From f96fe3787b1f8929df4710c19ce2bb436777adce Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Mon, 23 Dec 2024 14:19:26 -0800 Subject: [PATCH] Automatically accept SDK changes for Renovate PRs (#1248) We have a problem right now where automated dependency upgrades can change our generated code, and this causes tests to fail because we expect no changes in CI. The "right" way to do this is with a hermetic `make renovate` step which can re-generate this code during the Renovate job, as @t0yv0 has started doing for EKS (e.g. https://github.com/pulumi/pulumi-eks/pull/1552). But we don't have hermetic builds so we don't yet have an easy way to get this to work across all providers. This PR implements a suggestion from Daniel to help address the long tail. Essentially right before we fail a build for containing SDK changes, we will commit those changes and push them back to the PR -- _but only if it came from Renovate._ The build will still fail, but tests will be re-tried against the updated SDK. Renovate has already been configured to "ignore" updates from pulumi-bot (https://github.com/pulumi/renovate-config/commit/82931a62d50a9b7a628032bdefbf3c6f64a4e895), so if tests pass it will still automatically squash and merge. Here's an example where I manually modified the SDK and the PR was automatically corrected: ![image](https://github.com/user-attachments/assets/0f0f4912-5962-4cfc-b7b5-2e991334ea36) Refs https://github.com/pulumi/ci-mgmt/issues/1101 Refs https://github.com/pulumi/ci-mgmt/issues/936 --- .../repo/.github/workflows/build.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/prerelease.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/release.yml | 40 ++++++++++++++++++ .../workflows/run-acceptance-tests.yml | 40 ++++++++++++++++++ .../command/repo/.github/workflows/build.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/prerelease.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/release.yml | 40 ++++++++++++++++++ .../workflows/run-acceptance-tests.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/build.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/prerelease.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/release.yml | 40 ++++++++++++++++++ .../workflows/run-acceptance-tests.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/build.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/prerelease.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/release.yml | 40 ++++++++++++++++++ .../workflows/run-acceptance-tests.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/build.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/prerelease.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/release.yml | 40 ++++++++++++++++++ .../workflows/run-acceptance-tests.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/build.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/prerelease.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/release.yml | 40 ++++++++++++++++++ .../workflows/run-acceptance-tests.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/build.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/prerelease.yml | 40 ++++++++++++++++++ .../repo/.github/workflows/release.yml | 40 ++++++++++++++++++ .../workflows/run-acceptance-tests.yml | 40 ++++++++++++++++++ native-provider-ci/src/steps.ts | 41 ++++++++++++++++++ native-provider-ci/src/workflows.ts | 1 + .../.github/workflows/build_sdk.yml | 42 ++++++++++++++++++- .../acme/.github/workflows/build_sdk.yml | 42 ++++++++++++++++++- .../aws/.github/workflows/build_sdk.yml | 42 ++++++++++++++++++- .../.github/workflows/build_sdk.yml | 42 ++++++++++++++++++- .../docker/.github/workflows/build_sdk.yml | 42 ++++++++++++++++++- 35 files changed, 1367 insertions(+), 5 deletions(-) diff --git a/native-provider-ci/providers/aws-native/repo/.github/workflows/build.yml b/native-provider-ci/providers/aws-native/repo/.github/workflows/build.yml index 140939bc53..84e67a3fda 100644 --- a/native-provider-ci/providers/aws-native/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/aws-native/repo/.github/workflows/build.yml @@ -108,6 +108,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -225,6 +226,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -233,6 +235,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/aws-native/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/aws-native/repo/.github/workflows/prerelease.yml index f36f56d8ad..01c9f7db5d 100644 --- a/native-provider-ci/providers/aws-native/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/aws-native/repo/.github/workflows/prerelease.yml @@ -100,6 +100,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -217,6 +218,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -225,6 +227,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/aws-native/repo/.github/workflows/release.yml b/native-provider-ci/providers/aws-native/repo/.github/workflows/release.yml index cf5b998040..f61aadac74 100644 --- a/native-provider-ci/providers/aws-native/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/aws-native/repo/.github/workflows/release.yml @@ -100,6 +100,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -217,6 +218,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -225,6 +227,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/aws-native/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/aws-native/repo/.github/workflows/run-acceptance-tests.yml index d132ed82b1..7528d03f22 100644 --- a/native-provider-ci/providers/aws-native/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/aws-native/repo/.github/workflows/run-acceptance-tests.yml @@ -122,6 +122,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -242,6 +243,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -250,6 +252,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/command/repo/.github/workflows/build.yml b/native-provider-ci/providers/command/repo/.github/workflows/build.yml index 22231e1668..e931670415 100644 --- a/native-provider-ci/providers/command/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/command/repo/.github/workflows/build.yml @@ -73,6 +73,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -176,6 +177,7 @@ jobs: - name: Generate SDK run: make ${{ matrix.language }}_sdk - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -184,6 +186,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/command/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/command/repo/.github/workflows/prerelease.yml index b8176b9654..f9ca3affb8 100644 --- a/native-provider-ci/providers/command/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/command/repo/.github/workflows/prerelease.yml @@ -65,6 +65,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -168,6 +169,7 @@ jobs: - name: Generate SDK run: make ${{ matrix.language }}_sdk - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -176,6 +178,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/command/repo/.github/workflows/release.yml b/native-provider-ci/providers/command/repo/.github/workflows/release.yml index 16f1ab8c77..0be694f6a7 100644 --- a/native-provider-ci/providers/command/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/command/repo/.github/workflows/release.yml @@ -65,6 +65,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -168,6 +169,7 @@ jobs: - name: Generate SDK run: make ${{ matrix.language }}_sdk - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -176,6 +178,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/command/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/command/repo/.github/workflows/run-acceptance-tests.yml index eb79b83a81..0ba6f076e8 100644 --- a/native-provider-ci/providers/command/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/command/repo/.github/workflows/run-acceptance-tests.yml @@ -87,6 +87,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -193,6 +194,7 @@ jobs: - name: Generate SDK run: make ${{ matrix.language }}_sdk - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -201,6 +203,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/docker-build/repo/.github/workflows/build.yml b/native-provider-ci/providers/docker-build/repo/.github/workflows/build.yml index bd81c28b70..b9dc92057e 100644 --- a/native-provider-ci/providers/docker-build/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/docker-build/repo/.github/workflows/build.yml @@ -118,6 +118,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -222,6 +223,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -230,6 +232,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/docker-build/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/docker-build/repo/.github/workflows/prerelease.yml index 3aebd1d276..f436ab9271 100644 --- a/native-provider-ci/providers/docker-build/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/docker-build/repo/.github/workflows/prerelease.yml @@ -110,6 +110,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -214,6 +215,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -222,6 +224,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/docker-build/repo/.github/workflows/release.yml b/native-provider-ci/providers/docker-build/repo/.github/workflows/release.yml index 1ead9920e8..17b667a5f9 100644 --- a/native-provider-ci/providers/docker-build/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/docker-build/repo/.github/workflows/release.yml @@ -110,6 +110,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -214,6 +215,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -222,6 +224,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/docker-build/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/docker-build/repo/.github/workflows/run-acceptance-tests.yml index e9e1b84e2a..04bb598137 100644 --- a/native-provider-ci/providers/docker-build/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/docker-build/repo/.github/workflows/run-acceptance-tests.yml @@ -132,6 +132,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -239,6 +240,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -247,6 +249,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/google-native/repo/.github/workflows/build.yml b/native-provider-ci/providers/google-native/repo/.github/workflows/build.yml index b62d08eba6..6af9aea796 100644 --- a/native-provider-ci/providers/google-native/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/google-native/repo/.github/workflows/build.yml @@ -112,6 +112,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -218,6 +219,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -226,6 +228,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/google-native/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/google-native/repo/.github/workflows/prerelease.yml index 4739704e0f..c32a2fd0a5 100644 --- a/native-provider-ci/providers/google-native/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/google-native/repo/.github/workflows/prerelease.yml @@ -104,6 +104,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -210,6 +211,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -218,6 +220,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/google-native/repo/.github/workflows/release.yml b/native-provider-ci/providers/google-native/repo/.github/workflows/release.yml index 733279124c..de9537a764 100644 --- a/native-provider-ci/providers/google-native/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/google-native/repo/.github/workflows/release.yml @@ -104,6 +104,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -210,6 +211,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -218,6 +220,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/google-native/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/google-native/repo/.github/workflows/run-acceptance-tests.yml index 3ebb05ef54..5e306d61bb 100644 --- a/native-provider-ci/providers/google-native/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/google-native/repo/.github/workflows/run-acceptance-tests.yml @@ -126,6 +126,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -235,6 +236,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -243,6 +245,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/build.yml b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/build.yml index 602553bb8c..e54cc2874d 100644 --- a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/build.yml @@ -111,6 +111,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -217,6 +218,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -225,6 +227,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/prerelease.yml index e9c272b618..06d4c8b98c 100644 --- a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/prerelease.yml @@ -103,6 +103,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -209,6 +210,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -217,6 +219,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/release.yml b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/release.yml index ada66ea3cd..b90018e611 100644 --- a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/release.yml @@ -103,6 +103,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -209,6 +210,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -217,6 +219,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/run-acceptance-tests.yml index b7a9779307..880e17f7a3 100644 --- a/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/kubernetes-cert-manager/repo/.github/workflows/run-acceptance-tests.yml @@ -125,6 +125,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -234,6 +235,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -242,6 +244,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/build.yml b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/build.yml index 4faeb321ef..a9f64e1c9d 100644 --- a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/build.yml @@ -111,6 +111,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -217,6 +218,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -225,6 +227,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/prerelease.yml index 2e16e09558..918994a71f 100644 --- a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/prerelease.yml @@ -103,6 +103,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -209,6 +210,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -217,6 +219,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/release.yml b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/release.yml index 8f1b97969e..6968a0353e 100644 --- a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/release.yml @@ -103,6 +103,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -209,6 +210,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -217,6 +219,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/run-acceptance-tests.yml index 5522c1ce6b..57da15aae7 100644 --- a/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/kubernetes-ingress-nginx/repo/.github/workflows/run-acceptance-tests.yml @@ -125,6 +125,7 @@ jobs: - name: Build Provider run: make provider - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -234,6 +235,7 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -242,6 +244,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes/repo/.github/workflows/build.yml b/native-provider-ci/providers/kubernetes/repo/.github/workflows/build.yml index 3871463c7d..ad45aa59bd 100644 --- a/native-provider-ci/providers/kubernetes/repo/.github/workflows/build.yml +++ b/native-provider-ci/providers/kubernetes/repo/.github/workflows/build.yml @@ -113,6 +113,7 @@ jobs: number: ${{ github.event.issue.number }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -217,6 +218,7 @@ jobs: - name: Generate SDK run: make ${{ matrix.language }}_sdk - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -225,6 +227,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes/repo/.github/workflows/prerelease.yml b/native-provider-ci/providers/kubernetes/repo/.github/workflows/prerelease.yml index bf6519b9ec..1dc785b9ca 100644 --- a/native-provider-ci/providers/kubernetes/repo/.github/workflows/prerelease.yml +++ b/native-provider-ci/providers/kubernetes/repo/.github/workflows/prerelease.yml @@ -105,6 +105,7 @@ jobs: number: ${{ github.event.issue.number }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -209,6 +210,7 @@ jobs: - name: Generate SDK run: make ${{ matrix.language }}_sdk - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -217,6 +219,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes/repo/.github/workflows/release.yml b/native-provider-ci/providers/kubernetes/repo/.github/workflows/release.yml index aa1057f792..8b5f3a72dd 100644 --- a/native-provider-ci/providers/kubernetes/repo/.github/workflows/release.yml +++ b/native-provider-ci/providers/kubernetes/repo/.github/workflows/release.yml @@ -105,6 +105,7 @@ jobs: number: ${{ github.event.issue.number }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -209,6 +210,7 @@ jobs: - name: Generate SDK run: make ${{ matrix.language }}_sdk - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -217,6 +219,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/providers/kubernetes/repo/.github/workflows/run-acceptance-tests.yml b/native-provider-ci/providers/kubernetes/repo/.github/workflows/run-acceptance-tests.yml index 1474cefa6c..00ef4255a3 100644 --- a/native-provider-ci/providers/kubernetes/repo/.github/workflows/run-acceptance-tests.yml +++ b/native-provider-ci/providers/kubernetes/repo/.github/workflows/run-acceptance-tests.yml @@ -127,6 +127,7 @@ jobs: number: ${{ github.event.issue.number }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -234,6 +235,7 @@ jobs: - name: Generate SDK run: make ${{ matrix.language }}_sdk - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- @@ -242,6 +244,44 @@ jobs: sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') + shell: bash + run: > + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . diff --git a/native-provider-ci/src/steps.ts b/native-provider-ci/src/steps.ts index 24ad87437a..9c2c130858 100644 --- a/native-provider-ci/src/steps.ts +++ b/native-provider-ci/src/steps.ts @@ -495,7 +495,9 @@ export function ZipSDKsStep(): Step { export function CheckCleanWorkTree(): Step { return { name: "Check worktree clean", + id: "worktreeClean", uses: action.gitStatusCheck, + // Keep these in sync with the Renovate step below to avoid them getting checked in. with: { "allowed-changes": `\ sdk/**/pulumi-plugin.json @@ -507,6 +509,45 @@ sdk/python/pyproject.toml`, }; } +export function CommitSDKChangesForRenovate(): Step { + // If the worktree is dirty and this is a Renovate PR to bump dependencies, + // commit the updated SDK and push it back to the PR. The job will still be + // marked as a failure. + + return { + name: "Commit ${{ matrix.language }} SDK changes for Renovate", + if: "failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate')", + shell: "bash", + run: `git config --global user.email "bot@pulumi.com" +git config --global user.name "pulumi-bot" +\ +# Stash local changes and check out the PR's branch directly. +git stash +git fetch +git checkout "origin/$HEAD_REF" + +# Apply and add our changes, but don't commit any files we expect to +# always change due to versioning. +git stash pop +git add sdk +git reset \ + sdk/python/*/pulumi-plugin.json \ + sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/internal/pulumiUtilities.go \ + sdk/nodejs/package.json \ + sdk/python/pyproject.toml +git commit -m 'Commit \${{ matrix.language }} SDK for Renovate' + +# Push with pulumi-bot credentials to trigger a re-run of the +# workflow. https://github.com/orgs/community/discussions/25702 +git push https://pulumi-bot:\${{ secrets.PULUMI_BOT_TOKEN }}@github.com/\${{ github.repository }} \ + "HEAD:$HEAD_REF" +`, + // head_ref is untrusted so it's recommended to pass via env var to avoid injections. + env: { HEAD_REF: "${{ github.head_ref }}" }, + }; +} + export function SetNugetSource(): Step { return { run: "dotnet nuget add source ${{ github.workspace }}/nuget", diff --git a/native-provider-ci/src/workflows.ts b/native-provider-ci/src/workflows.ts index 624399a95b..e3c58122ad 100644 --- a/native-provider-ci/src/workflows.ts +++ b/native-provider-ci/src/workflows.ts @@ -463,6 +463,7 @@ export class BuildSdkJob implements NormalJob { steps.GenerateSDKs(opts.provider), steps.BuildSDKs(opts.provider), steps.CheckCleanWorkTree(), + steps.CommitSDKChangesForRenovate(), steps.Porcelain(), steps.ZipSDKsStep(), steps.UploadSDKs(tag), diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml index 9ee4bd132a..bf52b667ca 100644 --- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml +++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/build_sdk.yml @@ -18,7 +18,9 @@ jobs: name: build_sdk runs-on: #{{ if .Config.Runner.BuildSDK }}##{{- .Config.Runner.BuildSDK }}##{{ else }}##{{- .Config.Runner.Default }}##{{ end }}# strategy: - fail-fast: true + # We normally fail fast unless this is a PR from Renovate in which case + # we'll always build all SDKs in case there are any changes to commit. + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: #{{ .Config.Languages | toYaml | indent 8 }}# @@ -60,14 +62,52 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@v1 with: + # Keep these in sync with the Renovate step below to avoid them getting checked in. allowed-changes: | sdk/**/pulumi-plugin.json sdk/dotnet/*.csproj sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + # If the worktree is dirty and this is a Renovate PR to bump + # dependencies, commit the updated SDK and push it back to the PR. The + # job will still be marked as a failure. + if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') + shell: bash + run: | + git config --global user.email "bot@pulumi.com" + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + git stash + git fetch + git checkout "origin/$HEAD_REF" + + # Apply and add our changes, but don't commit any files we expect to + # always change due to versioning. + git stash pop + git add sdk + git reset \ + sdk/python/*/pulumi-plugin.json \ + sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/internal/pulumiUtilities.go \ + sdk/nodejs/package.json \ + sdk/python/pyproject.toml + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + # Push with pulumi-bot credentials to trigger a re-run of the + # workflow. https://github.com/orgs/community/discussions/25702 + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} \ + "HEAD:$HEAD_REF" + env: + # head_ref is untrusted so it's recommended to pass via env var to + # avoid injections. + HEAD_REF: ${{ github.head_ref }} + - name: Upload SDK uses: ./.github/actions/upload-sdk with: diff --git a/provider-ci/test-providers/acme/.github/workflows/build_sdk.yml b/provider-ci/test-providers/acme/.github/workflows/build_sdk.yml index b132ef7f8f..714904351f 100644 --- a/provider-ci/test-providers/acme/.github/workflows/build_sdk.yml +++ b/provider-ci/test-providers/acme/.github/workflows/build_sdk.yml @@ -33,7 +33,9 @@ jobs: name: build_sdk runs-on: ubuntu-latest strategy: - fail-fast: true + # We normally fail fast unless this is a PR from Renovate in which case + # we'll always build all SDKs in case there are any changes to commit. + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - dotnet @@ -66,14 +68,52 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@v1 with: + # Keep these in sync with the Renovate step below to avoid them getting checked in. allowed-changes: | sdk/**/pulumi-plugin.json sdk/dotnet/*.csproj sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + # If the worktree is dirty and this is a Renovate PR to bump + # dependencies, commit the updated SDK and push it back to the PR. The + # job will still be marked as a failure. + if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') + shell: bash + run: | + git config --global user.email "bot@pulumi.com" + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + git stash + git fetch + git checkout "origin/$HEAD_REF" + + # Apply and add our changes, but don't commit any files we expect to + # always change due to versioning. + git stash pop + git add sdk + git reset \ + sdk/python/*/pulumi-plugin.json \ + sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/internal/pulumiUtilities.go \ + sdk/nodejs/package.json \ + sdk/python/pyproject.toml + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + # Push with pulumi-bot credentials to trigger a re-run of the + # workflow. https://github.com/orgs/community/discussions/25702 + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} \ + "HEAD:$HEAD_REF" + env: + # head_ref is untrusted so it's recommended to pass via env var to + # avoid injections. + HEAD_REF: ${{ github.head_ref }} + - name: Upload SDK uses: ./.github/actions/upload-sdk with: diff --git a/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml b/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml index b917db8cc8..ce98e79952 100644 --- a/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml +++ b/provider-ci/test-providers/aws/.github/workflows/build_sdk.yml @@ -36,7 +36,9 @@ jobs: name: build_sdk runs-on: ubuntu-latest strategy: - fail-fast: true + # We normally fail fast unless this is a PR from Renovate in which case + # we'll always build all SDKs in case there are any changes to commit. + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -78,14 +80,52 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@v1 with: + # Keep these in sync with the Renovate step below to avoid them getting checked in. allowed-changes: | sdk/**/pulumi-plugin.json sdk/dotnet/*.csproj sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + # If the worktree is dirty and this is a Renovate PR to bump + # dependencies, commit the updated SDK and push it back to the PR. The + # job will still be marked as a failure. + if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') + shell: bash + run: | + git config --global user.email "bot@pulumi.com" + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + git stash + git fetch + git checkout "origin/$HEAD_REF" + + # Apply and add our changes, but don't commit any files we expect to + # always change due to versioning. + git stash pop + git add sdk + git reset \ + sdk/python/*/pulumi-plugin.json \ + sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/internal/pulumiUtilities.go \ + sdk/nodejs/package.json \ + sdk/python/pyproject.toml + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + # Push with pulumi-bot credentials to trigger a re-run of the + # workflow. https://github.com/orgs/community/discussions/25702 + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} \ + "HEAD:$HEAD_REF" + env: + # head_ref is untrusted so it's recommended to pass via env var to + # avoid injections. + HEAD_REF: ${{ github.head_ref }} + - name: Upload SDK uses: ./.github/actions/upload-sdk with: diff --git a/provider-ci/test-providers/cloudflare/.github/workflows/build_sdk.yml b/provider-ci/test-providers/cloudflare/.github/workflows/build_sdk.yml index 29ee29e450..f39e182ac5 100644 --- a/provider-ci/test-providers/cloudflare/.github/workflows/build_sdk.yml +++ b/provider-ci/test-providers/cloudflare/.github/workflows/build_sdk.yml @@ -35,7 +35,9 @@ jobs: name: build_sdk runs-on: ubuntu-latest strategy: - fail-fast: true + # We normally fail fast unless this is a PR from Renovate in which case + # we'll always build all SDKs in case there are any changes to commit. + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -69,14 +71,52 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@v1 with: + # Keep these in sync with the Renovate step below to avoid them getting checked in. allowed-changes: | sdk/**/pulumi-plugin.json sdk/dotnet/*.csproj sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + # If the worktree is dirty and this is a Renovate PR to bump + # dependencies, commit the updated SDK and push it back to the PR. The + # job will still be marked as a failure. + if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') + shell: bash + run: | + git config --global user.email "bot@pulumi.com" + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + git stash + git fetch + git checkout "origin/$HEAD_REF" + + # Apply and add our changes, but don't commit any files we expect to + # always change due to versioning. + git stash pop + git add sdk + git reset \ + sdk/python/*/pulumi-plugin.json \ + sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/internal/pulumiUtilities.go \ + sdk/nodejs/package.json \ + sdk/python/pyproject.toml + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + # Push with pulumi-bot credentials to trigger a re-run of the + # workflow. https://github.com/orgs/community/discussions/25702 + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} \ + "HEAD:$HEAD_REF" + env: + # head_ref is untrusted so it's recommended to pass via env var to + # avoid injections. + HEAD_REF: ${{ github.head_ref }} + - name: Upload SDK uses: ./.github/actions/upload-sdk with: diff --git a/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml b/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml index 3de66ac81b..7a847d8590 100644 --- a/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml +++ b/provider-ci/test-providers/docker/.github/workflows/build_sdk.yml @@ -48,7 +48,9 @@ jobs: name: build_sdk runs-on: ubuntu-latest strategy: - fail-fast: true + # We normally fail fast unless this is a PR from Renovate in which case + # we'll always build all SDKs in case there are any changes to commit. + fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs @@ -82,14 +84,52 @@ jobs: - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean + id: worktreeClean uses: pulumi/git-status-check-action@v1 with: + # Keep these in sync with the Renovate step below to avoid them getting checked in. allowed-changes: | sdk/**/pulumi-plugin.json sdk/dotnet/*.csproj sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml + - name: Commit ${{ matrix.language }} SDK changes for Renovate + # If the worktree is dirty and this is a Renovate PR to bump + # dependencies, commit the updated SDK and push it back to the PR. The + # job will still be marked as a failure. + if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') + shell: bash + run: | + git config --global user.email "bot@pulumi.com" + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + git stash + git fetch + git checkout "origin/$HEAD_REF" + + # Apply and add our changes, but don't commit any files we expect to + # always change due to versioning. + git stash pop + git add sdk + git reset \ + sdk/python/*/pulumi-plugin.json \ + sdk/dotnet/Pulumi.*.csproj \ + sdk/go/*/internal/pulumiUtilities.go \ + sdk/nodejs/package.json \ + sdk/python/pyproject.toml + git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' + + # Push with pulumi-bot credentials to trigger a re-run of the + # workflow. https://github.com/orgs/community/discussions/25702 + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} \ + "HEAD:$HEAD_REF" + env: + # head_ref is untrusted so it's recommended to pass via env var to + # avoid injections. + HEAD_REF: ${{ github.head_ref }} + - name: Upload SDK uses: ./.github/actions/upload-sdk with: