,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= -github.com/pulumi/pulumi/sdk/v3 v3.140.0 h1:+Z/RBvdYg7tBNkBwk4p/FzlV7niBT3TbLAICq/Y0LDU= -github.com/pulumi/pulumi/sdk/v3 v3.140.0/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= +github.com/pulumi/pulumi/sdk/v3 v3.142.0 h1:SmcVddGuvwAh3g3XUVQQ5gVRQUKH1yZ6iETpDNHIHlw= +github.com/pulumi/pulumi/sdk/v3 v3.142.0/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= diff --git a/examples/multi-stage-build-go/go.mod b/examples/multi-stage-build-go/go.mod index d2a52226..d82a4812 100644 --- a/examples/multi-stage-build-go/go.mod +++ b/examples/multi-stage-build-go/go.mod @@ -5,7 +5,7 @@ go 1.21 require ( github.com/pulumi/pulumi-aws/sdk/v5 v5.42.0 github.com/pulumi/pulumi-docker/sdk/v4 v4.0.0-00010101000000-000000000000 - github.com/pulumi/pulumi/sdk/v3 v3.140.0 + github.com/pulumi/pulumi/sdk/v3 v3.142.0 ) replace github.com/pulumi/pulumi-docker/sdk/v4 => ../../sdk diff --git a/examples/multi-stage-build-go/go.sum b/examples/multi-stage-build-go/go.sum index 03448b91..7897e910 100644 --- a/examples/multi-stage-build-go/go.sum +++ b/examples/multi-stage-build-go/go.sum @@ -152,8 +152,8 @@ github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= github.com/pulumi/pulumi-aws/sdk/v5 v5.42.0 h1:QdJvPoUklXdNL8faCOuCrv7qmMNp68jiewbGH8ZboUU= github.com/pulumi/pulumi-aws/sdk/v5 v5.42.0/go.mod h1:qFeKTFSNIlMHotu9ntOWFjJBHtCiUhJeaiUB/0nVwXk= -github.com/pulumi/pulumi/sdk/v3 v3.140.0 h1:+Z/RBvdYg7tBNkBwk4p/FzlV7niBT3TbLAICq/Y0LDU= -github.com/pulumi/pulumi/sdk/v3 v3.140.0/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= +github.com/pulumi/pulumi/sdk/v3 v3.142.0 h1:SmcVddGuvwAh3g3XUVQQ5gVRQUKH1yZ6iETpDNHIHlw= +github.com/pulumi/pulumi/sdk/v3 v3.142.0/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= diff --git a/examples/nginx-go/go.mod b/examples/nginx-go/go.mod index f8457980..76948e7b 100644 --- a/examples/nginx-go/go.mod +++ b/examples/nginx-go/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( github.com/pulumi/pulumi-docker/sdk/v4 v4.0.0-00010101000000-000000000000 - github.com/pulumi/pulumi/sdk/v3 v3.140.0 + github.com/pulumi/pulumi/sdk/v3 v3.142.0 ) replace github.com/pulumi/pulumi-docker/sdk/v4 => ../../sdk diff --git a/examples/nginx-go/go.sum b/examples/nginx-go/go.sum index d20591eb..0cae9633 100644 --- a/examples/nginx-go/go.sum +++ b/examples/nginx-go/go.sum @@ -150,8 +150,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= -github.com/pulumi/pulumi/sdk/v3 v3.140.0 h1:+Z/RBvdYg7tBNkBwk4p/FzlV7niBT3TbLAICq/Y0LDU= -github.com/pulumi/pulumi/sdk/v3 v3.140.0/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= +github.com/pulumi/pulumi/sdk/v3 v3.142.0 h1:SmcVddGuvwAh3g3XUVQQ5gVRQUKH1yZ6iETpDNHIHlw= +github.com/pulumi/pulumi/sdk/v3 v3.142.0/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= diff --git a/upstream.sh b/upstream.sh index 640b8363..ce90039c 100755 --- a/upstream.sh +++ b/upstream.sh @@ -286,7 +286,7 @@ rebase() { interactive_flag="--interactive" fi if ! git rebase --onto "${onto}" ${interactive_flag}; then - echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory." + echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory. Once the rebase is complete, run '${original_exec} check_in' to write to commits back to patches." exit 1 fi cd ..