Skip to content
Pulumi

Pulumi #62

Sign in to view logs

Pulumi

Pulumi #62

Workflow file for this run

.github/workflows/pulumi.yaml at 582ba18
##################################################
# Name: pulumi.yaml
# Description: Runs pulumi on environment branches
##################################################
name: Pulumi
on:
workflow_run:
workflows:
- Devenv
types:
- completed
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
permissions:
contents: read
packages: read
pull-requests: write
statuses: write
defaults:
run:
shell: bash
env:
# GitHub
PROJECT: ${{ github.repository }}
BRANCH_NAME_CURRENT: ${{ github.head_ref || github.ref_name }}
BRANCH_NAME_DEFAULT: ${{ github.event.repository.default_branch }}
# Nix
NIXPKGS_ALLOW_UNFREE: 1
# Go
GO111MODULE: on
GOFLAGS: -mod=readonly
# Pulumi Secrets
PULUMI_COMMENT_ON_PR: true
PULUMI_COMMENT_ON_SUMMARY: true
PULUMI_ROOT: ./
jobs:
##################################################
# Generate a matrix of possible Pulumi stacks.
##################################################
matrix:
name: Matrix
runs-on: ${{ matrix.os }}
# Only run this job if the devenv workflow was successful.
if: github.event.workflow_run.conclusion == 'success'
timeout-minutes: 30
continue-on-error: false
strategy:
fail-fast: true
matrix:
os:
- ubuntu-latest
steps:
- id: checkout_repository
name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
- id: generate_matrix
name: Generating a matrix of Pulumi stack configurations
# TODO: pulumi stack ls --json | jq -r .[].name
run: |
echo "Generating matrix of Pulumi stacks..."
# yamllint disable-line rule:line-length
STACKS=$(find . -mindepth 1 -maxdepth 1 -type f -name "Pulumi.*.yaml" -printf "%f\n" | cut -d. -f2 | jq -R -s -c 'split("\n")[:-1]')
echo "${STACKS}" | jq .
echo "STACK_MATRIX=${STACKS}" >> "$GITHUB_OUTPUT"
outputs:
stack_matrix: ${{ steps.generate_matrix.outputs.STACK_MATRIX }}
##################################################
# Pulumi Stacks
##################################################
pulumi:
name: Pulumi Stack ${{ matrix.stack }}
runs-on: ${{ matrix.os }}
timeout-minutes: 30
needs: matrix
strategy:
fail-fast: true
matrix:
os:
- ubuntu-latest
stack: ${{ fromJson(needs.matrix.outputs.stack_matrix) }}
steps:
- id: checkout_repository
name: Checkout repository
uses: actions/checkout@v4
with:
lfs: false
submodules: recursive
fetch-depth: 1
- id: install_nix
name: "Install Nix ❄️"
uses: cachix/install-nix-action@v30
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
enable_kvm: true
- id: cachix
name: "Enable Cachix ❄️"
uses: cachix/cachix-action@v15
if: vars.CACHIX_CACHE_NAME != ''
with:
name: ${{ vars.CACHIX_CACHE_NAME }}
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
useDaemon: true
skipPush: false
- id: cache
name: Magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@main
- id: devenv_install
name: Devenv install
run: |
nix profile install --accept-flake-config nixpkgs#devenv
- id: go_mod_download
name: Go mod download
shell: devenv shell --quiet bash -- -e {0}
run: |
go mod download
- id: pulumi_login
name: Pulumi login
shell: devenv shell --quiet bash -- -e {0}
env:
PULUMI_ROOT: ${{ env.PULUMI_ROOT }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
run: pulumi login
- id: pulumi_preview
name: Pulumi preview
if: github.event.workflow_run.event == 'pull_request' || github.event.workflow_run.event == 'push'
env:
PULUMI_ROOT: ${{ env.PULUMI_ROOT }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
shell: devenv shell --quiet bash -- -e {0}
run: >
pulumi
preview
--refresh
--show-replacement-steps
--logtostderr
--verbose=3
--stack ${{ matrix.stack }}
- id: pulumi_update
name: Pulumi update
if: github.event.workflow_run.event == 'push' && steps.pulumi_preview.outcome == 'success'
env:
PULUMI_ROOT: ${{ env.PULUMI_ROOT }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
shell: devenv shell --quiet bash -- -e {0}
run: >
pulumi
update
--refresh
--skip-preview
--show-replacement-steps
--logtostderr
--verbose=3
--yes
--stack ${{ matrix.stack }}