Build/Push pulumi/actions container with new SDK releases (#2646)

* Build/Push pulumi/actions container with new SDK releases

* Address PR feedback
This commit is contained in:
Chris Smith 2019-04-18 15:32:19 -07:00 committed by GitHub
parent bea1bea93f
commit 0ede30fdb6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 157 additions and 9 deletions

1
.gitignore vendored
View file

@ -5,7 +5,6 @@
**/.vscode/
coverage.cov
*.coverprofile
**/dist
/.idea/
*.iml

30
dist/actions/Dockerfile vendored Normal file
View file

@ -0,0 +1,30 @@
ARG PULUMI_VERSION=latest
FROM pulumi/pulumi:${PULUMI_VERSION}
# Extend the base pulumi/pulumi container at a specific version. "latest"
# will always correspond to the most recently released SDK.
# Label things so it lights up in GitHub Actions!
LABEL "com.github.actions.name"="Pulumi"
LABEL "com.github.actions.description"="Deploy apps and infra to your favorite cloud!"
LABEL "com.github.actions.icon"="cloud-lightning"
LABEL "com.github.actions.color"="purple"
# pulumi/actions contains documentation, examples. The actual container image is at
# https://github.com/pulumi/pulumi.
LABEL "repository"="https://github.com/pulumi/actions"
LABEL "homepage"="http://pulumi.io/reference/gh-actions.html"
# Install deps not already included in base container image.
RUN apt-get update -y && \
apt-get install -y jq
# Copy the entrypoint script.
COPY ./entrypoint.sh /usr/bin/pulumi-action
# The app directory should contain the Pulumi program and is the pwd for the CLI.
WORKDIR /app
VOLUME ["/app"]
# This image uses a thin wrapper over the Pulumi CLI as its entrypoint. As a result, you may run commands
# simply by running `docker run pulumi/pulumi up` to run the program mounted in the `/app` volume location.
ENTRYPOINT ["/usr/bin/pulumi-action", "--non-interactive"]

109
dist/actions/entrypoint.sh vendored Executable file
View file

@ -0,0 +1,109 @@
#!/bin/bash
# This is an entrypoint for our Docker image that does some minimal bootstrapping before executing.
set -e
# If the PULUMI_CI variable is set, we'll do some extra things to make common tasks easier.
if [ ! -z "$PULUMI_CI" ]; then
# Capture the PWD before we go and potentially change it.
ROOT=$(pwd)
# If the root of the Pulumi project isn't the root of the repo, CD into it.
if [ ! -z "$PULUMI_ROOT" ]; then
cd $PULUMI_ROOT
fi
# Detect the CI system and configure variables so that we get good Pulumi workflow and GitHub App support.
if [ ! -z "$GITHUB_WORKFLOW" ]; then
export PULUMI_CI_SYSTEM="GitHub"
export PULUMI_CI_BUILD_ID=
export PULUMI_CI_BUILD_TYPE=
export PULUMI_CI_BUILD_URL=
export PULUMI_CI_PULL_REQUEST_SHA="$GITHUB_SHA"
# For PR events, we want to take the ref of the target branch, not the current. This ensures, for
# instance, that a PR for a topic branch merging into `master` will use the `master` branch as the
# target for a preview. Note that for push events, we of course want to use the actual branch.
if [ "$PULUMI_CI" = "pr" ]; then
# Not all PR events warrant running a preview. Many of them pertain to changes in assignments and
# ownership, but we only want to run the preview if the action is "opened", "edited", or "synchronize".
PR_ACTION=$(jq -r ".action" < $GITHUB_EVENT_PATH)
if [ "$PR_ACTION" != "opened" ] && [ "$PR_ACTION" != "edited" ] && [ "$PR_ACTION" != "synchronize" ]; then
echo -e "PR event ($PR_ACTION) contains no changes and does not warrant a Pulumi Preview"
echo -e "Skipping Pulumi action altogether..."
exit 0
fi
BRANCH=$(jq -r ".pull_request.base.ref" < $GITHUB_EVENT_PATH)
else
BRANCH="$GITHUB_REF"
fi
BRANCH=$(echo $BRANCH | sed "s/refs\/heads\///g")
fi
# Respect the branch mappings file for stack selection. Note that this is *not* required, but if the file
# is missing, the caller of this script will need to pass `-s <stack-name>` to specify the stack explicitly.
if [ ! -z "$BRANCH" ]; then
if [ -e $ROOT/.pulumi/ci.json ]; then
PULUMI_STACK_NAME=$(cat $ROOT/.pulumi/ci.json | jq -r ".\"$BRANCH\"")
else
# If there's no stack mapping file, we are on master, and there's a single stack, use it.
PULUMI_STACK_NAME=$(pulumi stack ls | awk 'FNR == 2 {print $1}' | sed 's/\*//g')
fi
if [ ! -z "$PULUMI_STACK_NAME" ] && [ "$PULUMI_STACK_NAME" != "null" ]; then
pulumi stack select $PULUMI_STACK_NAME
else
echo -e "No stack configured for branch '$BRANCH'"
echo -e ""
echo -e "To configure this branch, please"
echo -e "\t1) Run 'pulumi stack init <stack-name>'"
echo -e "\t2) Associated the stack with the branch by adding"
echo -e "\t\t{"
echo -e "\t\t\t\"$BRANCH\": \"<stack-name>\""
echo -e "\t\t}"
echo -e "\tto your .pulumi/ci.json file"
echo -e ""
echo -e "For now, exiting cleanly without doing anything..."
exit 0
fi
fi
fi
# For Google, we need to authenticate with a service principal for certain authentication operations.
if [ ! -z "$GOOGLE_CREDENTIALS" ]; then
GCLOUD_KEYFILE="$(mktemp).json"
echo "$GOOGLE_CREDENTIALS" > $GCLOUD_KEYFILE
gcloud auth activate-service-account --key-file=$GCLOUD_KEYFILE
fi
# Next, lazily install packages if required.
if [ -e package.json ] && [ ! -d node_modules ]; then
npm install
fi
# Now just pass along all arguments to the Pulumi CLI.
OUTPUT=$(sh -c "pulumi --non-interactive $*" 2>&1)
EXIT_CODE=$?
echo "#### :tropical_drink: \`pulumi ${@:2}\`"
echo "$OUTPUT"
# If the GitHub action stems from a Pull Request event, we may optionally leave a comment if the
# COMMENT_ON_PR is set.
COMMENTS_URL=$(cat $GITHUB_EVENT_PATH | jq -r .pull_request.comments_url)
if [ ! -z $COMMENTS_URL ] && [ ! -z $COMMENT_ON_PR ]; then
if [ -z $GITHUB_TOKEN ]; then
echo "ERROR: COMMENT_ON_PR was set, but GITHUB_TOKEN is not set."
else
COMMENT="#### :tropical_drink: \`pulumi ${@:2}\`
\`\`\`
$OUTPUT
\`\`\`"
PAYLOAD=$(echo '{}' | jq --arg body "$COMMENT" '.body = $body')
echo "Commenting on PR $COMMENTS_URL"
curl -s -S -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" --data "$PAYLOAD" "$COMMENTS_URL"
fi
fi
exit $EXIT_CODE

View file

@ -1,11 +1,8 @@
FROM python:3.7-slim
# TODO[pulumi/pulumi#1986]: consider switching to, or supporting, Alpine Linux for smaller image sizes.
LABEL "com.github.actions.name"="Pulumi"
LABEL "com.github.actions.description"="Deploy apps and infra to your favorite cloud!"
LABEL "com.github.actions.icon"="cloud-lightning"
LABEL "com.github.actions.color"="purple"
LABEL "repository"="https://github.com/pulumi/pulumi"
LABEL "homepage"="http://pulumi.io/reference/gh-actions.html"
LABEL "homepage"="http://pulumi.io/"
LABEL "maintainer"="Pulumi Team <team@pulumi.com>"
# Install deps all in one step

View file

@ -30,10 +30,23 @@ if [[ "${CLI_VERSION}" == *-* ]]; then
exit 0
fi
echo "Building and publishing pulumi/pulumi:${CLI_VERSION}"
docker build --build-arg PULUMI_VERSION="${CLI_VERSION}" -t "pulumi/pulumi:${CLI_VERSION}" -t "pulumi/pulumi:latest" "${SCRIPT_DIR}/../dist/docker"
docker login -u "${DOCKER_HUB_USER}" -p "${DOCKER_HUB_PASSWORD}"
echo "Building and publishing pulumi/pulumi:${CLI_VERSION}"
docker build --build-arg PULUMI_VERSION="${CLI_VERSION}" \
-t "pulumi/pulumi:${CLI_VERSION}" \
-t "pulumi/pulumi:latest" \
"${SCRIPT_DIR}/../dist/docker"
docker push "pulumi/pulumi:${CLI_VERSION}"
docker push "pulumi/pulumi:latest"
# Pulumi container optimized for GitHub Actions.
echo "Building and publishing pulumi/actions:${CLI_VERSION}"
docker build --build-arg PULUMI_VERSION="${CLI_VERSION}" \
-t "pulumi/actions:${CLI_VERSION}" \
-t "pulumi/actions:latest" \
"${SCRIPT_DIR}/../dist/actions"
docker push "pulumi/actions:${CLI_VERSION}"
docker push "pulumi/actions:latest"
docker logout