release-build #144
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Build | |
on: | |
# Allow the workflow to be triggered manually, e.g. for testing, or after | |
# changing the Dockerfiles: | |
workflow_dispatch: | |
inputs: | |
pulumi_version: | |
description: The version of Pulumi to use to build the Docker images. Full semver, e.g. "3.18.1". | |
type: string | |
required: true | |
force_release: | |
description: Whether to force a release to occur. By default, only repository dispatch creates releases. | |
type: boolean | |
required: true | |
default: false | |
tag_latest: | |
description: Whether to also tag this version as "latest". | |
type: boolean | |
required: true | |
default: true | |
# Trigger the release workflow for Docker containers when a new version of | |
# Pulumi is released. This dispatch event is fired in pulumi/pulumi's release | |
# workflow: | |
repository_dispatch: | |
types: | |
- docker-build # Legacy event name, will delete once no longer used. | |
- release-build # Current event name. | |
env: | |
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} | |
# Used to run the container tests: | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
# The organization in the Pulumi SaaS service against which the integration | |
# tests will run: | |
PULUMI_ORG: "pulumi-test" | |
# We parameterize the Docker Hub username to allow forks to easily test | |
# changes on a separate repo without having to change the username in multiple | |
# places: | |
DOCKER_USERNAME: pulumibot | |
DOCKER_ORG: pulumi | |
PULUMI_VERSION: ${{ github.event.inputs.pulumi_version || github.event.client_payload.ref }} | |
# Do not depend on C library for the tests. | |
CGO_ENABLED: "0" | |
jobs: | |
kitchen-sink: | |
name: All SDKs image | |
strategy: | |
matrix: | |
go-version: [1.21.x] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@master | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
install: true | |
- name: Build | |
# We only build the "kitchen sink" image for AMD64 as it's rather large | |
# and we want to steer users to use the single SDK images going forward: | |
run: | | |
docker build \ | |
-f docker/pulumi/Dockerfile \ | |
--platform linux/amd64 \ | |
-t ${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }} \ | |
-t ${{ env.DOCKER_ORG }}/pulumi:latest \ | |
--target base \ | |
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \ | |
--load \ | |
docker/pulumi | |
- name: Install go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: "1.21.1" | |
- name: Compile tests | |
working-directory: tests | |
run: | | |
GOOS=linux GOARCH=amd64 go test -c -o /tmp/pulumi-test-containers ./... | |
- name: Run tests | |
run: | | |
docker run \ | |
-e RUN_CONTAINER_TESTS=true \ | |
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \ | |
-e PULUMI_ORG=${PULUMI_ORG} \ | |
--volume /tmp:/src \ | |
--entrypoint /bin/bash \ | |
${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }} \ | |
-c "/src/pulumi-test-containers -test.parallel=1 -test.timeout=1h -test.v -test.run TestPulumiDockerImage" | |
- name: Push ${{ env.PULUMI_VERSION }} | |
run: docker push ${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }} | |
- name: Push latest | |
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }} | |
run: docker push ${{ env.DOCKER_ORG }}/pulumi:latest | |
provider-build-environment: | |
name: Provider Build Environment image | |
strategy: | |
matrix: | |
go-version: [1.21.1] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@master | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
install: true | |
- name: Build | |
# This image is only built for AMD64 for the same reasons as | |
# the "kitchen sink" image, listed above. | |
run: | | |
docker build \ | |
-f docker/pulumi/Dockerfile \ | |
--platform linux/amd64 \ | |
-t ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }} \ | |
-t ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:latest \ | |
--target build-environment \ | |
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \ | |
--load \ | |
docker/pulumi | |
- name: Install go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: "1.21.1" | |
- name: Compile tests | |
working-directory: tests | |
run: | | |
GOOS=linux GOARCH=amd64 go test -c -o /tmp/pulumi-test-containers ./... | |
- name: Run tests | |
run: | | |
docker run \ | |
-e RUN_CONTAINER_TESTS=true \ | |
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \ | |
-e PULUMI_ORG=${PULUMI_ORG} \ | |
--volume /tmp:/src \ | |
--entrypoint /bin/bash \ | |
${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }} \ | |
-c "/src/pulumi-test-containers -test.parallel=1 -test.timeout=1h -test.v -test.run TestPulumiDockerImage" | |
- name: Push ${{ env.PULUMI_VERSION }} | |
run: docker push ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }} | |
- name: Push latest | |
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }} | |
run: docker push ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:latest | |
base: | |
name: Base image | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
os: ["debian", "ubi"] | |
arch: ["arm64", "amd64"] | |
steps: | |
- uses: actions/checkout@master | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
install: true | |
- name: Build | |
run: | | |
docker build \ | |
-f docker/base/Dockerfile.${{ matrix.os }} \ | |
--platform linux/${{ matrix.arch }} \ | |
. \ | |
-t ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-${{ matrix.os }}-${{ matrix.arch }} \ | |
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \ | |
--load | |
- name: Push image | |
run: | | |
docker push ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-${{ matrix.os}}-${{ matrix.arch }} | |
base-manifests: | |
name: Base image manifests | |
needs: ["base"] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Debian manifest | |
run: | | |
docker manifest create \ | |
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian \ | |
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-arm64 \ | |
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-amd64 | |
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian | |
- name: UBI manifest | |
run: | | |
docker manifest create \ | |
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-ubi \ | |
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-ubi-arm64 \ | |
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-ubi-amd64 | |
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-ubi | |
- name: Suffix-less manifest (version) | |
run: | | |
docker manifest create \ | |
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }} \ | |
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-arm64 \ | |
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-amd64 | |
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }} | |
- name: Suffix-less manifest (latest) | |
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }} | |
# Manifest lists can't be a source for `docker tag`, so we create an | |
# additional copy of the previous manifest to tag latest: | |
run: | | |
docker manifest create \ | |
${{ env.DOCKER_ORG }}/pulumi-base:latest \ | |
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-arm64 \ | |
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-amd64 | |
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-base:latest | |
debian-sdk: | |
name: Debian SDK images | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
sdk: ["nodejs", "python", "dotnet", "go", "java"] | |
arch: ["amd64", "arm64"] | |
steps: | |
- uses: actions/checkout@master | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
install: true | |
- name: Build | |
# We supply a working directory to the command below due to the | |
# dnf/nodej2.module file that has to mounted into the container. | |
run: | | |
docker build \ | |
-f docker/${{ matrix.sdk }}/Dockerfile.debian \ | |
--platform linux/${{ matrix.arch }} \ | |
-t ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-${{ matrix.arch }} \ | |
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \ | |
docker/${{ matrix.sdk }} \ | |
--load | |
- name: Install go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: "1.21.1" | |
- name: Compile tests | |
working-directory: tests | |
run: | | |
GOOS=linux GOARCH=${{ matrix.arch }} go test -c -o /tmp/pulumi-test-containers ./... | |
- name: Set SDKS_TO_TEST (dotnet) | |
if: ${{ matrix.sdk == 'dotnet' }} | |
run: echo "SDKS_TO_TEST=csharp" >> $GITHUB_ENV | |
- name: Set SDKS_TO_TEST (nodejs) | |
if: ${{ matrix.sdk == 'nodejs' }} | |
run: echo "SDKS_TO_TEST=typescript" >> $GITHUB_ENV | |
- name: Set SDKS_TO_TEST (default) | |
if: ${{ matrix.sdk != 'dotnet' && matrix.sdk != 'nodejs' }} | |
run: echo "SDKS_TO_TEST=${{ matrix.sdk}}" >> $GITHUB_ENV | |
- name: Run tests | |
run: | | |
docker run \ | |
-e RUN_CONTAINER_TESTS=true \ | |
-e SDKS_TO_TEST=${SDKS_TO_TEST} \ | |
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \ | |
-e PULUMI_ORG=${PULUMI_ORG} \ | |
--volume /tmp:/src \ | |
--entrypoint /bin/bash \ | |
--platform ${{ matrix.arch }} \ | |
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-${{ matrix.arch }} \ | |
-c "/src/pulumi-test-containers -test.parallel=1 -test.timeout=1h -test.v -test.run TestPulumiDockerImage" | |
- name: Push image | |
run: | | |
docker push ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-${{ matrix.arch }} | |
debian-sdk-manifests: | |
name: Debian SDK manifests | |
needs: ["debian-sdk"] | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
sdk: ["nodejs", "python", "dotnet", "go", "java"] | |
steps: | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Debian manifest | |
run: | | |
docker manifest create \ | |
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian \ | |
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-arm64 \ | |
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian | |
- name: Suffix-less manifest | |
run: | | |
docker manifest create \ | |
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }} \ | |
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-arm64 \ | |
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }} | |
- name: Suffix-less manifest (latest) | |
# Manifest lists can't be a source for `docker tag`, so we create an | |
# additional copy of the previous manifest to tag latest: | |
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }} | |
run: | | |
docker manifest create \ | |
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:latest \ | |
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-arm64 \ | |
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:latest | |
ubi-sdk: | |
name: UBI SDK images | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
sdk: ["nodejs", "python", "dotnet", "go", "java"] | |
steps: | |
- uses: actions/checkout@master | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
install: true | |
- name: Build | |
# We only build UBI for amd64 due to arm64 builds hanging on `npm | |
# install -g yarn` with no additional output. | |
# | |
# We supply a working directory to the command below due to the | |
# dnf/nodej2.module file that has to mounted into the container. | |
run: | | |
docker build \ | |
-f docker/${{ matrix.sdk }}/Dockerfile.ubi \ | |
--platform linux/amd64 \ | |
-t ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-ubi \ | |
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \ | |
docker/${{ matrix.sdk }} \ | |
--load | |
- name: Install go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: "1.21.1" | |
- name: Compile tests | |
working-directory: tests | |
run: | | |
GOOS=linux GOARCH=amd64 go test -c -o /tmp/pulumi-test-containers ./... | |
- name: Set SDKS_TO_TEST (dotnet) | |
if: ${{ matrix.sdk == 'dotnet' }} | |
run: echo "SDKS_TO_TEST=csharp" >> $GITHUB_ENV | |
- name: Set SDKS_TO_TEST (nodejs) | |
if: ${{ matrix.sdk == 'nodejs' }} | |
run: echo "SDKS_TO_TEST=typescript" >> $GITHUB_ENV | |
- name: Set SDKS_TO_TEST (default) | |
if: ${{ matrix.sdk != 'dotnet' && matrix.sdk != 'nodejs' }} | |
run: echo "SDKS_TO_TEST=${{ matrix.sdk}}" >> $GITHUB_ENV | |
- name: Run tests | |
run: | | |
docker run \ | |
-e RUN_CONTAINER_TESTS=true \ | |
-e SDKS_TO_TEST=${SDKS_TO_TEST} \ | |
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \ | |
-e PULUMI_ORG=${PULUMI_ORG} \ | |
--volume /tmp:/src \ | |
--entrypoint /bin/bash \ | |
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-ubi \ | |
-c "/src/pulumi-test-containers -test.parallel=1 -test.timeout=1h -test.v -test.run TestPulumiDockerImage" | |
- name: Push image | |
run: | | |
docker push ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-ubi | |
start-syncs: | |
name: Start syncs to other container registries | |
needs: ["kitchen-sink", "base-manifests", "debian-sdk-manifests", "ubi-sdk"] | |
runs-on: ubuntu-latest | |
# This workflow can be triggered by 2 events: workflow_dispatch, i.e., a | |
# manual run, or repository_dispatch, which is triggered by a Pulumi | |
# release. In the case of a new Pulumi release (i.e. repository_dispatch), | |
# we will always want to sync to the other repos. However, in the event of | |
# a workflow_dispatch we are probably debugging an issue and we do not | |
# necessarily want to automatically sync to the other repos. Both repo sync | |
# workflows allow for their own manual trigger (i.e. repository_dispatch), | |
# so it's not too much work to run the sync workflows manually. | |
# | |
# This design choice also allows us avoid having to alter pulumictl to | |
# accept arbitrary parameters, as we would need to persist the tag_latest | |
# option from a workflow_dispatch in this workflow to each of the sync | |
# workflows. | |
if: ${{ github.event.inputs.force_release || github.event_name == 'repository_dispatch' }} | |
steps: | |
- name: Install Pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: pulumi/pulumictl | |
- name: Kick off ECR sync | |
run: pulumictl dispatch -r pulumi/pulumi-docker-containers -c sync-ecr ${{ env.PULUMI_VERSION }} | |
- name: Kick off GHCR sync | |
run: pulumictl dispatch -r pulumi/pulumi-docker-containers -c sync-ghcr ${{ env.PULUMI_VERSION }} |