diff --git a/.ci-mgmt.yaml b/.ci-mgmt.yaml index e5f09a5..e90640b 100644 --- a/.ci-mgmt.yaml +++ b/.ci-mgmt.yaml @@ -7,6 +7,8 @@ aws: true gcp: true sdkModuleDir: sdk/go/dockerbuild parallel: 3 +esc: + enabled: true envOverride: AWS_REGION: us-west-2 PULUMI_API: "https://api.pulumi-staging.io" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c109cf4..d30d954 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,17 +25,10 @@ env: DOTNETVERSION: "8.0.x" JAVAVERSION: "11" ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_REGION: us-west-2 - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_UPLOAD_ROLE_ARN: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} AZURE_LOCATION: westus - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci @@ -43,18 +36,7 @@ env: GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a - JAVA_SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} - JAVA_SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} - JAVA_SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} - OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_API: https://api.pulumi-staging.io - PULUMI_BOT_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }} - RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} - RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} jobs: prerequisites: @@ -197,6 +179,9 @@ jobs: - name: Test Provider Library run: make test_provider env: + ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }} + DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }} + DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload coverage reports to Codecov uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0 diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index 5c563c4..73b7b39 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -2,16 +2,10 @@ env: ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 - AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} - AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 AZURE_LOCATION: westus - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci @@ -20,11 +14,6 @@ env: GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a PULUMI_API: https://api.pulumi-staging.io - PULUMI_BOT_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} - RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} - S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} jobs: command-dispatch-for-testing: @@ -35,9 +24,14 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - - id: esc-secrets - name: Map environment to ESC outputs - uses: ./.github/actions/esc-action + - env: + ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} + ESC_ACTION_OIDC_AUTH: "true" + ESC_ACTION_OIDC_ORGANIZATION: pulumi + ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization + id: esc-secrets + name: Fetch secrets from ESC + uses: pulumi/esc-action@v1 - uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4 with: commands: | diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml index 144cb89..ebeb263 100644 --- a/.github/workflows/community-moderation.yml +++ b/.github/workflows/community-moderation.yml @@ -9,9 +9,14 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - - id: esc-secrets - name: Map environment to ESC outputs - uses: ./.github/actions/esc-action + - env: + ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} + ESC_ACTION_OIDC_AUTH: "true" + ESC_ACTION_OIDC_ORGANIZATION: pulumi + ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization + id: esc-secrets + name: Fetch secrets from ESC + uses: pulumi/esc-action@v1 - id: schema_changed name: Check for diff in schema uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 4036805..49819db 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -16,17 +16,10 @@ env: DOTNETVERSION: "8.0.x" JAVAVERSION: "11" ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_REGION: us-west-2 - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_UPLOAD_ROLE_ARN: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} AZURE_LOCATION: westus - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci @@ -34,18 +27,7 @@ env: GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a - JAVA_SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} - JAVA_SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} - JAVA_SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} - OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_API: https://api.pulumi-staging.io - PULUMI_BOT_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }} - RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} - RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} IS_PRERELEASE: true jobs: @@ -189,6 +171,9 @@ jobs: - name: Test Provider Library run: make test_provider env: + ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }} + DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }} + DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload coverage reports to Codecov uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0 @@ -675,9 +660,14 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true - - id: esc-secrets - name: Map environment to ESC outputs - uses: ./.github/actions/esc-action + - env: + ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} + ESC_ACTION_OIDC_AUTH: "true" + ESC_ACTION_OIDC_ORGANIZATION: pulumi + ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization + id: esc-secrets + name: Fetch secrets from ESC + uses: pulumi/esc-action@v1 - id: version name: Set Provider Version uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 1575216..06697de 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -15,16 +15,10 @@ env: DOTNETVERSION: "8.0.x" JAVAVERSION: "11" ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 - AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} - AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 AZURE_LOCATION: westus - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci @@ -33,11 +27,6 @@ env: GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a PULUMI_API: https://api.pulumi-staging.io - PULUMI_BOT_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} - RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} - S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} jobs: comment-on-pr: @@ -48,9 +37,14 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true - - id: esc-secrets - name: Map environment to ESC outputs - uses: ./.github/actions/esc-action + - env: + ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} + ESC_ACTION_OIDC_AUTH: "true" + ESC_ACTION_OIDC_ORGANIZATION: pulumi + ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization + id: esc-secrets + name: Fetch secrets from ESC + uses: pulumi/esc-action@v1 - name: Comment PR uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index eb7e510..839c80f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,17 +17,10 @@ env: DOTNETVERSION: "8.0.x" JAVAVERSION: "11" ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_REGION: us-west-2 - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_UPLOAD_ROLE_ARN: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} AZURE_LOCATION: westus - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci @@ -35,18 +28,7 @@ env: GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a - JAVA_SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} - JAVA_SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} - JAVA_SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} - OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} PULUMI_API: https://api.pulumi-staging.io - PULUMI_BOT_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }} - RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} - RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} jobs: prerequisites: @@ -189,6 +171,9 @@ jobs: - name: Test Provider Library run: make test_provider env: + ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }} + DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }} + DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload coverage reports to Codecov uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0 @@ -675,9 +660,14 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true - - id: esc-secrets - name: Map environment to ESC outputs - uses: ./.github/actions/esc-action + - env: + ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} + ESC_ACTION_OIDC_AUTH: "true" + ESC_ACTION_OIDC_ORGANIZATION: pulumi + ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization + id: esc-secrets + name: Fetch secrets from ESC + uses: pulumi/esc-action@v1 - id: version name: Set Provider Version uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 diff --git a/.github/workflows/release_command.yml b/.github/workflows/release_command.yml index aab7724..ee73ed7 100644 --- a/.github/workflows/release_command.yml +++ b/.github/workflows/release_command.yml @@ -14,9 +14,14 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - - id: esc-secrets - name: Map environment to ESC outputs - uses: ./.github/actions/esc-action + - env: + ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} + ESC_ACTION_OIDC_AUTH: "true" + ESC_ACTION_OIDC_ORGANIZATION: pulumi + ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization + id: esc-secrets + name: Fetch secrets from ESC + uses: pulumi/esc-action@v1 - name: Should release PR uses: pulumi/action-release-by-pr-label@main with: diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 6ad7c24..864ee07 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -20,16 +20,10 @@ env: DOTNETVERSION: "8.0.x" JAVAVERSION: "11" ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 - AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} - AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 AZURE_LOCATION: westus - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci @@ -38,11 +32,6 @@ env: GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a PULUMI_API: https://api.pulumi-staging.io - PULUMI_BOT_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} - RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} - S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} jobs: comment-notification: @@ -213,6 +202,9 @@ jobs: - name: Test Provider Library run: make test_provider env: + ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }} + DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }} + DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload coverage reports to Codecov uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0 diff --git a/.github/workflows/weekly-pulumi-update.yml b/.github/workflows/weekly-pulumi-update.yml index b37976b..d3a2caf 100644 --- a/.github/workflows/weekly-pulumi-update.yml +++ b/.github/workflows/weekly-pulumi-update.yml @@ -17,16 +17,10 @@ env: DOTNETVERSION: "8.0.x" JAVAVERSION: "11" ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 - AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} - AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY: ${{ secrets.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} AWS_REGION: us-west-2 AZURE_LOCATION: westus - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci @@ -35,11 +29,6 @@ env: GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a PULUMI_API: https://api.pulumi-staging.io - PULUMI_BOT_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} - RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} - S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} jobs: weekly-pulumi-update: