Confirming ESC fixes (#599)

Validating https://github.com/pulumi/ci-mgmt/pull/1705.
2025-09-10 14:19:45 -07:00
parent a0e387d0a8
commit 0a2dd6e758
7 changed files with 64 additions and 73 deletions
--- a/.github/workflows/run-acceptance-tests.yml
+++ b/.github/workflows/run-acceptance-tests.yml
@@ -35,26 +35,16 @@ env:
  PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
 jobs:
  comment-notification:
+    if: github.event_name == 'repository_dispatch'
    runs-on: ubuntu-latest
    name: comment-notification
-    permissions:
-      contents: write
-      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      with:
        lfs: true
        persist-credentials: false
-        ref: ${{ env.PR_COMMIT_SHA }}    
-    - env:
-        ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
-        ESC_ACTION_OIDC_AUTH: "true"
-        ESC_ACTION_OIDC_ORGANIZATION: pulumi
-        ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
-      id: esc-secrets
-      name: Fetch secrets from ESC
-      uses: pulumi/esc-action@v1
+        ref: ${{ env.PR_COMMIT_SHA }}
    - name: Create URL to the run output
      id: vars
      run: echo
@@ -63,16 +53,14 @@ jobs:
    - name: Update with Result
      uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
      with:
-        token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
+        token: ${{ secrets.GITHUB_TOKEN }}
        repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
        issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
        body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}"
-    if: github.event_name == 'repository_dispatch'
  prerequisites:
    runs-on: ubuntu-latest
    name: prerequisites
    permissions:
-      contents: write
      id-token: write # For ESC secrets.
      pull-requests: write # For schema check comment.
    steps:
@@ -252,7 +240,7 @@ jobs:
        - java
    name: build_sdks
    permissions:
-      contents: write
+      contents: read
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
@@ -288,7 +276,7 @@ jobs:
    - name: Install Pulumi CLI
      uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
    - name: Setup Node
-      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
      with:
        node-version: ${{ env.NODEVERSION }}
        registry-url: https://registry.npmjs.org
@@ -455,7 +443,7 @@ jobs:
    - name: Install Pulumi CLI
      uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
    - name: Setup Node
-      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
      with:
        node-version: ${{ env.NODEVERSION }}
        registry-url: https://registry.npmjs.org