Add .NET Core SDK to pulumi/pulumi container (#3616)

* Add tests for the pulumi/actions container

* Add .NET Core SDK to pulumi/pulumi container

* Address PR feedback

* Update CHANGELOG.md

CHANGELOG.md

@@ -15,6 +15,8 @@ CHANGELOG
 - Support for using `Config`, `getProject()`, `getStack()`, and `isDryRun()` from Policy Packs.
   [#3612](https://github.com/pulumi/pulumi/pull/3612)
 
+- Add the .NET Core 3.0 runtime to the pulumi/pulumi container. [#3616](https://github.com/pulumi/pulumi/pull/3616).
+
 ## 1.7.1 (2019-12-13)
 
 - Fix [SxS issue](https://github.com/pulumi/pulumi/issues/3652) introduced in 1.7.0 when assigning

dist/docker/Dockerfile

@@ -1,5 +1,4 @@
 FROM python:3.7-slim-stretch
-# TODO[pulumi/pulumi#1986]: consider switching to, or supporting, Alpine Linux for smaller image sizes.
 
 LABEL "repository"="https://github.com/pulumi/pulumi"
 LABEL "homepage"="https://pulumi.com/"
@@ -15,37 +14,46 @@ RUN apt-get update -y && \
     git \
     gnupg \
     software-properties-common \
-  && \
-  # Get all of the signatures we need all at once
-  curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \
-  curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
-  curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add && \
+    wget && \
+  # Get all of the signatures we need all at once.
+  curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key  | apt-key add - && \
+  curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg              | apt-key add - && \
+  curl -fsSL https://download.docker.com/linux/debian/gpg          | apt-key add - && \
   curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - && \
-  curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | apt-key add - && \
+  curl -fsSL https://packages.microsoft.com/keys/microsoft.asc     | apt-key add - && \
   # IAM Authenticator for EKS
   curl -fsSLo /usr/bin/aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/aws-iam-authenticator && \
   chmod +x /usr/bin/aws-iam-authenticator && \
   # Add additional apt repos all at once
-  echo "deb https://deb.nodesource.com/node_11.x $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/node.list && \
-  echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
-  echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list && \
-  echo "deb http://packages.cloud.google.com/apt cloud-sdk-$(lsb_release -cs) main" | tee /etc/apt/sources.list.d/google-cloud-sdk.list && \
-  echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list &&\
-  echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/azure.list && \
+  echo "deb https://deb.nodesource.com/node_11.x $(lsb_release -cs) main"                         | tee /etc/apt/sources.list.d/node.list             && \
+  echo "deb https://dl.yarnpkg.com/debian/ stable main"                                           | tee /etc/apt/sources.list.d/yarn.list             && \
+  echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"      | tee /etc/apt/sources.list.d/docker.list           && \
+  echo "deb http://packages.cloud.google.com/apt cloud-sdk-$(lsb_release -cs) main"               | tee /etc/apt/sources.list.d/google-cloud-sdk.list && \
+  echo "deb http://apt.kubernetes.io/ kubernetes-xenial main"                                     | tee /etc/apt/sources.list.d/kubernetes.list       && \
+  echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/azure.list            && \
   # Install second wave of dependencies
   apt-get update -y && \
-    apt-get install -y \
+  apt-get install -y \
     azure-cli \
     docker-ce \
     google-cloud-sdk \
     kubectl \
     nodejs \
-    yarn \
-  && \
+    yarn && \
   pip install awscli --upgrade && \
   # Clean up the lists work
   rm -rf /var/lib/apt/lists/*
 
+# Install .NET Core SDK
+RUN wget -q https://packages.microsoft.com/config/ubuntu/19.04/packages-microsoft-prod.deb \
+    -O packages-microsoft-prod.deb && \
+  dpkg -i packages-microsoft-prod.deb && \
+  rm packages-microsoft-prod.deb && \
+  apt-get update -y && \
+  apt-get install -y \
+    apt-transport-https \
+    dotnet-sdk-3.1
+
 # Install Helm
 RUN curl -L https://git.io/get_helm.sh | bash
 

scripts/build-and-publish-docker

@@ -32,21 +32,23 @@ fi
 
 docker login -u "${DOCKER_HUB_USER}" -p "${DOCKER_HUB_PASSWORD}"
 
-echo "Building and publishing pulumi/pulumi:${CLI_VERSION}"
-docker build --build-arg PULUMI_VERSION="${CLI_VERSION}" \
-    -t "pulumi/pulumi:${CLI_VERSION}" \
-    -t "pulumi/pulumi:latest" \
-    "${SCRIPT_DIR}/../dist/docker"
-docker push "pulumi/pulumi:${CLI_VERSION}"
-docker push "pulumi/pulumi:latest"
+echo "Building containers..."
+for container in [pulumi actions]; do
+    echo "- pulumi/${container}"
+    docker build --build-arg PULUMI_VERSION="${CLI_VERSION}" \
+        -t "pulumi/${container}:${CLI_VERSION}" \
+        -t "pulumi/${container}:latest" \
+        "${SCRIPT_DIR}/../dist/docker"
+done
 
-# Pulumi container optimized for GitHub Actions.
-echo "Building and publishing pulumi/actions:${CLI_VERSION}"
-docker build --build-arg PULUMI_VERSION="${CLI_VERSION}" \
-    -t "pulumi/actions:${CLI_VERSION}" \
-    -t "pulumi/actions:latest" \
-    "${SCRIPT_DIR}/../dist/actions"
-docker push "pulumi/actions:${CLI_VERSION}"
-docker push "pulumi/actions:latest"
+echo "Running container runtime tests..."
+RUN_CONTAINER_TESTS=true go test tests/containers/...
+
+echo "Publishing containers..."
+for container in [pulumi actions]; do
+    echo "- pulumi/${container}"
+    docker push "pulumi/${container}:${CLI_VERSION}"
+    docker push "pulumi/${container}:latest"
+done
 
 docker logout

tests/containers/containers_test.go

@@ -0,0 +1,105 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package containers
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+
+	ptesting "github.com/pulumi/pulumi/pkg/testing"
+)
+
+// TestPulumiContainerImages simulates building and running Pulumi programs
+// on all of the supported container images.
+func TestPulumiContainerImages(t *testing.T) {
+	const pulumiContainerToTest = "pulumi/actions:latest"
+
+	if os.Getenv("RUN_CONTAINER_TESTS") == "" {
+		t.Skip("Skipping container runtime tests because RUN_CONTAINER_TESTS not set.")
+	}
+
+	// Confirm we have credentials.
+	if os.Getenv("PULUMI_ACCESS_TOKEN") == "" {
+		t.Fatal("PULUMI_ACCESS_TOKEN not found, aborting tests.")
+	}
+
+	// MacOS workaround. os.TempDir returns a path under /var/, which isn't
+	// bindable in default Docker installs. So we override the behavior to
+	// use /tmp, which should work.
+	if strings.HasPrefix(os.TempDir(), "/var/") {
+		os.Setenv("TMPDIR", "/tmp")
+	}
+
+	// Confirm the container has been built, will emit no output if it isn't found.
+	e := ptesting.NewEnvironment(t)
+	stdout, _ := e.RunCommand("docker", "images", pulumiContainerToTest, "--quiet")
+	if len(stdout) == 0 {
+		t.Fatalf("It doesn't appear that the container image %s has been built.", pulumiContainerToTest)
+	}
+	e.DeleteEnvironment()
+
+	t.Run("dotnet", func(t *testing.T) {
+		testRuntimeWorksInContainer(t, "dotnet", pulumiContainerToTest)
+	})
+
+	t.Run("nodejs", func(t *testing.T) {
+		testRuntimeWorksInContainer(t, "nodejs", pulumiContainerToTest)
+	})
+
+	t.Run("python", func(t *testing.T) {
+		testRuntimeWorksInContainer(t, "python", pulumiContainerToTest)
+	})
+}
+
+// testRuntimeWorksInContainer runs a test that attempts to run a Pulumi program in the given
+// container. It is assumed that Pulumi program has a configuration key named "runtime" and
+// will print "Hello from {{ runtime }}".
+func testRuntimeWorksInContainer(t *testing.T, runtime, container string) {
+	const stackOwner = "moolumi"
+
+	stackName := fmt.Sprintf("%s/container-%s-%x", stackOwner, runtime, time.Now().UnixNano())
+
+	e := ptesting.NewEnvironment(t)
+	defer func() {
+		e.RunCommand("pulumi", "stack", "rm", "--force", "--yes")
+		e.DeleteEnvironment()
+	}()
+	e.ImportDirectory(runtime)
+
+	// Create the stack and set the required configuration.
+	e.RunCommand("pulumi", "stack", "init", stackName)
+	e.RunCommand("pulumi", "config", "set", "runtime", runtime)
+
+	// Run `pulumi up` using the Pulumi container.
+	stdout, _ := e.RunCommand("docker", "run",
+		// Set the PULUMI_ACCESS_TOKEN environment variable, to authenticate.
+		// BUG: This is why the these tests aren't configured to run as part of CI,
+		// since the access token would get written to logs.
+		"--env", fmt.Sprintf("PULUMI_ACCESS_TOKEN=%s", os.Getenv("PULUMI_ACCESS_TOKEN")),
+		// Mount the stack's source code into the container.
+		"--volume", fmt.Sprintf("%s:/src", e.CWD),
+		// Set working directory when running the container.
+		"--workdir", "/src",
+		// Container to run.
+		container,
+		// Flags to the container's entry point (`pulumi`).
+		"up", "--stack", stackName)
+
+	assert.Contains(t, stdout, "Hello from "+runtime,
+		"Looking for indication stack update was successful in container output.")
+}

tests/containers/dotnet/.gitignore

@@ -0,0 +1,353 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+##
+## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
+
+# User-specific files
+*.rsuser
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Mono auto generated files
+mono_crash.*
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+[Aa][Rr][Mm]/
+[Aa][Rr][Mm]64/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+[Ll]ogs/
+
+# Visual Studio 2015/2017 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# Visual Studio 2017 auto generated files
+Generated\ Files/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUnit
+*.VisualState.xml
+TestResult.xml
+nunit-*.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# Benchmark Results
+BenchmarkDotNet.Artifacts/
+
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+
+# StyleCop
+StyleCopReport.xml
+
+# Files built by Visual Studio
+*_i.c
+*_p.c
+*_h.h
+*.ilk
+*.meta
+*.obj
+*.iobj
+*.pch
+*.pdb
+*.ipdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*_wpftmp.csproj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# Visual Studio Trace Files
+*.e2e
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# JustCode is a .NET coding add-in
+.JustCode
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# AxoCover is a Code Coverage Tool
+.axoCover/*
+!.axoCover/settings.json
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# Note: Comment the next line if you want to checkin your web deploy settings,
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+
+# NuGet Packages
+*.nupkg
+# NuGet Symbol Packages
+*.snupkg
+# The packages folder can be ignored because of Package Restore
+**/[Pp]ackages/*
+# except build/, which is used as an MSBuild target.
+!**/[Pp]ackages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/[Pp]ackages/repositories.config
+# NuGet v3's project.json files produces more ignorable files
+*.nuget.props
+*.nuget.targets
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+*.appx
+*.appxbundle
+*.appxupload
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!?*.[Cc]ache/
+
+# Others
+ClientBin/
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.jfm
+*.pfx
+*.publishsettings
+orleans.codegen.cs
+
+# Including strong name files can present a security risk
+# (https://github.com/github/gitignore/pull/2483#issue-259490424)
+#*.snk
+
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+ServiceFabricBackup/
+*.rptproj.bak
+
+# SQL Server files
+*.mdf
+*.ldf
+*.ndf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+*.rptproj.rsuser
+*- [Bb]ackup.rdl
+*- [Bb]ackup ([0-9]).rdl
+*- [Bb]ackup ([0-9][0-9]).rdl
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+node_modules/
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
+*.vbw
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+
+# FAKE - F# Make
+.fake/
+
+# CodeRush personal settings
+.cr/personal
+
+# Python Tools for Visual Studio (PTVS)
+__pycache__/
+*.pyc
+
+# Cake - Uncomment if you are using it
+# tools/**
+# !tools/packages.config
+
+# Tabs Studio
+*.tss
+
+# Telerik's JustMock configuration file
+*.jmconfig
+
+# BizTalk build output
+*.btp.cs
+*.btm.cs
+*.odx.cs
+*.xsd.cs
+
+# OpenCover UI analysis results
+OpenCover/
+
+# Azure Stream Analytics local run output
+ASALocalRun/
+
+# MSBuild Binary and Structured Log
+*.binlog
+
+# NVidia Nsight GPU debugger configuration file
+*.nvuser
+
+# MFractors (Xamarin productivity tool) working folder
+.mfractor/
+
+# Local History for Visual Studio
+.localhistory/
+
+# BeatPulse healthcheck temp database
+healthchecksdb
+
+# Backup folder for Package Reference Convert tool in Visual Studio 2017
+MigrationBackup/
+
+# Ionide (cross platform F# VS Code tools) working folder
+.ionide/

tests/containers/dotnet/Infra.fsproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="Program.fs" />
+  </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="Pulumi.FSharp" Version="1.5.0-preview" />
+  </ItemGroup>
+</Project>

tests/containers/dotnet/Program.fs

@@ -0,0 +1,16 @@
+module Program
+
+open System
+open Pulumi.FSharp
+
+let infra () =
+  let config = new Pulumi.Config()
+  let runtime = config.Get("runtime")
+  Console.WriteLine("Hello from {0}", runtime)
+  
+  // Stack outputs
+  dict []
+
+[<EntryPoint>]
+let main _ =
+  Deployment.run infra

tests/containers/dotnet/Pulumi.yaml

@@ -0,0 +1,3 @@
+name: trivial-dotnet
+runtime: dotnet
+description: A trivial Pulumi program for .NET

tests/containers/nodejs/.gitignore

@@ -0,0 +1 @@
+/node_modules/

tests/containers/nodejs/Pulumi.yaml

@@ -0,0 +1,3 @@
+name: trivial-nodejs
+runtime: nodejs
+description: A trivial Pulumi program for Node

tests/containers/nodejs/index.js

@@ -0,0 +1,4 @@
+"use strict";
+const pulumi = require("@pulumi/pulumi");
+const config = new pulumi.Config();
+console.log("Hello from", config.require("runtime"));

tests/containers/nodejs/package.json

@@ -0,0 +1,7 @@
+{
+    "name": "javascript",
+    "main": "index.js",
+    "dependencies": {
+        "@pulumi/pulumi": "^1.0.0"
+    }
+}

tests/containers/python/.gitignore

@@ -0,0 +1,2 @@
+*.pyc
+venv/

tests/containers/python/Pulumi.yaml

@@ -0,0 +1,3 @@
+name: trivial-python
+runtime: python
+description: A trivial Pulumi program for Python

tests/containers/python/__main__.py

@@ -0,0 +1,4 @@
+import pulumi
+
+config = pulumi.Config()
+print("Hello from %s" % (config.require("runtime")))

tests/containers/python/requirements.txt

@@ -0,0 +1 @@
+pulumi>=1.0.0