diff --git a/.config/mise.toml b/.config/mise.toml index f93067e..f7dcbda 100644 --- a/.config/mise.toml +++ b/.config/mise.toml @@ -3,11 +3,12 @@ [env] _.source = "{{config_root}}/scripts/get-versions.sh" +PULUMI_HOME = "{{config_root}}/.pulumi" [tools] # Runtimes -# TODO: we may not need `get_env` once https://github.com/jdx/mise/discussions/6339 is fixed +# TODO: we may not need 'get_env' once https://github.com/jdx/mise/discussions/6339 is fixed go = "{{ get_env(name='GO_VERSION_MISE', default='latest') }}" node = '20.19.5' python = '3.11.8' @@ -17,12 +18,12 @@ java = 'corretto-11' # Executable tools pulumi = "{{ get_env(name='PULUMI_VERSION_MISE', default='latest') }}" -"github:pulumi/pulumictl" = 'latest' -"github:pulumi/schema-tools" = "latest" -gradle = '7.6' +"github:pulumi/pulumictl" = '0.0.50' +"github:pulumi/schema-tools" = "0.6.0" +"aqua:gradle/gradle-distributions" = '7.6.6' golangci-lint = "1.64.8" # See note about about overrides if you need to customize this. "npm:yarn" = "1.22.22" [settings] experimental = true # Required for Go binaries (e.g. pulumictl). -lockfile = true +lockfile = false diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index ea48463..7f375e3 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -14,14 +14,16 @@ runs: using: "composite" steps: - name: Setup mise - uses: jdx/mise-action@d16887ba50704baed7de72bd1e82e04391e4457a # v3 + uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3 + env: + MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: version: 2025.11.6 cache_save: ${{ inputs.cache }} github_token: ${{ inputs.github_token }} - name: Setup Go Cache - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: cache: ${{ inputs.cache }} cache-dependency-path: | diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 794a1a7..e434fbb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -47,7 +47,7 @@ jobs: pull-requests: write # For schema check comment. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -61,7 +61,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -218,7 +218,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -232,7 +232,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -335,7 +335,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -380,7 +380,7 @@ jobs: id-token: write # For ESC secrets and Pulumi access token OIDC. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -394,7 +394,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -430,7 +430,7 @@ jobs: requested-token-type: urn:pulumi:token-type:access_token:organization export-environment-variables: false - name: Export AWS Credentials - uses: pulumi/esc-action@6cf9520e68354d86f81c455e8d43eabd58f5c9f5 # v1.5.0 + uses: pulumi/esc-action@efb0bc8946938f0dfbfa00e829196ec95f0d0ea7 # v1.4.0 env: PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }} with: @@ -477,7 +477,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -491,7 +491,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -510,7 +510,7 @@ jobs: swap-storage: true large-packages: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -550,7 +550,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -564,13 +564,13 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Checkout Scripts Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: path: ci-scripts repository: pulumi/scripts @@ -631,7 +631,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true persist-credentials: false diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index aafa0eb..d67c645 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -24,7 +24,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - env: @@ -36,7 +36,7 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4 + - uses: peter-evans/slash-command-dispatch@e1b4e266bc781656359bb7e462e228daf68c04f6 # v5 with: commands: | run-acceptance-tests diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml index 6532d5b..a9cc2f7 100644 --- a/.github/workflows/community-moderation.yml +++ b/.github/workflows/community-moderation.yml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - id: schema_changed diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 8c91e22..fe9b302 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -36,7 +36,7 @@ jobs: name: prerequisites steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -50,7 +50,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -207,7 +207,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -221,7 +221,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -333,7 +333,7 @@ jobs: id-token: write # For ESC secrets and Pulumi access token OIDC. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -347,7 +347,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -383,7 +383,7 @@ jobs: requested-token-type: urn:pulumi:token-type:access_token:organization export-environment-variables: false - name: Export AWS Credentials - uses: pulumi/esc-action@6cf9520e68354d86f81c455e8d43eabd58f5c9f5 # v1.5.0 + uses: pulumi/esc-action@efb0bc8946938f0dfbfa00e829196ec95f0d0ea7 # v1.4.0 env: PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }} with: @@ -430,7 +430,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -444,7 +444,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -463,7 +463,7 @@ jobs: swap-storage: true large-packages: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -503,7 +503,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -517,13 +517,13 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Checkout Scripts Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: path: ci-scripts repository: pulumi/scripts @@ -585,7 +585,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -599,7 +599,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -635,12 +635,12 @@ jobs: needs: publish_sdk steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index d481da3..f803db7 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -10,7 +10,7 @@ jobs: name: comment-on-pr steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - name: Comment PR diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 661764c..588218e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,7 +39,7 @@ jobs: pull-requests: write # For schema check comment. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -53,7 +53,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -62,7 +62,7 @@ jobs: uses: ./.github/actions/setup-tools with: cache: 'true' - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - if: github.event_name == 'pull_request' name: Install Schema Tools uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 @@ -210,7 +210,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -224,7 +224,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -232,7 +232,7 @@ jobs: - name: Setup Tools uses: ./.github/actions/setup-tools with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download Provider Binary uses: ./.github/actions/download-provider - name: Generate SDK @@ -336,7 +336,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -350,7 +350,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -358,7 +358,7 @@ jobs: - name: Setup Tools uses: ./.github/actions/setup-tools with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download Provider Binary uses: ./.github/actions/download-provider - name: Download SDK @@ -386,7 +386,7 @@ jobs: requested-token-type: urn:pulumi:token-type:access_token:organization export-environment-variables: false - name: Export AWS Credentials - uses: pulumi/esc-action@6cf9520e68354d86f81c455e8d43eabd58f5c9f5 # v1.5.0 + uses: pulumi/esc-action@efb0bc8946938f0dfbfa00e829196ec95f0d0ea7 # v1.4.0 env: PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }} with: @@ -433,7 +433,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -447,7 +447,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -455,7 +455,7 @@ jobs: - name: Setup Tools uses: ./.github/actions/setup-tools with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Clear GitHub Actions Ubuntu runner disk space uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: @@ -466,7 +466,7 @@ jobs: swap-storage: true large-packages: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -506,7 +506,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -520,13 +520,13 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Checkout Scripts Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: path: ci-scripts repository: pulumi/scripts @@ -534,7 +534,7 @@ jobs: - name: Setup Tools uses: ./.github/actions/setup-tools with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download python SDK uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -588,7 +588,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: @@ -602,7 +602,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -610,7 +610,7 @@ jobs: - name: Setup Tools uses: ./.github/actions/setup-tools with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download java SDK uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -638,12 +638,12 @@ jobs: needs: publish_sdk steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -674,7 +674,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: diff --git a/.github/workflows/release_command.yml b/.github/workflows/release_command.yml index 4e2450d..8fa7d1f 100644 --- a/.github/workflows/release_command.yml +++ b/.github/workflows/release_command.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - env: diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 7810df6..bf439a5 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -40,7 +40,7 @@ jobs: name: comment-notification steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true persist-credentials: false @@ -65,7 +65,7 @@ jobs: pull-requests: write # For schema check comment. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true persist-credentials: false @@ -81,7 +81,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -90,7 +90,7 @@ jobs: uses: ./.github/actions/setup-tools with: cache: 'true' - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - if: github.event_name == 'pull_request' name: Install Schema Tools uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 @@ -240,7 +240,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true persist-credentials: false @@ -256,7 +256,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -264,7 +264,7 @@ jobs: - name: Setup Tools uses: ./.github/actions/setup-tools with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download provider uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -379,7 +379,7 @@ jobs: id-token: write steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true persist-credentials: false @@ -395,7 +395,7 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: @@ -403,7 +403,7 @@ jobs: - name: Setup Tools uses: ./.github/actions/setup-tools with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download provider uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -445,7 +445,7 @@ jobs: requested-token-type: urn:pulumi:token-type:access_token:organization export-environment-variables: false - name: Export AWS Credentials - uses: pulumi/esc-action@6cf9520e68354d86f81c455e8d43eabd58f5c9f5 # v1.5.0 + uses: pulumi/esc-action@efb0bc8946938f0dfbfa00e829196ec95f0d0ea7 # v1.4.0 env: PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }} with: @@ -490,7 +490,7 @@ jobs: name: sentinel steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true persist-credentials: false @@ -525,7 +525,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true persist-credentials: false diff --git a/.github/workflows/weekly-pulumi-update.yml b/.github/workflows/weekly-pulumi-update.yml index 3de934d..5cdd8be 100644 --- a/.github/workflows/weekly-pulumi-update.yml +++ b/.github/workflows/weekly-pulumi-update.yml @@ -36,7 +36,7 @@ jobs: permissions: write-all steps: - name: Checkout Repo - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: lfs: true - env: