pulumi-tf-provider-boilerplate/.github/workflows/license.yml at 586cfd97a56478ba9dd6b0321f3818cfa0fe4a01 · pulumi/pulumi-tf-provider-boilerplate · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt

name: license_check

on:
  workflow_call:
    inputs: {}

env:
  PULUMI_API: https://api.pulumi-staging.io
  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
  PULUMI_PULUMI_ENABLE_JOURNALING: "true"
  TF_APPEND_USER_AGENT: pulumi

jobs:
  license_check:
    name: License Check
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      id-token: write # For ESC secrets.
    steps:
      - name: Checkout Repo
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - env:
          ESC_ACTION_ENVIRONMENT: imports/github-secrets
          ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
          ESC_ACTION_OIDC_AUTH: "true"
          ESC_ACTION_OIDC_ORGANIZATION: pulumi
          ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
        id: esc-secrets
        name: Fetch secrets from ESC
        uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
      - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
        id: app-auth
        with:
          app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
          private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
          owner: ${{ github.repository_owner }}
      - name: Setup mise
        uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329
        env:
          MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s
        with:
          version: 2026.3.7
          github_token: ${{ steps.app-auth.outputs.token }}
          # only saving the cache in the prerequisites job
          cache_save: false
      - run: make prepare_local_workspace
        continue-on-error: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - uses: pulumi/license-check-action@main
        with:
          module-path: provider
          ignore-modules: >-
            github.com/aead/chacha20,
            github.com/apache/arrow/go/v12,
            github.com/apache/thrift/lib/go/thrift,
            github.com/cloudflare/circl,
            github.com/golang,
            github.com/gorhill/cronexpr,
            github.com/in-toto/in-toto-golang,
            github.com/jmespath/go-jmespath,
            github.com/keybase/go-crypto,
            github.com/klauspost/compress,
            github.com/mattn/go-localereader,
            github.com/modern-go/reflect2,
            github.com/pierrec/lz4,
            github.com/pjbgf/sha1cd,
            github.com/pulumi,
            github.com/segmentio/asm,
            golang.org