From 3f1744ffd2109c8b0ba7577d7292843d81a645c5 Mon Sep 17 00:00:00 2001 From: Pulumi Bot Date: Sun, 7 Dec 2025 06:33:29 +0000 Subject: [PATCH] [internal] Update GitHub Actions workflow files --- .config/mise.lock | 87 ---------------------- .config/mise.toml | 10 +-- .devcontainer/Dockerfile | 2 +- .github/workflows/build_provider.yml | 16 ++-- .github/workflows/license.yml | 22 ++++-- .github/workflows/lint.yml | 21 ++++-- .github/workflows/main.yml | 3 +- .github/workflows/prerelease.yml | 1 + .github/workflows/prerequisites.yml | 17 +++-- .github/workflows/publish.yml | 18 ++--- .github/workflows/pull-request.yml | 1 + .github/workflows/release.yml | 1 + .github/workflows/run-acceptance-tests.yml | 3 +- .github/workflows/test.yml | 16 ++-- .github/workflows/verify-release.yml | 15 ++-- mise.lock | 71 ++++++++++++++---- 16 files changed, 144 insertions(+), 160 deletions(-) delete mode 100644 .config/mise.lock diff --git a/.config/mise.lock b/.config/mise.lock deleted file mode 100644 index debd9d1c..00000000 --- a/.config/mise.lock +++ /dev/null @@ -1,87 +0,0 @@ -[[tools.dotnet]] -version = "8.0.414" -backend = "asdf:dotnet" - -[[tools."github:pulumi/pulumictl"]] -version = "0.0.50" -backend = "github:pulumi/pulumictl" - -[tools."github:pulumi/pulumictl".platforms.linux-x64] -checksum = "blake3:c128dd74993f779c613296fe7cd21c20cbd323f24e59cb76e007620660b60348" -name = "pulumictl-v0.0.50-linux-amd64.tar.gz" -size = 27744219 -url = "https://github.com/pulumi/pulumictl/releases/download/v0.0.50/pulumictl-v0.0.50-linux-amd64.tar.gz" -url_api = "" - -[[tools."github:pulumi/schema-tools"]] -version = "0.6.0" -backend = "github:pulumi/schema-tools" - -[tools."github:pulumi/schema-tools".platforms.linux-x64] -checksum = "blake3:82dfe616fee18b4258f6e3d2dc3c4e9f14afd43a0a4cc33eff2d2a04088d6ca3" -name = "schema-tools-v0.6.0-linux-amd64.tar.gz" -size = 14282746 -url = "https://github.com/pulumi/schema-tools/releases/download/v0.6.0/schema-tools-v0.6.0-linux-amd64.tar.gz" -url_api = "" - -[[tools.go]] -version = "1.23.0" -backend = "core:go" - -[tools.go.platforms.linux-x64] -checksum = "sha256:905a297f19ead44780548933e0ff1a1b86e8327bb459e92f9c0012569f76f5e3" -size = 73590011 -url = "https://dl.google.com/go/go1.23.0.linux-amd64.tar.gz" - -[[tools.golangci-lint]] -version = "1.64.8" -backend = "aqua:golangci/golangci-lint" - -[tools.golangci-lint.platforms.linux-x64] -checksum = "sha256:b6270687afb143d019f387c791cd2a6f1cb383be9b3124d241ca11bd3ce2e54e" -size = 12364828 -url = "https://github.com/golangci/golangci-lint/releases/download/v1.64.8/golangci-lint-1.64.8-linux-amd64.tar.gz" - -[[tools.gradle]] -version = "7.6.6" -backend = "aqua:gradle/gradle" - -[tools.gradle.platforms.linux-x64] -checksum = "blake3:5cad8fc455b720b68a0bd2907d435e2919581708243f84f27845fe8812a09323" -size = 128439774 -url = "https://github.com/gradle/gradle-distributions/releases/download/v7.6.6/gradle-7.6.6-bin.zip" - -[[tools.java]] -version = "corretto-11.0.28.6.1" -backend = "core:java" - -[tools.java.platforms.linux-x64] -checksum = "sha256:70734c46e0bbeb7f45b721756ba0b2f1f1e1ef85a11e10d5a488f06b257dadd9" -size = 195648709 -url = "https://corretto.aws/downloads/resources/11.0.28.6.1/amazon-corretto-11.0.28.6.1-linux-x64.tar.gz" - -[[tools.node]] -version = "20.19.5" -backend = "core:node" - -[tools.node.platforms.linux-x64] -checksum = "sha256:4eba5fbe1fb10753bc06e42f001a91c5cec16798b7764a3e9257adc59af47fe1" -size = 47041607 -url = "https://nodejs.org/dist/v20.19.5/node-v20.19.5-linux-x64.tar.gz" - -[[tools."npm:yarn"]] -version = "1.22.22" -backend = "npm:yarn" - -[[tools.pulumi]] -version = "3.178.0" -backend = "aqua:pulumi/pulumi" - -[tools.pulumi.platforms.linux-x64] -checksum = "sha512:333a9f8ab61f1da99fc2b121c072351f710ec82b56321de5a60e0f28589bc38daaa262a9f3d0fac82b7bdde2296a87f6da3057fab9961a371372c5318e41e2f0" -size = 92049972 -url = "https://github.com/pulumi/pulumi/releases/download/v3.178.0/pulumi-v3.178.0-linux-x64.tar.gz" - -[[tools.python]] -version = "3.11.8" -backend = "core:python" diff --git a/.config/mise.toml b/.config/mise.toml index 3ee91d82..f7dcbda1 100644 --- a/.config/mise.toml +++ b/.config/mise.toml @@ -8,7 +8,7 @@ PULUMI_HOME = "{{config_root}}/.pulumi" [tools] # Runtimes -# TODO: we may not need `get_env` once https://github.com/jdx/mise/discussions/6339 is fixed +# TODO: we may not need 'get_env' once https://github.com/jdx/mise/discussions/6339 is fixed go = "{{ get_env(name='GO_VERSION_MISE', default='latest') }}" node = '20.19.5' python = '3.11.8' @@ -18,12 +18,12 @@ java = 'corretto-11' # Executable tools pulumi = "{{ get_env(name='PULUMI_VERSION_MISE', default='latest') }}" -"github:pulumi/pulumictl" = 'latest' -"github:pulumi/schema-tools" = "latest" -gradle = '7.6' +"github:pulumi/pulumictl" = '0.0.50' +"github:pulumi/schema-tools" = "0.6.0" +"aqua:gradle/gradle-distributions" = '7.6.6' golangci-lint = "1.64.8" # See note about about overrides if you need to customize this. "npm:yarn" = "1.22.22" [settings] experimental = true # Required for Go binaries (e.g. pulumictl). -lockfile = true +lockfile = false diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 7d46cd80..9366ae6b 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,4 @@ -FROM jetpackio/devbox:latest +FROM jetpackio/devbox:latest@sha256:293d6d0a33205e88550198835e68bcff65a2e33d143857ad92c6c888e6a75ad7 # Installing your devbox project WORKDIR /code diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index 252a43fe..5dbcc73a 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -39,7 +39,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - id: esc-secrets @@ -47,16 +47,16 @@ jobs: uses: ./.github/actions/esc-action # Without ldid cross-compiling Node binaries on a Linux worker intended to work on darwin-arm64 fails to sign the # binaries properly and they do not work as expected. See https://github.com/pulumi/pulumi-awsx/issues/1490 - - uses: MOZGIII/install-ldid-action@v1 + - uses: MOZGIII/install-ldid-action@d5ab465f3a66a4d60a59882b935eb30e18e8d043 # v1 with: tag: v2.1.5-procursus2 - name: Setup mise - uses: jdx/mise-action@v3 + uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3 + env: + MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: - # Latest working version. See https://github.com/jdx/mise/discussions/6781 - version: 2025.10.16 - github_token: ${{ secrets.GITHUB_TOKEN }} - cache_key: "mise-{{platform}}-{{file_hash}}" + version: 2025.11.6 + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} # only saving the cache in the prerequisites job cache_save: false # Based on https://github.com/actions/cache/blob/main/examples.md#go---modules @@ -71,7 +71,7 @@ jobs: run: | echo "path=$(go env GOMODCACHE)" >> "${GITHUB_OUTPUT}" - name: Go Cache - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: | ${{ steps.gocache.outputs.path }} diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index b96eba49..fcc9d212 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -16,6 +16,7 @@ env: PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }} + PULUMI_PULUMI_ENABLE_JOURNALING: "true" RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} @@ -26,18 +27,25 @@ jobs: license_check: name: License Check runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: - persist-credentials: false + persist-credentials: false + - id: esc-secrets + name: Map environment to ESC outputs + uses: ./.github/actions/esc-action - name: Setup mise - uses: jdx/mise-action@v3 + uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3 + env: + MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: - # Latest working version. See https://github.com/jdx/mise/discussions/6781 - version: 2025.10.16 - github_token: ${{ secrets.GITHUB_TOKEN }} - cache_key: "mise-{{platform}}-{{file_hash}}" + version: 2025.11.6 + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} # only saving the cache in the prerequisites job cache_save: false - run: make prepare_local_workspace diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index dd2871bf..c85fa517 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -16,6 +16,7 @@ env: PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }} + PULUMI_PULUMI_ENABLE_JOURNALING: "true" RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} @@ -26,17 +27,25 @@ jobs: lint: name: lint runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: - persist-credentials: false + persist-credentials: false + - id: esc-secrets + name: Map environment to ESC outputs + uses: ./.github/actions/esc-action - name: Setup mise - uses: jdx/mise-action@v3 + uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3 + env: + MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: - # Latest working version. See https://github.com/jdx/mise/discussions/6781 - version: 2025.10.16 - github_token: ${{ secrets.GITHUB_TOKEN }} + version: 2025.11.6 + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} cache_save: false # A different job handles caching our tools. - name: disarm go:embed directives to enable lint continue-on-error: true # this fails if there are no go:embed directives diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index dcf91f7e..5e315483 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,6 +10,7 @@ env: PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }} + PULUMI_PULUMI_ENABLE_JOURNALING: "true" RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} @@ -89,7 +90,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - id: esc-secrets diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 27296c44..37cd7d06 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -11,6 +11,7 @@ env: PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }} + PULUMI_PULUMI_ENABLE_JOURNALING: "true" RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 1327bfff..4d01a9fb 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -29,6 +29,7 @@ env: PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }} + PULUMI_PULUMI_ENABLE_JOURNALING: "true" RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} @@ -47,28 +48,28 @@ jobs: version: ${{ steps.provider-version.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - id: esc-secrets name: Map environment to ESC outputs uses: ./.github/actions/esc-action - - uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 + - uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 id: provider-version with: major-version: 0 set-env: 'PROVIDER_VERSION' - name: Setup mise - uses: jdx/mise-action@v3 + uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3 + env: + MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: - # Latest working version. See https://github.com/jdx/mise/discussions/6781 - version: 2025.10.16 - github_token: ${{ secrets.GITHUB_TOKEN }} - cache_key: "mise-{{platform}}-{{file_hash}}" + version: 2025.11.6 + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} # only saving the cache in the prerequisites job cache_save: true - name: Setup Go Cache - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache-dependency-path: | provider/*.sum diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c1ae73ea..2b2d1a20 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -57,22 +57,22 @@ jobs: if: inputs.skipGoSdk && inputs.isPrerelease == false run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - id: esc-secrets name: Map environment to ESC outputs uses: ./.github/actions/esc-action - name: Setup mise - uses: jdx/mise-action@v3 + uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3 + env: + MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: - # Latest working version. See https://github.com/jdx/mise/discussions/6781 - version: 2025.10.16 - github_token: ${{ secrets.GITHUB_TOKEN }} - cache_key: "mise-{{platform}}-${{ hashFiles('mise.lock') }}" + version: 2025.11.6 + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} cache_save: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -96,7 +96,7 @@ jobs: - name: Upload Provider Binaries run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive - name: Create GH Release - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 if: inputs.isPrerelease == false with: tag_name: v${{ inputs.version }} @@ -122,7 +122,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - id: esc-secrets diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index a36693be..26548540 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -10,6 +10,7 @@ env: PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }} + PULUMI_PULUMI_ENABLE_JOURNALING: "true" RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 90171f84..281dbe3e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,6 +16,7 @@ env: PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }} + PULUMI_PULUMI_ENABLE_JOURNALING: "true" RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 6701c308..a9153c7e 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -21,6 +21,7 @@ env: PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }} + PULUMI_PULUMI_ENABLE_JOURNALING: "true" RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} @@ -74,7 +75,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - id: run-url diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a3aecf40..8552a50c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,6 +23,7 @@ env: PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }} + PULUMI_PULUMI_ENABLE_JOURNALING: "true" RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }} S3_COVERAGE_BUCKET_NAME: ${{ secrets.S3_COVERAGE_BUCKET_NAME }} @@ -39,7 +40,7 @@ jobs: PROVIDER_VERSION: ${{ inputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ env.PR_COMMIT_SHA }} persist-credentials: false @@ -47,19 +48,18 @@ jobs: name: Map environment to ESC outputs uses: ./.github/actions/esc-action - name: Checkout p/examples - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: repository: pulumi/examples path: p-examples - name: Setup mise - uses: jdx/mise-action@v3 + uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3 env: MISE_ENV: test + MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: - # Latest working version. See https://github.com/jdx/mise/discussions/6781 - version: 2025.10.16 - github_token: ${{ secrets.GITHUB_TOKEN }} - cache_key: "mise-{{platform}}-{{file_hash}}" + version: 2025.11.6 + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} # also save this cache since we are using a different mise env. cache_save: true - name: Prepare local workspace @@ -78,7 +78,7 @@ jobs: requested-token-type: urn:pulumi:token-type:access_token:organization export-environment-variables: false - name: Export AWS Credentials - uses: pulumi/esc-action@efb0bc8946938f0dfbfa00e829196ec95f0d0ea7 # v1.4.0 + uses: pulumi/esc-action@6cf9520e68354d86f81c455e8d43eabd58f5c9f5 # v1.5.0 env: PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }} with: diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index abc4a3d2..bbeca317 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -78,14 +78,14 @@ jobs: - name: Configure Git to checkout files with long names run: git config --global core.longpaths true - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - id: esc-secrets name: Map environment to ESC outputs uses: ./.github/actions/esc-action - name: Setup Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: 3.11.8 - name: Setup Java @@ -99,16 +99,16 @@ jobs: with: gradle-version: 7.6 - name: Setup DotNet - uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 + uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1 with: dotnet-version: 8.0.x - name: Setup Node - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: node-version: 20.x registry-url: https://registry.npmjs.org - name: Install Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: go-version: "1.21.x" cache-dependency-path: | @@ -118,7 +118,10 @@ jobs: sdk/*.sum *.sum cache: true + - name: Set Go Toolchain to auto explicitly + run: | + echo "GOTOOLCHAIN=auto" >> "$GITHUB_ENV" - name: Install Pulumi CLI - uses: pulumi/actions@d7ceb0215da5a14ec84f50b703365ddf0194a9c8 # v6 + uses: pulumi/actions@8582a9e8cc630786854029b4e09281acd6794b58 # v6 with: pulumi-version: "dev" diff --git a/mise.lock b/mise.lock index a876b78a..10cefaba 100644 --- a/mise.lock +++ b/mise.lock @@ -1,22 +1,67 @@ +[[tools."aqua:gradle/gradle-distributions"]] +version = "7.6.6" +backend = "aqua:gradle/gradle-distributions" +"platforms.linux-x64" = { checksum = "sha256:673d9776f303bc7048fc3329d232d6ebf1051b07893bd9d11616fad9a8673be0", url = "https://github.com/gradle/gradle-distributions/releases/download/v7.6.6/gradle-7.6.6-bin.zip"} + +[[tools.dotnet]] +version = "8.0.414" +backend = "asdf:dotnet" + +[[tools."github:pulumi/pulumictl"]] +version = "0.0.50" +backend = "github:pulumi/pulumictl" +"platforms.linux-x64" = { checksum = "sha256:a988418240d3a985bdcb9753b7c65ba4b06608deb359dc2942cb8c9374abc164", url = "https://github.com/pulumi/pulumictl/releases/download/v0.0.50/pulumictl-v0.0.50-linux-amd64.tar.gz", url_api = "https://api.github.com/repos/pulumi/pulumictl/releases/assets/278054496"} + +[[tools."github:pulumi/schema-tools"]] +version = "0.6.0" +backend = "github:pulumi/schema-tools" +"platforms.linux-x64" = { checksum = "blake3:82dfe616fee18b4258f6e3d2dc3c4e9f14afd43a0a4cc33eff2d2a04088d6ca3", url = "https://github.com/pulumi/schema-tools/releases/download/v0.6.0/schema-tools-v0.6.0-linux-amd64.tar.gz", url_api = "https://api.github.com/repos/pulumi/schema-tools/releases/assets/118725905"} + +[[tools.go]] +version = "1.25.5" +backend = "core:go" +"platforms.linux-x64" = { checksum = "sha256:9e9b755d63b36acf30c12a9a3fc379243714c1c6d3dd72861da637f336ebb35b", url = "https://dl.google.com/go/go1.25.5.linux-amd64.tar.gz"} + +[[tools.golangci-lint]] +version = "1.64.8" +backend = "aqua:golangci/golangci-lint" +"platforms.linux-x64" = { checksum = "sha256:b6270687afb143d019f387c791cd2a6f1cb383be9b3124d241ca11bd3ce2e54e", url = "https://github.com/golangci/golangci-lint/releases/download/v1.64.8/golangci-lint-1.64.8-linux-amd64.tar.gz"} + +[[tools.gradle]] +version = "7.6.6" +backend = "aqua:gradle/gradle" +"platforms.linux-x64" = { checksum = "sha256:673d9776f303bc7048fc3329d232d6ebf1051b07893bd9d11616fad9a8673be0", url = "https://github.com/gradle/gradle-distributions/releases/download/v7.6.6/gradle-7.6.6-bin.zip"} + +[[tools.java]] +version = "corretto-11.0.29.7.1" +backend = "core:java" +"platforms.linux-x64" = { checksum = "sha256:279c6d3124f8b0251b16297b16687fe8b3946410b05ed27de1259b5e5cea02ba", url = "https://corretto.aws/downloads/resources/11.0.29.7.1/amazon-corretto-11.0.29.7.1-linux-x64.tar.gz"} + +[[tools.node]] +version = "20.19.5" +backend = "core:node" +"platforms.linux-x64" = { checksum = "sha256:4eba5fbe1fb10753bc06e42f001a91c5cec16798b7764a3e9257adc59af47fe1", url = "https://nodejs.org/dist/v20.19.5/node-v20.19.5-linux-x64.tar.gz"} + +[[tools."npm:yarn"]] +version = "1.22.22" +backend = "npm:yarn" + [[tools.opentofu]] version = "1.10.6" backend = "aqua:opentofu/opentofu" +"platforms.linux-x64" = { checksum = "sha256:b6b46b4fd8dd0b96e624f2a2d5fbc4efae2fc0174529b37292775c847c2e7d2c", url = "https://github.com/opentofu/opentofu/releases/download/v1.10.6/tofu_1.10.6_linux_amd64.tar.gz"} +"platforms.macos-arm64" = { checksum = "sha256:f5399a1ebca90724fda83d93f8a76790979fadb4d896e2be964efcd7df3c146c", url = "https://github.com/opentofu/opentofu/releases/download/v1.10.6/tofu_1.10.6_darwin_arm64.tar.gz"} -[tools.opentofu.platforms.linux-x64] -checksum = "sha256:b6b46b4fd8dd0b96e624f2a2d5fbc4efae2fc0174529b37292775c847c2e7d2c" -size = 26721425 -url = "https://github.com/opentofu/opentofu/releases/download/v1.10.6/tofu_1.10.6_linux_amd64.tar.gz" +[[tools.pulumi]] +version = "3.210.0" +backend = "aqua:pulumi/pulumi" +"platforms.linux-x64" = { checksum = "sha256:4450ff72bbac9b4cb9ac28913842c9326568fe03a259d514a144a340f2a515ca", url = "https://github.com/pulumi/pulumi/releases/download/v3.210.0/pulumi-v3.210.0-linux-x64.tar.gz"} -[tools.opentofu.platforms.macos-arm64] -checksum = "sha256:f5399a1ebca90724fda83d93f8a76790979fadb4d896e2be964efcd7df3c146c" -size = 25598685 -url = "https://github.com/opentofu/opentofu/releases/download/v1.10.6/tofu_1.10.6_darwin_arm64.tar.gz" +[[tools.python]] +version = "3.11.8" +backend = "core:python" [[tools.terraform]] version = "1.13.1" backend = "aqua:hashicorp/terraform" - -[tools.terraform.platforms.linux-x64] -checksum = "sha256:4449e2ddc0dee283f0909dd603eaf98edeebaa950f4635cea94f2caf0ffacc5a" -size = 30635389 -url = "https://releases.hashicorp.com/terraform/1.13.1/terraform_1.13.1_linux_amd64.zip" +"platforms.linux-x64" = { checksum = "sha256:4449e2ddc0dee283f0909dd603eaf98edeebaa950f4635cea94f2caf0ffacc5a", url = "https://releases.hashicorp.com/terraform/1.13.1/terraform_1.13.1_linux_amd64.zip"}