# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt name: Upgrade provider on: workflow_dispatch: inputs: version: description: | The version of the upstream provider to upgrade to, without the 'v' prefix If no version is specified, it will be inferred from the upstream provider's release tags. required: false type: string upgradeProviderVersion: description: | Version of upgrade-provider to use. This must be a valid git reference in the pulumi/upgrade-provider repo. Defaults to "main" See https://go.dev/ref/mod#versions for valid versions. E.g. "v0.1.0", "main", "da25dec". default: main type: string schedule: # 3 AM UTC ~ 8 PM PDT / 7 PM PST daily. Time chosen to run during off hours. - cron: 0 3 * * * env: PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget PULUMI_PROVIDER_AUTOMATION_TOKEN: ${{ secrets.PULUMI_PROVIDER_AUTOMATION_TOKEN }} PULUMI_PULUMI_ENABLE_JOURNALING: "true" TF_APPEND_USER_AGENT: pulumi permissions: contents: write issues: write pull-requests: write id-token: write # For ESC secrets. jobs: upgrade_provider: name: upgrade-provider runs-on: ubuntu-latest steps: - name: Checkout Repo uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: # Persist credentials so upgrade-provider can push a new branch. persist-credentials: true - id: esc-secrets name: Map environment to ESC outputs uses: ./.github/actions/esc-action - name: Setup mise uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3 env: MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: version: 2025.11.6 github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} # only saving the cache in the prerequisites job cache_save: false - name: Install upgrade-provider run: go install github.com/pulumi/upgrade-provider@${{ inputs.upgradeProviderVersion || 'main' }} shell: bash - name: "Set up git identity" run: | git config --global user.name 'bot@pulumi.com' git config --global user.email 'bot@pulumi.com' shell: bash - name: Create issues for new upstream version if: inputs.version == '' id: upstream_version # This step outputs `latest_version` if there is a pending upgrade run: upgrade-provider "$REPO" --kind=check-upstream-version env: REPO: ${{ github.repository }} GH_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_TOKEN || steps.esc-secrets.outputs.PULUMI_BOT_TOKEN || secrets.GITHUB_TOKEN }} shell: bash - name: Calculate target version id: target_version # Prefer the manually specified version if it exists # upstream_version will be empty if the provider is up-to-date run: echo "version=${{ github.event.inputs.version || steps.upstream_version.outputs.latest_version }}" >> "$GITHUB_OUTPUT" shell: bash - name: Call upgrade provider action id: upgrade_provider if: steps.target_version.outputs.version != '' continue-on-error: true uses: pulumi/pulumi-upgrade-provider-action@e247104aede3eb4641f48c8ad0ea9de9346f2457 # v0.0.18 with: kind: provider email: bot@pulumi.com username: pulumi-bot automerge: true target-version: ${{ steps.target_version.outputs.version }} allow-missing-docs: true env: GH_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_TOKEN || steps.esc-secrets.outputs.PULUMI_BOT_TOKEN || secrets.GITHUB_TOKEN }} - name: Comment on upgrade issue if automated PR failed if: steps.upgrade_provider.outcome == 'failure' shell: bash run: | issue_number=$(gh issue list --search "pulumiupgradeproviderissue" --repo "${{ github.repository }}" --json=number --jq=".[0].number") gh issue comment "${issue_number}" --repo "${{ github.repository }}" --body "Failed to create automatic PR: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/" env: GH_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_TOKEN || steps.esc-secrets.outputs.PULUMI_BOT_TOKEN || secrets.GITHUB_TOKEN }}