Update module github.com/hashicorp/vault to v1.18.1 [SECURITY] (master) - autoclosed #2912
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt | |
name: run-acceptance-tests | |
on: | |
pull_request: | |
paths-ignore: | |
- CHANGELOG.md | |
repository_dispatch: | |
types: | |
- run-acceptance-tests-command | |
env: | |
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} | |
AWS_REGION: us-west-2 | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | |
OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }} | |
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
PULUMI_API: https://api.pulumi-staging.io | |
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
PULUMI_MISSING_DOCS_ERROR: "true" | |
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
PYPI_USERNAME: __token__ | |
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} | |
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} | |
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} | |
TF_APPEND_USER_AGENT: pulumi | |
# This should cancel any previous runs of the same workflow on the same branch which are still running. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
prerequisites: | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
permissions: | |
pull-requests: write | |
uses: ./.github/workflows/prerequisites.yml | |
secrets: inherit | |
with: | |
default_branch: ${{ github.event.repository.default_branch }} | |
is_pr: ${{ github.event_name == 'pull_request' }} | |
is_automated: ${{ github.actor == 'dependabot[bot]' }} | |
build_provider: | |
uses: ./.github/workflows/build_provider.yml | |
needs: prerequisites | |
secrets: inherit | |
with: | |
version: ${{ needs.prerequisites.outputs.version }} | |
build_sdk: | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
name: build_sdk | |
needs: prerequisites | |
uses: ./.github/workflows/build_sdk.yml | |
secrets: inherit | |
with: | |
version: ${{ needs.prerequisites.outputs.version }} | |
comment-notification: | |
if: github.event_name == 'repository_dispatch' | |
name: comment-notification | |
permissions: | |
pull-requests: write | |
runs-on: ubuntu-latest | |
steps: | |
- id: run-url | |
name: Create URL to the run output | |
run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" | |
- name: Update with Result | |
uses: peter-evans/create-or-update-comment@v1 | |
with: | |
body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" | |
issue-number: ${{ github.event.client_payload.github.payload.issue.number }} | |
repository: ${{ github.event.client_payload.github.payload.repository.full_name }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
sentinel: | |
name: sentinel | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
permissions: | |
statuses: write | |
needs: | |
- test | |
- build_provider | |
- license_check | |
- go_test_shim | |
- provider_test | |
- test_oidc | |
- upstream_lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 | |
with: | |
authToken: ${{secrets.GITHUB_TOKEN}} | |
# Write an explicit status check called "Sentinel" which will only pass if this code really runs. | |
# This should always be a required check for PRs. | |
context: 'Sentinel' | |
description: 'All required checks passed' | |
state: 'success' | |
# Write to the PR commit SHA if it's available as we don't want the merge commit sha, | |
# otherwise use the current SHA for any other type of build. | |
sha: ${{ github.event.pull_request.head.sha || github.sha }} | |
test: | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
name: test | |
needs: | |
- prerequisites | |
- build_sdk | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
env: | |
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} | |
steps: | |
# Run as first step so we don't delete things that have just been installed | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be | |
with: | |
tool-cache: false | |
swap-storage: false | |
dotnet: false | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
submodules: true | |
persist-credentials: false | |
- name: Checkout p/examples | |
if: matrix.testTarget == 'pulumiExamples' | |
uses: actions/checkout@v4 | |
with: | |
repository: pulumi/examples | |
path: p-examples | |
- name: Setup tools | |
uses: ./.github/actions/setup-tools | |
with: | |
tools: pulumictl, pulumicli, ${{ matrix.language }} | |
- name: Download bin | |
uses: ./.github/actions/download-bin | |
- name: Add NuGet source | |
if: matrix.language == 'dotnet' | |
run: dotnet nuget add source ${{ github.workspace }}/nuget | |
- name: Download SDK | |
uses: ./.github/actions/download-sdk | |
with: | |
language: ${{ matrix.language }} | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
- name: Install Python deps | |
if: matrix.language == 'python' | |
run: |- | |
pip3 install virtualenv==20.0.23 | |
pip3 install pipenv | |
- name: Install dependencies | |
run: make install_${{ matrix.language}}_sdk | |
- name: Install gotestfmt | |
uses: GoTestTools/gotestfmt-action@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
version: v2.5.0 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: ${{ env.AWS_REGION }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 3600 | |
role-session-name: aws@githubActions | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
- name: Make upstream | |
run: make upstream | |
- name: Run tests | |
if: matrix.testTarget == 'local' | |
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 . | |
- name: Run pulumi/examples tests | |
if: matrix.testTarget == 'pulumiExamples' | |
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -run TestPulumiExamples -parallel 4 . | |
strategy: | |
fail-fast: false | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
testTarget: [local] | |
license_check: | |
name: License Check | |
uses: ./.github/workflows/license.yml | |
secrets: inherit | |
go_test_shim: | |
name: Run test of provider shim | |
runs-on: ubuntu-latest | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
swap-storage: false | |
tool-cache: false | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
submodules: true | |
- uses: pulumi/provider-version-action@v1 | |
with: | |
set-env: PROVIDER_VERSION | |
- name: Setup tools | |
uses: ./.github/actions/setup-tools | |
with: | |
tools: pulumictl, pulumi, go | |
- name: Make upstream | |
run: make upstream | |
- name: go test | |
run: | | |
cd upstream | |
go get github.com/hashicorp/[email protected] | |
cd shim | |
go test -v -coverprofile="coverage.txt" . | |
- env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@v4 | |
timeout-minutes: 60 | |
provider_test: | |
name: provider_test | |
needs: build_sdk | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
swap-storage: false | |
tool-cache: false | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
submodules: true | |
- uses: pulumi/provider-version-action@v1 | |
with: | |
set-env: PROVIDER_VERSION | |
- name: Setup tools | |
uses: ./.github/actions/setup-tools | |
with: | |
tools: pulumictl, pulumi, go, node, dotnet, python, java | |
- name: Make upstream | |
run: make upstream | |
- name: Download provider + tfgen binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: aws-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: Untar provider binaries | |
run: |- | |
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin | |
find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; | |
- run: dotnet nuget add source ${{ github.workspace }}/nuget | |
- name: Download SDK | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress SDK folder | |
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ matrix.language }} | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
- name: Install Python deps | |
run: |- | |
pip3 install virtualenv==20.0.23 | |
pip3 install pipenv | |
- name: Install dependencies | |
run: make install_${{ matrix.language}}_sdk | |
- name: Install gotestfmt | |
uses: GoTestTools/gotestfmt-action@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
version: v2.5.0 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: ${{ env.AWS_REGION }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 3600 | |
role-session-name: aws@githubActions | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
- name: Run provider tests | |
run: | | |
cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
strategy: | |
fail-fast: false | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
test_oidc: | |
name: test_oidc | |
needs: build_sdk | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
dotnet: ${{ matrix.language != 'dotnet' }} | |
swap-storage: false | |
tool-cache: false | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
submodules: true | |
- uses: pulumi/provider-version-action@v1 | |
with: | |
set-env: PROVIDER_VERSION | |
- name: Setup tools | |
uses: ./.github/actions/setup-tools | |
with: | |
tools: pulumictl, pulumi, go, node | |
- name: Download provider + tfgen binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: aws-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: Untar provider binaries | |
run: |- | |
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin | |
find ${{ github.workspace }} -name "pulumi-*-aws" -print -exec chmod +x {} \; | |
- name: Download SDK | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress SDK folder | |
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ matrix.language }} | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
- name: Install dependencies | |
run: make install_${{ matrix.language}}_sdk | |
- name: Install gotestfmt | |
uses: GoTestTools/gotestfmt-action@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
version: v2.4.0 | |
- name: Make upstream | |
run: make upstream | |
- name: Run selected tests with manual web identity/OIDC auth | |
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
- name: Configure AWS Credentials for OIDC | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ env.AWS_REGION }} | |
role-duration-seconds: 3600 | |
role-session-name: aws@githubActions | |
role-to-assume: ${{ secrets.OIDC_ROLE_ARN }} | |
unset-current-credentials: true | |
- name: Run selected tests with configure-aws-credentials web identity/OIDC auth | |
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
strategy: | |
fail-fast: false | |
matrix: | |
language: | |
- nodejs | |
upstream_lint: | |
name: Run upstream provider-lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
swap-storage: false | |
tool-cache: false | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
submodules: true | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
cache: false | |
go-version: 1.23.x | |
- name: Make upstream | |
run: make upstream | |
- name: upstream lint | |
run: | | |
cd upstream | |
make provider-lint | |
timeout-minutes: 60 | |