chore: make ci-mgmt

2025-12-06 01:43:51 -05:00
parent ef3fde0b79
commit 4f829f9e0a
34 changed files with 623 additions and 467 deletions
--- a/.github/actions/download-prerequisites/action.yml
+++ b/.github/actions/download-prerequisites/action.yml
@@ -5,7 +5,7 @@ runs:
  using: "composite"
  steps:
    - name: Download the prerequisites bin
-      uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
      with:
        name: prerequisites-bin
        path: bin
@@ -19,7 +19,7 @@ runs:
      run: rm bin/executables.txt

    - name: Download schema-embed.json
-      uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
      with:
        # Use a pattern to avoid failing if the artifact doesn't exist
        pattern: schema-embed.*
--- a/.github/actions/download-provider/action.yml
+++ b/.github/actions/download-provider/action.yml
@@ -6,7 +6,7 @@ runs:
  steps:

    - name: Download pulumi-resource-incus
-      uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
      with:
        pattern: pulumi-resource-incus-*-linux-amd64.tar.gz
        path: ${{ github.workspace }}/bin
--- a/.github/actions/download-sdk/action.yml
+++ b/.github/actions/download-sdk/action.yml
@@ -10,7 +10,7 @@ runs:
  using: "composite"
  steps:
    - name: Download ${{ inputs.language }} SDK
-      uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
      with:
        name: ${{ inputs.language }}-sdk.tar.gz
        path: ${{ github.workspace}}/sdk/
--- a/.github/actions/esc-action/action.yaml
+++ b/.github/actions/esc-action/action.yaml
@@ -0,0 +1,12 @@
+name: "Load secrets"
+description: |
+  This is a temporary action which assists with our migration to ESC. Instead
+  of surrounding every step that references secrets with an "if ESC" block, we
+  instead modify those steps to consume their secrets from this step's outputs.
+  Then, later, we can replace this action with esc-action to actually load
+  secrets from ESC.
+inputs: {}
+outputs: {}
+runs:
+  using: "node20"
+  main: "index.js"
--- a/.github/actions/esc-action/index.js
+++ b/.github/actions/esc-action/index.js
@@ -0,0 +1,14 @@
+const fs = require("fs");
+
+const file = process.env["GITHUB_OUTPUT"];
+var stream = fs.createWriteStream(file, { flags: "a" });
+
+for (const [name, value] of Object.entries(process.env)) {
+  try {
+    stream.write(`${name}<<EEEOOOFFF\n${value}\nEEEOOOFFF\n`); // << syntax accommodates multiline strings.
+  } catch (err) {
+    console.log(`error: failed to set output for ${name}: ${err.message}`);
+  }
+}
+
+stream.end();
--- a/.github/actions/setup-tools/action.yml
+++ b/.github/actions/setup-tools/action.yml
@@ -1,91 +0,0 @@
-name: Setup tools
-description: Installs Go, Pulumi, pulumictl, schema-tools, Node.JS, Python, dotnet and Java.
-
-inputs:
-  tools:
-    description: |
-      Comma separated list of tools to install. The default of "all" installs all tools. Available tools are:
-        go
-        pulumicli
-        pulumictl
-        schema-tools
-        nodejs
-        python
-        dotnet
-        java
-    default: all
-  cache-go:
-    description: |
-      Whether to enable the GitHub cache for Go. Appropriate for disabling in
-      smaller jobs that typically completely before the "real" job has an
-      opportunity to populate the cache.
-    default: "true"
-
-runs:
-  using: "composite"
-  steps:
-    - name: Install Go
-      if: inputs.tools == 'all' || contains(inputs.tools, 'go')
-      uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5
-      with:
-        go-version: "1.21.x"
-        cache-dependency-path: |
-          provider/*.sum
-          upstream/*.sum
-          sdk/go/*.sum
-          sdk/*.sum
-          *.sum
-        # TODO(https://github.com/actions/setup-go/issues/316): Restore but don't save the cache.
-        cache: ${{ inputs.cache-go }}
-
-    - name: Install pulumictl
-      if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl')
-      uses: jaxxstorm/action-install-gh-release@4304621e8c48d66093a8a214af5d5b5bc3b3d943 # v2.0.0
-      with:
-        tag: v0.0.48
-        repo: pulumi/pulumictl
-
-    - name: Install Pulumi CLI
-      if: inputs.tools == 'all' || contains(inputs.tools, 'pulumicli')
-      uses: pulumi/actions@9519177da243fd32cab35cdbf19cce1ab7472fcc # v6
-      with:
-        pulumi-version: "dev"
-
-    - name: Install Schema Tools
-      if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools')
-      uses: jaxxstorm/action-install-gh-release@4304621e8c48d66093a8a214af5d5b5bc3b3d943 # v2.0.0
-      with:
-        repo: pulumi/schema-tools
-
-    - name: Setup Node
-      if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs')
-      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
-      with:
-        node-version: 20.x
-        registry-url: https://registry.npmjs.org
-
-    - name: Setup DotNet
-      if: inputs.tools == 'all' || contains(inputs.tools, 'dotnet')
-      uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
-      with:
-        dotnet-version: 8.0.x
-
-    - name: Setup Python
-      if: inputs.tools == 'all' || contains(inputs.tools, 'python')
-      uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
-      with:
-        python-version: 3.11.8
-
-    - name: Setup Java
-      if: inputs.tools == 'all' || contains(inputs.tools, 'java')
-      uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
-      with:
-        cache: gradle
-        distribution: temurin
-        java-version: 11
-
-    - name: Setup Gradle
-      if: inputs.tools == 'all' || contains(inputs.tools, 'java')
-      uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3
-      with:
-        gradle-version: 7.6
--- a/.github/actions/upload-prerequisites/action.yml
+++ b/.github/actions/upload-prerequisites/action.yml
@@ -9,14 +9,14 @@ runs:
      run: find bin -type f -executable > bin/executables.txt

    - name: Upload prerequisites bin
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
      with:
        name: prerequisites-bin
        path: bin/*
        retention-days: 30

    - name: Upload schema-embed.json
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
      with:
        name: schema-embed.json
        path: provider/cmd/pulumi-resource-incus/schema-embed.json
--- a/.github/actions/upload-sdk/action.yml
+++ b/.github/actions/upload-sdk/action.yml
@@ -13,7 +13,7 @@ runs:
      shell: bash
      run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} .
    - name: Upload artifacts
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
      with:
        name: ${{ inputs.language  }}-sdk.tar.gz
        path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz