name: Publish on: pull_request: workflow_dispatch: push: tags: - 'v0.*' env: GO_VERSION: "1.25" CODE_COVERAGE_FILE_NAME: "coverage.out" # must be the same as in Makefile CODE_COVERAGE_ARTIFACT_NAME: "code-coverage" jobs: prep: name: prepare runs-on: ubuntu-latest permissions: actions: read # Required to identify workflow run. checks: write # Required to add status summary. contents: read # Required to checkout repository. pull-requests: write # Required to add PR comment. steps: - name: Install prerequisites run: | apt-get -qq -y update apt-get -qq -y install unzip zip - name: Checkout uses: actions/checkout@v6 - name: Install Go ${{ env.GO_VERSION }} uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: terraform_wrapper: false # terraform_version: "1.1.7" # - run: terraform init # - id: plan # run: terraform plan -no-color # - run: echo ${{ steps.plan.outputs.stdout }} # - run: echo ${{ steps.plan.outputs.stderr }} # - run: echo ${{ steps.plan.outputs.exitcode }} # Run plan by default, or apply on merge. # - uses: op5dev/tf-via-pr@v13 # with: # working-directory: path/to/directory # command: ${{ github.event_name == 'push' && 'apply' || 'plan' }} # arg-lock: ${{ github.event_name == 'push' }} # arg-backend-config: env/dev.tfbackend # arg-var-file: env/dev.tfvars # arg-workspace: dev-use1 # plan-encrypt: ${{ secrets.PASSPHRASE }} # - name: "Ensure docs are up-to-date" # if: ${{ github.event_name == 'pull_request' }} # run: ./scripts/check-docs.sh # continue-on-error: true # - name: "Run go mod tidy" # if: ${{ github.event_name == 'pull_request' }} # run: go mod tidy # - name: golangci-lint # uses: golangci/golangci-lint-action@v9 # with: # version: v2.7 # args: --config=golang-ci.yaml --allow-parallel-runners --timeout=5m # - name: Lint # run: make lint # - name: Test # run: make test # - name: Archive code coverage results # uses: actions/upload-artifact@v4 # with: # name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }} # path: "stackit/${{ env.CODE_COVERAGE_FILE_NAME }}" config: name: Check GoReleaser config if: github.event_name == 'pull_request' runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v6 - name: Check GoReleaser uses: goreleaser/goreleaser-action@v6 with: args: check code_coverage: name: "Code coverage report" if: github.event_name == 'pull_request' || (github.event_name == 'push' && contains(github.ref, 'refs/tags/')) runs-on: ubuntu-latest needs: prep permissions: contents: read actions: read # to download code coverage results from "main" job pull-requests: write # write permission needed to comment on PR steps: - name: Check new code coverage uses: fgrosse/go-coverage-report@v1.2.0 continue-on-error: true # Add this line to prevent pipeline failures in forks with: coverage-artifact-name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }} coverage-file-name: ${{ env.CODE_COVERAGE_FILE_NAME }} root-package: 'tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview' publish: name: "Publish provider" # if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') if: github.event_name == 'push' runs-on: ubuntu-latest permissions: actions: read # Required to identify workflow run. checks: write # Required to add status summary. contents: read # Required to checkout repository. pull-requests: write # Required to add PR comment. steps: - name: Install needed tools run: | apt-get -y -qq update apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget - name: Checkout uses: actions/checkout@v6 - name: Install Go ${{ env.GO_VERSION }} uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} - name: Install go tools run: | go install golang.org/x/tools/cmd/goimports@latest go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest - uses: actions/setup-java@v5 with: distribution: 'temurin' # See 'Supported distributions' for available options java-version: '21' - name: Run build pkg directory run: | go run cmd/main.go build - name: Set up s3cfg run: | cat <<'EOF' >> ~/.s3cfg [default] host_base = https://object.storage.eu01.onstackit.cloud host_bucket = https://%(bucket).object.storage.eu01.onstackit.cloud check_ssl_certificate = False access_key = ${{ secrets.S3_ACCESS_KEY }} secret_key = ${{ secrets.S3_SECRET_KEY }} EOF - name: Import GPG key run: | gpg --import private.key - name: Run GoReleaser id: goreleaser env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }} uses: goreleaser/goreleaser-action@v6 with: args: release --skip publish --clean --snapshot - name: Prepare key file run: | echo $(echo ${{ secrets.KEY_FILE_B64 }} | base64 -d) >public_key.pem - name: Prepare provider directory structure run: | VERSION=$(jq -c .version < dist/metadata.json) go run main.go \ -ns=mhenselin \ -p=stackitprivatepreview \ -r=terraform-provider-stackitprivatepreview \ -d=tfregistry.sysops.stackit.rocks \ -gf=${{ secrets.GPG_FINGERPRINT }} \ -gk=public_key.pem \ -v=${VERSION} - name: Publish provider to S3 run: | set -e cd release/ s3cmd put --recursive v1 s3://terraform-provider-privatepreview/ s3cmd put --recursive .well-known s3://terraform-provider-privatepreview/