pulumi-docker-build/.github/workflows/lint.yml

# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt

name: lint

on:
  workflow_call:
    inputs: {}

env:
  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
  AWS_REGION: us-west-2
  AZURE_LOCATION: westus
  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
  GOOGLE_PROJECT: pulumi-ci-gcp-provider
  GOOGLE_PROJECT_NUMBER: "895284651812"
  GOOGLE_REGION: us-central1
  GOOGLE_ZONE: us-central1-a
  PULUMI_API: https://api.pulumi-staging.io
  PULUMI_PULUMI_ENABLE_JOURNALING: "true"

jobs:
  lint:
    name: lint
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      id-token: write # For ESC secrets.
    steps:
    - name: Checkout Repo
      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      with:
        persist-credentials: false    
    - env:
        ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
        ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
        ESC_ACTION_OIDC_AUTH: "true"
        ESC_ACTION_OIDC_ORGANIZATION: pulumi
        ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
      id: esc-secrets
      name: Fetch secrets from ESC
      uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
    - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
      id: app-auth
      with:
        app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
        private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
        owner: ${{ github.repository_owner }}
    - name: Setup mise
      uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310
      env:
        MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s
      with:
        version: 2026.2.10
        github_token: ${{ steps.app-auth.outputs.token }}
        cache_save: false # A different job handles caching our tools.
    - name: prepare workspace
      continue-on-error: true
      run: make prepare_local_workspace
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: lint
      run: make lint