# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt

name: weekly-pulumi-update
on:
  schedule:
  - cron: 35 12 * * 4
  workflow_dispatch: {}
env:
  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
  PROVIDER: docker-build
  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
  TRAVIS_OS_NAME: linux
  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
  GOVERSION: "1.21.x"
  NODEVERSION: "20.x"
  PYTHONVERSION: "3.11.8"
  DOTNETVERSION: "8.0.x"
  JAVAVERSION: "11"
  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
  AWS_REGION: us-west-2
  AZURE_LOCATION: westus
  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
  GOOGLE_PROJECT: pulumi-ci-gcp-provider
  GOOGLE_PROJECT_NUMBER: "895284651812"
  GOOGLE_REGION: us-central1
  GOOGLE_ZONE: us-central1-a
  PULUMI_API: https://api.pulumi-staging.io

jobs:
  weekly-pulumi-update:
    runs-on: ubuntu-latest
    permissions: write-all
    steps:
    - name: Checkout Repo
      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      with:
        lfs: true    
    - env:
        ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
        ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
        ESC_ACTION_OIDC_AUTH: "true"
        ESC_ACTION_OIDC_ORGANIZATION: pulumi
        ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
      id: esc-secrets
      name: Fetch secrets from ESC
      uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
    - name: Install Go
      uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
      with:
        go-version: ${{ env.GOVERSION }}
        cache-dependency-path: "**/*.sum"
    - name: Install pulumictl
      uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
      with:
        repo: pulumi/pulumictl
    - name: Install Pulumi CLI
      uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
    - name: Setup DotNet
      uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
      with:
        dotnet-version: ${{ env.DOTNETVERSION }}
    - name: Setup Node
      uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
      with:
        node-version: ${{ env.NODEVERSION }}
        registry-url: https://registry.npmjs.org
    - name: Setup Python
      uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
      with:
        python-version: ${{ env.PYTHONVERSION }}
    - name: Setup Java
      uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
      with:
        java-version: ${{ env.JAVAVERSION }}
        distribution: temurin
        cache: gradle
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
      with:
        gradle-version: "7.6"
    - name: Update Pulumi/Pulumi
      id: gomod
      run: >-
        git config --local user.email 'bot@pulumi.com'

        git config --local user.name 'pulumi-bot'

        git checkout -b update-pulumi/${{ github.run_id }}-${{ github.run_number }}

        find . -name go.mod -execdir sh -c 'go get github.com/pulumi/pulumi/pkg/v3 github.com/pulumi/pulumi/sdk/v3; go mod tidy' \;

        gh repo view pulumi/pulumi --json latestRelease --jq .latestRelease.tagName | sed 's/^v//' > .pulumi.version

        git update-index -q --refresh

        if ! git diff-files --quiet; then echo changes=1 >> "$GITHUB_OUTPUT"; fi
    - name: Provider with Pulumi Upgrade
      if: steps.gomod.outputs.changes != 0
      run: >-
        make codegen && make local_generate

        git add sdk/nodejs

        git commit -m "Regenerating Node.js SDK based on updated modules" || echo "ignore commit failure, may be empty"

        git add sdk/python

        git commit -m "Regenerating Python SDK based on updated modules" || echo "ignore commit failure, may be empty"

        git add sdk/dotnet

        git commit -m "Regenerating .NET SDK based on updated modules" || echo "ignore commit failure, may be empty"

        git add sdk/go*

        git commit -m "Regenerating Go SDK based on updated modules" || echo "ignore commit failure, may be empty"

        git add sdk/java*

        git commit -m "Regenerating Java SDK based on updated modules" || echo "ignore commit failure, may be empty"

        git add .

        git commit -m "Updated modules" || echo "ignore commit failure, may be empty"

        git push origin update-pulumi/${{ github.run_id }}-${{ github.run_number }}
    - name: Create PR
      id: create-pr
      if: steps.gomod.outputs.changes != 0
      run: >
        ver=$(cat .pulumi.version)

        msg="Automated upgrade: bump pulumi/pulumi to ${ver}"

        # See https://github.com/cli/cli/issues/6485#issuecomment-2560935183 for --head workaround

        gh pr create -t "$msg" -b "$msg" --head "$(git branch --show-current)"
      env:
        GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
    name: weekly-pulumi-update