diff --git a/native-provider-ci/providers/aws-native/repo/.github/workflows/build.yml b/native-provider-ci/providers/aws-native/repo/.github/workflows/build.yml index 84e67a3fda..91a07579da 100644 --- a/native-provider-ci/providers/aws-native/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/aws-native/repo/.github/workflows/build.yml @@ -117,6 +117,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -153,7 +194,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -237,9 +278,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -261,7 +305,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/aws-native/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/aws-native/repo/.github/workflows/prerelease.yml index 01c9f7db5d..57ca251621 100644 --- a/native-provider-ci/providers/aws-native/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/aws-native/repo/.github/workflows/prerelease.yml @@ -109,6 +109,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -145,7 +186,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -229,9 +270,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -253,7 +297,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/aws-native/repo/.github/workflows/release.yml b/native-provider-ci/providers/aws-native/repo/.github/workflows/release.yml index f61aadac74..9d2d47e84d 100644 --- a/native-provider-ci/providers/aws-native/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/aws-native/repo/.github/workflows/release.yml @@ -109,6 +109,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -145,7 +186,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -229,9 +270,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -253,7 +297,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/aws-native/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/aws-native/repo/.github/workflows/run-acceptance-tests.yml index 7528d03f22..fcabb9e6c1 100644 --- a/native-provider-ci/providers/aws-native/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/aws-native/repo/.github/workflows/run-acceptance-tests.yml @@ -63,6 +63,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -131,6 +132,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -169,7 +211,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -183,6 +225,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -254,9 +297,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -278,7 +324,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -330,6 +376,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version diff --git a/native-provider-ci/providers/command/repo/.github/workflows/build.yml b/native-provider-ci/providers/command/repo/.github/workflows/build.yml index e931670415..3361d006cf 100644 --- a/native-provider-ci/providers/command/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/command/repo/.github/workflows/build.yml @@ -82,6 +82,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -108,7 +149,7 @@ jobs: needs: prerequisites runs-on: ubuntu-latest strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -188,9 +229,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -212,7 +256,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -508,6 +552,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 diff --git a/native-provider-ci/providers/command/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/command/repo/.github/workflows/prerelease.yml index f9ca3affb8..97ed5e494c 100644 --- a/native-provider-ci/providers/command/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/command/repo/.github/workflows/prerelease.yml @@ -74,6 +74,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -100,7 +141,7 @@ jobs: needs: prerequisites runs-on: ubuntu-latest strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -180,9 +221,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -204,7 +248,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/command/repo/.github/workflows/release.yml b/native-provider-ci/providers/command/repo/.github/workflows/release.yml index 0be694f6a7..f4d900861b 100644 --- a/native-provider-ci/providers/command/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/command/repo/.github/workflows/release.yml @@ -74,6 +74,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -100,7 +141,7 @@ jobs: needs: prerequisites runs-on: ubuntu-latest strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -180,9 +221,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -204,7 +248,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/command/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/command/repo/.github/workflows/run-acceptance-tests.yml index 0ba6f076e8..05ea9252c2 100644 --- a/native-provider-ci/providers/command/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/command/repo/.github/workflows/run-acceptance-tests.yml @@ -63,6 +63,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -96,6 +97,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -124,7 +166,7 @@ jobs: needs: prerequisites runs-on: ubuntu-latest strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -138,6 +180,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -205,9 +248,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -229,7 +275,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -281,6 +327,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -408,6 +455,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 diff --git a/native-provider-ci/providers/docker-build/repo/.github/workflows/build.yml b/native-provider-ci/providers/docker-build/repo/.github/workflows/build.yml index b9dc92057e..696c93ef28 100644 --- a/native-provider-ci/providers/docker-build/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/docker-build/repo/.github/workflows/build.yml @@ -127,6 +127,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -154,7 +195,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -234,9 +275,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -258,7 +302,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -562,6 +606,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 diff --git a/native-provider-ci/providers/docker-build/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/docker-build/repo/.github/workflows/prerelease.yml index f436ab9271..708ef5d15b 100644 --- a/native-provider-ci/providers/docker-build/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/docker-build/repo/.github/workflows/prerelease.yml @@ -119,6 +119,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -146,7 +187,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -226,9 +267,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -250,7 +294,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/docker-build/repo/.github/workflows/release.yml b/native-provider-ci/providers/docker-build/repo/.github/workflows/release.yml index 17b667a5f9..901f8c4369 100644 --- a/native-provider-ci/providers/docker-build/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/docker-build/repo/.github/workflows/release.yml @@ -119,6 +119,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -146,7 +187,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -226,9 +267,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -250,7 +294,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/docker-build/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/docker-build/repo/.github/workflows/run-acceptance-tests.yml index 04bb598137..b1bfc12a89 100644 --- a/native-provider-ci/providers/docker-build/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/docker-build/repo/.github/workflows/run-acceptance-tests.yml @@ -77,6 +77,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -141,6 +142,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -170,7 +212,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -184,6 +226,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -251,9 +294,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -275,7 +321,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -327,6 +373,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -464,6 +511,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 diff --git a/native-provider-ci/providers/google-native/repo/.github/workflows/build.yml b/native-provider-ci/providers/google-native/repo/.github/workflows/build.yml index 6af9aea796..ee97f75041 100644 --- a/native-provider-ci/providers/google-native/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/google-native/repo/.github/workflows/build.yml @@ -121,6 +121,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -148,7 +189,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -230,9 +271,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -254,7 +298,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/google-native/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/google-native/repo/.github/workflows/prerelease.yml index c32a2fd0a5..780cbd1e63 100644 --- a/native-provider-ci/providers/google-native/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/google-native/repo/.github/workflows/prerelease.yml @@ -113,6 +113,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -140,7 +181,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -222,9 +263,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -246,7 +290,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/google-native/repo/.github/workflows/release.yml b/native-provider-ci/providers/google-native/repo/.github/workflows/release.yml index de9537a764..c13276470c 100644 --- a/native-provider-ci/providers/google-native/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/google-native/repo/.github/workflows/release.yml @@ -113,6 +113,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -140,7 +181,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -222,9 +263,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -246,7 +290,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/google-native/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/google-native/repo/.github/workflows/run-acceptance-tests.yml index 5e306d61bb..307e5292af 100644 --- a/native-provider-ci/providers/google-native/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/google-native/repo/.github/workflows/run-acceptance-tests.yml @@ -69,6 +69,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -135,6 +136,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -164,7 +206,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -178,6 +220,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -247,9 +290,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -271,7 +317,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -323,6 +369,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version diff --git a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/build.yml b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/build.yml index e54cc2874d..ca801e220c 100644 --- a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/build.yml @@ -120,6 +120,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -147,7 +188,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -229,9 +270,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -253,7 +297,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -545,6 +589,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 diff --git a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/prerelease.yml index 06d4c8b98c..9d2b3f40a4 100644 --- a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/prerelease.yml @@ -112,6 +112,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -139,7 +180,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -221,9 +262,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -245,7 +289,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/release.yml b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/release.yml index b90018e611..5a3f7956f5 100644 --- a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/release.yml @@ -112,6 +112,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -139,7 +180,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -221,9 +262,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -245,7 +289,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/run-acceptance-tests.yml index 880e17f7a3..a5774c7cad 100644 --- a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/run-acceptance-tests.yml @@ -68,6 +68,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -134,6 +135,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -163,7 +205,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -177,6 +219,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -246,9 +289,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -270,7 +316,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -322,6 +368,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -445,6 +492,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 diff --git a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/build.yml b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/build.yml index a9f64e1c9d..fb750fa4f2 100644 --- a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/build.yml @@ -120,6 +120,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -147,7 +188,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -229,9 +270,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -253,7 +297,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -545,6 +589,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 diff --git a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/prerelease.yml index 918994a71f..b969f4134d 100644 --- a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/prerelease.yml @@ -112,6 +112,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -139,7 +180,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -221,9 +262,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -245,7 +289,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/release.yml b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/release.yml index 6968a0353e..1bcf8d6dc0 100644 --- a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/release.yml @@ -112,6 +112,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -139,7 +180,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -221,9 +262,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -245,7 +289,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/run-acceptance-tests.yml index 57da15aae7..c6f0f8ceb5 100644 --- a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/run-acceptance-tests.yml @@ -68,6 +68,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -134,6 +135,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -163,7 +205,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -177,6 +219,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -246,9 +289,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -270,7 +316,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -322,6 +368,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -445,6 +492,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 diff --git a/native-provider-ci/providers/kubernetes/repo/.github/workflows/build.yml b/native-provider-ci/providers/kubernetes/repo/.github/workflows/build.yml index ad45aa59bd..cedc3f18db 100644 --- a/native-provider-ci/providers/kubernetes/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/kubernetes/repo/.github/workflows/build.yml @@ -122,6 +122,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -149,7 +190,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -229,9 +270,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -253,7 +297,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -583,6 +627,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 diff --git a/native-provider-ci/providers/kubernetes/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/kubernetes/repo/.github/workflows/prerelease.yml index 1dc785b9ca..bb934c7e5e 100644 --- a/native-provider-ci/providers/kubernetes/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/kubernetes/repo/.github/workflows/prerelease.yml @@ -114,6 +114,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -141,7 +182,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -221,9 +262,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -245,7 +289,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/kubernetes/repo/.github/workflows/release.yml b/native-provider-ci/providers/kubernetes/repo/.github/workflows/release.yml index 8b5f3a72dd..0929bf32cf 100644 --- a/native-provider-ci/providers/kubernetes/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/kubernetes/repo/.github/workflows/release.yml @@ -114,6 +114,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -141,7 +182,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -221,9 +262,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -245,7 +289,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/native-provider-ci/providers/kubernetes/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/kubernetes/repo/.github/workflows/run-acceptance-tests.yml index 00ef4255a3..9eb7d263d0 100644 --- a/native-provider-ci/providers/kubernetes/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/kubernetes/repo/.github/workflows/run-acceptance-tests.yml @@ -68,6 +68,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -136,6 +137,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -165,7 +207,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -179,6 +221,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -246,9 +289,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -270,7 +316,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -322,6 +368,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -480,6 +527,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 diff --git a/native-provider-ci/src/github-workflow.d.ts b/native-provider-ci/src/github-workflow.d.ts index b714fb5aec..0ff6aabb53 100644 --- a/native-provider-ci/src/github-workflow.d.ts +++ b/native-provider-ci/src/github-workflow.d.ts @@ -689,7 +689,7 @@ export interface NormalJob { /** * When set to true, GitHub cancels all in-progress jobs if any matrix job fails. Default: true */ - "fail-fast"?: boolean; + "fail-fast"?: boolean | string; /** * The maximum number of jobs that can run simultaneously when using a matrix job strategy. By default, GitHub will maximize the number of jobs run in parallel depending on the available runners on GitHub-hosted virtual machines. */ diff --git a/native-provider-ci/src/steps.ts b/native-provider-ci/src/steps.ts index 9c2c130858..f5147e8ad8 100644 --- a/native-provider-ci/src/steps.ts +++ b/native-provider-ci/src/steps.ts @@ -150,6 +150,7 @@ export function CheckoutRepoStepAtPR(): Step { uses: action.checkout, with: { lfs: true, + "persist-credentials": false, ref: "${{ env.PR_COMMIT_SHA }}", }, }; @@ -516,9 +517,11 @@ export function CommitSDKChangesForRenovate(): Step { return { name: "Commit ${{ matrix.language }} SDK changes for Renovate", - if: "failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate')", + if: "failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request'", shell: "bash", - run: `git config --global user.email "bot@pulumi.com" + run: `git diff --quiet -- sdk && echo "no changes to sdk" && exit +\ +git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" \ # Stash local changes and check out the PR's branch directly. @@ -532,10 +535,12 @@ git stash pop git add sdk git reset \ sdk/python/*/pulumi-plugin.json \ + sdk/python/pyproject.toml \ + sdk/dotnet/pulumi-plugin.json \ sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/pulumi-plugin.json \ sdk/go/*/internal/pulumiUtilities.go \ - sdk/nodejs/package.json \ - sdk/python/pyproject.toml + sdk/nodejs/package.json git commit -m 'Commit \${{ matrix.language }} SDK for Renovate' # Push with pulumi-bot credentials to trigger a re-run of the diff --git a/native-provider-ci/src/workflows.ts b/native-provider-ci/src/workflows.ts index e3c58122ad..3146efe905 100644 --- a/native-provider-ci/src/workflows.ts +++ b/native-provider-ci/src/workflows.ts @@ -427,7 +427,7 @@ export class BuildSdkJob implements NormalJob { "runs-on" = "pulumi-ubuntu-8core"; // insufficient resources to run Go builds on ubuntu-latest strategy = { - "fail-fast": true, + "fail-fast": "${{ ! contains(github.actor, 'renovate') }}", matrix: { language: ["nodejs", "python", "dotnet", "go", "java"], }, @@ -518,6 +518,7 @@ export class PrerequisitesJob implements NormalJob { steps.LabelIfNoBreakingChanges(opts.provider), steps.BuildProvider(opts.provider), steps.CheckCleanWorkTree(), + steps.CommitSDKChangesForRenovate(), steps.Porcelain(), steps.TarProviderBinaries(opts.hasGenBinary), steps.UploadProviderBinaries(), diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml index bf52b667ca..057bb93bb8 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml @@ -76,9 +76,11 @@ jobs: # If the worktree is dirty and this is a Renovate PR to bump # dependencies, commit the updated SDK and push it back to the PR. The # job will still be marked as a failure. - if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') + if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request' shell: bash run: | + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -93,10 +95,12 @@ jobs: git add sdk git reset \ sdk/python/*/pulumi-plugin.json \ + sdk/python/pyproject.toml \ + sdk/dotnet/pulumi-plugin.json \ sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/pulumi-plugin.json \ sdk/go/*/internal/pulumiUtilities.go \ - sdk/nodejs/package.json \ - sdk/python/pyproject.toml + sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' # Push with pulumi-bot credentials to trigger a re-run of the diff --git a/provider-ci/test-providers/acme/.github/workflows/build_sdk.yml b/provider-ci/test-providers/acme/.github/workflows/build_sdk.yml index 714904351f..df9017fc7d 100644 --- a/provider-ci/test-providers/acme/.github/workflows/build_sdk.yml +++ b/provider-ci/test-providers/acme/.github/workflows/build_sdk.yml @@ -82,9 +82,11 @@ jobs: # If the worktree is dirty and this is a Renovate PR to bump # dependencies, commit the updated SDK and push it back to the PR. The # job will still be marked as a failure. - if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') + if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request' shell: bash run: | + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -99,10 +101,12 @@ jobs: git add sdk git reset \ sdk/python/*/pulumi-plugin.json \ + sdk/python/pyproject.toml \ + sdk/dotnet/pulumi-plugin.json \ sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/pulumi-plugin.json \ sdk/go/*/internal/pulumiUtilities.go \ - sdk/nodejs/package.json \ - sdk/python/pyproject.toml + sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' # Push with pulumi-bot credentials to trigger a re-run of the diff --git a/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml b/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml index ce98e79952..e3e8810850 100644 --- a/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml +++ b/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml @@ -94,9 +94,11 @@ jobs: # If the worktree is dirty and this is a Renovate PR to bump # dependencies, commit the updated SDK and push it back to the PR. The # job will still be marked as a failure. - if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') + if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request' shell: bash run: | + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -111,10 +113,12 @@ jobs: git add sdk git reset \ sdk/python/*/pulumi-plugin.json \ + sdk/python/pyproject.toml \ + sdk/dotnet/pulumi-plugin.json \ sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/pulumi-plugin.json \ sdk/go/*/internal/pulumiUtilities.go \ - sdk/nodejs/package.json \ - sdk/python/pyproject.toml + sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' # Push with pulumi-bot credentials to trigger a re-run of the diff --git a/provider-ci/test-providers/cloudflare/.github/workflows/build_sdk.yml b/provider-ci/test-providers/cloudflare/.github/workflows/build_sdk.yml index f39e182ac5..bf646200dd 100644 --- a/provider-ci/test-providers/cloudflare/.github/workflows/build_sdk.yml +++ b/provider-ci/test-providers/cloudflare/.github/workflows/build_sdk.yml @@ -85,9 +85,11 @@ jobs: # If the worktree is dirty and this is a Renovate PR to bump # dependencies, commit the updated SDK and push it back to the PR. The # job will still be marked as a failure. - if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') + if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request' shell: bash run: | + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -102,10 +104,12 @@ jobs: git add sdk git reset \ sdk/python/*/pulumi-plugin.json \ + sdk/python/pyproject.toml \ + sdk/dotnet/pulumi-plugin.json \ sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/pulumi-plugin.json \ sdk/go/*/internal/pulumiUtilities.go \ - sdk/nodejs/package.json \ - sdk/python/pyproject.toml + sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' # Push with pulumi-bot credentials to trigger a re-run of the diff --git a/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml b/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml index 7a847d8590..822be86fc2 100644 --- a/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml +++ b/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml @@ -98,9 +98,11 @@ jobs: # If the worktree is dirty and this is a Renovate PR to bump # dependencies, commit the updated SDK and push it back to the PR. The # job will still be marked as a failure. - if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') + if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request' shell: bash run: | + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -115,10 +117,12 @@ jobs: git add sdk git reset \ sdk/python/*/pulumi-plugin.json \ + sdk/python/pyproject.toml \ + sdk/dotnet/pulumi-plugin.json \ sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/pulumi-plugin.json \ sdk/go/*/internal/pulumiUtilities.go \ - sdk/nodejs/package.json \ - sdk/python/pyproject.toml + sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' # Push with pulumi-bot credentials to trigger a re-run of the