Upgrade provider #380
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt | |
| name: Upgrade provider | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: | | |
| The version of the upstream provider to upgrade to, without the 'v' prefix | |
| If no version is specified, it will be inferred from the upstream provider's release tags. | |
| required: false | |
| type: string | |
| upgradeProviderVersion: | |
| description: | | |
| Version of upgrade-provider to use. This must be a valid git reference in the pulumi/upgrade-provider repo. Defaults to "main" | |
| See https://go.dev/ref/mod#versions for valid versions. E.g. "v0.1.0", "main", "da25dec". | |
| default: main | |
| type: string | |
| schedule: | |
| # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours. | |
| - cron: 0 3 * * * | |
| env: | |
| PULUMI_API: https://api.pulumi-staging.io | |
| PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
| PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
| TF_APPEND_USER_AGENT: pulumi | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| id-token: write # For ESC secrets. | |
| jobs: | |
| upgrade_provider: | |
| name: upgrade-provider | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| # Persist credentials so upgrade-provider can push a new branch. | |
| persist-credentials: true | |
| - env: | |
| ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} | |
| ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" | |
| ESC_ACTION_OIDC_AUTH: "true" | |
| ESC_ACTION_OIDC_ORGANIZATION: pulumi | |
| ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization | |
| id: esc-secrets | |
| name: Fetch secrets from ESC | |
| uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b | |
| - name: Setup mise | |
| uses: jdx/mise-action@v3 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| cache_key: "mise-{{platform}}-{{file_hash}}" | |
| # only saving the cache in the prerequisites job | |
| cache_save: false | |
| - name: Install upgrade-provider | |
| run: go install github.com/pulumi/upgrade-provider@${{ inputs.upgradeProviderVersion || 'main' }} | |
| shell: bash | |
| - name: "Set up git identity" | |
| run: | | |
| git config --global user.name '[email protected]' | |
| git config --global user.email '[email protected]' | |
| shell: bash | |
| - name: Create issues for new upstream version | |
| if: inputs.version == '' | |
| id: upstream_version | |
| # This step outputs `latest_version` if there is a pending upgrade | |
| run: upgrade-provider "$REPO" --kind=check-upstream-version | |
| env: | |
| REPO: ${{ github.repository }} | |
| GH_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_TOKEN || steps.esc-secrets.outputs.PULUMI_BOT_TOKEN || secrets.GITHUB_TOKEN }} | |
| shell: bash | |
| - name: Calculate target version | |
| id: target_version | |
| # Prefer the manually specified version if it exists | |
| # upstream_version will be empty if the provider is up-to-date | |
| run: echo "version=${{ github.event.inputs.version || steps.upstream_version.outputs.latest_version }}" >> "$GITHUB_OUTPUT" | |
| shell: bash | |
| - name: Call upgrade provider action | |
| id: upgrade_provider | |
| if: steps.target_version.outputs.version != '' | |
| continue-on-error: true | |
| uses: pulumi/pulumi-upgrade-provider-action@e247104aede3eb4641f48c8ad0ea9de9346f2457 # v0.0.18 | |
| with: | |
| kind: provider | |
| email: [email protected] | |
| username: pulumi-bot | |
| automerge: true | |
| target-version: ${{ steps.target_version.outputs.version }} | |
| allow-missing-docs: true | |
| env: | |
| GH_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_TOKEN || steps.esc-secrets.outputs.PULUMI_BOT_TOKEN || secrets.GITHUB_TOKEN }} | |
| - name: Comment on upgrade issue if automated PR failed | |
| if: steps.upgrade_provider.outcome == 'failure' | |
| shell: bash | |
| run: | | |
| issue_number=$(gh issue list --search "pulumiupgradeproviderissue" --repo "${{ github.repository }}" --json=number --jq=".[0].number") | |
| gh issue comment "${issue_number}" --repo "${{ github.repository }}" --body "Failed to create automatic PR: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/" | |
| env: | |
| GH_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_TOKEN || steps.esc-secrets.outputs.PULUMI_BOT_TOKEN || secrets.GITHUB_TOKEN }} | |