diff --git a/.ci-mgmt.yaml b/.ci-mgmt.yaml index 6cc0b210c..1c8468137 100644 --- a/.ci-mgmt.yaml +++ b/.ci-mgmt.yaml @@ -7,14 +7,6 @@ env: PULUMI_GITLAB_TOKEN: ${{ secrets.PULUMI_GITLAB_TOKEN }} makeTemplate: bridged team: ecosystem -plugins: - - name: std - version: "1.6.2" - - name: terraform - version: "1.0.16" - kind: converter - - name: local - version: "0.0.1" pulumiConvert: 1 registryDocs: true integrationTestProvider: true diff --git a/.config/mise.lock b/.config/mise.lock index 007ce00be..e7a2a3092 100644 --- a/.config/mise.lock +++ b/.config/mise.lock @@ -8,8 +8,10 @@ backend = "github:pulumi/pulumictl" [tools."github:pulumi/pulumictl".platforms.linux-x64] checksum = "blake3:c128dd74993f779c613296fe7cd21c20cbd323f24e59cb76e007620660b60348" +name = "pulumictl-v0.0.50-linux-amd64.tar.gz" size = 27744219 url = "https://github.com/pulumi/pulumictl/releases/download/v0.0.50/pulumictl-v0.0.50-linux-amd64.tar.gz" +url_api = "" [[tools."github:pulumi/schema-tools"]] version = "0.6.0" @@ -17,8 +19,10 @@ backend = "github:pulumi/schema-tools" [tools."github:pulumi/schema-tools".platforms.linux-x64] checksum = "blake3:82dfe616fee18b4258f6e3d2dc3c4e9f14afd43a0a4cc33eff2d2a04088d6ca3" +name = "schema-tools-v0.6.0-linux-amd64.tar.gz" size = 14282746 url = "https://github.com/pulumi/schema-tools/releases/download/v0.6.0/schema-tools-v0.6.0-linux-amd64.tar.gz" +url_api = "" [[tools.go]] version = "1.24.5" @@ -77,3 +81,15 @@ url = "https://github.com/pulumi/pulumi/releases/download/v3.190.0/pulumi-v3.190 [[tools.python]] version = "3.11.8" backend = "core:python" + +[[tools."vfox-pulumi:pulumi/pulumi-converter-terraform"]] +version = "1.2.4" +backend = "vfox-pulumi:pulumi/pulumi-converter-terraform" + +[[tools."vfox-pulumi:pulumi/pulumi-local"]] +version = "0.1.6" +backend = "vfox-pulumi:pulumi/pulumi-local" + +[[tools."vfox-pulumi:pulumi/pulumi-std"]] +version = "2.2.0" +backend = "vfox-pulumi:pulumi/pulumi-std" diff --git a/.config/mise.test.toml b/.config/mise.test.toml index ce00eb574..3ab74020a 100644 --- a/.config/mise.test.toml +++ b/.config/mise.test.toml @@ -1,6 +1,10 @@ # WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt -# Overrides tool versions for test workflows +# Overrides for test workflows + +[env] +# Acceptance (specifically providertest) tests require that PULUMI_HOME be the default +PULUMI_HOME = "{{ env.HOME }}/.pulumi" [tools] # always use pulumi latest for tests diff --git a/.config/mise.toml b/.config/mise.toml index c59d9f693..918ded831 100644 --- a/.config/mise.toml +++ b/.config/mise.toml @@ -21,7 +21,13 @@ pulumi = "{{ get_env(name='MISE_PULUMI_VERSION', default='latest') }}" "github:pulumi/schema-tools" = "latest" gradle = '7.6' golangci-lint = "1.64.8" # See note about about overrides if you need to customize this. +"vfox-pulumi:pulumi/pulumi-std" = "latest" +"vfox-pulumi:pulumi/pulumi-converter-terraform" = "latest" +"vfox-pulumi:pulumi/pulumi-local" = "latest" [settings] experimental = true # Required for Go binaries (e.g. pulumictl). lockfile = true + +[plugins] +vfox-pulumi = "https://github.com/pulumi/vfox-pulumi" diff --git a/.github/actions/download-prerequisites/action.yml b/.github/actions/download-prerequisites/action.yml index f8ac3c4e0..91931ecfa 100644 --- a/.github/actions/download-prerequisites/action.yml +++ b/.github/actions/download-prerequisites/action.yml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Download the prerequisites bin - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: prerequisites-bin path: bin @@ -19,7 +19,7 @@ runs: run: rm bin/executables.txt - name: Download schema-embed.json - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: # Use a pattern to avoid failing if the artifact doesn't exist pattern: schema-embed.* diff --git a/.github/actions/download-provider/action.yml b/.github/actions/download-provider/action.yml index 2a023799c..4556d2ee9 100644 --- a/.github/actions/download-provider/action.yml +++ b/.github/actions/download-provider/action.yml @@ -6,7 +6,7 @@ runs: steps: - name: Download pulumi-resource-gitlab - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: pattern: pulumi-resource-gitlab-*-linux-amd64.tar.gz path: ${{ github.workspace }}/bin diff --git a/.github/actions/download-sdk/action.yml b/.github/actions/download-sdk/action.yml index c241e3c71..f25ad6fe6 100644 --- a/.github/actions/download-sdk/action.yml +++ b/.github/actions/download-sdk/action.yml @@ -10,7 +10,7 @@ runs: using: "composite" steps: - name: Download ${{ inputs.language }} SDK - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/ diff --git a/.github/actions/upload-prerequisites/action.yml b/.github/actions/upload-prerequisites/action.yml index 19d9c3d56..d99c2dda4 100644 --- a/.github/actions/upload-prerequisites/action.yml +++ b/.github/actions/upload-prerequisites/action.yml @@ -9,14 +9,14 @@ runs: run: find bin -type f -executable > bin/executables.txt - name: Upload prerequisites bin - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: prerequisites-bin path: bin/* retention-days: 30 - name: Upload schema-embed.json - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: schema-embed.json path: provider/cmd/pulumi-resource-gitlab/schema-embed.json diff --git a/.github/actions/upload-sdk/action.yml b/.github/actions/upload-sdk/action.yml index 75e262da8..e941a3170 100644 --- a/.github/actions/upload-sdk/action.yml +++ b/.github/actions/upload-sdk/action.yml @@ -13,7 +13,7 @@ runs: shell: bash run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . - name: Upload artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index 3f3ebf5e6..1600a8415 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -59,6 +59,8 @@ jobs: - name: Setup mise uses: jdx/mise-action@v3 with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_key: "mise-{{platform}}-{{file_hash}}" # only saving the cache in the prerequisites job @@ -106,7 +108,7 @@ jobs: run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} - name: Upload artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: pulumi-resource-gitlab-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz path: bin/pulumi-resource-gitlab-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index 4f167efa1..43a749e45 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -57,6 +57,8 @@ jobs: - name: Setup mise uses: jdx/mise-action@v3 with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_key: "mise-{{platform}}-{{file_hash}}" # only saving the cache in the prerequisites job @@ -96,6 +98,10 @@ jobs: sdk/nodejs/package.json sdk/python/pyproject.toml sdk/java/build.gradle + **/mise.lock + **/.config/mise.lock + **/mise.*.lock + **/.config/mise.*.lock - name: Commit ${{ matrix.language }} SDK changes for Renovate # If the worktree is dirty and this is a Renovate PR to bump # dependencies, commit the updated SDK and push it back to the PR. The diff --git a/.github/workflows/comment-on-stale-issues.yml b/.github/workflows/comment-on-stale-issues.yml index 79be47c19..e3ec80ee5 100644 --- a/.github/workflows/comment-on-stale-issues.yml +++ b/.github/workflows/comment-on-stale-issues.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest name: Stale issue job steps: - - uses: aws-actions/stale-issue-cleanup@5650b49bcd757a078f6ca06c373d7807b773f9bc #v7.1.0 + - uses: aws-actions/stale-issue-cleanup@5650b49bcd757a078f6ca06c373d7807b773f9bc # v7.1.0 with: issue-types: issues # only look at issues (ignore pull-requests) diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index acede5375..db61e0bc3 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -35,6 +35,8 @@ jobs: - name: Setup mise uses: jdx/mise-action@v3 with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_key: "mise-{{platform}}-{{file_hash}}" # only saving the cache in the prerequisites job diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 9ca0800fc..640717574 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -24,6 +24,8 @@ jobs: - name: Setup mise uses: jdx/mise-action@v3 with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_key: "mise-{{platform}}-{{file_hash}}" # only saving the cache in the prerequisites job diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4224b84af..65315a43c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -24,6 +24,8 @@ jobs: - name: Setup mise uses: jdx/mise-action@v3 with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_save: false # A different job handles caching our tools. - name: disarm go:embed directives to enable lint diff --git a/.github/workflows/main-post-build.yml b/.github/workflows/main-post-build.yml index a6c092ad4..f341fd8dc 100644 --- a/.github/workflows/main-post-build.yml +++ b/.github/workflows/main-post-build.yml @@ -43,7 +43,7 @@ jobs: name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} aws-region: us-west-2 @@ -51,6 +51,8 @@ jobs: - name: Setup mise uses: jdx/mise-action@v3 with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_key: "mise-{{platform}}-{{file_hash}}" # only saving the cache in the prerequisites job diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 8cf14c019..a64359538 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -75,6 +75,7 @@ jobs: with: version: ${{ needs.prerequisites.outputs.version }} isPrerelease: true + setLatestRelease: false skipGoSdk: true skipJavaSdk: true diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index fbf81fd7d..a1ddcf6ec 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -58,6 +58,7 @@ jobs: with: version: ${{ needs.prerequisites.outputs.version }} isPrerelease: true + setLatestRelease: false test: uses: ./.github/workflows/test.yml diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 839adcfdd..6ea90ce53 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -63,6 +63,8 @@ jobs: - name: Setup mise uses: jdx/mise-action@v3 with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_key: "mise-{{platform}}-{{file_hash}}" # only saving the cache in the prerequisites job diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d3a5121e9..2a36cc3fb 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -7,6 +7,9 @@ on: version: required: true type: string + setLatestRelease: + required: true + type: boolean isPrerelease: required: true type: boolean @@ -53,11 +56,13 @@ jobs: - name: Setup mise uses: jdx/mise-action@v3 with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_key: "mise-{{platform}}-${{ hashFiles('mise.lock') }}" cache_save: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -69,14 +74,14 @@ jobs: - name: Create dist directory run: mkdir -p dist - name: Download provider assets - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: pattern: pulumi-resource-gitlab-v${{ inputs.version }}-* path: dist # Don't create a directory for each artifact merge-multiple: true - name: Download schema - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: # Use a pattern to avoid failing if the artifact doesn't exist pattern: schema-embed.* @@ -102,13 +107,15 @@ jobs: - name: Upload Provider Binaries run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive - name: Create GH Release - uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2 + uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2 if: inputs.isPrerelease == false with: tag_name: v${{ inputs.version }} prerelease: ${{ inputs.isPrerelease }} # We keep pre-releases as drafts so they're not visible until we manually publish them. draft: ${{ inputs.isPrerelease }} + # Explicitly set make_latest to account for backported releases + make_latest: ${{ inputs.setLatestRelease }} body: ${{ steps.schema-summary.outputs.summary }} generate_release_notes: true files: dist/* @@ -139,12 +146,14 @@ jobs: - name: Setup mise uses: jdx/mise-action@v3 with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_key: "mise-{{platform}}-{{file_hash}}" # only saving the cache in the prerequisites job cache_save: false - name: Setup Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: # we don't set node-version because we install with mise. # this step is needed to setup npm auth @@ -207,8 +216,8 @@ jobs: create_docs_build: name: create_docs_build needs: publish_sdk - # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped - if: inputs.isPrerelease == false + # Only run for non-prerelease and for non-backported releases, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false && inputs.setLatestRelease == true runs-on: ubuntu-latest steps: - name: Checkout Repo @@ -225,7 +234,7 @@ jobs: name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - name: Dispatch Metadata build - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 + uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4 with: token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} repository: pulumi/registry diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 6bbbd1ba9..cc6ec935e 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -6,25 +6,18 @@ env: PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget TF_APPEND_USER_AGENT: pulumi +name: Comment on community PRs +on: + pull_request_target: {} + jobs: comment-on-pr: if: github.event.pull_request.head.repo.full_name != github.repository name: comment-on-pr runs-on: ubuntu-latest + permissions: + pull-requests: write steps: - - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false - - env: - ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} - ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" - ESC_ACTION_OIDC_AUTH: "true" - ESC_ACTION_OIDC_ORGANIZATION: pulumi - ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization - id: esc-secrets - name: Fetch secrets from ESC - uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - name: Comment PR uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: @@ -33,6 +26,3 @@ jobs: PR is now waiting for a maintainer to run the acceptance tests. **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR -name: pull-request -on: - pull_request_target: {} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 320dd439f..0e8b66329 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -71,6 +71,8 @@ jobs: with: version: ${{ needs.prerequisites.outputs.version }} isPrerelease: false + # Only tags on the default branch should set the release as `latest`; backported releases (tagged on a feature branch) should not. + setLatestRelease: ${{ github.event.base_ref == format('refs/heads/{0}', github.event.repository.default_branch) }} test: uses: ./.github/workflows/test.yml diff --git a/.github/workflows/release_command.yml b/.github/workflows/release_command.yml index f70c3ac4f..443b8cb99 100644 --- a/.github/workflows/release_command.yml +++ b/.github/workflows/release_command.yml @@ -37,7 +37,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: failure() name: Notify failure - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -46,7 +46,7 @@ jobs: "release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" - if: success() name: Notify success - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index b6af3a568..89bb1d8af 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -82,7 +82,7 @@ jobs: name: Create URL to the run output run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" - name: Update with Result - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" issue-number: ${{ github.event.client_payload.github.payload.issue.number }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 696f54336..5127dd854 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,6 +12,8 @@ on: env: PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} + MISE_ENV: test + PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget @@ -51,6 +53,8 @@ jobs: env: MISE_ENV: test with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_key: "mise-{{platform}}-{{file_hash}}" # also save this cache since we are using a different mise env. diff --git a/.github/workflows/upgrade-bridge.yml b/.github/workflows/upgrade-bridge.yml index 4c0a7ce40..a0744ae75 100644 --- a/.github/workflows/upgrade-bridge.yml +++ b/.github/workflows/upgrade-bridge.yml @@ -88,13 +88,15 @@ jobs: - name: Setup mise uses: jdx/mise-action@v3 with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_key: "mise-{{platform}}-{{file_hash}}" # only saving the cache in the prerequisites job cache_save: false - name: Call upgrade provider action if: github.event_name == 'workflow_dispatch' - uses: pulumi/pulumi-upgrade-provider-action@3c670a7cb92732324c8ccc17f7f9ef9dfca126d0 # v0.0.17 + uses: pulumi/pulumi-upgrade-provider-action@e247104aede3eb4641f48c8ad0ea9de9346f2457 # v0.0.18 with: kind: ${{ inputs.kind }} email: bot@pulumi.com @@ -110,7 +112,7 @@ jobs: GH_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_TOKEN || steps.esc-secrets.outputs.PULUMI_BOT_TOKEN || secrets.GITHUB_TOKEN }} - name: Call upgrade provider action if: github.event_name == 'repository_dispatch' - uses: pulumi/pulumi-upgrade-provider-action@3c670a7cb92732324c8ccc17f7f9ef9dfca126d0 # v0.0.17 + uses: pulumi/pulumi-upgrade-provider-action@e247104aede3eb4641f48c8ad0ea9de9346f2457 # v0.0.18 with: kind: ${{ github.event.client_payload.kind || 'bridge' }} email: bot@pulumi.com diff --git a/.github/workflows/upgrade-provider.yml b/.github/workflows/upgrade-provider.yml index ec4266a87..e947f2c37 100644 --- a/.github/workflows/upgrade-provider.yml +++ b/.github/workflows/upgrade-provider.yml @@ -56,6 +56,8 @@ jobs: - name: Setup mise uses: jdx/mise-action@v3 with: + # Latest working version. See https://github.com/jdx/mise/discussions/6781 + version: 2025.10.16 github_token: ${{ secrets.GITHUB_TOKEN }} cache_key: "mise-{{platform}}-{{file_hash}}" # only saving the cache in the prerequisites job @@ -87,7 +89,7 @@ jobs: id: upgrade_provider if: steps.target_version.outputs.version != '' continue-on-error: true - uses: pulumi/pulumi-upgrade-provider-action@3c670a7cb92732324c8ccc17f7f9ef9dfca126d0 # v0.0.17 + uses: pulumi/pulumi-upgrade-provider-action@e247104aede3eb4641f48c8ad0ea9de9346f2457 # v0.0.18 with: kind: provider email: bot@pulumi.com diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index f5c3bc437..72afa7e84 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -85,7 +85,7 @@ jobs: distribution: temurin java-version: 11 - name: Setup Gradle - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 + uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 with: gradle-version: 7.6 - name: Setup DotNet @@ -93,7 +93,7 @@ jobs: with: dotnet-version: 8.0.x - name: Setup Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: 20.x registry-url: https://registry.npmjs.org @@ -109,6 +109,6 @@ jobs: *.sum cache: true - name: Install Pulumi CLI - uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6 + uses: pulumi/actions@d7ceb0215da5a14ec84f50b703365ddf0194a9c8 # v6 with: pulumi-version: "dev" diff --git a/Makefile b/Makefile index c06136c12..ef2442a79 100644 --- a/Makefile +++ b/Makefile @@ -39,20 +39,36 @@ LDFLAGS=$(LDFLAGS_PROJ_VERSION) $(LDFLAGS_UPSTREAM_VERSION) $(LDFLAGS_EXTRAS) $( # Ensure all directories exist before evaluating targets to avoid issues with `touch` creating directories. _ := $(shell mkdir -p .make bin .pulumi/bin) +# Installs all necessary tools with mise and records completion in a sentinel +# file so dependent targets can participate in make's caching behaviour. The +# environment is refreshed via an order-only prerequisite so it still runs on +# every invocation without invalidating the sentinel. +mise_install: .make/mise_install | mise_env + +.PHONY: mise_env +mise_env: + @mise env -q > /dev/null + +.make/mise_install: + @mise install -q + @touch $@ + # Build the provider and all SDKs and install ready for testing -build: install_plugins provider build_sdks install_sdks build_registry_docs +build: .make/mise_install provider build_sdks install_sdks build_registry_docs +build: | mise_env # Keep aliases for old targets to ensure backwards compatibility development: build only_build: build # Prepare the workspace for building the provider and SDKs # Importantly this is run by CI ahead of restoring the bin directory and resuming SDK builds -prepare_local_workspace: install_plugins upstream +prepare_local_workspace: .make/mise_install upstream +prepare_local_workspace: | mise_env # Creates all generated files which need to be committed generate: generate_sdks schema build_registry_docs generate_sdks: generate_nodejs generate_python generate_dotnet generate_go generate_java build_registry_docs build_sdks: build_nodejs build_python build_dotnet build_go build_java build_registry_docs install_sdks: install_nodejs_sdk install_python_sdk install_dotnet_sdk install_go_sdk install_java_sdk -.PHONY: development only_build build generate generate_sdks build_sdks install_sdks +.PHONY: development only_build build generate generate_sdks build_sdks install_sdks mise_install mise_env help: @echo "Usage: make [target]" @@ -79,7 +95,7 @@ help: @echo "" @echo "Internal Targets (automatically run as dependencies of other targets)" @echo " prepare_local_workspace Prepare for building" - @echo " install_plugins Install plugin dependencies" + @echo " mise_install Install tools with mise" @echo " upstream Initialize the upstream submodule, if present" @echo "" @echo "Language-Specific Targets" @@ -97,7 +113,8 @@ GEN_ENVS := PULUMI_HOME=$(GEN_PULUMI_HOME) PULUMI_CONVERT_EXAMPLES_CACHE_DIR=$(G generate_dotnet: .make/generate_dotnet build_dotnet: .make/build_dotnet -.make/generate_dotnet: .make/install_plugins bin/$(CODEGEN) +.make/generate_dotnet: .make/mise_install bin/$(CODEGEN) +.make/generate_dotnet: | mise_env $(GEN_ENVS) $(WORKING_DIR)/bin/$(CODEGEN) dotnet --out sdk/dotnet/ cd sdk/dotnet/ && \ printf "module fake_dotnet_module // Exclude this directory from Go tools\n\ngo 1.17\n" > go.mod && \ @@ -110,7 +127,8 @@ build_dotnet: .make/build_dotnet generate_go: .make/generate_go build_go: .make/build_go -.make/generate_go: .make/install_plugins bin/$(CODEGEN) +.make/generate_go: .make/mise_install bin/$(CODEGEN) +.make/generate_go: | mise_env $(GEN_ENVS) $(WORKING_DIR)/bin/$(CODEGEN) go --out sdk/go/ @touch $@ .make/build_go: .make/generate_go @@ -121,7 +139,8 @@ build_go: .make/build_go generate_java: .make/generate_java build_java: .make/build_java .make/generate_java: PACKAGE_VERSION := $(PROVIDER_VERSION) -.make/generate_java: .make/install_plugins bin/$(CODEGEN) +.make/generate_java: .make/mise_install bin/$(CODEGEN) +.make/generate_java: | mise_env $(GEN_ENVS) $(WORKING_DIR)/bin/$(CODEGEN) java --out sdk/java/ printf "module fake_java_module // Exclude this directory from Go tools\n\ngo 1.17\n" > sdk/java/go.mod @touch $@ @@ -135,7 +154,8 @@ build_java: .make/build_java generate_nodejs: .make/generate_nodejs build_nodejs: .make/build_nodejs -.make/generate_nodejs: .make/install_plugins bin/$(CODEGEN) +.make/generate_nodejs: .make/mise_install bin/$(CODEGEN) +.make/generate_nodejs: | mise_env $(GEN_ENVS) $(WORKING_DIR)/bin/$(CODEGEN) nodejs --out sdk/nodejs/ printf "module fake_nodejs_module // Exclude this directory from Go tools\n\ngo 1.17\n" > sdk/nodejs/go.mod @touch $@ @@ -149,7 +169,8 @@ build_nodejs: .make/build_nodejs generate_python: .make/generate_python build_python: .make/build_python -.make/generate_python: .make/install_plugins bin/$(CODEGEN) +.make/generate_python: .make/mise_install bin/$(CODEGEN) +.make/generate_python: | mise_env $(GEN_ENVS) $(WORKING_DIR)/bin/$(CODEGEN) python --out sdk/python/ printf "module fake_python_module // Exclude this directory from Go tools\n\ngo 1.17\n" > sdk/python/go.mod cp README.md sdk/python/ @@ -166,7 +187,8 @@ build_python: .make/build_python .PHONY: generate_python build_python # Run the bridge's registry-docs command to generated the content of the installation docs/ folder at provider repo root build_registry_docs: .make/build_registry_docs -.make/build_registry_docs: .make/install_plugins bin/$(CODEGEN) +.make/build_registry_docs: .make/mise_install bin/$(CODEGEN) +.make/build_registry_docs: | mise_env bin/$(CODEGEN) registry-docs --out $(WORKING_DIR)/docs @touch $@ .PHONY: build_registry_docs @@ -175,6 +197,7 @@ clean: rm -rf sdk/{dotnet,nodejs,go,python} rm -rf bin/* rm -rf .make/* + rm -rf "$(GEN_PULUMI_CONVERT_EXAMPLES_CACHE_DIR)" if dotnet nuget list source | grep "$(WORKING_DIR)/nuget"; then \ dotnet nuget remove source "$(WORKING_DIR)/nuget" \ ; fi @@ -239,7 +262,8 @@ tfgen_no_deps: .make/schema .make/schema: export PULUMI_CONVERT_EXAMPLES_CACHE_DIR := $(WORKING_DIR)/.pulumi/examples-cache .make/schema: export PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION := $(PULUMI_CONVERT) .make/schema: export PULUMI_MISSING_DOCS_ERROR := $(PULUMI_MISSING_DOCS_ERROR) -.make/schema: bin/$(CODEGEN) .make/install_plugins .make/upstream +.make/schema: bin/$(CODEGEN) .make/mise_install .make/upstream +.make/schema: | mise_env $(WORKING_DIR)/bin/$(CODEGEN) schema --out provider/cmd/$(PROVIDER) (cd provider && VERSION=$(PROVIDER_VERSION) go generate cmd/$(PROVIDER)/main.go) @touch $@ @@ -270,7 +294,6 @@ debug_tfgen: dlv --listen=:2345 --headless=true --api-version=2 exec $(WORKING_DIR)/bin/$(CODEGEN) -- schema --out provider/cmd/$(PROVIDER) .PHONY: debug_tfgen -include scripts/plugins.mk include scripts/crossbuild.mk # Permit providers to extend the Makefile with provider-specific Make includes. diff --git a/scripts/get-versions.sh b/scripts/get-versions.sh index a5099af8d..bc92573bf 100755 --- a/scripts/get-versions.sh +++ b/scripts/get-versions.sh @@ -34,8 +34,8 @@ if [[ -z "${raw_version:-}" ]]; then exit 1 fi -echo "MISE_PULUMI_VERSION=$raw_version" -export MISE_PULUMI_VERSION=$raw_version +echo "PULUMI_VERSION_MISE=$raw_version" +export PULUMI_VERSION_MISE=$raw_version # Prefer the toolchain directive if present, otherwise fall back to the `go` version line go_toolchain=$(awk '/^toolchain[[:space:]]+go[0-9]/{ print $2; exit }' "$gomod") @@ -51,5 +51,5 @@ if [[ -z "${go_version:-}" ]]; then exit 1 fi -echo "MISE_GO_VERSION=$go_version" -export MISE_GO_VERSION=$go_version +echo "GO_VERSION_MISE=$go_version" +export GO_VERSION_MISE=$go_version diff --git a/scripts/plugins.mk b/scripts/plugins.mk deleted file mode 100644 index c22fc5b97..000000000 --- a/scripts/plugins.mk +++ /dev/null @@ -1,9 +0,0 @@ -# Install Pulumi and plugins required at build time. -install_plugins: .make/install_plugins -.make/install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi -.make/install_plugins: - pulumi plugin install resource std 1.6.2 - pulumi plugin install converter terraform 1.0.16 - pulumi plugin install resource local 0.0.1 - @touch $@ -.PHONY: install_plugins