chore: Upgrade dependencies for all #1527
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release @next | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: {} | |
env: | |
SENTRY_ORG: hashicorp | |
SENTRY_PROJECT: cdktf-cli | |
concurrency: | |
group: release-next | |
jobs: | |
prepare-release: | |
if: github.repository == 'hashicorp/terraform-cdk' | |
runs-on: ubuntu-latest | |
outputs: | |
tests: ${{ steps.build-test-matrix.outputs.tests }} | |
version: ${{ steps.get_version.outputs.version }} | |
container: | |
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform | |
env: | |
CHECKPOINT_DISABLE: "1" | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 # gives standard-version access to all previous commits | |
- name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this | |
# The Sentry CLI also requires this, https://github.com/actions/checkout/issues/760 | |
run: git config --global --add safe.directory /__w/terraform-cdk/terraform-cdk | |
- name: ensure correct user | |
run: chown -R root /__w/terraform-cdk | |
- name: installing dependencies | |
run: yarn install --frozen-lockfile | |
- name: Configure git user | |
run: | | |
git config user.name github-team-tf-cdk | |
git config user.email [email protected] | |
- run: | | |
yarn prepare-next-release | |
tools/align-version.sh | |
- name: version | |
id: get_version | |
run: | | |
version=$(node -p "require('./package.json').version") | |
echo "version=${version}" >> $GITHUB_OUTPUT | |
- name: release status | |
id: get_release_status | |
run: | | |
status=$(sentry-cli releases list | grep -q 'cdktf-cli-${{ steps.get_version.outputs.version }} ' && echo 'released' || echo 'unreleased') | |
echo "Sentry returned: ${status}" | |
echo "release=${status}" >> $GITHUB_OUTPUT | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }} | |
- name: Create a release | |
if: steps.get_release_status.outputs.release == 'unreleased' | |
run: sentry-cli releases new cdktf-cli-${{ steps.get_version.outputs.version }} | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }} | |
- name: create bundle | |
run: | | |
yarn install --frozen-lockfile | |
yarn build | |
yarn package | |
env: | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
- name: Add sourcemap and commit info to sentry | |
if: steps.get_release_status.outputs.release == 'unreleased' | |
run: | | |
sentry-cli releases files cdktf-cli-${{ steps.get_version.outputs.version }} upload-sourcemaps ./packages/cdktf-cli/bundle | |
sentry-cli releases set-commits --auto cdktf-cli-${{ steps.get_version.outputs.version }} | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }} | |
- name: Upload artifact | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: dist | |
path: dist | |
- name: Upload edge-provider bindings | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
if: ${{ !inputs.skip_setup }} | |
with: | |
name: edge-provider-bindings | |
path: packages/@cdktf/provider-generator/edge-provider-bindings | |
- name: publish tag | |
run: git push --follow-tags | |
unit_test: | |
uses: ./.github/workflows/unit.yml | |
strategy: | |
fail-fast: false | |
matrix: | |
package: | |
[ | |
cdktf, | |
cdktf-cli, | |
"@cdktf/hcl2cdk", | |
"@cdktf/hcl2json", | |
"@cdktf/provider-generator", | |
"@cdktf/provider-schema", | |
"@cdktf/commons", | |
"@cdktf/cli-core", | |
] | |
terraform_version: ["1.6.5", "1.5.5"] | |
with: | |
concurrency_group_prefix: release-next | |
package: ${{ matrix.package }} | |
terraform_version: ${{ matrix.terraform_version }} | |
secrets: inherit | |
linting: | |
uses: ./.github/workflows/linting.yml | |
with: | |
concurrency_group_prefix: release-next | |
secrets: inherit | |
integration_test: | |
needs: | |
- prepare-release | |
uses: ./.github/workflows/integration.yml | |
with: | |
skip_setup: true | |
concurrency_group_prefix: release-next | |
secrets: inherit | |
provider_integration_test: | |
needs: | |
- prepare-release | |
uses: ./.github/workflows/provider-integration.yml | |
with: | |
skip_setup: true | |
concurrency_group_prefix: release-next | |
secrets: inherit | |
examples: | |
uses: ./.github/workflows/examples.yml | |
with: | |
concurrency_group_prefix: release-next | |
secrets: inherit | |
release_npm: | |
name: Release to NPM | |
needs: | |
- prepare-release | |
- integration_test | |
- provider_integration_test | |
- unit_test | |
runs-on: ubuntu-latest | |
container: | |
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform | |
steps: | |
- name: Download build artifacts | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: dist | |
path: dist | |
- name: ensure correct user | |
run: chown -R root /__w/terraform-cdk | |
- name: Release | |
run: npx -p publib publib-npm | |
env: | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NPM_DIST_TAG: next | |
release_pypi: | |
name: Release to PyPi | |
needs: | |
- prepare-release | |
- integration_test | |
- provider_integration_test | |
- unit_test | |
runs-on: ubuntu-latest | |
container: | |
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform | |
steps: | |
- name: Download build artifacts | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: dist | |
path: dist | |
- name: ensure correct user | |
run: chown -R root /__w/terraform-cdk | |
# We use twine directly for publishing instead of publib-pypi | |
# Publib-pypi does the same twine command (https://github.com/cdklabs/publib/blob/main/bin/publib-pypi) | |
# but also tries to install twine which is already globally | |
# available in the docker image we use. It upgrades twine, | |
# introducing risks of breaking changes. (Though not likely, twine is ancient) | |
# We can not keep the install since the update to python 3.11 in the docker image | |
# forbids global installs since the global pip is system managed. | |
# Running this install in a virtualenv would be possible but would require | |
# changes for the publib-pypi script. This is the easiest solution for now. | |
- name: Release | |
run: | | |
cd dist/python | |
twine upload --verbose --skip-existing * | |
env: | |
TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} | |
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} | |
release_maven: | |
name: Release to Maven | |
needs: | |
- prepare-release | |
- integration_test | |
- provider_integration_test | |
- unit_test | |
runs-on: ubuntu-latest | |
container: | |
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform | |
steps: | |
- name: Download dist | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: dist | |
path: dist | |
- name: ensure correct user | |
run: chown -R root /__w/terraform-cdk | |
- name: Release | |
run: npx -p publib publib-maven | |
env: | |
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} | |
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} | |
MAVEN_ENDPOINT: https://hashicorp.oss.sonatype.org | |
MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
MAVEN_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSPHRASE }} | |
MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }} | |
MAVEN_OPTS: "--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED" # See https://stackoverflow.com/questions/70153962/nexus-staging-maven-plugin-maven-deploy-failed-an-api-incompatibility-was-enco | |
release_nuget: | |
name: Release to NuGet | |
needs: | |
- prepare-release | |
- integration_test | |
- provider_integration_test | |
- unit_test | |
runs-on: ubuntu-latest | |
container: | |
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform | |
steps: | |
- name: Download dist | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: dist | |
path: dist | |
- name: Release | |
run: npx -p publib publib-nuget | |
env: | |
NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} | |
release_golang: | |
name: Release Go to Github Repo | |
needs: | |
- prepare-release | |
- integration_test | |
- provider_integration_test | |
- unit_test | |
runs-on: ubuntu-latest | |
container: | |
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform | |
steps: | |
- name: Download dist | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: dist | |
path: dist | |
- name: ensure correct user | |
run: chown -R root /__w/terraform-cdk | |
- name: Release | |
run: npx -p publib publib-golang | |
env: | |
GITHUB_TOKEN: ${{ secrets.TERRAFORM_CDK_GO_REPO_GITHUB_TOKEN }} | |
GIT_USER_NAME: "CDK for Terraform Team" | |
GIT_USER_EMAIL: "[email protected]" | |
release_sentry: | |
name: Finalize the sentry release | |
needs: | |
- prepare-release | |
- integration_test | |
- provider_integration_test | |
- unit_test | |
- release_npm | |
runs-on: ubuntu-latest | |
container: | |
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: version | |
id: get_version | |
run: | | |
version=$(node -p "require('./package.json').version") | |
echo "version=${version}" >> $GITHUB_OUTPUT | |
- name: release status | |
id: get_release_status | |
run: | | |
status=$(sentry-cli releases list | grep 'cdktf-cli-${{ steps.get_version.outputs.version }} ' | grep -q 'unreleased' && echo "unreleased" || echo "released") | |
echo "Sentry returned: ${status}" | |
echo "release=${status}" >> $GITHUB_OUTPUT | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }} | |
- name: Finalize the release | |
if: steps.get_release_status.outputs.release == 'unreleased' | |
run: sentry-cli releases finalize cdktf-cli-${{ steps.get_version.outputs.version }} | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }} | |
report: | |
name: Report status | |
runs-on: ubuntu-latest | |
if: ${{ failure() }} | |
needs: | |
- examples | |
- integration_test | |
- linting | |
- prepare-release | |
- release_golang | |
- release_maven | |
- release_npm | |
- release_nuget | |
- release_pypi | |
- release_sentry | |
- unit_test | |
steps: | |
- name: Send failures to Slack | |
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0 | |
with: | |
webhook: ${{ secrets.FAILURE_SLACK_WEBHOOK_URL }} | |
webhook-type: webhook-trigger | |
payload: | | |
{ | |
"name": "next", | |
"run_url": "https://github.com/hashicorp/terraform-cdk/actions/runs/${{ github.run_id }}" | |
} |