Skip to content

release-build

release-build #185

Workflow file for this run

name: Release Build
on:
# Allow the workflow to be triggered manually, e.g. for testing, or after
# changing the Dockerfiles:
workflow_dispatch:
inputs:
pulumi_version:
description: The version of Pulumi to use to build the Docker images. Full semver, e.g. "3.18.1".
type: string
required: true
force_release:
description: Whether to force a release to occur. By default, only repository dispatch creates releases.
type: boolean
required: true
default: false
tag_latest:
description: Whether to also tag this version as "latest".
type: boolean
required: true
default: true
# Trigger the release workflow for Docker containers when a new version of
# Pulumi is released. This dispatch event is fired in pulumi/pulumi's release
# workflow:
repository_dispatch:
types:
- docker-build # Legacy event name, will delete once no longer used.
- release-build # Current event name.
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
# Used to run the container tests:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
# The organization in the Pulumi SaaS service against which the integration
# tests will run:
PULUMI_ORG: "pulumi-test"
# We parameterize the Docker Hub username to allow forks to easily test
# changes on a separate repo without having to change the username in multiple
# places:
DOCKER_USERNAME: pulumibot
DOCKER_ORG: pulumi
PULUMI_VERSION: ${{ github.event.inputs.pulumi_version || github.event.client_payload.ref }}
# Do not depend on C library for the tests.
CGO_ENABLED: "0"
jobs:
kitchen-sink:
name: All SDKs image
strategy:
matrix:
go-version: [1.21.x]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Setup docker buildx
uses: docker/setup-buildx-action@v1
with:
install: true
- name: Build
# We only build the "kitchen sink" image for AMD64 as it's rather large
# and we want to steer users to use the single SDK images going forward:
run: |
docker build \
-f docker/pulumi/Dockerfile \
--platform linux/amd64 \
-t ${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }} \
-t ${{ env.DOCKER_ORG }}/pulumi:latest \
--target base \
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \
--load \
docker/pulumi
- name: Install go
uses: actions/setup-go@v2
with:
go-version: "1.21.1"
- name: Compile tests
working-directory: tests
run: |
GOOS=linux GOARCH=amd64 go test -c -o /tmp/pulumi-test-containers ./...
- name: Run tests
run: |
docker run \
-e RUN_CONTAINER_TESTS=true \
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \
-e PULUMI_ORG=${PULUMI_ORG} \
--volume /tmp:/src \
--entrypoint /bin/bash \
${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }} \
-c "/src/pulumi-test-containers -test.parallel=1 -test.timeout=1h -test.v -test.run TestPulumiDockerImage"
- name: Push ${{ env.PULUMI_VERSION }}
run: docker push ${{ env.DOCKER_ORG }}/pulumi:${{ env.PULUMI_VERSION }}
- name: Push latest
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }}
run: docker push ${{ env.DOCKER_ORG }}/pulumi:latest
provider-build-environment:
name: Provider Build Environment image
strategy:
matrix:
go-version: [1.21.1]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Setup docker buildx
uses: docker/setup-buildx-action@v1
with:
install: true
- name: Build
# This image is only built for AMD64 for the same reasons as
# the "kitchen sink" image, listed above.
run: |
docker build \
-f docker/pulumi/Dockerfile \
--platform linux/amd64 \
-t ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }} \
-t ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:latest \
--target build-environment \
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \
--load \
docker/pulumi
- name: Install go
uses: actions/setup-go@v2
with:
go-version: "1.21.1"
- name: Compile tests
working-directory: tests
run: |
GOOS=linux GOARCH=amd64 go test -c -o /tmp/pulumi-test-containers ./...
- name: Run tests
run: |
docker run \
-e RUN_CONTAINER_TESTS=true \
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \
-e PULUMI_ORG=${PULUMI_ORG} \
--volume /tmp:/src \
--entrypoint /bin/bash \
${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }} \
-c "/src/pulumi-test-containers -test.parallel=1 -test.timeout=1h -test.v -test.run TestPulumiDockerImage"
- name: Push ${{ env.PULUMI_VERSION }}
run: docker push ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:${{ env.PULUMI_VERSION }}
- name: Push latest
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }}
run: docker push ${{ env.DOCKER_ORG }}/pulumi-provider-build-environment:latest
base:
name: Base image
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
os: ["debian", "ubi"]
arch: ["arm64", "amd64"]
steps:
- uses: actions/checkout@master
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Setup docker buildx
uses: docker/setup-buildx-action@v1
with:
install: true
- name: Build
run: |
docker build \
-f docker/base/Dockerfile.${{ matrix.os }} \
--platform linux/${{ matrix.arch }} \
. \
-t ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-${{ matrix.os }}-${{ matrix.arch }} \
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \
--load
- name: Push image
run: |
docker push ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-${{ matrix.os}}-${{ matrix.arch }}
base-manifests:
name: Base image manifests
needs: ["base"]
runs-on: ubuntu-latest
steps:
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Debian manifest
run: |
docker manifest create \
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian \
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-arm64 \
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-amd64
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian
- name: UBI manifest
run: |
docker manifest create \
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-ubi \
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-ubi-arm64 \
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-ubi-amd64
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-ubi
- name: Suffix-less manifest (version)
run: |
docker manifest create \
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }} \
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-arm64 \
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-amd64
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}
- name: Suffix-less manifest (latest)
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }}
# Manifest lists can't be a source for `docker tag`, so we create an
# additional copy of the previous manifest to tag latest:
run: |
docker manifest create \
${{ env.DOCKER_ORG }}/pulumi-base:latest \
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-arm64 \
${{ env.DOCKER_ORG }}/pulumi-base:${{ env.PULUMI_VERSION }}-debian-amd64
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-base:latest
debian-sdk:
name: Debian SDK images
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
sdk: ["nodejs", "python", "dotnet", "go", "java"]
arch: ["amd64", "arm64"]
steps:
- uses: actions/checkout@master
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Setup docker buildx
uses: docker/setup-buildx-action@v1
with:
install: true
- name: Build
# We supply a working directory to the command below due to the
# dnf/nodej2.module file that has to mounted into the container.
run: |
docker build \
-f docker/${{ matrix.sdk }}/Dockerfile.debian \
--platform linux/${{ matrix.arch }} \
-t ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-${{ matrix.arch }} \
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \
docker/${{ matrix.sdk }} \
--load
- name: Install go
uses: actions/setup-go@v2
with:
go-version: "1.21.1"
- name: Compile tests
working-directory: tests
run: |
GOOS=linux GOARCH=${{ matrix.arch }} go test -c -o /tmp/pulumi-test-containers ./...
- name: Set SDKS_TO_TEST (dotnet)
if: ${{ matrix.sdk == 'dotnet' }}
run: echo "SDKS_TO_TEST=csharp" >> $GITHUB_ENV
- name: Set SDKS_TO_TEST (nodejs)
if: ${{ matrix.sdk == 'nodejs' }}
run: echo "SDKS_TO_TEST=typescript" >> $GITHUB_ENV
- name: Set SDKS_TO_TEST (default)
if: ${{ matrix.sdk != 'dotnet' && matrix.sdk != 'nodejs' }}
run: echo "SDKS_TO_TEST=${{ matrix.sdk}}" >> $GITHUB_ENV
- name: Run tests
run: |
docker run \
-e RUN_CONTAINER_TESTS=true \
-e SDKS_TO_TEST=${SDKS_TO_TEST} \
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \
-e PULUMI_ORG=${PULUMI_ORG} \
--volume /tmp:/src \
--entrypoint /bin/bash \
--platform ${{ matrix.arch }} \
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-${{ matrix.arch }} \
-c "/src/pulumi-test-containers -test.parallel=1 -test.timeout=1h -test.v -test.run TestPulumiDockerImage"
- name: Push image
run: |
docker push ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-${{ matrix.arch }}
debian-sdk-manifests:
name: Debian SDK manifests
needs: ["debian-sdk"]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
sdk: ["nodejs", "python", "dotnet", "go", "java"]
steps:
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Debian manifest
run: |
docker manifest create \
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian \
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-arm64 \
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-amd64
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian
- name: Suffix-less manifest
run: |
docker manifest create \
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }} \
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-arm64 \
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-amd64
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}
- name: Suffix-less manifest (latest)
# Manifest lists can't be a source for `docker tag`, so we create an
# additional copy of the previous manifest to tag latest:
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }}
run: |
docker manifest create \
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:latest \
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-arm64 \
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-debian-amd64
docker manifest push ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:latest
ubi-sdk:
name: UBI SDK images
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
sdk: ["nodejs", "python", "dotnet", "go", "java"]
steps:
- uses: actions/checkout@master
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Setup docker buildx
uses: docker/setup-buildx-action@v1
with:
install: true
- name: Build
# We only build UBI for amd64 due to arm64 builds hanging on `npm
# install -g yarn` with no additional output.
#
# We supply a working directory to the command below due to the
# dnf/nodej2.module file that has to mounted into the container.
run: |
docker build \
-f docker/${{ matrix.sdk }}/Dockerfile.ubi \
--platform linux/amd64 \
-t ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-ubi \
--build-arg PULUMI_VERSION=${{ env.PULUMI_VERSION }} \
docker/${{ matrix.sdk }} \
--load
- name: Install go
uses: actions/setup-go@v2
with:
go-version: "1.21.1"
- name: Compile tests
working-directory: tests
run: |
GOOS=linux GOARCH=amd64 go test -c -o /tmp/pulumi-test-containers ./...
- name: Set SDKS_TO_TEST (dotnet)
if: ${{ matrix.sdk == 'dotnet' }}
run: echo "SDKS_TO_TEST=csharp" >> $GITHUB_ENV
- name: Set SDKS_TO_TEST (nodejs)
if: ${{ matrix.sdk == 'nodejs' }}
run: echo "SDKS_TO_TEST=typescript" >> $GITHUB_ENV
- name: Set SDKS_TO_TEST (default)
if: ${{ matrix.sdk != 'dotnet' && matrix.sdk != 'nodejs' }}
run: echo "SDKS_TO_TEST=${{ matrix.sdk}}" >> $GITHUB_ENV
- name: Run tests
run: |
docker run \
-e RUN_CONTAINER_TESTS=true \
-e SDKS_TO_TEST=${SDKS_TO_TEST} \
-e PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN} \
-e PULUMI_ORG=${PULUMI_ORG} \
--volume /tmp:/src \
--entrypoint /bin/bash \
${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-ubi \
-c "/src/pulumi-test-containers -test.parallel=1 -test.timeout=1h -test.v -test.run TestPulumiDockerImage"
- name: Push image
run: |
docker push ${{ env.DOCKER_ORG }}/pulumi-${{ matrix.sdk }}:${{ env.PULUMI_VERSION }}-ubi
start-syncs:
name: Start syncs to other container registries
needs: ["kitchen-sink", "base-manifests", "debian-sdk-manifests", "ubi-sdk"]
runs-on: ubuntu-latest
# This workflow can be triggered by 2 events: workflow_dispatch, i.e., a
# manual run, or repository_dispatch, which is triggered by a Pulumi
# release. In the case of a new Pulumi release (i.e. repository_dispatch),
# we will always want to sync to the other repos. However, in the event of
# a workflow_dispatch we are probably debugging an issue and we do not
# necessarily want to automatically sync to the other repos. Both repo sync
# workflows allow for their own manual trigger (i.e. repository_dispatch),
# so it's not too much work to run the sync workflows manually.
#
# This design choice also allows us avoid having to alter pulumictl to
# accept arbitrary parameters, as we would need to persist the tag_latest
# option from a workflow_dispatch in this workflow to each of the sync
# workflows.
if: ${{ github.event.inputs.force_release || github.event_name == 'repository_dispatch' }}
steps:
- name: Install Pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Kick off ECR sync
run: pulumictl dispatch -r pulumi/pulumi-docker-containers -c sync-ecr ${{ env.PULUMI_VERSION }}
- name: Kick off GHCR sync
run: pulumictl dispatch -r pulumi/pulumi-docker-containers -c sync-ghcr ${{ env.PULUMI_VERSION }}