Compare commits
7 Commits
update-pul
...
update-pul
| Author | SHA1 | Date | |
|---|---|---|---|
|
4a861872b3 | ||
|
|
1eddb67073 | ||
|
|
0b52de6543 | ||
|
|
a3072f6aa3 | ||
|
|
afe301cb52 | ||
|
|
b0c5918c7c | ||
|
|
00ec8e3ebe |
@@ -21,7 +21,7 @@ java = 'corretto-11'
|
||||
"github:pulumi/schema-tools" = "0.6.0"
|
||||
"go:github.com/pulumi/upgrade-provider" = "main"
|
||||
"aqua:gradle/gradle-distributions" = '7.6.6'
|
||||
golangci-lint = "1.64.8" # See note about about overrides if you need to customize this.
|
||||
golangci-lint = "2.9.0" # See note about about overrides if you need to customize this.
|
||||
"npm:yarn" = "1.22.22"
|
||||
|
||||
[settings]
|
||||
|
||||
2
.github/actions/download-provider/action.yml
vendored
2
.github/actions/download-provider/action.yml
vendored
@@ -5,7 +5,7 @@ runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Download provider
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin
|
||||
|
||||
2
.github/actions/download-sdk/action.yml
vendored
2
.github/actions/download-sdk/action.yml
vendored
@@ -10,7 +10,7 @@ runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Download SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: ${{ inputs.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace }}/sdk/
|
||||
|
||||
4
.github/actions/setup-tools/action.yml
vendored
4
.github/actions/setup-tools/action.yml
vendored
@@ -14,7 +14,7 @@ runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Setup mise
|
||||
uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310
|
||||
uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329
|
||||
env:
|
||||
MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s
|
||||
with:
|
||||
@@ -34,7 +34,7 @@ runs:
|
||||
*.sum
|
||||
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
|
||||
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
|
||||
with:
|
||||
# we don't set node-version because we install with mise.
|
||||
# this step is needed to setup npm auth
|
||||
|
||||
46
.github/workflows/build.yml
vendored
46
.github/workflows/build.yml
vendored
@@ -43,7 +43,7 @@ jobs:
|
||||
pull-requests: write # For schema check comment.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -55,7 +55,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -75,7 +75,7 @@ jobs:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- if: github.event_name == 'pull_request'
|
||||
name: Install Schema Tools
|
||||
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
|
||||
uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0
|
||||
with:
|
||||
repo: pulumi/schema-tools
|
||||
- name: Build codegen binaries
|
||||
@@ -130,7 +130,7 @@ jobs:
|
||||
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
|
||||
pulumi-gen-${{ env.PROVIDER}}
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin/provider.tar.gz
|
||||
@@ -139,7 +139,7 @@ jobs:
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Upload coverage reports to Codecov
|
||||
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
|
||||
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
|
||||
env:
|
||||
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
@@ -169,7 +169,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -181,7 +181,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -220,7 +220,7 @@ jobs:
|
||||
- name: Tar SDK folder
|
||||
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
||||
with:
|
||||
name: ${{ matrix.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
|
||||
@@ -244,7 +244,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -289,7 +289,7 @@ jobs:
|
||||
id-token: write # For ESC secrets and Pulumi access token OIDC.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -301,7 +301,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -392,7 +392,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -404,7 +404,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -431,7 +431,7 @@ jobs:
|
||||
swap-storage: true
|
||||
large-packages: false
|
||||
- name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
|
||||
uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
|
||||
with:
|
||||
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
|
||||
aws-region: us-east-2
|
||||
@@ -447,8 +447,10 @@ jobs:
|
||||
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
|
||||
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
|
||||
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
|
||||
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
|
||||
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
|
||||
AZURE_SIGNING_ACCOUNT_ENDPOINT: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT }}
|
||||
AZURE_SIGNING_ACCOUNT_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME }}
|
||||
AZURE_SIGNING_CERT_PROFILE_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME }}
|
||||
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME == '' }}
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
with:
|
||||
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
|
||||
@@ -471,7 +473,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -483,7 +485,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -497,7 +499,7 @@ jobs:
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Checkout Scripts Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
path: ci-scripts
|
||||
repository: pulumi/scripts
|
||||
@@ -507,7 +509,7 @@ jobs:
|
||||
with:
|
||||
github_token: ${{ steps.app-auth.outputs.token }}
|
||||
- name: Download python SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: python-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -515,7 +517,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
|
||||
${{github.workspace}}/sdk/python
|
||||
- name: Download dotnet SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: dotnet-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -523,7 +525,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
|
||||
${{github.workspace}}/sdk/dotnet
|
||||
- name: Download nodejs SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: nodejs-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
|
||||
14
.github/workflows/claude.yml
vendored
14
.github/workflows/claude.yml
vendored
@@ -45,8 +45,8 @@ jobs:
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
||||
uses: pulumi/esc-action@9840934db12128a33f6afb60b17d9de8f7ec5519
|
||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Checkout PR head (if applicable)
|
||||
@@ -56,7 +56,7 @@ jobs:
|
||||
PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
|
||||
run: gh pr checkout "$PR_NUMBER"
|
||||
- name: Setup mise
|
||||
uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310
|
||||
uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329
|
||||
env:
|
||||
MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s
|
||||
with:
|
||||
@@ -79,7 +79,7 @@ jobs:
|
||||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude review')) ||
|
||||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude review'))
|
||||
id: claude-review
|
||||
uses: anthropics/claude-code-action@8341a564b0c1693e9fa29c681852ee3714980098 # v1
|
||||
uses: anthropics/claude-code-action@905d4eb99ab3d43143d74fb0dcae537f29ac330a # v1
|
||||
with:
|
||||
anthropic_api_key: ${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY }}
|
||||
prompt: |
|
||||
@@ -101,7 +101,7 @@ jobs:
|
||||
!contains(github.event.comment.body, '@claude review') &&
|
||||
!contains(github.event.review.body, '@claude review')
|
||||
id: claude-action
|
||||
uses: anthropics/claude-code-action@8341a564b0c1693e9fa29c681852ee3714980098 # v1
|
||||
uses: anthropics/claude-code-action@905d4eb99ab3d43143d74fb0dcae537f29ac330a # v1
|
||||
with:
|
||||
anthropic_api_key: ${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY }}
|
||||
# This allows claude to read github action logs
|
||||
@@ -125,14 +125,14 @@ jobs:
|
||||
# Uploading the artifact allows you to download the artifact from the UI
|
||||
- name: Upload Claude review output on failure
|
||||
if: failure() && steps.claude-review.outputs.execution_file
|
||||
uses: actions/upload-artifact@v4
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
|
||||
with:
|
||||
name: claude-review-execution-log
|
||||
path: ${{ steps.claude-review.outputs.execution_file }}
|
||||
retention-days: 7
|
||||
- name: Upload Claude output on failure
|
||||
if: failure() && steps.claude-action.outputs.execution_file
|
||||
uses: actions/upload-artifact@v4
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
|
||||
with:
|
||||
name: claude-execution-log
|
||||
path: ${{ steps.claude-action.outputs.execution_file }}
|
||||
|
||||
2
.github/workflows/command-dispatch.yml
vendored
2
.github/workflows/command-dispatch.yml
vendored
@@ -23,7 +23,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
persist-credentials: false
|
||||
- env:
|
||||
|
||||
6
.github/workflows/community-moderation.yml
vendored
6
.github/workflows/community-moderation.yml
vendored
@@ -6,18 +6,18 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
persist-credentials: false
|
||||
- id: schema_changed
|
||||
name: Check for diff in schema
|
||||
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
|
||||
uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
|
||||
with:
|
||||
filters: "changed: 'provider/cmd/**/schema.json'"
|
||||
- id: sdk_changed
|
||||
if: steps.schema_changed.outputs.changed == 'false'
|
||||
name: Check for diff in sdk/**
|
||||
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
|
||||
uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
|
||||
with:
|
||||
filters: "changed: 'sdk/**'"
|
||||
- if: steps.sdk_changed.outputs.changed == 'true' &&
|
||||
|
||||
2
.github/workflows/export-repo-secrets.yml
vendored
2
.github/workflows/export-repo-secrets.yml
vendored
@@ -8,7 +8,7 @@ jobs:
|
||||
steps:
|
||||
- name: Generate a GitHub token
|
||||
id: generate-token
|
||||
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2
|
||||
uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2
|
||||
with:
|
||||
app-id: 1256780 # Export Secrets GitHub App
|
||||
private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
|
||||
|
||||
6
.github/workflows/lint.yml
vendored
6
.github/workflows/lint.yml
vendored
@@ -30,7 +30,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
persist-credentials: false
|
||||
- env:
|
||||
@@ -42,14 +42,14 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
- name: Setup mise
|
||||
uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310
|
||||
uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329
|
||||
env:
|
||||
MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s
|
||||
with:
|
||||
|
||||
56
.github/workflows/prerelease.yml
vendored
56
.github/workflows/prerelease.yml
vendored
@@ -35,7 +35,7 @@ jobs:
|
||||
pull-requests: write # For schema check comment.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -47,7 +47,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -67,7 +67,7 @@ jobs:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- if: github.event_name == 'pull_request'
|
||||
name: Install Schema Tools
|
||||
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
|
||||
uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0
|
||||
with:
|
||||
repo: pulumi/schema-tools
|
||||
- name: Build codegen binaries
|
||||
@@ -122,7 +122,7 @@ jobs:
|
||||
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
|
||||
pulumi-gen-${{ env.PROVIDER}}
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin/provider.tar.gz
|
||||
@@ -131,7 +131,7 @@ jobs:
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Upload coverage reports to Codecov
|
||||
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
|
||||
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
|
||||
env:
|
||||
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
@@ -161,7 +161,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -173,7 +173,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -212,7 +212,7 @@ jobs:
|
||||
- name: Tar SDK folder
|
||||
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
||||
with:
|
||||
name: ${{ matrix.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
|
||||
@@ -245,7 +245,7 @@ jobs:
|
||||
id-token: write # For ESC secrets and Pulumi access token OIDC.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -257,7 +257,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -348,7 +348,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -360,7 +360,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -387,7 +387,7 @@ jobs:
|
||||
swap-storage: true
|
||||
large-packages: false
|
||||
- name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
|
||||
uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
|
||||
with:
|
||||
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
|
||||
aws-region: us-east-2
|
||||
@@ -403,8 +403,10 @@ jobs:
|
||||
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
|
||||
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
|
||||
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
|
||||
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
|
||||
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
|
||||
AZURE_SIGNING_ACCOUNT_ENDPOINT: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT }}
|
||||
AZURE_SIGNING_ACCOUNT_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME }}
|
||||
AZURE_SIGNING_CERT_PROFILE_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME }}
|
||||
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME == '' }}
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
with:
|
||||
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
|
||||
@@ -427,7 +429,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -439,7 +441,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -453,7 +455,7 @@ jobs:
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Checkout Scripts Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
path: ci-scripts
|
||||
repository: pulumi/scripts
|
||||
@@ -463,7 +465,7 @@ jobs:
|
||||
with:
|
||||
github_token: ${{ steps.app-auth.outputs.token }}
|
||||
- name: Download python SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: python-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -471,7 +473,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
|
||||
${{github.workspace}}/sdk/python
|
||||
- name: Download dotnet SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: dotnet-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -479,7 +481,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
|
||||
${{github.workspace}}/sdk/dotnet
|
||||
- name: Download nodejs SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: nodejs-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -515,7 +517,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -527,7 +529,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -545,7 +547,7 @@ jobs:
|
||||
with:
|
||||
github_token: ${{ steps.app-auth.outputs.token }}
|
||||
- name: Download java SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: java-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -553,7 +555,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
|
||||
${{github.workspace}}/sdk/java
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
|
||||
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Publish Java SDK
|
||||
@@ -571,7 +573,7 @@ jobs:
|
||||
needs: publish_sdk
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- id: version
|
||||
@@ -582,7 +584,7 @@ jobs:
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Download go SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: go-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
|
||||
2
.github/workflows/pull-request.yml
vendored
2
.github/workflows/pull-request.yml
vendored
@@ -10,7 +10,7 @@ jobs:
|
||||
name: comment-on-pr
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- name: Comment PR
|
||||
|
||||
62
.github/workflows/release.yml
vendored
62
.github/workflows/release.yml
vendored
@@ -35,7 +35,7 @@ jobs:
|
||||
pull-requests: write # For schema check comment.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -47,7 +47,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -67,7 +67,7 @@ jobs:
|
||||
github_token: ${{ steps.app-auth.outputs.token }}
|
||||
- if: github.event_name == 'pull_request'
|
||||
name: Install Schema Tools
|
||||
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
|
||||
uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0
|
||||
with:
|
||||
repo: pulumi/schema-tools
|
||||
- name: Build codegen binaries
|
||||
@@ -122,7 +122,7 @@ jobs:
|
||||
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
|
||||
pulumi-gen-${{ env.PROVIDER}}
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin/provider.tar.gz
|
||||
@@ -131,7 +131,7 @@ jobs:
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Upload coverage reports to Codecov
|
||||
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
|
||||
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
|
||||
env:
|
||||
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
@@ -161,7 +161,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -173,7 +173,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -212,7 +212,7 @@ jobs:
|
||||
- name: Tar SDK folder
|
||||
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
||||
with:
|
||||
name: ${{ matrix.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
|
||||
@@ -245,7 +245,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -257,7 +257,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -348,7 +348,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -360,7 +360,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -387,7 +387,7 @@ jobs:
|
||||
swap-storage: true
|
||||
large-packages: false
|
||||
- name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
|
||||
uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
|
||||
with:
|
||||
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
|
||||
aws-region: us-east-2
|
||||
@@ -403,8 +403,10 @@ jobs:
|
||||
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
|
||||
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
|
||||
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
|
||||
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
|
||||
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
|
||||
AZURE_SIGNING_ACCOUNT_ENDPOINT: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT }}
|
||||
AZURE_SIGNING_ACCOUNT_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME }}
|
||||
AZURE_SIGNING_CERT_PROFILE_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME }}
|
||||
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME == '' }}
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
with:
|
||||
args: -p 3 release --clean --timeout 60m0s
|
||||
@@ -427,7 +429,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -439,7 +441,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -453,7 +455,7 @@ jobs:
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Checkout Scripts Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
path: ci-scripts
|
||||
repository: pulumi/scripts
|
||||
@@ -463,7 +465,7 @@ jobs:
|
||||
with:
|
||||
github_token: ${{ steps.app-auth.outputs.token }}
|
||||
- name: Download python SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: python-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -471,7 +473,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
|
||||
${{github.workspace}}/sdk/python
|
||||
- name: Download dotnet SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: dotnet-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -479,7 +481,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
|
||||
${{github.workspace}}/sdk/dotnet
|
||||
- name: Download nodejs SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: nodejs-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -515,7 +517,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -527,7 +529,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -545,7 +547,7 @@ jobs:
|
||||
with:
|
||||
github_token: ${{ steps.app-auth.outputs.token }}
|
||||
- name: Download java SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: java-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -553,7 +555,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
|
||||
${{github.workspace}}/sdk/java
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
|
||||
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Publish Java SDK
|
||||
@@ -571,7 +573,7 @@ jobs:
|
||||
needs: publish_sdk
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- id: version
|
||||
@@ -582,7 +584,7 @@ jobs:
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Download go SDK
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: go-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -607,7 +609,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -619,14 +621,14 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
- name: Install pulumictl
|
||||
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
|
||||
uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Dispatch Event
|
||||
|
||||
2
.github/workflows/release_command.yml
vendored
2
.github/workflows/release_command.yml
vendored
@@ -11,7 +11,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
persist-credentials: false
|
||||
- env:
|
||||
|
||||
30
.github/workflows/run-acceptance-tests.yml
vendored
30
.github/workflows/run-acceptance-tests.yml
vendored
@@ -37,7 +37,7 @@ jobs:
|
||||
name: comment-notification
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
@@ -62,7 +62,7 @@ jobs:
|
||||
pull-requests: write # For schema check comment.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
@@ -76,7 +76,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -96,7 +96,7 @@ jobs:
|
||||
github_token: ${{ steps.app-auth.outputs.token }}
|
||||
- if: github.event_name == 'pull_request'
|
||||
name: Install Schema Tools
|
||||
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
|
||||
uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0
|
||||
with:
|
||||
repo: pulumi/schema-tools
|
||||
- name: Build codegen binaries
|
||||
@@ -198,7 +198,7 @@ jobs:
|
||||
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
|
||||
pulumi-gen-${{ env.PROVIDER}}
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin/provider.tar.gz
|
||||
@@ -207,7 +207,7 @@ jobs:
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Upload coverage reports to Codecov
|
||||
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
|
||||
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
|
||||
env:
|
||||
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
@@ -239,7 +239,7 @@ jobs:
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
@@ -253,7 +253,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -271,7 +271,7 @@ jobs:
|
||||
with:
|
||||
github_token: ${{ steps.app-auth.outputs.token }}
|
||||
- name: Download provider
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin
|
||||
@@ -344,7 +344,7 @@ jobs:
|
||||
- name: Tar SDK folder
|
||||
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
||||
with:
|
||||
name: ${{ matrix.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
|
||||
@@ -380,7 +380,7 @@ jobs:
|
||||
id-token: write
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
@@ -394,7 +394,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
@@ -412,7 +412,7 @@ jobs:
|
||||
with:
|
||||
github_token: ${{ steps.app-auth.outputs.token }}
|
||||
- name: Download provider
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin
|
||||
@@ -424,7 +424,7 @@ jobs:
|
||||
-exec chmod +x {} \;
|
||||
- name: Download SDK
|
||||
if: ${{ matrix.language != 'yaml' }}
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
||||
with:
|
||||
name: ${{ matrix.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -497,7 +497,7 @@ jobs:
|
||||
name: sentinel
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
|
||||
4
.github/workflows/weekly-pulumi-update.yml
vendored
4
.github/workflows/weekly-pulumi-update.yml
vendored
@@ -33,7 +33,7 @@ jobs:
|
||||
permissions: write-all
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
@@ -45,7 +45,7 @@ jobs:
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
|
||||
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
|
||||
id: app-auth
|
||||
with:
|
||||
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
|
||||
|
||||
version: "2"
|
||||
linters:
|
||||
enable:
|
||||
@@ -22,6 +24,11 @@ linters:
|
||||
- third_party$
|
||||
- builtin$
|
||||
- examples$
|
||||
rules:
|
||||
- linters:
|
||||
- revive
|
||||
path: pkg/
|
||||
text: "var-naming" # https://github.com/pulumi/ci-mgmt/issues/2100
|
||||
formatters:
|
||||
enable:
|
||||
- gci
|
||||
@@ -29,11 +36,11 @@ formatters:
|
||||
settings:
|
||||
gci:
|
||||
sections:
|
||||
- standard
|
||||
- blank
|
||||
- default
|
||||
- prefix(github.com/pulumi/)
|
||||
- prefix(github.com/pulumi/pulumi-docker-build)
|
||||
- standard # Standard section: captures all standard library packages.
|
||||
- blank # Blank section: contains all blank imports.
|
||||
- default # Default section: contains all imports that could not be matched to another section type.
|
||||
- prefix(github.com/pulumi/) # Custom section: groups all imports with the github.com/pulumi/ prefix.
|
||||
- prefix(github.com/pulumi/pulumi-docker-build) # Custom section: local imports
|
||||
custom-order: true
|
||||
exclusions:
|
||||
generated: lax
|
||||
|
||||
29
Makefile
29
Makefile
@@ -250,30 +250,32 @@ docs: $(shell find docs/yaml -type f) $(shell find ./provider/internal/embed -na
|
||||
go generate docs/generate.go
|
||||
@touch docs
|
||||
|
||||
# Set these variables to enable signing of the windows binary
|
||||
# Set these variables to enable signing of the windows binary with Azure Trusted Signing.
|
||||
AZURE_SIGNING_CLIENT_ID ?=
|
||||
AZURE_SIGNING_CLIENT_SECRET ?=
|
||||
AZURE_SIGNING_TENANT_ID ?=
|
||||
AZURE_SIGNING_KEY_VAULT_URI ?=
|
||||
AZURE_SIGNING_ACCOUNT_ENDPOINT ?=
|
||||
AZURE_SIGNING_ACCOUNT_NAME ?=
|
||||
AZURE_SIGNING_CERT_PROFILE_NAME ?=
|
||||
SKIP_SIGNING ?=
|
||||
|
||||
bin/jsign-6.0.jar:
|
||||
bin/jsign-7.4.jar:
|
||||
@mkdir -p bin
|
||||
wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar --output-document=bin/jsign-6.0.jar
|
||||
wget https://github.com/ebourg/jsign/releases/download/7.4/jsign-7.4.jar --output-document=bin/jsign-7.4.jar
|
||||
|
||||
sign-goreleaser-exe-amd64: GORELEASER_ARCH := amd64_v1
|
||||
sign-goreleaser-exe-arm64: GORELEASER_ARCH := arm64
|
||||
|
||||
# Set the shell to bash to allow for the use of bash syntax.
|
||||
sign-goreleaser-exe-%: SHELL:=/bin/bash
|
||||
sign-goreleaser-exe-%: bin/jsign-6.0.jar
|
||||
sign-goreleaser-exe-%: bin/jsign-7.4.jar
|
||||
@# Only sign windows binary if fully configured.
|
||||
@# Test variables set by joining with | between and looking for || showing at least one variable is empty.
|
||||
@# Move the binary to a temporary location and sign it there to avoid the target being up-to-date if signing fails.
|
||||
@set -e; \
|
||||
if [[ "${SKIP_SIGNING}" != "true" ]]; then \
|
||||
if [[ "|${AZURE_SIGNING_CLIENT_ID}|${AZURE_SIGNING_CLIENT_SECRET}|${AZURE_SIGNING_TENANT_ID}|${AZURE_SIGNING_KEY_VAULT_URI}|" == *"||"* ]]; then \
|
||||
echo "Can't sign windows binaries as required configuration not set: AZURE_SIGNING_CLIENT_ID, AZURE_SIGNING_CLIENT_SECRET, AZURE_SIGNING_TENANT_ID, AZURE_SIGNING_KEY_VAULT_URI"; \
|
||||
if [[ "|${AZURE_SIGNING_CLIENT_ID}|${AZURE_SIGNING_CLIENT_SECRET}|${AZURE_SIGNING_TENANT_ID}|${AZURE_SIGNING_ACCOUNT_ENDPOINT}|${AZURE_SIGNING_ACCOUNT_NAME}|${AZURE_SIGNING_CERT_PROFILE_NAME}|" == *"||"* ]]; then \
|
||||
echo "Can't sign windows binaries as required configuration not set: AZURE_SIGNING_CLIENT_ID, AZURE_SIGNING_CLIENT_SECRET, AZURE_SIGNING_TENANT_ID, AZURE_SIGNING_ACCOUNT_ENDPOINT, AZURE_SIGNING_ACCOUNT_NAME, AZURE_SIGNING_CERT_PROFILE_NAME"; \
|
||||
echo "To rebuild with signing delete the unsigned windows exe file and rebuild with the fixed configuration"; \
|
||||
if [[ "${CI}" == "true" ]]; then exit 1; fi; \
|
||||
else \
|
||||
@@ -284,12 +286,15 @@ sign-goreleaser-exe-%: bin/jsign-6.0.jar
|
||||
--password "${AZURE_SIGNING_CLIENT_SECRET}" \
|
||||
--tenant "${AZURE_SIGNING_TENANT_ID}" \
|
||||
--output none; \
|
||||
ACCESS_TOKEN=$$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken); \
|
||||
java -jar bin/jsign-6.0.jar \
|
||||
--storetype AZUREKEYVAULT \
|
||||
--keystore "PulumiCodeSigning" \
|
||||
--url "${AZURE_SIGNING_KEY_VAULT_URI}" \
|
||||
ACCESS_TOKEN=$$(az account get-access-token --resource "https://codesigning.azure.net" | jq -r .accessToken); \
|
||||
ENDPOINT_HOST="$${AZURE_SIGNING_ACCOUNT_ENDPOINT#https://}"; \
|
||||
ENDPOINT_HOST="$${ENDPOINT_HOST#http://}"; \
|
||||
ENDPOINT_HOST="$${ENDPOINT_HOST%/}"; \
|
||||
java -jar bin/jsign-7.4.jar \
|
||||
--storetype TRUSTEDSIGNING \
|
||||
--keystore "$${ENDPOINT_HOST}" \
|
||||
--storepass "$${ACCESS_TOKEN}" \
|
||||
--alias "${AZURE_SIGNING_ACCOUNT_NAME}/${AZURE_SIGNING_CERT_PROFILE_NAME}" \
|
||||
$${file}.unsigned; \
|
||||
mv $${file}.unsigned $${file}; \
|
||||
az logout; \
|
||||
|
||||
2
go.mod
2
go.mod
@@ -14,7 +14,7 @@ require (
|
||||
github.com/muesli/reflow v0.3.0
|
||||
github.com/otiai10/copy v1.14.0
|
||||
github.com/pulumi/providertest v0.6.0
|
||||
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.102.1
|
||||
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.103.0
|
||||
github.com/pulumi/pulumi-go-provider v1.3.1
|
||||
github.com/pulumi/pulumi-java/pkg v1.22.0
|
||||
github.com/pulumi/pulumi/pkg/v3 v3.230.0
|
||||
|
||||
4
go.sum
4
go.sum
@@ -628,8 +628,8 @@ github.com/pulumi/inflector v0.2.1 h1:bqyiish3tq//vLeLiEstSFE5K7RNjy/ce47ed4QATu
|
||||
github.com/pulumi/inflector v0.2.1/go.mod h1:HUFCjcPTz96YtTuUlwG3i3EZG4WlniBvR9bd+iJxCUY=
|
||||
github.com/pulumi/providertest v0.6.0 h1:ZnefsbhkPE+BpKienHgb38P/6SEtXjjOXGGdMEUIOgk=
|
||||
github.com/pulumi/providertest v0.6.0/go.mod h1:OBpIGSQrw1FW9VNaHBtKCRxEoTISvx8JsxECmRqRgRQ=
|
||||
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.102.1 h1:Jt0W90jeFcYBwxvK6NZ3BMBmhuT0Sh7xz+2ijpjUr0o=
|
||||
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.102.1/go.mod h1:jfgRC76AKgNNXZ8w1xcHsOYSEaeSX9mT6bVIwrBBnjI=
|
||||
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.103.0 h1:jkZrUea6JRgDrTgsUI/vd99bQqnpZiMXtvzfkeWLeFg=
|
||||
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.103.0/go.mod h1:qVjigpiMlW2k9NP0LziXNR118/SqJnQwJRhK7n21osA=
|
||||
github.com/pulumi/pulumi-go-provider v1.3.1 h1:HuzbOG3BWU+JZ1CdJeUwGEATRtCU8HNwRX6rxKUeZ/E=
|
||||
github.com/pulumi/pulumi-go-provider v1.3.1/go.mod h1:HS3UcUA42rwKdSx4k47Fr+36oGJqErGm22GP74JC1Gs=
|
||||
github.com/pulumi/pulumi-java/pkg v1.22.0 h1:p60fqNNS1yfZzr3xPv7o6pZoCfwySCnFduMdUr9LHTo=
|
||||
|
||||
Reference in New Issue
Block a user