From 33f848c71150045d330a4c0ea6371e24c2a3b4df Mon Sep 17 00:00:00 2001
From: Ringo De Smet <ringo@de-smet.name>
Date: Mon, 2 Dec 2024 14:55:22 +0100
Subject: [PATCH] Regenerate workflows for external providers weekly (#1187)

Pulumi managed providers receive Github Actions workflow changes via a
workflow run in `ci-mgmt`, with changes pushed to the provider
repositories.

External providers need a pull based model to take similar workflow
changes in, hence the creation of the `external-provider` template
folder and adding the required workflow in there.

I tested the contents of the workflow standalone first on a single
provider and it worked fine. Here was the generated PR to update the
workflows:

https://github.com/pulumiverse/pulumi-acme/pull/93
---
 provider-ci/internal/pkg/generate.go          |  3 +-
 .../.github/workflows/resync-build.yml        | 41 +++++++++++++++++++
 .../acme/.github/workflows/resync-build.yml   | 41 +++++++++++++++++++
 3 files changed, 83 insertions(+), 2 deletions(-)
 create mode 100644 provider-ci/internal/pkg/templates/external-provider/.github/workflows/resync-build.yml
 create mode 100644 provider-ci/test-providers/acme/.github/workflows/resync-build.yml

diff --git a/provider-ci/internal/pkg/generate.go b/provider-ci/internal/pkg/generate.go
index 8211e7df9..92a903080 100644
--- a/provider-ci/internal/pkg/generate.go
+++ b/provider-ci/internal/pkg/generate.go
@@ -101,7 +101,7 @@ func getTemplateDirs(templateName string) ([]string, error) {
 		return []string{"dev-container", "provider", "pulumi-provider", "bridged-provider"}, nil
 	case "external-bridged-provider":
 		// Render more specific templates last to allow them to override more general templates.
-		return []string{"dev-container", "provider", "bridged-provider"}, nil
+		return []string{"dev-container", "provider", "external-provider", "bridged-provider"}, nil
 	default:
 		return nil, fmt.Errorf("unknown template: %s", templateName)
 	}
@@ -119,7 +119,6 @@ func getDeletedFiles(templateName string) []string {
 		}
 	case "external-bridged-provider":
 		return []string{
-			".github/workflows/resync-build.yml",
 			"scripts/upstream.sh",
 			".goreleaser.yml",
 			".goreleaser.prerelease.yml",
diff --git a/provider-ci/internal/pkg/templates/external-provider/.github/workflows/resync-build.yml b/provider-ci/internal/pkg/templates/external-provider/.github/workflows/resync-build.yml
new file mode 100644
index 000000000..12afb8877
--- /dev/null
+++ b/provider-ci/internal/pkg/templates/external-provider/.github/workflows/resync-build.yml
@@ -0,0 +1,41 @@
+# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
+name: "Resync Build Workflows"
+
+on:
+  schedule:
+    # 3 AM UTC ~ 8 PM PDT / 7 PM PST every Tuesday.
+    - cron: 0 3 * * TUE
+
+permissions:
+  contents: write
+  pull-requests: write
+
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN || secrets.PULUMI_BOT_TOKEN || secrets.GITHUB_TOKEN }}
+
+jobs:
+  upgrade_provider:
+    name: pull-workflow-changes
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+        with:
+          # Persist credentials so pull-workflow-changes can push a new branch.
+          persist-credentials: true
+      - name: Regenerate the workflow files via https://github.com/pulumi/ci-mgmt
+        run: |
+          make ci-mgmt
+      - name: Create PR (no linked issue)
+        uses: peter-evans/create-pull-request@v3.12.0
+        with:
+          author: pulumi-bot <bot@pulumi.com>
+          base: main
+          body: This pull request was generated automatically by the resync-build workflow
+            in this repository.
+          branch: chore/resync-${{ github.run_id }}
+          commit-message: Regenerate workflows for pulumi-#{{ .Config.Provider }}#
+          committer: pulumi-bot <bot@pulumi.com>
+          labels: impact/no-changelog-required
+          title: Regenerate Github Actions workflows for pulumi-#{{ .Config.Provider }}#
+          token: ${{ env.GITHUB_TOKEN }}
diff --git a/provider-ci/test-providers/acme/.github/workflows/resync-build.yml b/provider-ci/test-providers/acme/.github/workflows/resync-build.yml
new file mode 100644
index 000000000..c83f4400e
--- /dev/null
+++ b/provider-ci/test-providers/acme/.github/workflows/resync-build.yml
@@ -0,0 +1,41 @@
+# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
+name: "Resync Build Workflows"
+
+on:
+  schedule:
+    # 3 AM UTC ~ 8 PM PDT / 7 PM PST every Tuesday.
+    - cron: 0 3 * * TUE
+
+permissions:
+  contents: write
+  pull-requests: write
+
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN || secrets.PULUMI_BOT_TOKEN || secrets.GITHUB_TOKEN }}
+
+jobs:
+  upgrade_provider:
+    name: pull-workflow-changes
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+        with:
+          # Persist credentials so pull-workflow-changes can push a new branch.
+          persist-credentials: true
+      - name: Regenerate the workflow files via https://github.com/pulumi/ci-mgmt
+        run: |
+          make ci-mgmt
+      - name: Create PR (no linked issue)
+        uses: peter-evans/create-pull-request@v3.12.0
+        with:
+          author: pulumi-bot <bot@pulumi.com>
+          base: main
+          body: This pull request was generated automatically by the resync-build workflow
+            in this repository.
+          branch: chore/resync-${{ github.run_id }}
+          commit-message: Regenerate workflows for pulumi-acme
+          committer: pulumi-bot <bot@pulumi.com>
+          labels: impact/no-changelog-required
+          title: Regenerate Github Actions workflows for pulumi-acme
+          token: ${{ env.GITHUB_TOKEN }}