From a0838d53fa1efefcfa50dbee199ec1ec41569a5b Mon Sep 17 00:00:00 2001 From: Pulumi Bot Date: Thu, 28 Nov 2024 05:32:03 +0000 Subject: [PATCH] [internal] Update GitHub Actions workflow files --- .github/actions/download-bin/action.yml | 2 +- .github/actions/download-sdk/action.yml | 2 +- .github/actions/setup-tools/action.yml | 18 +++++++++--------- .github/actions/upload-bin/action.yml | 2 +- .github/actions/upload-sdk/action.yml | 2 +- .github/workflows/build_provider.yml | 6 +++--- .github/workflows/build_sdk.yml | 4 ++-- .github/workflows/command-dispatch.yml | 4 ++-- .github/workflows/community-moderation.yml | 8 ++++---- .github/workflows/license.yml | 2 +- .github/workflows/lint.yml | 6 +++--- .github/workflows/master.yml | 12 ++++++------ .github/workflows/prerelease.yml | 6 +++--- .github/workflows/prerequisites.yml | 10 +++++----- .github/workflows/publish.yml | 16 ++++++++-------- .github/workflows/pull-request.yml | 4 ++-- .github/workflows/release.yml | 6 +++--- .github/workflows/release_command.yml | 6 +++--- .github/workflows/resync-build.yml | 6 +++--- .github/workflows/run-acceptance-tests.yml | 12 ++++++------ .github/workflows/upgrade-bridge.yml | 6 +++--- .github/workflows/upgrade-provider.yml | 2 +- .github/workflows/verify-release.yml | 2 +- 23 files changed, 72 insertions(+), 72 deletions(-) diff --git a/.github/actions/download-bin/action.yml b/.github/actions/download-bin/action.yml index 192d039ef6..e62f5a8b6c 100644 --- a/.github/actions/download-bin/action.yml +++ b/.github/actions/download-bin/action.yml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Download provider + tfgen binaries - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: gcp-provider.tar.gz path: ${{ github.workspace }}/bin diff --git a/.github/actions/download-sdk/action.yml b/.github/actions/download-sdk/action.yml index 272e331770..ec5a2f3082 100644 --- a/.github/actions/download-sdk/action.yml +++ b/.github/actions/download-sdk/action.yml @@ -10,7 +10,7 @@ runs: using: "composite" steps: - name: Download ${{ inputs.language }} SDK - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/ diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index 642d1d223f..6a711d4184 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -20,7 +20,7 @@ runs: steps: - name: Install Go if: inputs.tools == 'all' || contains(inputs.tools, 'go') - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: "1.21.x" cache-dependency-path: | @@ -30,45 +30,45 @@ runs: - name: Install pulumictl if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') - uses: jaxxstorm/action-install-gh-release@v1.11.0 + uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 with: tag: v0.0.46 repo: pulumi/pulumictl - name: Install Pulumi CLI if: inputs.tools == 'all' || contains(inputs.tools, 'pulumicli') - uses: pulumi/actions@v5 + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6 with: pulumi-version: "dev" - name: Install Schema Tools if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools') - uses: jaxxstorm/action-install-gh-release@v1.11.0 + uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 with: repo: pulumi/schema-tools - name: Setup Node if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs') - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version: 20.x registry-url: https://registry.npmjs.org - name: Setup DotNet if: inputs.tools == 'all' || contains(inputs.tools, 'dotnet') - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4 with: dotnet-version: 6.0.x - name: Setup Python if: inputs.tools == 'all' || contains(inputs.tools, 'python') - uses: actions/setup-python@v5 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 with: python-version: 3.11.8 - name: Setup Java if: inputs.tools == 'all' || contains(inputs.tools, 'java') - uses: actions/setup-java@v4 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 with: cache: gradle distribution: temurin @@ -76,6 +76,6 @@ runs: - name: Setup Gradle if: inputs.tools == 'all' || contains(inputs.tools, 'java') - uses: gradle/gradle-build-action@v3 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 with: gradle-version: 7.6 diff --git a/.github/actions/upload-bin/action.yml b/.github/actions/upload-bin/action.yml index 3d1543a652..3c0a32e44f 100644 --- a/.github/actions/upload-bin/action.yml +++ b/.github/actions/upload-bin/action.yml @@ -8,7 +8,7 @@ runs: shell: bash run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-gcp pulumi-tfgen-gcp - name: Upload artifacts - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: gcp-provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz diff --git a/.github/actions/upload-sdk/action.yml b/.github/actions/upload-sdk/action.yml index c8c88de969..b0dd140427 100644 --- a/.github/actions/upload-sdk/action.yml +++ b/.github/actions/upload-sdk/action.yml @@ -13,7 +13,7 @@ runs: shell: bash run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . - name: Upload artifacts - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index be03007f63..b870a8ee1a 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -30,7 +30,7 @@ jobs: arch: amd64 steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools @@ -40,7 +40,7 @@ jobs: - name: Prepare local workspace before restoring previously built run: make prepare_local_workspace - name: Download schema-embed.json - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: # Use a pattern to avoid failing if the artifact doesn't exist pattern: schema-embed.* @@ -52,7 +52,7 @@ jobs: - name: Build & package provider run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} - name: Upload artifacts - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: pulumi-resource-gcp-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz path: bin/pulumi-resource-gcp-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index 272b050c45..4bbc9b9518 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -49,11 +49,11 @@ jobs: - java steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Cache examples generation - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 with: path: | .pulumi/examples-cache diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index 0426bbe15e..09eeda5389 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -31,10 +31,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: peter-evans/slash-command-dispatch@v4 + - uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4 with: commands: | run-acceptance-tests diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml index 0a7dd4bc05..c353895e24 100644 --- a/.github/workflows/community-moderation.yml +++ b/.github/workflows/community-moderation.yml @@ -8,24 +8,24 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - id: schema_changed name: Check for diff in schema - uses: dorny/paths-filter@v2.12.0 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 with: filters: "changed: 'provider/cmd/**/schema.json'" - id: sdk_changed if: steps.schema_changed.outputs.changed == 'false' name: Check for diff in sdk/** - uses: dorny/paths-filter@v2.12.0 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 with: filters: "changed: 'sdk/**'" - if: steps.sdk_changed.outputs.changed == 'true' && github.event.pull_request.head.repo.full_name != github.repository name: Send codegen warning as comment on PR - uses: thollander/actions-comment-pull-request@v2.5.0 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: > diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 0e0e01ea9c..70fcdb4779 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -38,7 +38,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 604748f5f7..7a7d0f014e 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -38,11 +38,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Install go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: # The versions of golangci-lint and setup-go here cross-depend and need to update together. go-version: 1.23 @@ -56,7 +56,7 @@ jobs: continue-on-error: true run: make upstream - name: golangci-lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6 with: version: v1.60 working-directory: provider diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 7b63b402f2..c6d1ff57dd 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -58,16 +58,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} aws-region: us-west-2 @@ -145,7 +145,7 @@ jobs: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools @@ -170,7 +170,7 @@ jobs: pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v2.1.7 + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER @@ -178,7 +178,7 @@ jobs: env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: google-github-actions/setup-gcloud@v2.1.2 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 with: install_components: gke-gcloud-auth-plugin - name: Install dependencies diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 2692f43ecf..8f5afe8b9d 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -87,7 +87,7 @@ jobs: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools @@ -112,7 +112,7 @@ jobs: pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v2.1.7 + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER @@ -120,7 +120,7 @@ jobs: env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: google-github-actions/setup-gcloud@v2.1.2 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 with: install_components: gke-gcloud-auth-plugin - name: Install dependencies diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 1928e89fe7..e7def53e99 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -51,15 +51,15 @@ jobs: version: ${{ steps.provider-version.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: pulumi/provider-version-action@v1 + - uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 id: provider-version with: set-env: 'PROVIDER_VERSION' - name: Cache examples generation - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 with: path: | .pulumi/examples-cache @@ -87,7 +87,7 @@ jobs: } >> "$GITHUB_ENV" - if: inputs.is_pr && inputs.is_automated == false name: Comment on PR with Details of Schema Check - uses: thollander/actions-comment-pull-request@v2.5.0 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} comment_tag: schemaCheck @@ -101,7 +101,7 @@ jobs: uses: ./.github/actions/upload-bin - name: Upload schema-embed.json - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: schema-embed.json path: provider/cmd/pulumi-resource-gcp/schema-embed.json diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index bc59f38220..4c7b856fe1 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -54,7 +54,7 @@ jobs: if: inputs.skipGoSdk && inputs.isPrerelease == false run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools @@ -62,7 +62,7 @@ jobs: with: tools: pulumictl, pulumicli, go, schema-tools - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -74,7 +74,7 @@ jobs: - name: Create dist directory run: mkdir -p dist - name: Download provider assets - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: pulumi-resource-gcp-v${{ inputs.version }}-* path: dist @@ -99,7 +99,7 @@ jobs: - name: Upload Provider Binaries run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive - name: Create GH Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 if: inputs.isPrerelease == false with: tag_name: v${{ inputs.version }} @@ -118,7 +118,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # Persist credentials so we can push back to the repo persist-credentials: true @@ -127,7 +127,7 @@ jobs: with: tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.20 + uses: pulumi/pulumi-package-publisher@1c0359ba74243cf6651efacfd839c751d8ff87e2 # v0.0.20 with: sdk: all version: ${{ inputs.version }} @@ -157,7 +157,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Dispatch Metadata build - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 with: token: ${{ secrets.PULUMI_BOT_TOKEN }} repository: pulumi/registry @@ -178,7 +178,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Clean up release labels diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index b62c9f6530..e6e1a6fa0d 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -32,11 +32,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Comment PR - uses: thollander/actions-comment-pull-request@v2.5.0 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: > diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d7fbf20591..74cbec81df 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -93,7 +93,7 @@ jobs: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools @@ -118,7 +118,7 @@ jobs: pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v2.1.7 + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER @@ -126,7 +126,7 @@ jobs: env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: google-github-actions/setup-gcloud@v2.1.2 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 with: install_components: gke-gcloud-auth-plugin - name: Install dependencies diff --git a/.github/workflows/release_command.yml b/.github/workflows/release_command.yml index ea43de936d..5712f40e5f 100644 --- a/.github/workflows/release_command.yml +++ b/.github/workflows/release_command.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Should release PR @@ -28,7 +28,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: failure() name: Notify failure - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -37,7 +37,7 @@ jobs: "release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" - if: success() name: Notify success - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} diff --git a/.github/workflows/resync-build.yml b/.github/workflows/resync-build.yml index 5343597848..45cab9cdc6 100644 --- a/.github/workflows/resync-build.yml +++ b/.github/workflows/resync-build.yml @@ -33,12 +33,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # Persist credentials so we can push a new branch. persist-credentials: true - name: Checkout repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: ci-mgmt repository: pulumi/ci-mgmt @@ -73,7 +73,7 @@ jobs: - name: Build run: make build - name: Create PR (no linked issue) - uses: peter-evans/create-pull-request@v3.12.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: author: pulumi-bot base: master diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index df96393ec7..4545954542 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -83,7 +83,7 @@ jobs: name: Create URL to the run output run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" - name: Update with Result - uses: peter-evans/create-or-update-comment@v1 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" issue-number: ${{ github.event.client_payload.github.payload.issue.number }} @@ -108,7 +108,7 @@ jobs: - lint runs-on: ubuntu-latest steps: - - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 with: authToken: ${{secrets.GITHUB_TOKEN}} # Write an explicit status check called "Sentinel" which will only pass if this code really runs. @@ -135,13 +135,13 @@ jobs: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.PR_COMMIT_SHA }} persist-credentials: false - name: Checkout p/examples if: matrix.testTarget == 'pulumiExamples' - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: pulumi/examples path: p-examples @@ -167,7 +167,7 @@ jobs: pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v2.1.7 + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER @@ -175,7 +175,7 @@ jobs: env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - name: Setup gcloud auth - uses: google-github-actions/setup-gcloud@v2.1.2 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 with: install_components: gke-gcloud-auth-plugin - name: Install dependencies diff --git a/.github/workflows/upgrade-bridge.yml b/.github/workflows/upgrade-bridge.yml index b47d57a2d1..bfcea9e1d1 100644 --- a/.github/workflows/upgrade-bridge.yml +++ b/.github/workflows/upgrade-bridge.yml @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools @@ -74,7 +74,7 @@ jobs: tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java - name: Call upgrade provider action if: github.event_name == 'workflow_dispatch' - uses: pulumi/pulumi-upgrade-provider-action@v0.0.12 + uses: pulumi/pulumi-upgrade-provider-action@a1d9f03fbfd923f787427c1d9e99c2356711d483 # v0.0.13 with: kind: ${{ inputs.kind }} email: bot@pulumi.com @@ -87,7 +87,7 @@ jobs: pr-title-prefix: ${{ inputs.pr-title-prefix }} - name: Call upgrade provider action if: github.event_name == 'repository_dispatch' - uses: pulumi/pulumi-upgrade-provider-action@v0.0.12 + uses: pulumi/pulumi-upgrade-provider-action@a1d9f03fbfd923f787427c1d9e99c2356711d483 # v0.0.13 with: kind: ${{ github.event.client_payload.kind || 'bridge' }} email: bot@pulumi.com diff --git a/.github/workflows/upgrade-provider.yml b/.github/workflows/upgrade-provider.yml index 174d3f496f..3eaa9b4a5a 100644 --- a/.github/workflows/upgrade-provider.yml +++ b/.github/workflows/upgrade-provider.yml @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # Persist credentials so upgrade-provider can push a new branch. persist-credentials: true diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index 5b89b26502..d44fe07337 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -77,7 +77,7 @@ jobs: runs-on: ${{ matrix.runner }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools