Skip to content

Update module github.com/hashicorp/vault to v1.18.1 [SECURITY] (master) - autoclosed #2912

Update module github.com/hashicorp/vault to v1.18.1 [SECURITY] (master) - autoclosed

Update module github.com/hashicorp/vault to v1.18.1 [SECURITY] (master) - autoclosed #2912

# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
name: run-acceptance-tests
on:
pull_request:
paths-ignore:
- CHANGELOG.md
repository_dispatch:
types:
- run-acceptance-tests-command
env:
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
AWS_REGION: us-west-2
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PULUMI_MISSING_DOCS_ERROR: "true"
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
PYPI_USERNAME: __token__
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
TF_APPEND_USER_AGENT: pulumi
# This should cancel any previous runs of the same workflow on the same branch which are still running.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
prerequisites:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
permissions:
pull-requests: write
uses: ./.github/workflows/prerequisites.yml
secrets: inherit
with:
default_branch: ${{ github.event.repository.default_branch }}
is_pr: ${{ github.event_name == 'pull_request' }}
is_automated: ${{ github.actor == 'dependabot[bot]' }}
build_provider:
uses: ./.github/workflows/build_provider.yml
needs: prerequisites
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}
build_sdk:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
name: build_sdk
needs: prerequisites
uses: ./.github/workflows/build_sdk.yml
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}
comment-notification:
if: github.event_name == 'repository_dispatch'
name: comment-notification
permissions:
pull-requests: write
runs-on: ubuntu-latest
steps:
- id: run-url
name: Create URL to the run output
run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT"
- name: Update with Result
uses: peter-evans/create-or-update-comment@v1
with:
body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}"
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
token: ${{ secrets.GITHUB_TOKEN }}
sentinel:
name: sentinel
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
permissions:
statuses: write
needs:
- test
- build_provider
- license_check
- go_test_shim
- provider_test
- test_oidc
- upstream_lint
runs-on: ubuntu-latest
steps:
- uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76
with:
authToken: ${{secrets.GITHUB_TOKEN}}
# Write an explicit status check called "Sentinel" which will only pass if this code really runs.
# This should always be a required check for PRs.
context: 'Sentinel'
description: 'All required checks passed'
state: 'success'
# Write to the PR commit SHA if it's available as we don't want the merge commit sha,
# otherwise use the current SHA for any other type of build.
sha: ${{ github.event.pull_request.head.sha || github.sha }}
test:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
name: test
needs:
- prerequisites
- build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
env:
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
steps:
# Run as first step so we don't delete things that have just been installed
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
with:
tool-cache: false
swap-storage: false
dotnet: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
persist-credentials: false
- name: Checkout p/examples
if: matrix.testTarget == 'pulumiExamples'
uses: actions/checkout@v4
with:
repository: pulumi/examples
path: p-examples
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, ${{ matrix.language }}
- name: Download bin
uses: ./.github/actions/download-bin
- name: Add NuGet source
if: matrix.language == 'dotnet'
run: dotnet nuget add source ${{ github.workspace }}/nuget
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Python deps
if: matrix.language == 'python'
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.5.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: ${{ env.AWS_REGION }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 3600
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Make upstream
run: make upstream
- name: Run tests
if: matrix.testTarget == 'local'
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 .
- name: Run pulumi/examples tests
if: matrix.testTarget == 'pulumiExamples'
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -run TestPulumiExamples -parallel 4 .
strategy:
fail-fast: false
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
testTarget: [local]
license_check:
name: License Check
uses: ./.github/workflows/license.yml
secrets: inherit
go_test_shim:
name: Run test of provider shim
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
swap-storage: false
tool-cache: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- uses: pulumi/provider-version-action@v1
with:
set-env: PROVIDER_VERSION
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumi, go
- name: Make upstream
run: make upstream
- name: go test
run: |
cd upstream
go get github.com/hashicorp/[email protected]
cd shim
go test -v -coverprofile="coverage.txt" .
- env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
timeout-minutes: 60
provider_test:
name: provider_test
needs: build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
swap-storage: false
tool-cache: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- uses: pulumi/provider-version-action@v1
with:
set-env: PROVIDER_VERSION
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumi, go, node, dotnet, python, java
- name: Make upstream
run: make upstream
- name: Download provider + tfgen binaries
uses: actions/download-artifact@v4
with:
name: aws-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: Untar provider binaries
run: |-
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin
find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \;
- run: dotnet nuget add source ${{ github.workspace }}/nuget
- name: Download SDK
uses: actions/download-artifact@v4
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress SDK folder
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Python deps
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.5.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: ${{ env.AWS_REGION }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 3600
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Run provider tests
run: |
cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
strategy:
fail-fast: false
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
test_oidc:
name: test_oidc
needs: build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
dotnet: ${{ matrix.language != 'dotnet' }}
swap-storage: false
tool-cache: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- uses: pulumi/provider-version-action@v1
with:
set-env: PROVIDER_VERSION
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumi, go, node
- name: Download provider + tfgen binaries
uses: actions/download-artifact@v4
with:
name: aws-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: Untar provider binaries
run: |-
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin
find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \;
- name: Download SDK
uses: actions/download-artifact@v4
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress SDK folder
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.4.0
- name: Make upstream
run: make upstream
- name: Run selected tests with manual web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- name: Configure AWS Credentials for OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-duration-seconds: 3600
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
unset-current-credentials: true
- name: Run selected tests with configure-aws-credentials web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
strategy:
fail-fast: false
matrix:
language:
- nodejs
upstream_lint:
name: Run upstream provider-lint
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
swap-storage: false
tool-cache: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- name: Install Go
uses: actions/setup-go@v5
with:
cache: false
go-version: 1.23.x
- name: Make upstream
run: make upstream
- name: upstream lint
run: |
cd upstream
make provider-lint
timeout-minutes: 60