Updated modules

2026-01-29 12:57:55 +00:00
5 changed files with 10 additions and 47 deletions
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -31,11 +31,10 @@ jobs:
        contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.issue.author_association))
    runs-on: ubuntu-latest
    permissions:
-      contents: write
+      contents: read
      pull-requests: write
      issues: write
      id-token: write
-      actions: read
    steps:
      - env:
          ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
@@ -48,13 +47,7 @@ jobs:
        uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
-          fetch-depth: 0
-      - name: Checkout PR head (if applicable)
-        if: ${{ github.event.pull_request.number || (github.event.issue.pull_request && github.event.issue.number) }}
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
-        run: gh pr checkout "$PR_NUMBER"
+          fetch-depth: 1
      - name: Setup mise
        uses: blampe/mise-action@blampe/plugins
        env:
@@ -90,7 +83,7 @@ jobs:
            Only post GitHub comments - don't submit review text as messages.
          # Taken from https://github.com/anthropics/claude-code/blob/main/plugins/code-review/commands/code-review.md
          claude_args: |
-            --allowedTools "Skill,Bash(gh issue view *),Bash(gh search *),Bash(gh issue list *),Bash(gh pr comment *),Bash(gh pr diff *),Bash(gh pr view *),Bash(gh pr list *),mcp__github_inline_comment__create_inline_comment"
+            --allowedTools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*),mcp__github_inline_comment__create_inline_comment"
      - name: Run Claude Code
        # Comment must contain '@claude', but not '@claude review'
        if: |
@@ -100,36 +93,6 @@ jobs:
        uses: anthropics/claude-code-action@8341a564b0c1693e9fa29c681852ee3714980098 # v1
        with:
          anthropic_api_key: ${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY }}
-          # This allows claude to read github action logs
-          additional_permissions: |
-            actions: read
-          # Sandbox settings: --allowedTools controls which tools Claude can invoke,
-          # but the sandbox also enforces OS-level filesystem restrictions. Edit()
-          # rules in permissions.allow control all bash filesystem writes (mkdir,
-          # output redirection, etc.), not just the Edit tool. Without these, commands
-          # like `mkdir .pulumi` or `cmd > file.txt` would be blocked by the sandbox.
-          settings: |
-            {
-              "permissions": {
-                "allow": ["Edit(./**)", "Edit(/tmp/**)"]
-              }
-            }
          claude_args: |
-            --max-turns 50
-            --allowedTools "Skill,Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash(upgrade-provider *),Bash(./scripts/upstream.sh *),Bash(git *),Bash(GIT_EDITOR=* git *),Bash(make *),Bash(gh *),Bash(mkdir *),Bash(go install *),Bash(ls *),Bash(test *),Bash(cat *),Bash(pwd),Bash(head *),Bash(tail *),Bash(tee *),Bash(rg *),Bash(grep *),Bash(sed *),Bash(awk *),Bash(find *)"
-        # If the claude action fails you don't get any logs on what claude was doing
-        # Uploading the artifact allows you to download the artifact from the UI
-      - name: Upload Claude review output on failure
-        if: failure() && steps.claude-review.outputs.execution_file
-        uses: actions/upload-artifact@v4
-        with:
-          name: claude-review-execution-log
-          path: ${{ steps.claude-review.outputs.execution_file }}
-          retention-days: 7
-      - name: Upload Claude output on failure
-        if: failure() && steps.claude-action.outputs.execution_file
-        uses: actions/upload-artifact@v4
-        with:
-          name: claude-execution-log
-          path: ${{ steps.claude-action.outputs.execution_file }}
-          retention-days: 7
+            # --max-turns 10 # this is the default
+            --allowedTools "Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash(upgrade-provider:*),Bash(./scripts/upstream.sh:*),Bash(git:*),Bash(GIT_EDITOR=*),Bash(make:*),Bash(gh:*),Bash(mkdir:*),Bash(cd:*),Bash(go install:*)"
--- a/.github/workflows/comment-on-stale-issues.yml
+++ b/.github/workflows/comment-on-stale-issues.yml
@@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    name: Stale issue job
    steps:
-    - uses: pose/stale-issue-cleanup@d2922f61fc5669f4154408689f9bb2a981996112
+    - uses: pose/stale-issue-cleanup@40050776bcfdf0e518aa89e2871e3f1e0b7b4209
      with:
        issue-types: issues # only look at issues (ignore pull-requests)

--- a/.pulumi.version
+++ b/.pulumi.version
@@ -1 +1 @@
-3.218.0
+3.217.1
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/moby/patternmatcher v0.6.0
 	github.com/muesli/reflow v0.3.0
 	github.com/otiai10/copy v1.14.0
-	github.com/pulumi/providertest v0.6.0
+	github.com/pulumi/providertest v0.5.1-0.20251217173405-3861778549dd
 	github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef
 	github.com/pulumi/pulumi-go-provider v1.1.2
 	github.com/pulumi/pulumi-java/pkg v1.16.0
--- a/go.sum
+++ b/go.sum
@@ -892,8 +892,8 @@ github.com/pulumi/esc v0.20.0 h1:LZn4sjAsI76x10ZuZXXyh2ExGcP7AHmjOzCi/p3/fpQ=
 github.com/pulumi/esc v0.20.0/go.mod h1:h1VjdedI0K84MhMzaR9ZKbEpU6SfZMOZF4ZrVgQyNLY=
 github.com/pulumi/inflector v0.2.1 h1:bqyiish3tq//vLeLiEstSFE5K7RNjy/ce47ed4QATu8=
 github.com/pulumi/inflector v0.2.1/go.mod h1:HUFCjcPTz96YtTuUlwG3i3EZG4WlniBvR9bd+iJxCUY=
-github.com/pulumi/providertest v0.6.0 h1:ZnefsbhkPE+BpKienHgb38P/6SEtXjjOXGGdMEUIOgk=
-github.com/pulumi/providertest v0.6.0/go.mod h1:OBpIGSQrw1FW9VNaHBtKCRxEoTISvx8JsxECmRqRgRQ=
+github.com/pulumi/providertest v0.5.1-0.20251217173405-3861778549dd h1:rhn4v3qxovNULvz04qrO5HXVvFuRrYvP6CrjgxdaBWM=
+github.com/pulumi/providertest v0.5.1-0.20251217173405-3861778549dd/go.mod h1:OBpIGSQrw1FW9VNaHBtKCRxEoTISvx8JsxECmRqRgRQ=
 github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef h1:cxRa9R9To6OYKacIG2Em6zcM7BDNr6joC43uiV1lSVY=
 github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef/go.mod h1:VLcnE1lj92EfRi7CRMzdPkQ9OQvrlg2upJM1lBZzNmg=
 github.com/pulumi/pulumi-go-provider v1.1.2 h1:NUQDXaftBDFTPMBPwxo8FhJUX0ymkv6a1XiXTnCDpvg=
@@ -1 +1 @@
 .218.0
 .217.1