diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 84e67a3fda..91a07579da 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -117,6 +117,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -153,7 +194,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -237,9 +278,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -261,7 +305,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 01c9f7db5d..57ca251621 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -109,6 +109,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -145,7 +186,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -229,9 +270,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -253,7 +297,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f61aadac74..9d2d47e84d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -109,6 +109,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -145,7 +186,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -229,9 +270,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -253,7 +297,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 7528d03f22..fcabb9e6c1 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -63,6 +63,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -131,6 +132,47 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ @@ -169,7 +211,7 @@ jobs: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: - fail-fast: true + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -183,6 +225,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version @@ -254,9 +297,12 @@ jobs: sdk/python/pyproject.toml - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' shell: bash run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit + git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" @@ -278,7 +324,7 @@ jobs: git add sdk - git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' @@ -330,6 +376,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true + persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - id: version name: Set Provider Version