Open VenelinMartinov opened 10 months ago
https://github.com/pulumi/pulumi-cloudflare/blob/master/Makefile#L120 CLoudflare calls make provider which does call the patching via Makefile. Likewise AWS is a bridged provider and certainly does patch it before building. I'm not sure this is accurate? do you have a repro?
Yeah, I think the issue only applies for tests which don't use the provider executable but instead build against provider code, like the GRPC replay tests.
For example in https://github.com/pulumi/pulumi-azuredevops/pull/219 I added GRPC tests but the CI was failing since the tests were building against a non-patched upstream.
I doubt there is any code which is wrong in the wild.
I'm not sure this makes any sense still
https://github.com/pulumi/pulumi-aws/actions/runs/7142409416/job/19451648033#step:11:1
prerequisites job runs
make provider # this implies make upstream
make test_provider
Looking at the azdo PR.
Ah I see the workaround is adding make upstream to preTest
preTest:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: ${{ env.AWS_REGION }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 3600
role-session-name: ${{ env.PROVIDER }}@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Make upstream
run: make upstream
Providers that do that are not affected. This makes sense.
Make upstream is not called during tests in GHA for bridged providers. It is a noop for non patched providers, so should be fine to call.
Some patched providers don't test patched upstreams in non-integration tests. Example: https://github.com/pulumi/pulumi-cloudflare/blob/master/.github/workflows/run-acceptance-tests.yml
It doesn't have any non-integration test, so it doesn't really affect us but it might catch someone off guard like it did me here https://github.com/pulumi/pulumi-azuredevops/pull/219
Native Providers
Bridged Providers
Tier 1
Tier 2