add ci and e2e suites

Author: benny-n

.github/workflows/ci.yaml

@@ -0,0 +1,34 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: astral-sh/setup-uv@v5
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: uv sync --all-extras --group dev
+
+      - name: Check formatting
+        run: uv run ruff format --check .
+
+      - name: Run linting
+        run: uv run ruff check .
+
+      - name: Run type checking
+        run: uv run ty check

.github/workflows/e2e-aws.yaml

@@ -0,0 +1,153 @@
+name: E2E AWS
+
+on:
+  pull_request:
+    branches: [main]
+  workflow_dispatch: {}
+
+concurrency:
+  group: e2e-aws
+  cancel-in-progress: false
+
+permissions:
+  contents: read
+  id-token: write
+
+env:
+  PULUMI_CONFIG_PASSPHRASE: "ci-ephemeral"
+
+jobs:
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      should_run: ${{ steps.filter.outputs.aws }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            aws:
+              - 'pulumi_pinecone_byoc/aws/**'
+              - 'pulumi_pinecone_byoc/common/**'
+              - 'config/aws.py'
+              - 'config/base.py'
+              - 'config/__init__.py'
+              - 'setup/wizard.py'
+
+  e2e:
+    needs: changes
+    if: needs.changes.outputs.should_run == 'true' || github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    timeout-minutes: 90
+    environment: aws-e2e
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure AWS credentials (OIDC)
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_E2E_ROLE_ARN }}
+          aws-region: us-east-1
+
+      - uses: astral-sh/setup-uv@v5
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install Pulumi CLI
+        uses: pulumi/actions@v6
+
+      - name: Install kubectl
+        uses: azure/setup-kubectl@v4
+
+      - name: Run wizard (headless)
+        id: wizard
+        env:
+          PINECONE_API_KEY: ${{ secrets.PINECONE_API_KEY }}
+          PINECONE_REGION: us-east-1
+          PINECONE_AZS: "us-east-1a,us-east-1b"
+          PINECONE_VPC_CIDR: "10.0.0.0/16"
+          PINECONE_DELETION_PROTECTION: "false"
+          PINECONE_PUBLIC_ACCESS: "false"
+          PINECONE_PROJECT_NAME: "pinecone-byoc"
+        run: |
+          uv run --with rich --with pyyaml python setup/wizard.py \
+            --cloud aws \
+            --headless \
+            --stack-name ci \
+            --skip-install \
+            --output-dir ./e2e-project
+
+      - name: Patch __main__.py with CI overrides
+        working-directory: ./e2e-project
+        run: |
+          python3 << 'PATCH'
+          path = "__main__.py"
+          content = open(path).read()
+          content = content.replace(
+              "        tags=config.get_object(\"tags\"),",
+              """        tags=config.get_object("tags"),
+                  global_env=config.require("global-env"),
+                  api_url=config.require("api-url"),
+                  auth0_domain=config.require("auth0-domain"),
+                  gcp_project=config.require("gcp-project"),""",
+          )
+          open(path, "w").write(content)
+          PATCH
+
+      - name: Replace PyPI dep with local source
+        working-directory: ./e2e-project
+        run: |
+          sed -i 's|"pulumi-pinecone-byoc\[aws\]"|"pulumi-pinecone-byoc[aws] @ file://'"$GITHUB_WORKSPACE"'"|' pyproject.toml
+
+      - name: Install dependencies
+        working-directory: ./e2e-project
+        run: uv sync
+
+      - name: Setup Pulumi stack
+        working-directory: ./e2e-project
+        run: |
+          pulumi login --local
+          pulumi stack select --create ci
+
+      - name: Set Pulumi config
+        working-directory: ./e2e-project
+        env:
+          PINECONE_API_KEY: ${{ secrets.PINECONE_API_KEY }}
+        run: |
+          pulumi config set --secret pinecone-api-key "$PINECONE_API_KEY" --stack ci
+          pulumi config set global-env ci --stack ci
+          pulumi config set api-url "https://api-staging.pinecone.io" --stack ci
+          pulumi config set auth0-domain "internal-beta-pinecone-io.us.auth0.com" --stack ci
+          pulumi config set gcp-project "development-pinecone" --stack ci
+
+      - name: Pulumi up
+        id: up
+        working-directory: ./e2e-project
+        run: pulumi up --yes --stack ci
+
+      - name: Pulumi destroy
+        if: always() && steps.wizard.outcome == 'success'
+        working-directory: ./e2e-project
+        run: pulumi destroy --yes --stack ci
+
+      - name: Pulumi stack rm
+        if: always() && steps.wizard.outcome == 'success'
+        working-directory: ./e2e-project
+        run: pulumi stack rm ci --yes --force
+
+  result:
+    if: always()
+    needs: [changes, e2e]
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          if [ "${{ needs.e2e.result }}" = "failure" ] || [ "${{ needs.e2e.result }}" = "cancelled" ]; then
+            echo "E2E failed or was cancelled"
+            exit 1
+          fi
+          echo "OK (e2e: ${{ needs.e2e.result }})"

.github/workflows/e2e-gcp.yaml

@@ -0,0 +1,158 @@
+name: E2E GCP
+
+on:
+  pull_request:
+    branches: [main]
+  workflow_dispatch: {}
+
+concurrency:
+  group: e2e-gcp
+  cancel-in-progress: false
+
+permissions:
+  contents: read
+  id-token: write
+
+env:
+  PULUMI_CONFIG_PASSPHRASE: "ci-ephemeral"
+
+jobs:
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      should_run: ${{ steps.filter.outputs.gcp }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            gcp:
+              - 'pulumi_pinecone_byoc/gcp/**'
+              - 'pulumi_pinecone_byoc/common/**'
+              - 'config/gcp.py'
+              - 'config/base.py'
+              - 'config/__init__.py'
+              - 'setup/wizard.py'
+
+  e2e:
+    needs: changes
+    if: needs.changes.outputs.should_run == 'true' || github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    timeout-minutes: 90
+    environment: gcp-e2e
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Authenticate to GCP
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+
+      - name: Set up gcloud CLI
+        uses: google-github-actions/setup-gcloud@v2
+
+      - uses: astral-sh/setup-uv@v5
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install Pulumi CLI
+        uses: pulumi/actions@v6
+
+      - name: Install kubectl
+        uses: azure/setup-kubectl@v4
+
+      - name: Run wizard (headless)
+        id: wizard
+        env:
+          PINECONE_API_KEY: ${{ secrets.PINECONE_API_KEY }}
+          GCP_PROJECT: staging-pinecone-byoc
+          PINECONE_REGION: us-central1
+          PINECONE_AZS: "us-central1-a,us-central1-b"
+          PINECONE_VPC_CIDR: "10.112.0.0/12"
+          PINECONE_DELETION_PROTECTION: "false"
+          PINECONE_PUBLIC_ACCESS: "false"
+          PINECONE_PROJECT_NAME: "pinecone-byoc"
+        run: |
+          uv run --with rich --with pyyaml python setup/wizard.py \
+            --cloud gcp \
+            --headless \
+            --stack-name ci \
+            --skip-install \
+            --output-dir ./e2e-project
+
+      - name: Patch __main__.py with CI overrides
+        working-directory: ./e2e-project
+        run: |
+          python3 << 'PATCH'
+          path = "__main__.py"
+          content = open(path).read()
+          content = content.replace(
+              "        labels=config.get_object(\"labels\") or {},",
+              """        labels=config.get_object("labels") or {},
+                  global_env=config.require("global-env"),
+                  api_url=config.require("api-url"),
+                  auth0_domain=config.require("auth0-domain"),
+                  amp_aws_account_id=config.require("amp-aws-account-id"),""",
+          )
+          open(path, "w").write(content)
+          PATCH
+
+      - name: Replace PyPI dep with local source
+        working-directory: ./e2e-project
+        run: |
+          sed -i 's|"pulumi-pinecone-byoc\[gcp\]"|"pulumi-pinecone-byoc[gcp] @ file://'"$GITHUB_WORKSPACE"'"|' pyproject.toml
+
+      - name: Install dependencies
+        working-directory: ./e2e-project
+        run: uv sync
+
+      - name: Setup Pulumi stack
+        working-directory: ./e2e-project
+        run: |
+          pulumi login --local
+          pulumi stack select --create ci
+
+      - name: Set Pulumi config
+        working-directory: ./e2e-project
+        env:
+          PINECONE_API_KEY: ${{ secrets.PINECONE_API_KEY }}
+        run: |
+          pulumi config set --secret pinecone-api-key "$PINECONE_API_KEY" --stack ci
+          pulumi config set global-env ci --stack ci
+          pulumi config set api-url "https://api-staging.pinecone.io" --stack ci
+          pulumi config set auth0-domain "internal-beta-pinecone-io.us.auth0.com" --stack ci
+          pulumi config set amp-aws-account-id "115740606080" --stack ci
+
+      - name: Pulumi up
+        id: up
+        working-directory: ./e2e-project
+        run: pulumi up --yes --stack ci
+
+      - name: Pulumi destroy
+        if: always() && steps.wizard.outcome == 'success'
+        working-directory: ./e2e-project
+        run: pulumi destroy --yes --stack ci
+
+      - name: Pulumi stack rm
+        if: always() && steps.wizard.outcome == 'success'
+        working-directory: ./e2e-project
+        run: pulumi stack rm ci --yes --force
+
+  result:
+    if: always()
+    needs: [changes, e2e]
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          if [ "${{ needs.e2e.result }}" = "failure" ] || [ "${{ needs.e2e.result }}" = "cancelled" ]; then
+            echo "E2E failed or was cancelled"
+            exit 1
+          fi
+          echo "OK (e2e: ${{ needs.e2e.result }})"

.gitignore

@@ -1,4 +1,5 @@
 __pycache__/
 pulumi_pinecone_byoc/_version.py
 pinecone-byoc/
-.idea/
+.idea/
+.vscode/

config/__init__.py

@@ -1,6 +1,6 @@
-from .base import BaseConfig, NodePoolConfig, NodePoolTaint
 from .aws import AWSConfig, DatabaseConfig, DatabaseInstanceConfig
-from .gcp import GCPConfig, AlloyDBConfig, AlloyDBInstanceConfig
+from .base import BaseConfig, NodePoolConfig, NodePoolTaint
+from .gcp import AlloyDBConfig, AlloyDBInstanceConfig, GCPConfig
 
 __all__ = [
     "BaseConfig",

config/gcp.py

@@ -69,4 +69,3 @@ def labels(self, **extra: str) -> dict[str, str]:
             "pinecone-managed-by": "pulumi",
         }
         return {**base_labels, **self.custom_tags, **extra}
-

pulumi_pinecone_byoc/aws/__init__.py

@@ -1,14 +1,14 @@
 """AWS-specific components for Pinecone BYOC deployment."""
 
-from .cluster import PineconeAWSCluster, PineconeAWSClusterArgs, NodePool
-from .vpc import VPC
-from .eks import EKS
-from .s3 import S3Buckets
+from .cluster import NodePool, PineconeAWSCluster, PineconeAWSClusterArgs
 from .dns import DNS
-from .nlb import NLB
-from .rds import RDS, RDSInstance
+from .eks import EKS
 from .k8s_addons import K8sAddons
+from .nlb import NLB
 from .pulumi_operator import PulumiOperator
+from .rds import RDS, RDSInstance
+from .s3 import S3Buckets
+from .vpc import VPC
 
 __all__ = [
     "PineconeAWSCluster",