From 91fdae679d309758611436cb71c68749875bb7dd Mon Sep 17 00:00:00 2001
From: Pulumi Bot <30351955+pulumi-bot@users.noreply.github.com>
Date: Fri, 15 Aug 2025 09:45:42 -0700
Subject: [PATCH] Update GitHub Actions workflows. (#575)

This PR was automatically generated by the
update-workflows-single-bridged-provider workflow in the pulumi/ci-mgmt
repo, from commit 4ac37ece8be37ce71d07d3e42b89c7c306173b9b.
---
 .github/workflows/export-repo-secrets.yml  | 25 ++++++++++++++++++++++
 .github/workflows/weekly-pulumi-update.yml | 10 +++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 .github/workflows/export-repo-secrets.yml

diff --git a/.github/workflows/export-repo-secrets.yml b/.github/workflows/export-repo-secrets.yml
new file mode 100644
index 0000000..e5df48d
--- /dev/null
+++ b/.github/workflows/export-repo-secrets.yml
@@ -0,0 +1,25 @@
+permissions: write-all # Equivalent to default permissions plus id-token: write
+name: Export secrets to ESC
+on: [workflow_dispatch]
+jobs:
+  export-to-esc:
+    runs-on: ubuntu-latest
+    name: export GitHub secrets to ESC
+    steps:
+      - name: Generate a GitHub token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: 1256780 # Export Secrets GitHub App
+          private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
+      - name: Export secrets to ESC
+        uses: pulumi/esc-export-secrets-action@v1
+        with:
+          organization: pulumi
+          org-environment: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
+          exclude-secrets: EXPORT_SECRETS_PRIVATE_KEY
+          github-token: ${{ steps.generate-token.outputs.token }}
+          oidc-auth: true
+          oidc-requested-token-type: urn:pulumi:token-type:access_token:organization
+        env:
+          GITHUB_SECRETS: ${{ toJSON(secrets) }}
diff --git a/.github/workflows/weekly-pulumi-update.yml b/.github/workflows/weekly-pulumi-update.yml
index a7d5f88..85206fb 100644
--- a/.github/workflows/weekly-pulumi-update.yml
+++ b/.github/workflows/weekly-pulumi-update.yml
@@ -64,6 +64,16 @@ jobs:
       uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
       with:
         python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      with:
+        gradle-version: "7.6"
     - name: Update Pulumi/Pulumi
       id: gomod
       run: >-