sam_oneal/pulumi-docker-build
1
0
Fork 0
Code Actions Packages Releases Wiki Activity
Files
710f5d816b873d3ff0afa31b4ba677ad2f9ab4f9
pulumi-docker-build/.github/workflows/weekly-pulumi-update.yml
Bryce Lampe 710f5d816b Remove unnecessary envOverride (#766) 
Our DockerHub password is in ESC, and a bunch of the other variables
were copy-pasted defaults. We need to keep GCP because that isn't in
ESC yet.

Refs https://github.com/pulumi/ci-mgmt/issues/1583.
2026-02-13 15:57:47 -08:00

118 lines
4.3 KiB
YAML
Raw Blame History

# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
name: weekly-pulumi-update
on:
schedule:
- cron: 35 12 * * 4
workflow_dispatch: {}
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
PROVIDER: docker-build
TRAVIS_OS_NAME: linux
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PULUMI_PULUMI_ENABLE_JOURNALING: "true"
TF_APPEND_USER_AGENT: pulumi
jobs:
weekly-pulumi-update:
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Checkout Repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Update Pulumi/Pulumi
id: gomod
run: >-
git config --local user.email 'bot@pulumi.com'
git config --local user.name 'pulumi-bot'
git checkout -b update-pulumi/${{ github.run_id }}-${{ github.run_number }}
gh repo view pulumi/pulumi --json latestRelease --jq .latestRelease.tagName | sed 's/^v//' > .pulumi.version
VERSION=$(cat .pulumi.version) find . -name go.mod -execdir sh -c 'go get github.com/pulumi/pulumi/pkg/v3@v${VERSION} github.com/pulumi/pulumi/sdk/v3@v${VERSION}; go mod tidy' \;
git update-index -q --refresh
if ! git diff-files --quiet; then echo changes=1 >> "$GITHUB_OUTPUT"; fi
- name: Provider with Pulumi Upgrade
if: steps.gomod.outputs.changes != 0
run: >-
make codegen && make local_generate
git add sdk/nodejs
git commit -m "Regenerating Node.js SDK based on updated modules" || echo "ignore commit failure, may be empty"
git add sdk/python
git commit -m "Regenerating Python SDK based on updated modules" || echo "ignore commit failure, may be empty"
git add sdk/dotnet
git commit -m "Regenerating .NET SDK based on updated modules" || echo "ignore commit failure, may be empty"
git add sdk/go*
git commit -m "Regenerating Go SDK based on updated modules" || echo "ignore commit failure, may be empty"
git add sdk/java*
git commit -m "Regenerating Java SDK based on updated modules" || echo "ignore commit failure, may be empty"
git add .
git commit -m "Updated modules" || echo "ignore commit failure, may be empty"
git push origin update-pulumi/${{ github.run_id }}-${{ github.run_number }}
- name: Create PR
id: create-pr
if: steps.gomod.outputs.changes != 0
run: >
ver=$(cat .pulumi.version)
msg="Automated upgrade: bump pulumi/pulumi to ${ver}"
# See https://github.com/cli/cli/issues/6485#issuecomment-2560935183 for --head workaround
gh pr create -t "$msg" -b "$msg" --head "$(git branch --show-current)"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
name: weekly-pulumi-update
View Git Blame Copy Permalink