diff --git a/.config/mise.toml b/.config/mise.toml index 096356ca0..23ce5afe2 100644 --- a/.config/mise.toml +++ b/.config/mise.toml @@ -21,7 +21,7 @@ java = 'corretto-11' "github:pulumi/schema-tools" = "0.6.0" "go:github.com/pulumi/upgrade-provider" = "main" "aqua:gradle/gradle-distributions" = '7.6.6' -golangci-lint = "2.2.2" # See note about about overrides if you need to customize this. +golangci-lint = "2.9.0" # See note about about overrides if you need to customize this. "npm:yarn" = "1.22.22" [settings] diff --git a/.github/actions/download-prerequisites/action.yml b/.github/actions/download-prerequisites/action.yml index e8eeead97..a36a214f6 100644 --- a/.github/actions/download-prerequisites/action.yml +++ b/.github/actions/download-prerequisites/action.yml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Download the prerequisites bin - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: prerequisites-bin path: bin @@ -19,7 +19,7 @@ runs: run: rm bin/executables.txt - name: Download schema-embed.json - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: # Use a pattern to avoid failing if the artifact doesn't exist pattern: schema-embed.* diff --git a/.github/actions/download-provider/action.yml b/.github/actions/download-provider/action.yml index 58f41d6b3..3d388b117 100644 --- a/.github/actions/download-provider/action.yml +++ b/.github/actions/download-provider/action.yml @@ -6,7 +6,7 @@ runs: steps: - name: Download pulumi-resource-cloudflare - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: pulumi-resource-cloudflare-*-linux-amd64.tar.gz path: ${{ github.workspace }}/bin diff --git a/.github/actions/download-sdk/action.yml b/.github/actions/download-sdk/action.yml index a92db4b24..5397cbc58 100644 --- a/.github/actions/download-sdk/action.yml +++ b/.github/actions/download-sdk/action.yml @@ -10,7 +10,7 @@ runs: using: "composite" steps: - name: Download ${{ inputs.language }} SDK - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/ diff --git a/.github/actions/upload-prerequisites/action.yml b/.github/actions/upload-prerequisites/action.yml index d44326156..2ca21652d 100644 --- a/.github/actions/upload-prerequisites/action.yml +++ b/.github/actions/upload-prerequisites/action.yml @@ -9,14 +9,14 @@ runs: run: find bin -type f -executable > bin/executables.txt - name: Upload prerequisites bin - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: prerequisites-bin path: bin/* retention-days: 30 - name: Upload schema-embed.json - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: schema-embed.json path: provider/cmd/pulumi-resource-cloudflare/schema-embed.json diff --git a/.github/actions/upload-sdk/action.yml b/.github/actions/upload-sdk/action.yml index 6afb103bd..cf3eae3ad 100644 --- a/.github/actions/upload-sdk/action.yml +++ b/.github/actions/upload-sdk/action.yml @@ -13,7 +13,7 @@ runs: shell: bash run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . - name: Upload artifacts - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index 6dc63dcf3..f2b782129 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -47,7 +47,7 @@ jobs: dotnet: false large-packages: false - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: @@ -59,7 +59,7 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} @@ -71,7 +71,7 @@ jobs: with: tag: v2.1.5-procursus2 - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: @@ -124,7 +124,7 @@ jobs: run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} - name: Upload artifacts - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: pulumi-resource-cloudflare-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz path: bin/pulumi-resource-cloudflare-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index 3ceea37aa..dfeb850b5 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -44,7 +44,7 @@ jobs: swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: @@ -56,7 +56,7 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} @@ -69,7 +69,7 @@ jobs: .pulumi/examples-cache key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 6c109c1b4..6c285e42c 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -45,8 +45,8 @@ jobs: ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC - uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: pulumi/esc-action@9840934db12128a33f6afb60b17d9de8f7ec5519 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - name: Checkout PR head (if applicable) @@ -56,7 +56,7 @@ jobs: PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }} run: gh pr checkout "$PR_NUMBER" - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: @@ -79,7 +79,7 @@ jobs: (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude review')) || (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude review')) id: claude-review - uses: anthropics/claude-code-action@8341a564b0c1693e9fa29c681852ee3714980098 # v1 + uses: anthropics/claude-code-action@905d4eb99ab3d43143d74fb0dcae537f29ac330a # v1 with: anthropic_api_key: ${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY }} prompt: | @@ -101,7 +101,7 @@ jobs: !contains(github.event.comment.body, '@claude review') && !contains(github.event.review.body, '@claude review') id: claude-action - uses: anthropics/claude-code-action@8341a564b0c1693e9fa29c681852ee3714980098 # v1 + uses: anthropics/claude-code-action@905d4eb99ab3d43143d74fb0dcae537f29ac330a # v1 with: anthropic_api_key: ${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY }} # This allows claude to read github action logs @@ -125,14 +125,14 @@ jobs: # Uploading the artifact allows you to download the artifact from the UI - name: Upload Claude review output on failure if: failure() && steps.claude-review.outputs.execution_file - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: name: claude-review-execution-log path: ${{ steps.claude-review.outputs.execution_file }} retention-days: 7 - name: Upload Claude output on failure if: failure() && steps.claude-action.outputs.execution_file - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: name: claude-execution-log path: ${{ steps.claude-action.outputs.execution_file }} diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index ded6eb79a..659aef6a9 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -16,7 +16,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml index a78d1951d..bcd3513b8 100644 --- a/.github/workflows/community-moderation.yml +++ b/.github/workflows/community-moderation.yml @@ -6,18 +6,18 @@ jobs: runs-on: pulumi-ubuntu-8core steps: - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - id: schema_changed name: Check for diff in schema - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 with: filters: "changed: 'provider/cmd/**/schema.json'" - id: sdk_changed if: steps.schema_changed.outputs.changed == 'false' name: Check for diff in sdk/** - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 with: filters: "changed: 'sdk/**'" - if: steps.sdk_changed.outputs.changed == 'true' && diff --git a/.github/workflows/export-repo-secrets.yml b/.github/workflows/export-repo-secrets.yml index 93f70f24c..513630e9e 100644 --- a/.github/workflows/export-repo-secrets.yml +++ b/.github/workflows/export-repo-secrets.yml @@ -8,7 +8,7 @@ jobs: steps: - name: Generate a GitHub token id: generate-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 + uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 with: app-id: 1256780 # Export Secrets GitHub App private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }} diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 8fa36bcf6..defbca69a 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -23,7 +23,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: @@ -35,14 +35,14 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 96222c50e..3f5aba1ef 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -30,7 +30,7 @@ jobs: swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: @@ -42,14 +42,14 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: diff --git a/.github/workflows/main-post-build.yml b/.github/workflows/main-post-build.yml index f3cc871d4..723a0c9e9 100644 --- a/.github/workflows/main-post-build.yml +++ b/.github/workflows/main-post-build.yml @@ -31,7 +31,7 @@ jobs: tool-cache: false swap-storage: false - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: @@ -43,20 +43,20 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} aws-region: us-west-2 aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_CORP_S3_UPLOAD_SECRET_ACCESS_KEY }} - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 630de6b84..0f469c585 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -89,7 +89,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index de411af77..64b5fd943 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -45,7 +45,7 @@ jobs: swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: @@ -57,7 +57,7 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} @@ -75,7 +75,7 @@ jobs: .pulumi/examples-cache key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }} - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: @@ -110,7 +110,7 @@ jobs: CLOUDFLARE_ZONE_ID: ${{ steps.esc-secrets.outputs.CLOUDFLARE_ZONE_ID }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 env: CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }} - if: inputs.is_pr diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2128344a6..76171a772 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -41,7 +41,7 @@ jobs: if: inputs.skipGoSdk && inputs.isPrerelease == false run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: @@ -53,14 +53,14 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: @@ -68,7 +68,7 @@ jobs: github_token: ${{ steps.app-auth.outputs.token }} cache_save: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -80,14 +80,14 @@ jobs: - name: Create dist directory run: mkdir -p dist - name: Download provider assets - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: pulumi-resource-cloudflare-v${{ inputs.version }}-* path: dist # Don't create a directory for each artifact merge-multiple: true - name: Download schema - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: # Use a pattern to avoid failing if the artifact doesn't exist pattern: schema-embed.* @@ -113,7 +113,7 @@ jobs: - name: Upload Provider Binaries run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive - name: Create GH Release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 if: inputs.isPrerelease == false with: tag_name: v${{ inputs.version }} @@ -136,7 +136,7 @@ jobs: python_version: ${{ steps.python_version.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # Persist credentials so we can push back to the repo persist-credentials: true @@ -149,14 +149,14 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: @@ -165,7 +165,7 @@ jobs: # only saving the cache in the prerequisites job cache_save: false - name: Setup Node - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: # we don't set node-version because we install with mise. # this step is needed to setup npm auth @@ -233,7 +233,7 @@ jobs: runs-on: pulumi-ubuntu-8core steps: - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: @@ -245,7 +245,7 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} @@ -273,7 +273,7 @@ jobs: runs-on: pulumi-ubuntu-8core steps: - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: @@ -285,7 +285,7 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} diff --git a/.github/workflows/release_command.yml b/.github/workflows/release_command.yml index 21fad2ace..0ae8774eb 100644 --- a/.github/workflows/release_command.yml +++ b/.github/workflows/release_command.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index cbc61a205..502513376 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -76,7 +76,7 @@ jobs: runs-on: pulumi-ubuntu-8core steps: - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - id: run-url diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 93c2e9140..999d21881 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -38,7 +38,7 @@ jobs: swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ env.PR_COMMIT_SHA }} persist-credentials: false @@ -51,7 +51,7 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} @@ -59,12 +59,12 @@ jobs: owner: ${{ github.repository_owner }} - name: Checkout p/examples if: matrix.testTarget == 'pulumiExamples' - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: pulumi/examples path: p-examples - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_ENV: test MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s diff --git a/.github/workflows/upgrade-bridge.yml b/.github/workflows/upgrade-bridge.yml index 0624b21db..3bfbd931e 100644 --- a/.github/workflows/upgrade-bridge.yml +++ b/.github/workflows/upgrade-bridge.yml @@ -81,7 +81,7 @@ jobs: swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: @@ -93,14 +93,14 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: diff --git a/.github/workflows/upgrade-provider.yml b/.github/workflows/upgrade-provider.yml index c4449d409..194ca2661 100644 --- a/.github/workflows/upgrade-provider.yml +++ b/.github/workflows/upgrade-provider.yml @@ -48,7 +48,7 @@ jobs: swap-storage: false dotnet: false - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false # Conflicts with app auth token. - env: @@ -60,14 +60,14 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index 76acb9088..980a11ba8 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -62,7 +62,7 @@ jobs: - name: Configure Git to checkout files with long names run: git config --global core.longpaths true - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - env: @@ -75,7 +75,7 @@ jobs: name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - name: Setup mise - uses: jdx/mise-action@c1a019b8d2586943b4dbebc456323b516910e310 + uses: jdx/mise-action@d6e9fb75ae3ee715d1db0b62373f15621d5f7329 with: version: 2026.3.7 github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.golangci.yml b/.golangci.yml index 70c591d3e..8e2f7397f 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -27,7 +27,7 @@ linters: rules: - linters: - revive - path: pkg/version/ + path: pkg/ text: "var-naming" # https://github.com/pulumi/ci-mgmt/issues/2100 formatters: enable: diff --git a/Makefile b/Makefile index 46f120d1b..81268d07e 100644 --- a/Makefile +++ b/Makefile @@ -224,17 +224,17 @@ install_python_sdk: .PHONY: install_dotnet_sdk install_go_sdk install_java_sdk install_nodejs_sdk install_python_sdk lint: upstream - git grep -l 'go:embed' -- provider | xargs perl -i -pe 's/go:embed/ goembed/g' + if git grep -ql 'go:embed' -- provider; then git grep -l 'go:embed' -- provider | xargs perl -i -pe 's/go:embed/ goembed/g'; fi cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml; LINT_EXIT=$$?; \ - git grep -l 'goembed' | xargs perl -i -pe 's/ goembed/go:embed/g'; \ + if git grep -ql 'goembed'; then git grep -l 'goembed' | xargs perl -i -pe 's/ goembed/go:embed/g'; fi; \ exit $$LINT_EXIT # `lint.fix` is a utility target meant to be run manually # that will run the linter and fix errors when possible. lint.fix: upstream - git grep -l 'go:embed' -- provider | xargs perl -i -pe 's/go:embed/ goembed/g' + if git grep -ql 'go:embed' -- provider; then git grep -l 'go:embed' -- provider | xargs perl -i -pe 's/go:embed/ goembed/g'; fi cd provider && golangci-lint run --path-prefix provider -c ../.golangci.yml --fix; LINT_EXIT=$$?; \ - git grep -l 'goembed' | xargs perl -i -pe 's/ goembed/go:embed/g'; \ + if git grep -ql 'goembed'; then git grep -l 'goembed' | xargs perl -i -pe 's/ goembed/go:embed/g'; fi; \ exit $$LINT_EXIT .PHONY: lint lint.fix