Combine upstream check & upgrade workflows

Remove the chain of dependencies where we create issues then trigger the actual upgrade from the issue creation. We previously had to filter the triggered issue opening to a specific bot user to stop other issues created by external users from triggering the workflow.

Instead, we'll check for new versions then attempt the upgrade in a single run, as well as allowing the execution of a specific version upgrade via workflow_dispatch.

Scenarios:

- If the cron triggers or a user runs the workflow without a version, it'll ensure an issue exists for the latest pending version and return the latest pending version in the `latest_version` output.
- If `latest_version` is unset then we don't need to run the upgrade as there's no pending version.
- If `latest_version` is set then we'll specifically attempt an upgrade to that version.
- If a user runs the workflow with a version input, we'll skip creating issues and just attempt the upgrade.

This builds on the work in pulumi/upgrade-provider#282

provider-ci/internal/pkg/generate.go

@@ -83,6 +83,7 @@ func getDeletedFiles(templateName string) []string {
 	switch templateName {
 	case "bridged-provider":
 		return []string{
+			".github/workflows/check-upstream-upgrade.yml",
 			"scripts/upstream.sh",
 			".goreleaser.yml",
 			".goreleaser.prerelease.yml",

provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/upgrade-provider.yml

@@ -1,11 +1,22 @@
 # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
 
+name: Upgrade provider
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "The version of the upstream provider to upgrade to, without the 'v' prefix"
+        required: false
+        type: string
+  schedule:
+    # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours.
+    - cron: 0 3 * * *
+
 env:
   GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 jobs:
   upgrade_provider:
-    if: ${{ (github.event.issue.user.login == 'pulumi-bot' && contains(github.event.issue.title, 'Upgrade terraform-provider-')) || github.event_name == 'workflow_dispatch' }}
     name: upgrade-provider
     runs-on: #{{ .Config.runner.default }}#
     steps:
@@ -31,17 +42,27 @@ jobs:
       - name: Install upgrade-provider
         run: go install github.com/pulumi/upgrade-provider@main
         shell: bash
-      - name: "Set up git identity: name"
+      - name: "Set up git identity"
         run: |
           git config --global user.name '[email protected]'
           git config --global user.email '[email protected]'
         shell: bash
-      - name: Run upgrade-provider
-        run: upgrade-provider "${{ github.repository }}" --kind="all" #{{ if .Config.javaGenVersion }}#--java-version="#{{ .Config.javaGenVersion }}#"#{{ end }}#
+      - name: Create issues for new upstream version
+        if: inputs.version == ''
+        id: upstream_version
+        # This step outputs `latest_version` if there is a pending upgrade
+        run: upgrade-provider "$REPO" --kind=check-upstream-version
+        env:
+          REPO: ${{ github.repository }}
+        shell: bash
+      - name: Calculate target version
+        id: target_version
+        # Prefer the manually specified version if it exists
+        # upstream_version will be empty if the provider is up-to-date
+        run: echo "version=${{ github.event.inputs.version || steps.upstream_version.outputs.latest_version }}" >> "$GITHUB_OUTPUT"
+        shell: bash
+      - name: Attempt provider upgrade
+        # Only attempt the upgrade if we have a target version
+        if: steps.target_version.outputs.version != ''
+        run: upgrade-provider "${{ github.repository }}" --kind="all" --target-version="${{ steps.target_version.outputs.version }}" #{{ if .Config.javaGenVersion }}#--java-version="#{{ .Config.javaGenVersion }}#"#{{ end }}#
         shell: bash
-name: Upgrade provider
-on:
-  issues:
-    types:
-      - opened
-  workflow_dispatch: {}

provider-ci/test-providers/acme/.github/workflows/upgrade-provider.yml

@@ -1,11 +1,22 @@
 # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
 
+name: Upgrade provider
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "The version of the upstream provider to upgrade to, without the 'v' prefix"
+        required: false
+        type: string
+  schedule:
+    # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours.
+    - cron: 0 3 * * *
+
 env:
   GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 jobs:
   upgrade_provider:
-    if: ${{ (github.event.issue.user.login == 'pulumi-bot' && contains(github.event.issue.title, 'Upgrade terraform-provider-')) || github.event_name == 'workflow_dispatch' }}
     name: upgrade-provider
     runs-on: ubuntu-latest
     steps:
@@ -18,17 +29,27 @@ jobs:
       - name: Install upgrade-provider
         run: go install github.com/pulumi/upgrade-provider@main
         shell: bash
-      - name: "Set up git identity: name"
+      - name: "Set up git identity"
         run: |
           git config --global user.name '[email protected]'
           git config --global user.email '[email protected]'
         shell: bash
-      - name: Run upgrade-provider
-        run: upgrade-provider "${{ github.repository }}" --kind="all" 
+      - name: Create issues for new upstream version
+        if: inputs.version == ''
+        id: upstream_version
+        # This step outputs `latest_version` if there is a pending upgrade
+        run: upgrade-provider "$REPO" --kind=check-upstream-version
+        env:
+          REPO: ${{ github.repository }}
+        shell: bash
+      - name: Calculate target version
+        id: target_version
+        # Prefer the manually specified version if it exists
+        # upstream_version will be empty if the provider is up-to-date
+        run: echo "version=${{ github.event.inputs.version || steps.upstream_version.outputs.latest_version }}" >> "$GITHUB_OUTPUT"
+        shell: bash
+      - name: Attempt provider upgrade
+        # Only attempt the upgrade if we have a target version
+        if: steps.target_version.outputs.version != ''
+        run: upgrade-provider "${{ github.repository }}" --kind="all" --target-version="${{ steps.target_version.outputs.version }}" 
         shell: bash
-name: Upgrade provider
-on:
-  issues:
-    types:
-      - opened
-  workflow_dispatch: {}

provider-ci/test-providers/aws/.github/workflows/upgrade-provider.yml

@@ -1,11 +1,22 @@
 # WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
 
+name: Upgrade provider
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "The version of the upstream provider to upgrade to, without the 'v' prefix"
+        required: false
+        type: string
+  schedule:
+    # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours.
+    - cron: 0 3 * * *
+
 env:
   GH_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 jobs:
   upgrade_provider:
-    if: ${{ (github.event.issue.user.login == 'pulumi-bot' && contains(github.event.issue.title, 'Upgrade terraform-provider-')) || github.event_name == 'workflow_dispatch' }}
     name: upgrade-provider
     runs-on: ubuntu-latest
     steps:
@@ -27,17 +38,27 @@ jobs:
       - name: Install upgrade-provider
         run: go install github.com/pulumi/upgrade-provider@main
         shell: bash
-      - name: "Set up git identity: name"
+      - name: "Set up git identity"
         run: |
           git config --global user.name '[email protected]'
           git config --global user.email '[email protected]'
         shell: bash
-      - name: Run upgrade-provider
-        run: upgrade-provider "${{ github.repository }}" --kind="all" 
+      - name: Create issues for new upstream version
+        if: inputs.version == ''
+        id: upstream_version
+        # This step outputs `latest_version` if there is a pending upgrade
+        run: upgrade-provider "$REPO" --kind=check-upstream-version
+        env:
+          REPO: ${{ github.repository }}
+        shell: bash
+      - name: Calculate target version
+        id: target_version
+        # Prefer the manually specified version if it exists
+        # upstream_version will be empty if the provider is up-to-date
+        run: echo "version=${{ github.event.inputs.version || steps.upstream_version.outputs.latest_version }}" >> "$GITHUB_OUTPUT"
+        shell: bash
+      - name: Attempt provider upgrade
+        # Only attempt the upgrade if we have a target version
+        if: steps.target_version.outputs.version != ''
+        run: upgrade-provider "${{ github.repository }}" --kind="all" --target-version="${{ steps.target_version.outputs.version }}" 
         shell: bash
-name: Upgrade provider
-on:
-  issues:
-    types:
-      - opened
-  workflow_dispatch: {}