diff --git a/.github/actions/download-bin/action.yml b/.github/actions/download-bin/action.yml index d4ce00be851..10b0e9a73c0 100644 --- a/.github/actions/download-bin/action.yml +++ b/.github/actions/download-bin/action.yml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Download provider + tfgen binaries - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: aws-provider.tar.gz path: ${{ github.workspace }}/bin diff --git a/.github/actions/download-sdk/action.yml b/.github/actions/download-sdk/action.yml index 272e3317704..ec5a2f30826 100644 --- a/.github/actions/download-sdk/action.yml +++ b/.github/actions/download-sdk/action.yml @@ -10,7 +10,7 @@ runs: using: "composite" steps: - name: Download ${{ inputs.language }} SDK - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/ diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index 3277cca0d2c..862b4701f23 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -20,7 +20,7 @@ runs: steps: - name: Install Go if: inputs.tools == 'all' || contains(inputs.tools, 'go') - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: "1.23.x" cache-dependency-path: | @@ -30,45 +30,45 @@ runs: - name: Install pulumictl if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') - uses: jaxxstorm/action-install-gh-release@v1.11.0 + uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 with: tag: v0.0.46 repo: pulumi/pulumictl - name: Install Pulumi CLI if: inputs.tools == 'all' || contains(inputs.tools, 'pulumicli') - uses: pulumi/actions@v5 + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6 with: pulumi-version: "dev" - name: Install Schema Tools if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools') - uses: jaxxstorm/action-install-gh-release@v1.11.0 + uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 with: repo: pulumi/schema-tools - name: Setup Node if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs') - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version: 20.x registry-url: https://registry.npmjs.org - name: Setup DotNet if: inputs.tools == 'all' || contains(inputs.tools, 'dotnet') - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4 with: dotnet-version: 6.0.x - name: Setup Python if: inputs.tools == 'all' || contains(inputs.tools, 'python') - uses: actions/setup-python@v5 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 with: python-version: 3.11.8 - name: Setup Java if: inputs.tools == 'all' || contains(inputs.tools, 'java') - uses: actions/setup-java@v4 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 with: cache: gradle distribution: temurin @@ -76,6 +76,6 @@ runs: - name: Setup Gradle if: inputs.tools == 'all' || contains(inputs.tools, 'java') - uses: gradle/gradle-build-action@v3 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 with: gradle-version: 7.6 diff --git a/.github/actions/upload-bin/action.yml b/.github/actions/upload-bin/action.yml index 8afcc7999cf..d33e26c1e4b 100644 --- a/.github/actions/upload-bin/action.yml +++ b/.github/actions/upload-bin/action.yml @@ -8,7 +8,7 @@ runs: shell: bash run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-aws pulumi-tfgen-aws - name: Upload artifacts - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: aws-provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz diff --git a/.github/actions/upload-sdk/action.yml b/.github/actions/upload-sdk/action.yml index c8c88de9695..b0dd1404271 100644 --- a/.github/actions/upload-sdk/action.yml +++ b/.github/actions/upload-sdk/action.yml @@ -13,7 +13,7 @@ runs: shell: bash run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . - name: Upload artifacts - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index d7ee1969b91..2c6e2210aad 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -31,13 +31,13 @@ jobs: steps: # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false @@ -48,19 +48,19 @@ jobs: - name: Prepare local workspace before restoring previously built run: make prepare_local_workspace - name: Download schema-embed.json - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: # Use a pattern to avoid failing if the artifact doesn't exist pattern: schema-embed.* # Avoid creating directories for each artifact merge-multiple: true - path: provider/cmd/pulumi-resource-aws/schema-embed.json + path: provider/cmd/pulumi-resource-aws - name: Restore makefile progress run: make --touch provider schema - name: Build & package provider run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} - name: Upload artifacts - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: pulumi-resource-aws-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz path: bin/pulumi-resource-aws-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index 8a9ce57d341..37b20a45e8b 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -45,18 +45,18 @@ jobs: steps: # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false - name: Cache examples generation - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 with: path: | .pulumi/examples-cache diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index ac56412725f..7b5be315a8c 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -26,11 +26,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false - - uses: peter-evans/slash-command-dispatch@v4 + - uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4 with: commands: | run-acceptance-tests diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml index b4a52a60b32..a0a741509ea 100644 --- a/.github/workflows/community-moderation.yml +++ b/.github/workflows/community-moderation.yml @@ -8,25 +8,25 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false - id: schema_changed name: Check for diff in schema - uses: dorny/paths-filter@v2.12.0 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 with: filters: "changed: 'provider/cmd/**/schema.json'" - id: sdk_changed if: steps.schema_changed.outputs.changed == 'false' name: Check for diff in sdk/** - uses: dorny/paths-filter@v2.12.0 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 with: filters: "changed: 'sdk/**'" - if: steps.sdk_changed.outputs.changed == 'true' && github.event.pull_request.head.repo.full_name != github.repository name: Send codegen warning as comment on PR - uses: thollander/actions-comment-pull-request@v2.5.0 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: > diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 51bd46b3b85..9e1bd1164cd 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 86abc8da4f8..437c5dad780 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -33,12 +33,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false - name: Install go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: # The versions of golangci-lint and setup-go here cross-depend and need to update together. go-version: 1.23 @@ -52,7 +52,7 @@ jobs: continue-on-error: true run: make upstream - name: golangci-lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6 with: version: v1.60 working-directory: provider diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 4551b3d98cc..5c48efb3ccd 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -53,17 +53,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} aws-region: us-west-2 @@ -109,6 +109,7 @@ jobs: version: ${{ needs.prerequisites.outputs.version }} isPrerelease: true skipGoSdk: true + skipJavaSdk: true tag_release_if_labeled_needs_release: name: Tag release if labeled as needs-release @@ -142,13 +143,13 @@ jobs: steps: # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false diff --git a/.github/workflows/nightly-test.yml b/.github/workflows/nightly-test.yml index 0075fb120f7..35ca4de774c 100644 --- a/.github/workflows/nightly-test.yml +++ b/.github/workflows/nightly-test.yml @@ -58,13 +58,13 @@ jobs: steps: # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 49a2bbdf3b3..bc59c05c0b1 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -83,13 +83,13 @@ jobs: steps: # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index b2fad8b2c7a..29491a9ade7 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -47,22 +47,22 @@ jobs: steps: # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false - - uses: pulumi/provider-version-action@v1 + - uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 id: provider-version with: set-env: 'PROVIDER_VERSION' - name: Cache examples generation - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 with: path: | .pulumi/examples-cache @@ -90,7 +90,7 @@ jobs: } >> "$GITHUB_ENV" - if: inputs.is_pr && inputs.is_automated == false name: Comment on PR with Details of Schema Check - uses: thollander/actions-comment-pull-request@v2.5.0 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} comment_tag: schemaCheck @@ -104,7 +104,7 @@ jobs: uses: ./.github/actions/upload-bin - name: Upload schema-embed.json - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: schema-embed.json path: provider/cmd/pulumi-resource-aws/schema-embed.json diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4c338581ab5..940d6eceade 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -14,6 +14,10 @@ on: default: false type: boolean description: Skip publishing & verifying the Go SDK + skipJavaSdk: + default: false + type: boolean + description: Skip publishing the Java SDK env: IS_PRERELEASE: ${{ inputs.isPrerelease }} @@ -49,7 +53,7 @@ jobs: if: inputs.skipGoSdk && inputs.isPrerelease == false run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false @@ -58,7 +62,7 @@ jobs: with: tools: pulumictl, pulumicli, go, schema-tools - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -70,7 +74,7 @@ jobs: - name: Create dist directory run: mkdir -p dist - name: Download provider assets - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: pulumi-resource-aws-v${{ inputs.version }}-* path: dist @@ -95,7 +99,7 @@ jobs: - name: Upload Provider Binaries run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive - name: Create GH Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 if: inputs.isPrerelease == false with: tag_name: v${{ inputs.version }} @@ -114,7 +118,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true # Persist credentials so we can push back to the repo @@ -124,10 +128,17 @@ jobs: with: tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.20 + if: inputs.skipJavaSdk == false + uses: pulumi/pulumi-package-publisher@1c0359ba74243cf6651efacfd839c751d8ff87e2 # v0.0.20 with: sdk: all version: ${{ inputs.version }} + - name: Publish SDKs (except Java) + if: inputs.skipJavaSdk == true + uses: pulumi/pulumi-package-publisher@1c0359ba74243cf6651efacfd839c751d8ff87e2 # v0.0.20 + with: + sdk: all,!java + version: ${{ inputs.version }} - name: Download Go SDK uses: ./.github/actions/download-sdk with: @@ -154,7 +165,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Dispatch Metadata build - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 with: token: ${{ secrets.PULUMI_BOT_TOKEN }} repository: pulumi/registry @@ -175,7 +186,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Clean up release labels diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 344ee0def5c..1bb3d6d6c2e 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -27,12 +27,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false - name: Comment PR - uses: thollander/actions-comment-pull-request@v2.5.0 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: > diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5d101e36ba4..bb306e20b36 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -89,13 +89,13 @@ jobs: steps: # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false diff --git a/.github/workflows/release_command.yml b/.github/workflows/release_command.yml index ea43de936d7..5712f40e5fc 100644 --- a/.github/workflows/release_command.yml +++ b/.github/workflows/release_command.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Should release PR @@ -28,7 +28,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: failure() name: Notify failure - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -37,7 +37,7 @@ jobs: "release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" - if: success() name: Notify success - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} diff --git a/.github/workflows/resync-build.yml b/.github/workflows/resync-build.yml deleted file mode 100644 index 7accc711047..00000000000 --- a/.github/workflows/resync-build.yml +++ /dev/null @@ -1,93 +0,0 @@ -# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt - -env: - PULUMI_EXTRA_MAPPING_ERROR: true - PULUMI_MISSING_MAPPING_ERROR: true - AWS_REGION: us-west-2 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} - OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }} - PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} - PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} - PULUMI_API: https://api.pulumi-staging.io - PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - PULUMI_MISSING_DOCS_ERROR: "true" - PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} - PYPI_USERNAME: __token__ - SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} - SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} - SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} - TF_APPEND_USER_AGENT: pulumi -jobs: - resync_build: - name: resync-build - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4.2.2 - with: - submodules: true - # Persist credentials so we can push a new branch. - persist-credentials: true - - name: Checkout repo - uses: actions/checkout@v4.2.2 - with: - path: ci-mgmt - repository: pulumi/ci-mgmt - persist-credentials: false - - id: run-url - name: Create URL to the run output - run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go, nodejs, dotnet, python - - name: Sync with ci-mgmt - run: cp -r "ci-mgmt/provider-ci/providers/$PROVIDER/repo/." . - - name: Remove ci-mgmt directory - run: rm -rf ci-mgmt - - name: Required entries for gitignore - run: |- - cat <<- EOF > "$RUNNER_TEMP/gitignore" - sdk/java/build - sdk/java/.gradle - sdk/java/gradle - sdk/java/gradlew - sdk/java/gradlew.bat - EOF - shell: bash - - name: Adding missing lines to .gitignore - run: | - comm -23 <(sort "$RUNNER_TEMP/gitignore") <(sort .gitignore) >> .gitignore.temp - cat .gitignore.temp >> .gitignore - rm .gitignore.temp - shell: bash - - name: Build - run: make build - - name: Create PR (no linked issue) - uses: peter-evans/create-pull-request@v3.12.0 - with: - author: pulumi-bot - base: master - body: This pull request was generated automatically by the resync-build workflow - in this repository. - branch: pulumi-bot/resync-${{ github.run_id}} - commit-message: Resync build for pulumi-aws - committer: pulumi-bot - labels: impact/no-changelog-required - team-reviewers: platform-integrations - title: Fix up build for pulumi-aws - token: ${{ secrets.PULUMI_BOT_TOKEN }} -name: Resync build -on: - workflow_dispatch: - inputs: - automerge: - default: false - description: Mark created PR for auto-merging? - required: true - type: boolean diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index c7067d3f21e..4f8d52373f4 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -78,7 +78,7 @@ jobs: name: Create URL to the run output run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" - name: Update with Result - uses: peter-evans/create-or-update-comment@v1 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" issue-number: ${{ github.event.client_payload.github.payload.issue.number }} @@ -100,7 +100,7 @@ jobs: - upstream_lint runs-on: ubuntu-latest steps: - - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 with: authToken: ${{secrets.GITHUB_TOKEN}} # Write an explicit status check called "Sentinel" which will only pass if this code really runs. @@ -128,20 +128,20 @@ jobs: steps: # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.PR_COMMIT_SHA }} submodules: true persist-credentials: false - name: Checkout p/examples if: matrix.testTarget == 'pulumiExamples' - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: pulumi/examples path: p-examples diff --git a/.github/workflows/upgrade-bridge.yml b/.github/workflows/upgrade-bridge.yml index 62f8fe2e1e6..f4329bf0129 100644 --- a/.github/workflows/upgrade-bridge.yml +++ b/.github/workflows/upgrade-bridge.yml @@ -66,13 +66,13 @@ jobs: steps: # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true persist-credentials: false @@ -82,7 +82,7 @@ jobs: tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java - name: Call upgrade provider action if: github.event_name == 'workflow_dispatch' - uses: pulumi/pulumi-upgrade-provider-action@v0.0.12 + uses: pulumi/pulumi-upgrade-provider-action@a1d9f03fbfd923f787427c1d9e99c2356711d483 # v0.0.13 with: kind: ${{ inputs.kind }} email: bot@pulumi.com @@ -95,7 +95,7 @@ jobs: pr-title-prefix: ${{ inputs.pr-title-prefix }} - name: Call upgrade provider action if: github.event_name == 'repository_dispatch' - uses: pulumi/pulumi-upgrade-provider-action@v0.0.12 + uses: pulumi/pulumi-upgrade-provider-action@a1d9f03fbfd923f787427c1d9e99c2356711d483 # v0.0.13 with: kind: ${{ github.event.client_payload.kind || 'bridge' }} email: bot@pulumi.com diff --git a/.github/workflows/upgrade-provider.yml b/.github/workflows/upgrade-provider.yml index 954e4e5d946..8dcdebfd265 100644 --- a/.github/workflows/upgrade-provider.yml +++ b/.github/workflows/upgrade-provider.yml @@ -38,13 +38,13 @@ jobs: steps: # Run as first step so we don't delete things that have just been installed - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true # Persist credentials so upgrade-provider can push a new branch. diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index b7ea98ae990..a39af1520a3 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -72,7 +72,7 @@ jobs: runs-on: ${{ matrix.runner }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools