-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update GitHub Actions workflows. (#871)
This PR was automatically generated by the update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt repo, from commit c09ca3824257955e13392d96586b14a0fe49405a.
- Loading branch information
1 parent
9ae8e77
commit e951137
Showing
4 changed files
with
48 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -308,14 +308,21 @@ debug_tfgen: | |
|
||
# Provider cross-platform build & packaging | ||
|
||
# Set these variables to enable signing of the windows binary | ||
AZURE_SIGNING_CLIENT_ID ?= | ||
AZURE_SIGNING_CLIENT_SECRET ?= | ||
AZURE_SIGNING_TENANT_ID ?= | ||
AZURE_SIGNING_KEY_VAULT_URI ?= | ||
SKIP_SIGNING ?= | ||
|
||
# These targets assume that the schema-embed.json exists - it's generated by tfgen. | ||
# We disable CGO to ensure that the binary is statically linked. | ||
bin/linux-amd64/$(PROVIDER): TARGET := linux-amd64 | ||
bin/linux-arm64/$(PROVIDER): TARGET := linux-arm64 | ||
bin/darwin-amd64/$(PROVIDER): TARGET := darwin-amd64 | ||
bin/darwin-arm64/$(PROVIDER): TARGET := darwin-arm64 | ||
bin/windows-amd64/$(PROVIDER).exe: TARGET := windows-amd64 | ||
bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: | ||
bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: bin/jsign-6.0.jar | ||
@# check the TARGET is set | ||
test $(TARGET) | ||
cd provider && \ | ||
|
@@ -324,6 +331,37 @@ bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: | |
export CGO_ENABLED=0 && \ | ||
go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)" | ||
|
||
@# Only sign windows binary if fully configured. | ||
@# Test variables set by joining with | between and looking for || showing at least one variable is empty. | ||
@# Move the binary to a temporary location and sign it there to avoid the target being up-to-date if signing fails. | ||
set -e; \ | ||
if [[ "${TARGET}" = "windows-amd64" && ${SKIP_SIGNING} != "true" ]]; then \ | ||
if [[ "|${AZURE_SIGNING_CLIENT_ID}|${AZURE_SIGNING_CLIENT_SECRET}|${AZURE_SIGNING_TENANT_ID}|${AZURE_SIGNING_KEY_VAULT_URI}|" == *"||"* ]]; then \ | ||
echo "Can't sign windows binaries as required configuration not set: AZURE_SIGNING_CLIENT_ID, AZURE_SIGNING_CLIENT_SECRET, AZURE_SIGNING_TENANT_ID, AZURE_SIGNING_KEY_VAULT_URI"; \ | ||
echo "To rebuild with signing delete the unsigned $@ and rebuild with the fixed configuration"; \ | ||
if [[ ${CI} == "true" ]]; then exit 1; fi; \ | ||
else \ | ||
mv $@ [email protected]; \ | ||
az login --service-principal \ | ||
--username "${AZURE_SIGNING_CLIENT_ID}" \ | ||
--password "${AZURE_SIGNING_CLIENT_SECRET}" \ | ||
--tenant "${AZURE_SIGNING_TENANT_ID}" \ | ||
--output none; \ | ||
ACCESS_TOKEN=$$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken); \ | ||
java -jar bin/jsign-6.0.jar \ | ||
--storetype AZUREKEYVAULT \ | ||
--keystore "PulumiCodeSigning" \ | ||
--url "${AZURE_SIGNING_KEY_VAULT_URI}" \ | ||
--storepass "$${ACCESS_TOKEN}" \ | ||
[email protected]; \ | ||
mv [email protected] $@; \ | ||
az logout; \ | ||
fi; \ | ||
fi | ||
|
||
bin/jsign-6.0.jar: | ||
wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar --output-document=bin/jsign-6.0.jar | ||
|
||
provider-linux-amd64: bin/linux-amd64/$(PROVIDER) | ||
provider-linux-arm64: bin/linux-arm64/$(PROVIDER) | ||
provider-darwin-amd64: bin/darwin-amd64/$(PROVIDER) | ||
|