# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt

name: weekly-pulumi-update
on:
  schedule:
  - cron: 35 12 * * 4
  workflow_dispatch: {}
env:
  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
  PROVIDER: docker-build
  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
  PYPI_USERNAME: __token__
  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
  TRAVIS_OS_NAME: linux
  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
  GOVERSION: 1.21.x
  NODEVERSION: 20.x
  PYTHONVERSION: "3.11"
  DOTNETVERSION: 8.0.x
  JAVAVERSION: "11"
  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
  AWS_REGION: us-west-2
  AZURE_LOCATION: westus
  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
  GOOGLE_PROJECT: pulumi-ci-gcp-provider
  GOOGLE_PROJECT_NUMBER: "895284651812"
  GOOGLE_REGION: us-central1
  GOOGLE_ZONE: us-central1-a
  PULUMI_API: https://api.pulumi-staging.io
jobs:
  weekly-pulumi-update:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Repo
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        lfs: true
    - name: Install Go
      uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
      with:
        go-version: ${{ env.GOVERSION }}
        cache-dependency-path: "**/*.sum"
    - name: Install pulumictl
      uses: jaxxstorm/action-install-gh-release@4304621e8c48d66093a8a214af5d5b5bc3b3d943 # v2.0.0
      with:
        repo: pulumi/pulumictl
    - name: Install Pulumi CLI
      uses: pulumi/actions@9519177da243fd32cab35cdbf19cce1ab7472fcc # v6.2.0
    - name: Setup DotNet
      uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
      with:
        dotnet-version: ${{ env.DOTNETVERSION }}
    - name: Setup Node
      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
      with:
        node-version: ${{ env.NODEVERSION }}
        registry-url: https://registry.npmjs.org
    - name: Setup Python
      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
      with:
        python-version: ${{ env.PYTHONVERSION }}
    - name: Update Pulumi/Pulumi
      id: gomod
      run: >-
        git config --local user.email 'bot@pulumi.com'

        git config --local user.name 'pulumi-bot'

        git checkout -b update-pulumi/${{ github.run_id }}-${{ github.run_number }}

        for MODFILE in $(find . -name go.mod); do pushd $(dirname $MODFILE); go get github.com/pulumi/pulumi/pkg/v3 github.com/pulumi/pulumi/sdk/v3; go mod tidy; popd; done

        gh repo view pulumi/pulumi --json latestRelease --jq .latestRelease.tagName | sed 's/^v//' > .pulumi.version

        git update-index -q --refresh

        if ! git diff-files --quiet; then echo changes=1 >> "$GITHUB_OUTPUT"; fi
    - name: Provider with Pulumi Upgrade
      if: steps.gomod.outputs.changes != 0
      run: >-
        make codegen && make local_generate

        git add sdk/nodejs

        git commit -m "Regenerating Node.js SDK based on updated modules" || echo "ignore commit failure, may be empty"

        git add sdk/python

        git commit -m "Regenerating Python SDK based on updated modules" || echo "ignore commit failure, may be empty"

        git add sdk/dotnet

        git commit -m "Regenerating .NET SDK based on updated modules" || echo "ignore commit failure, may be empty"

        git add sdk/go*

        git commit -m "Regenerating Go SDK based on updated modules" || echo "ignore commit failure, may be empty"

        git add sdk/java*

        git commit -m "Regenerating Java SDK based on updated modules" || echo "ignore commit failure, may be empty"

        git add .

        git commit -m "Updated modules" || echo "ignore commit failure, may be empty"

        git push origin update-pulumi/${{ github.run_id }}-${{ github.run_number }}
    - name: Create PR
      id: create-pr
      if: steps.gomod.outputs.changes != 0
      run: >
        ver=$(cat .pulumi.version)

        msg="Automated upgrade: bump pulumi/pulumi to ${ver}"

        # See https://github.com/cli/cli/issues/6485#issuecomment-2560935183 for --head workaround

        gh pr create -t "$msg" -b "$msg" --head $(git branch --show-current)
      env:
        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
    name: weekly-pulumi-update