[internal] Update GitHub Actions workflow files

2025-12-04 05:34:35 +00:00
12 changed files with 61 additions and 58 deletions
--- a/.config/mise.toml
+++ b/.config/mise.toml
@@ -3,11 +3,12 @@
 [env]
 _.source = "{{config_root}}/scripts/get-versions.sh"
 PULUMI_HOME = "{{config_root}}/.pulumi"
 [tools]
 # Runtimes
-# TODO: we may not need `get_env` once https://github.com/jdx/mise/discussions/6339 is fixed
+# TODO: we may not need 'get_env' once https://github.com/jdx/mise/discussions/6339 is fixed
 go = "{{ get_env(name='GO_VERSION_MISE', default='latest') }}"
 node = '20.19.5'
 python = '3.11.8'
@@ -17,12 +18,12 @@ java = 'corretto-11'
 # Executable tools
 pulumi = "{{ get_env(name='PULUMI_VERSION_MISE', default='latest') }}"
-"github:pulumi/pulumictl" = 'latest'
+"github:pulumi/pulumictl" = '0.0.50'
-"github:pulumi/schema-tools" = "latest"
+"github:pulumi/schema-tools" = "0.6.0"
-gradle = '7.6'
+"aqua:gradle/gradle-distributions" = '7.6.6'
 golangci-lint = "1.64.8" # See note about about overrides if you need to customize this.
 "npm:yarn" = "1.22.22"
 [settings]
 experimental = true # Required for Go binaries (e.g. pulumictl).
-lockfile = true
+lockfile = false
--- a/.github/actions/setup-tools/action.yml
+++ b/.github/actions/setup-tools/action.yml
@@ -14,14 +14,16 @@ runs:
  using: "composite"
  steps:
    - name: Setup mise
-      uses: jdx/mise-action@d16887ba50704baed7de72bd1e82e04391e4457a # v3
+      uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3
      env:
        MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s
      with:
        version: 2025.11.6
        cache_save: ${{ inputs.cache }}
        github_token: ${{ inputs.github_token }}
    - name: Setup Go Cache
-      uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+      uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
      with:
        cache: ${{ inputs.cache }}
        cache-dependency-path: |
@@ -32,7 +34,7 @@ runs:
          *.sum
    - name: Setup Node
-      uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
      with:
        # we don't set node-version because we install with mise.
        # this step is needed to setup npm auth
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -47,7 +47,7 @@ jobs:
      pull-requests: write # For schema check comment.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -218,7 +218,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -335,7 +335,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -380,7 +380,7 @@ jobs:
      id-token: write # For ESC secrets and Pulumi access token OIDC.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -477,7 +477,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -510,7 +510,7 @@ jobs:
        swap-storage: true
        large-packages: false
    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
+      uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
      with:
        aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
        aws-region: us-east-2
@@ -550,7 +550,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -570,7 +570,7 @@ jobs:
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    - name: Checkout Scripts Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        path: ci-scripts
        repository: pulumi/scripts
@@ -631,7 +631,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true
        persist-credentials: false
--- a/.github/workflows/command-dispatch.yml
+++ b/.github/workflows/command-dispatch.yml
@@ -24,7 +24,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        persist-credentials: false    
    - env:
@@ -36,7 +36,7 @@ jobs:
      id: esc-secrets
      name: Fetch secrets from ESC
      uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
-    - uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4
+    - uses: peter-evans/slash-command-dispatch@e1b4e266bc781656359bb7e462e228daf68c04f6 # v5
      with:
        commands: |
          run-acceptance-tests
--- a/.github/workflows/community-moderation.yml
+++ b/.github/workflows/community-moderation.yml
@@ -6,7 +6,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        persist-credentials: false
    - id: schema_changed
--- a/.github/workflows/export-repo-secrets.yml
+++ b/.github/workflows/export-repo-secrets.yml
@@ -8,7 +8,7 @@ jobs:
    steps:
      - name: Generate a GitHub token
        id: generate-token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2
        with:
          app-id: 1256780 # Export Secrets GitHub App
          private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
--- a/.github/workflows/prerelease.yml
+++ b/.github/workflows/prerelease.yml
@@ -36,7 +36,7 @@ jobs:
    name: prerequisites
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -207,7 +207,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -333,7 +333,7 @@ jobs:
      id-token: write # For ESC secrets and Pulumi access token OIDC.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -430,7 +430,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -463,7 +463,7 @@ jobs:
        swap-storage: true
        large-packages: false
    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
+      uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
      with:
        aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
        aws-region: us-east-2
@@ -503,7 +503,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -523,7 +523,7 @@ jobs:
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    - name: Checkout Scripts Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        path: ci-scripts
        repository: pulumi/scripts
@@ -585,7 +585,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -635,7 +635,7 @@ jobs:
    needs: publish_sdk
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true
    - id: version
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -10,7 +10,7 @@ jobs:
    name: comment-on-pr
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true
    - name: Comment PR
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -39,7 +39,7 @@ jobs:
      pull-requests: write # For schema check comment.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -62,7 +62,7 @@ jobs:
      uses: ./.github/actions/setup-tools
      with:
        cache: 'true'
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
    - if: github.event_name == 'pull_request'
      name: Install Schema Tools
      uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -210,7 +210,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -232,7 +232,7 @@ jobs:
    - name: Setup Tools
      uses: ./.github/actions/setup-tools
      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
    - name: Download Provider Binary
      uses: ./.github/actions/download-provider
    - name: Generate SDK
@@ -336,7 +336,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -358,7 +358,7 @@ jobs:
    - name: Setup Tools
      uses: ./.github/actions/setup-tools
      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
    - name: Download Provider Binary
      uses: ./.github/actions/download-provider
    - name: Download SDK
@@ -433,7 +433,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -455,7 +455,7 @@ jobs:
    - name: Setup Tools
      uses: ./.github/actions/setup-tools
      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
    - name: Clear GitHub Actions Ubuntu runner disk space
      uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
      with:
@@ -466,7 +466,7 @@ jobs:
        swap-storage: true
        large-packages: false
    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
+      uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
      with:
        aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
        aws-region: us-east-2
@@ -506,7 +506,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -526,7 +526,7 @@ jobs:
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    - name: Checkout Scripts Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        path: ci-scripts
        repository: pulumi/scripts
@@ -534,7 +534,7 @@ jobs:
    - name: Setup Tools
      uses: ./.github/actions/setup-tools
      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
    - name: Download python SDK
      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
      with:
@@ -588,7 +588,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
@@ -610,7 +610,7 @@ jobs:
    - name: Setup Tools
      uses: ./.github/actions/setup-tools
      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
    - name: Download java SDK
      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
      with:
@@ -638,7 +638,7 @@ jobs:
    needs: publish_sdk
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true
    - id: version
@@ -674,7 +674,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env:
--- a/.github/workflows/release_command.yml
+++ b/.github/workflows/release_command.yml
@@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        persist-credentials: false    
    - env:
--- a/.github/workflows/run-acceptance-tests.yml
+++ b/.github/workflows/run-acceptance-tests.yml
@@ -40,7 +40,7 @@ jobs:
    name: comment-notification
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true
        persist-credentials: false
@@ -65,7 +65,7 @@ jobs:
      pull-requests: write # For schema check comment.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true
        persist-credentials: false
@@ -90,7 +90,7 @@ jobs:
      uses: ./.github/actions/setup-tools
      with:
        cache: 'true'
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
    - if: github.event_name == 'pull_request'
      name: Install Schema Tools
      uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -240,7 +240,7 @@ jobs:
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true
        persist-credentials: false
@@ -264,7 +264,7 @@ jobs:
    - name: Setup Tools
      uses: ./.github/actions/setup-tools
      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
    - name: Download provider
      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
      with:
@@ -379,7 +379,7 @@ jobs:
      id-token: write
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true
        persist-credentials: false
@@ -403,7 +403,7 @@ jobs:
    - name: Setup Tools
      uses: ./.github/actions/setup-tools
      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
    - name: Download provider
      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
      with:
@@ -490,7 +490,7 @@ jobs:
    name: sentinel
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true
        persist-credentials: false
@@ -525,7 +525,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true
        persist-credentials: false
--- a/.github/workflows/weekly-pulumi-update.yml
+++ b/.github/workflows/weekly-pulumi-update.yml
@@ -36,7 +36,7 @@ jobs:
    permissions: write-all
    steps:
    - name: Checkout Repo
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      with:
        lfs: true    
    - env: