From 379922edacfda4a8249cc470ac4bea936271fc18 Mon Sep 17 00:00:00 2001 From: Thomas Kappler Date: Thu, 2 Nov 2023 07:39:22 +0100 Subject: [PATCH] First attempt at on-demand recording snapshots in CI --- .github/workflows/record.yml | 269 +++++++++++++++++++++++++++++++++++ 1 file changed, 269 insertions(+) create mode 100644 .github/workflows/record.yml diff --git a/.github/workflows/record.yml b/.github/workflows/record.yml new file mode 100644 index 000000000..238161445 --- /dev/null +++ b/.github/workflows/record.yml @@ -0,0 +1,269 @@ +name: Record an upgrade test snapshot +on: + workflow_dispatch: + inputs: + runTests: + type: string + description: 'The tests in examples to record snapshots for, as a regex for `go test -run`' + required: true + +env: + ALT_AWS_ACCESS_KEY_ID: ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} + ALT_AWS_SECRET_ACCESS_KEY: ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} + ALT_AWS_PROFILE: ${{ secrets.ALT_AWS_PROFILE }} + AWS_REGION: us-west-2 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + PROVIDER: eks + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + PULUMI_ENABLE_RESOURCE_REFERENCES: 1 + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + GOVERSION: "1.21.x" + DOTNETVERSION: "6.x" + PYTHONVERSION: "3.8" + NODEVERSION: "18.x" + JAVAVERSION: "11" + +jobs: + prerequisites: + name: prerequisites + runs-on: ubuntu-latest + # if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository + steps: + - name: Checkout Repo + uses: actions/checkout@v2 + - name: Checkout Scripts Repo + uses: actions/checkout@v2 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.1.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/action-install-pulumi-cli@v1.0.1 + - name: Build provider binary + schema + run: make schema provider + - name: Check worktree clean + run: ./ci-scripts/ci/check-worktree-is-clean + - name: Tar provider binaries + run: + tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-${{ env.PROVIDER }} + - name: Upload artifacts + uses: actions/upload-artifact@v2 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + strategy: + fail-fast: true + + build_sdk: + name: Build ${{ matrix.language }} SDK + runs-on: ubuntu-latest + needs: prerequisites + if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository + steps: + - name: Checkout Repo + uses: actions/checkout@v2 + with: + ref: ${{ env.PR_COMMIT_SHA }} + - name: Checkout Scripts Repo + uses: actions/checkout@v2 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.1.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/action-install-pulumi-cli@v1.0.1 + - name: Setup Python + uses: actions/setup-python@v2 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup DotNet + uses: actions/setup-dotnet@v1 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Node + uses: actions/setup-node@v1 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup Java + if: matrix.language == 'java' + uses: actions/setup-java@v3 + with: + cache: gradle + distribution: temurin + java-version: ${{ env.JAVAVERSION }} + - name: Setup Gradle + if: matrix.language == 'java' + uses: gradle/gradle-build-action@v2 + with: + gradle-version: "7.6" + - name: Install Yarn + run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 + - name: Update PATH for Yarn + run: | + echo "$HOME/.yarn/bin" >> $GITHUB_PATH + echo "$HOME/.config/yarn/global/node_modules/.bin" >> $GITHUB_PATH + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + run: ./ci-scripts/ci/check-worktree-is-clean + - name: Compress NodeJS SDK folder + if: matrix.language == 'nodejs' + run: tar -zcf ${{ matrix.language }}.tar.gz -C ${{ matrix.language }}/ . + - name: Upload NodeJS artifacts + if: matrix.language == 'nodejs' + uses: actions/upload-artifact@v2 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/${{ matrix.language }}.tar.gz + - name: Compress Other Lang SDK folder + if: matrix.language != 'nodejs' + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }}/ . + - name: Upload Other Lang artifacts + if: matrix.language != 'nodejs' + uses: actions/upload-artifact@v2 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + strategy: + fail-fast: true + matrix: + language: + - nodejs + # - python + # - dotnet + # - go + # - java + + record: + name: record + runs-on: pulumi-ubuntu-8core + permissions: + contents: read + id-token: write + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + with: + ref: ${{ github.ref }} + - name: Checkout Scripts Repo + uses: actions/checkout@v3 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v4 + with: + cache-dependency-path: | + sdk/go.sum + go-version: 1.21.x + - name: Install Kubectl + run: | + curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + chmod +x ./kubectl + sudo mv kubectl /usr/local/bin + - name: Install awscli + run: | + python -m pip install --upgrade pip + pip install awscli --upgrade + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.5.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/action-install-pulumi-cli@v2 + + - name: Download provider binary + uses: actions/download-artifact@v2 + with: + name: ${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: Untar provider binaries + run: + tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin + - name: Restore binary perms + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Update path + run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + - name: Download SDK + uses: actions/download-artifact@v2 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}} + - name: Uncompress SDK folder + run: tar -zxf ${{ github.workspace}}/nodejs.tar.gz -C ${{github.workspace}}/nodejs + - name: Install dependencies + run: make install_nodejs_sdk + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Configure AWS CLI + run: | + aws configure set default.aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} + aws configure set default.aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws configure set aws_access_key_id ${{ secrets.ALT_AWS_ACCESS_KEY_ID }} --profile ${{ secrets.ALT_AWS_PROFILE }} + aws configure set aws_secret_access_key ${{ secrets.ALT_AWS_SECRET_ACCESS_KEY }} --profile ${{ secrets.ALT_AWS_PROFILE }} + - name: Link nodejs binary for testing + run: | + cd ${{ github.workspace }}/bin + yarn install && yarn link @pulumi/eks + + # - if: contains(github.ref, 'snapshot') || contains(github.head_ref, 'snapshot') + - name: Record provider test snapshots + run: | + cd provider && go test -tags nodejs -run '${{ inputs.runTests }}' -provider-snapshot -v -json -count=1 -cover -timeout 2h -parallel 5 . 2>&1 | tee /tmp/gotest.log | gotestfmt + - if: contains(github.ref, 'snapshot') || contains(github.head_ref, 'snapshot') + name: Open a PR with newly recorded test snapshots + id: create-pr + uses: peter-evans/create-pull-request@v5 + with: + author: Pulumi Bot + body: "Recording fresh test snapshots." + branch: "update-provider-test-snapshots-${{ github.run_number }}" + committer: Pulumi Bot + commit-message: "[internal] Update provider test snapshots for ${{ inputs.runTests }}" + labels: "impact/no-changelog-required" + title: "Update Provider Test Snapshots" + token: ${{ secrets.PULUMI_BOT_TOKEN }} + base: master + \ No newline at end of file