Skip to content

Commit 1fb7848

Browse files
pulumi-botpulumi-bot
authored
Update GitHub Actions workflows. (#759)
This PR was automatically generated by the update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt repo, from commit 9b60d6c643780f4a645273cb6a5b3dcce6687d94.
1 parent 7aa4291 commit 1fb7848

File tree

2 files changed

+29
-0
lines changed

2 files changed

+29
-0
lines changed

.github/workflows/export-repo-secrets.yml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
permissions: write-all # Equivalent to default permissions plus id-token: write
2+
name: Export secrets to ESC
3+
on: [workflow_dispatch]
4+
jobs:
5+
export-to-esc:
6+
runs-on: ubuntu-latest
7+
name: export GitHub secrets to ESC
8+
steps:
9+
- name: Generate a GitHub token
10+
id: generate-token
11+
uses: actions/create-github-app-token@v1
12+
with:
13+
app-id: 1256780 # Export Secrets GitHub App
14+
private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
15+
- name: Export secrets to ESC
16+
uses: pulumi/esc-export-secrets-action@v1
17+
with:
18+
organization: pulumi
19+
org-environment: imports/github-secrets
20+
exclude-secrets: EXPORT_SECRETS_PRIVATE_KEY
21+
github-token: ${{ steps.generate-token.outputs.token }}
22+
oidc-auth: true
23+
oidc-requested-token-type: urn:pulumi:token-type:access_token:organization
24+
env:
25+
GITHUB_SECRETS: ${{ toJSON(secrets) }}

.github/workflows/upgrade-provider.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,10 +76,14 @@ jobs:
7676
automerge: true
7777
target-version: ${{ steps.target_version.outputs.version }}
7878
allow-missing-docs: true
79+
env:
80+
GH_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN || secrets.PULUMI_BOT_TOKEN || secrets.GITHUB_TOKEN }}
7981
- name: Comment on upgrade issue if automated PR failed
8082
if: steps.upgrade_provider.outcome == 'failure'
8183
shell: bash
8284
run: |
8385
issue_number=$(gh issue list --search "pulumiupgradeproviderissue" --repo "${{ github.repository }}" --json=number --jq=".[0].number")
8486
gh issue comment "${issue_number}" --repo "${{ github.repository }}" --body "Failed to create automatic PR: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/"
87+
env:
88+
GH_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN || secrets.PULUMI_BOT_TOKEN || secrets.GITHUB_TOKEN }}
8589

0 commit comments

Comments
 (0)