Updated modules

This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 62def83b594d72ccf4eab97cdf5b566ebb910e83.

Co-authored-by: Pulumi Bot <bot@pulumi.com>

.github/workflows/claude.yml

@@ -31,10 +31,11 @@ jobs:
         contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.issue.author_association))
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write
       pull-requests: write
       issues: write
       id-token: write
+      actions: read
     steps:
       - env:
           ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
@@ -47,7 +48,13 @@ jobs:
         uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
-          fetch-depth: 1
+          fetch-depth: 0
+      - name: Checkout PR head (if applicable)
+        if: ${{ github.event.pull_request.number || (github.event.issue.pull_request && github.event.issue.number) }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
+        run: gh pr checkout "$PR_NUMBER"
       - name: Setup mise
         uses: blampe/mise-action@blampe/plugins
         env:
@@ -83,7 +90,7 @@ jobs:
             Only post GitHub comments - don't submit review text as messages.
           # Taken from https://github.com/anthropics/claude-code/blob/main/plugins/code-review/commands/code-review.md
           claude_args: |
-            --allowedTools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*),mcp__github_inline_comment__create_inline_comment"
+            --allowedTools "Skill,Bash(gh issue view *),Bash(gh search *),Bash(gh issue list *),Bash(gh pr comment *),Bash(gh pr diff *),Bash(gh pr view *),Bash(gh pr list *),mcp__github_inline_comment__create_inline_comment"
       - name: Run Claude Code
         # Comment must contain '@claude', but not '@claude review'
         if: |
@@ -93,6 +100,36 @@ jobs:
         uses: anthropics/claude-code-action@8341a564b0c1693e9fa29c681852ee3714980098 # v1
         with:
           anthropic_api_key: ${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY }}
+          # This allows claude to read github action logs
+          additional_permissions: |
+            actions: read
+          # Sandbox settings: --allowedTools controls which tools Claude can invoke,
+          # but the sandbox also enforces OS-level filesystem restrictions. Edit()
+          # rules in permissions.allow control all bash filesystem writes (mkdir,
+          # output redirection, etc.), not just the Edit tool. Without these, commands
+          # like `mkdir .pulumi` or `cmd > file.txt` would be blocked by the sandbox.
+          settings: |
+            {
+              "permissions": {
+                "allow": ["Edit(./**)", "Edit(/tmp/**)"]
+              }
+            }
           claude_args: |
-            # --max-turns 10 # this is the default
+            --max-turns 50
-            --allowedTools "Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash(upgrade-provider:*),Bash(./scripts/upstream.sh:*),Bash(git:*),Bash(GIT_EDITOR=*),Bash(make:*),Bash(gh:*),Bash(mkdir:*),Bash(cd:*),Bash(go install:*)"
+            --allowedTools "Skill,Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash(upgrade-provider *),Bash(./scripts/upstream.sh *),Bash(git *),Bash(GIT_EDITOR=* git *),Bash(make *),Bash(gh *),Bash(mkdir *),Bash(go install *),Bash(ls *),Bash(test *),Bash(cat *),Bash(pwd),Bash(head *),Bash(tail *),Bash(tee *),Bash(rg *),Bash(grep *),Bash(sed *),Bash(awk *),Bash(find *)"
+        # If the claude action fails you don't get any logs on what claude was doing
+        # Uploading the artifact allows you to download the artifact from the UI
+      - name: Upload Claude review output on failure
+        if: failure() && steps.claude-review.outputs.execution_file
+        uses: actions/upload-artifact@v4
+        with:
+          name: claude-review-execution-log
+          path: ${{ steps.claude-review.outputs.execution_file }}
+          retention-days: 7
+      - name: Upload Claude output on failure
+        if: failure() && steps.claude-action.outputs.execution_file
+        uses: actions/upload-artifact@v4
+        with:
+          name: claude-execution-log
+          path: ${{ steps.claude-action.outputs.execution_file }}
+          retention-days: 7

.github/workflows/comment-on-stale-issues.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Stale issue job
     steps:
-    - uses: pose/stale-issue-cleanup@40050776bcfdf0e518aa89e2871e3f1e0b7b4209
+    - uses: pose/stale-issue-cleanup@d2922f61fc5669f4154408689f9bb2a981996112
       with:
         issue-types: issues # only look at issues (ignore pull-requests)
 

.pulumi.version

@@ -1 +1 @@
-3.192.0
+3.218.0

go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/moby/patternmatcher v0.6.0
 	github.com/muesli/reflow v0.3.0
 	github.com/otiai10/copy v1.14.0
-	github.com/pulumi/providertest v0.5.1-0.20251217173405-3861778549dd
+	github.com/pulumi/providertest v0.6.0
 	github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef
 	github.com/pulumi/pulumi-go-provider v1.1.2
 	github.com/pulumi/pulumi-java/pkg v1.16.0

go.sum

@@ -892,10 +892,8 @@ github.com/pulumi/esc v0.20.0 h1:LZn4sjAsI76x10ZuZXXyh2ExGcP7AHmjOzCi/p3/fpQ=
 github.com/pulumi/esc v0.20.0/go.mod h1:h1VjdedI0K84MhMzaR9ZKbEpU6SfZMOZF4ZrVgQyNLY=
 github.com/pulumi/inflector v0.2.1 h1:bqyiish3tq//vLeLiEstSFE5K7RNjy/ce47ed4QATu8=
 github.com/pulumi/inflector v0.2.1/go.mod h1:HUFCjcPTz96YtTuUlwG3i3EZG4WlniBvR9bd+iJxCUY=
-github.com/pulumi/providertest v0.3.1 h1:vlftr7TZlObh81mL88IhhF0/9ZbLrZZos4NAvR4HUUw=
+github.com/pulumi/providertest v0.6.0 h1:ZnefsbhkPE+BpKienHgb38P/6SEtXjjOXGGdMEUIOgk=
-github.com/pulumi/providertest v0.3.1/go.mod h1:fFHUP4/9DRyYnHWiRnwcynMtM/a7hHR/QcJfcuZKO3A=
+github.com/pulumi/providertest v0.6.0/go.mod h1:OBpIGSQrw1FW9VNaHBtKCRxEoTISvx8JsxECmRqRgRQ=
-github.com/pulumi/providertest v0.5.1-0.20251217173405-3861778549dd h1:rhn4v3qxovNULvz04qrO5HXVvFuRrYvP6CrjgxdaBWM=
-github.com/pulumi/providertest v0.5.1-0.20251217173405-3861778549dd/go.mod h1:OBpIGSQrw1FW9VNaHBtKCRxEoTISvx8JsxECmRqRgRQ=
 github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef h1:cxRa9R9To6OYKacIG2Em6zcM7BDNr6joC43uiV1lSVY=
 github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef/go.mod h1:VLcnE1lj92EfRi7CRMzdPkQ9OQvrlg2upJM1lBZzNmg=
 github.com/pulumi/pulumi-go-provider v1.1.2 h1:NUQDXaftBDFTPMBPwxo8FhJUX0ymkv6a1XiXTnCDpvg=