# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt name: weekly-pulumi-update on: schedule: - cron: 35 12 * * 4 workflow_dispatch: {} env: GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} PROVIDER: docker-build PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget TRAVIS_OS_NAME: linux PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. GOVERSION: "1.21.x" NODEVERSION: "20.x" PYTHONVERSION: "3.11.8" DOTNETVERSION: "8.0.x" JAVAVERSION: "11" ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 AWS_REGION: us-west-2 AZURE_LOCATION: westus GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a PULUMI_API: https://api.pulumi-staging.io PULUMI_PULUMI_ENABLE_JOURNALING: "true" jobs: weekly-pulumi-update: runs-on: ubuntu-latest permissions: write-all steps: - name: Checkout Repo uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Setup Tools uses: ./.github/actions/setup-tools with: github_token: ${{ steps.app-auth.outputs.token }} - name: Update Pulumi/Pulumi id: gomod run: >- git config --local user.email 'bot@pulumi.com' git config --local user.name 'pulumi-bot' git checkout -b update-pulumi/${{ github.run_id }}-${{ github.run_number }} find . -name go.mod -execdir sh -c 'go get github.com/pulumi/pulumi/pkg/v3 github.com/pulumi/pulumi/sdk/v3; go mod tidy' \; gh repo view pulumi/pulumi --json latestRelease --jq .latestRelease.tagName | sed 's/^v//' > .pulumi.version git update-index -q --refresh if ! git diff-files --quiet; then echo changes=1 >> "$GITHUB_OUTPUT"; fi - name: Provider with Pulumi Upgrade if: steps.gomod.outputs.changes != 0 run: >- make codegen && make local_generate git add sdk/nodejs git commit -m "Regenerating Node.js SDK based on updated modules" || echo "ignore commit failure, may be empty" git add sdk/python git commit -m "Regenerating Python SDK based on updated modules" || echo "ignore commit failure, may be empty" git add sdk/dotnet git commit -m "Regenerating .NET SDK based on updated modules" || echo "ignore commit failure, may be empty" git add sdk/go* git commit -m "Regenerating Go SDK based on updated modules" || echo "ignore commit failure, may be empty" git add sdk/java* git commit -m "Regenerating Java SDK based on updated modules" || echo "ignore commit failure, may be empty" git add . git commit -m "Updated modules" || echo "ignore commit failure, may be empty" git push origin update-pulumi/${{ github.run_id }}-${{ github.run_number }} - name: Create PR id: create-pr if: steps.gomod.outputs.changes != 0 run: > ver=$(cat .pulumi.version) msg="Automated upgrade: bump pulumi/pulumi to ${ver}" # See https://github.com/cli/cli/issues/6485#issuecomment-2560935183 for --head workaround gh pr create -t "$msg" -b "$msg" --head "$(git branch --show-current)" env: GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} name: weekly-pulumi-update