Move pulumi code (#2)

* Initial commit

* feat: complete pulumi stackit provider implementation

- Initial provider setup with Terraform Bridge v3
- Generated SDKs for all supported languages (Go, Node.js, Python, .NET)
- Added comprehensive configuration documentation
- Created CLAUDE.md development guide
- Full resource coverage for STACKIT cloud services

* feat: initial sdk generation (#6)

* feat: tweaking the bridging code after some tests. (#7)

* fix: missing version (#8)

* chore(deps): bump sigstore/cosign-installer from 3.8.1 to 3.9.1 (#2)

* chore(deps): bump pulumi/pulumi-upgrade-provider-action (#3)

* chore(deps): bump anchore/sbom-action from 0.18.0 to 0.20.1 (#5)

* chore(deps): bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 (#4)

* feat: add another example. (#9)

* chore(deps): bump pulumi/pulumi in /.devcontainer (#10)

* chore(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 (#11)

* Ft/adjust pulumi code (#3)

* Adjust go code to use new repository

Signed-off-by: Alexander Dahmen <[email protected]>

* Adjust dotnet, nodejs and python

Signed-off-by: Alexander Dahmen <[email protected]>

* Add dotnet example

Signed-off-by: Alexander Dahmen <[email protected]>

---------

Signed-off-by: Alexander Dahmen <[email protected]>

---------

Signed-off-by: Alexander Dahmen <[email protected]>
Co-authored-by: Engin Diri <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: 3 people

.devcontainer/Dockerfile

@@ -0,0 +1,22 @@
+FROM  --platform=linux/amd64 pulumi/pulumi:3.181.0
+
+
+# create a directory for pulumictl and download the binary to it and set to PATH
+RUN mkdir -p /root/pulumictl && cd /root/pulumictl/
+RUN wget https://github.com/pulumi/pulumictl/releases/download/v0.0.42/pulumictl-v0.0.42-linux-amd64.tar.gz -O /root/pulumictl/pulumictl-v0.0.42-linux-amd64.tar.gz
+RUN tar -xvf /root/pulumictl/pulumictl-v0.0.42-linux-amd64.tar.gz -C /root/pulumictl/
+ENV PATH="//root/pulumictl/:${PATH}"
+
+RUN apt update
+RUN apt install sudo -y
+
+RUN type -p curl >/dev/null || (sudo apt update && sudo apt install curl -y)
+RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
+RUN sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg
+RUN echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
+RUN sudo apt update
+RUN sudo apt install gh -y
+RUN sudo apt install vim -y
+
+RUN go install github.com/pulumi/upgrade-provider@main
+RUN pip install setuptools

.devcontainer/devcontainer.json

@@ -0,0 +1,12 @@
+{
+  "build": {
+    "dockerfile": "Dockerfile"
+  },
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "golang.go"
+      ]
+    }
+  }
+}

.github/CODEOWNERS

@@ -1 +1 @@
-*   @stackitcloud/developer-tools
+*   @stackitcloud/developer-tools

.github/dependabot.yml

@@ -0,0 +1,44 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/provider"
+    schedule:
+      interval: "weekly"
+      time: "08:00"
+      day: "sunday"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+  - package-ecosystem: "gomod"
+    directory: "/sdk"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+      time: "08:00"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+      time: "08:00"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+  - package-ecosystem: "docker"
+    directory: "/.devcontainer"
+    schedule:
+      interval: "daily"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore"
+      include: "scope"

.github/workflows/check-upgrade-provider.yaml

@@ -0,0 +1,21 @@
+env:
+  GH_TOKEN: ${{ secrets.GH_TOKEN }}
+jobs:
+  upgrade_provider:
+    name: upgrade-provider
+    runs-on: ubuntu-latest
+    steps:
+    - name: Call upgrade provider action
+      uses: pulumi/pulumi-upgrade-provider-action@3c670a7cb92732324c8ccc17f7f9ef9dfca126d0 # v0.0.17
+      with:
+        kind: check-upstream-version
+
+permissions:
+  contents: write
+
+name: Check upstream upgrade
+on:
+  workflow_dispatch: {} #so we can run this manually if necessary.
+  schedule:
+  # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours.
+  - cron: 0 3 * * *

.github/workflows/release.yaml

@@ -0,0 +1,144 @@
+name: release
+on:
+  push:
+    tags:
+      - v*.*.*
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  id-token: write
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  NUGET_FEED_URL: https://api.nuget.org/v3/index.json
+  PROVIDER: stackit
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
+  PYPI_USERNAME: "__token__"
+  PUBLISH_PYPI: true
+  PUBLISH_NPM: true
+  PUBLISH_NUGET: true
+jobs:
+  publish_binary:
+    name: publish
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
+      - name: Unshallow clone for tags
+        run: git fetch --prune --unshallow --tags
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # tag=v5.5.0
+        with:
+          go-version: ${{matrix.goversion}}
+      - name: Install pulumictl
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # tag=v2.1.0
+        with:
+          repo: pulumi/pulumictl
+      - name: Set PreRelease Version
+        run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)" >> $GITHUB_ENV
+      - uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
+      - uses: anchore/sbom-action/download-syft@cee1b8e05ae5b2593a75e197229729eabaa9f8ec # v0.20.2
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # tag=v6.3.0
+        with:
+          args: -p 3 release --clean
+          version: '~> v2'
+      - name: Create tag
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # tag=v7.0.1
+        with:
+          script: |
+            github.rest.git.createRef({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              ref: 'refs/tags/sdk/${{ github.ref_name }}',
+              sha: context.sha
+            })
+    strategy:
+      fail-fast: true
+      matrix:
+        goversion:
+          - 1.22.x
+  publish_sdk:
+    name: Publish SDKs
+    runs-on: ubuntu-latest
+    needs: publish_binary
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2
+      - name: Unshallow clone for tags
+        run: git fetch --prune --unshallow --tags
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # tag=v5.5.0
+        with:
+          go-version: ${{ matrix.goversion }}
+      - name: Install pulumictl
+        uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # tag=v2.1.0
+        with:
+          repo: pulumi/pulumictl
+      - name: Install Pulumi CLI
+        uses: pulumi/action-install-pulumi-cli@b374ceb6168550de27c6eba92e01c1a774040e11 # tag=v2.0.0
+      - name: Setup Node
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # tag=v4.4.0
+        with:
+          node-version: ${{matrix.nodeversion}}
+          registry-url: ${{env.NPM_REGISTRY_URL}}
+      - name: Setup DotNet
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # tag=v2.1.0
+        with:
+          dotnet-version: ${{matrix.dotnetverson}}
+      - name: Setup Python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # tag=v5.6.0
+        with:
+          python-version: ${{matrix.pythonversion}}
+      - name: Build SDK
+        run: make build_${{ matrix.language }}
+      - name: Check worktree clean
+        run: |
+          git update-index -q --refresh
+          if ! git diff-files --quiet; then
+              >&2 echo "error: working tree is not clean, aborting!"
+              git status
+              git diff
+              exit 1
+          fi
+      - if: ${{ matrix.language == 'python' && env.PUBLISH_PYPI == 'true' }}
+        name: Publish package to PyPI
+        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # tag=v1.12.4
+        with:
+          user: ${{ env.PYPI_USERNAME }}
+          password: ${{ env.PYPI_PASSWORD }}
+          packages_dir: ${{github.workspace}}/sdk/python/bin/dist
+      - if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }}
+        uses: JS-DevTools/npm-publish@19c28f1ef146469e409470805ea4279d47c3d35c # tag=v3.1.1
+        with:
+          access: "public"
+          token: ${{ env.NPM_TOKEN }}
+          package: ${{github.workspace}}/sdk/nodejs/bin/package.json
+          provenance: true
+      - if: ${{ matrix.language == 'dotnet' && env.PUBLISH_NUGET == 'true' }}
+        name: publish nuget package
+        run: |
+          dotnet nuget push ${{github.workspace}}/sdk/dotnet/bin/Debug/*.nupkg -s ${{ env.NUGET_FEED_URL }} -k ${{ env.NUGET_PUBLISH_KEY }}
+          echo "done publishing packages"
+    strategy:
+      fail-fast: true
+      matrix:
+        dotnetversion:
+          - 3.1.301
+        goversion:
+          - 1.22.x
+        language:
+          - nodejs
+          - python
+          - dotnet
+          - go
+        nodeversion:
+          - 20.x
+        pythonversion:
+          - "3.9"

.github/workflows/upgrade-provider.yaml

@@ -0,0 +1,22 @@
+env:
+  GH_TOKEN: ${{ secrets.GH_TOKEN }}
+jobs:
+  upgrade_provider:
+    if: ${{ (contains(github.event.issue.title, 'Upgrade terraform-provider-')) || github.event_name == 'workflow_dispatch' }}
+    name: upgrade-provider
+    runs-on: ubuntu-latest
+    steps:
+    - name: Call upgrade provider action
+      uses: pulumi/pulumi-upgrade-provider-action@3c670a7cb92732324c8ccc17f7f9ef9dfca126d0 # v0.0.17
+      with:
+        kind: all
+name: Upgrade provider
+
+permissions:
+  contents: write
+
+on:
+  issues:
+    types:
+    - opened
+  workflow_dispatch: {}

.gitignore

@@ -0,0 +1,23 @@
+.idea
+.code
+**/vendor/
+.pulumi
+**/bin/
+**/obj/
+Pulumi.*.yaml
+**/node_modules/
+.DS_Store
+
+**/command-output/
+
+.idea/
+*.iml
+
+yarn.lock
+**/pulumiManifest.go
+
+ci-scripts
+provider/**/schema-embed.json
+**/version.txt
+**/nuget
+**/dist

.golangci.yml

@@ -0,0 +1,24 @@
+linters:
+  enable:
+    - deadcode
+    - errcheck
+    - goconst
+    - gofmt
+    - golint
+    - gosec
+    - govet
+    - ineffassign
+    - interfacer
+    - lll
+    - megacheck
+    - misspell
+    - nakedret
+    - structcheck
+    - unconvert
+    - varcheck
+  enable-all: false
+run:
+  skip-files:
+    - schema.go
+    - pulumiManifest.go
+  timeout: 20m

.goreleaser.yaml

@@ -0,0 +1,74 @@
+version: 2
+archives:
+  - id: archive
+    name_template: '{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}'
+
+before:
+  hooks:
+    - make tfgen
+builds:
+  - binary: pulumi-resource-stackit
+    dir: provider
+    env:
+      - CGO_ENABLED=0
+    goarch:
+      - amd64
+      - arm64
+    goos:
+      - darwin
+      - windows
+      - linux
+    ldflags:
+      # The line below MUST align with the module in current provider/go.mod
+      - -X github.com/stackitcloud/pulumi-stackit/provider/pkg/version.Version={{.Tag }}
+    main: ./cmd/pulumi-resource-stackit/
+
+signs:
+  - cmd: cosign
+    env:
+      - COSIGN_EXPERIMENTAL=1
+    certificate: '${artifact}.pem'
+    args:
+      - sign-blob
+      - '-y'
+      - '--output-certificate=${certificate}'
+      - '--bundle=${signature}'
+      - '${artifact}'
+    artifacts: all
+    output: true
+
+sboms:
+  - artifacts: archive
+  - id: source
+    artifacts: source
+
+source:
+  enabled: true
+
+changelog:
+  sort: asc
+  use: github
+  filters:
+    exclude:
+      - '^test:'
+      - '^chore'
+      - Merge pull request
+      - Merge remote-tracking branch
+      - Merge branch
+      - go mod tidy
+  groups:
+    - title: 'New Features'
+      regexp: "^.*feat[(\\w)]*:+.*$"
+      order: 0
+    - title: 'Bug fixes'
+      regexp: "^.*fix[(\\w)]*:+.*$"
+      order: 10
+    - title: Other work
+      order: 999
+
+release:
+  disable: false
+  prerelease: auto
+
+snapshot:
+  name_template: '{{ .Tag }}-SNAPSHOT'