Manually run ci-mgmt

.ci-mgmt.yaml

@@ -4,60 +4,54 @@ install-kubectl: true
 major-version: 4
 template: generic
 test-folder: tests
-
 buildProviderCmd: "OS=$(1) ARCH=$(2) OUT=$(3) yarn --cwd nodejs/eks build"
 renovateCmd: "./scripts/renovate.sh"
 shards: 25 # number of shards to use for parallel testing across all languages.
-
 env:
-  AWS_REGION: us-west-2
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GOLANGCI_LINT_VERSION: v1.64.8
-  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-  PROVIDER: eks
-  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
-  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
-  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
-  PULUMI_API: https://api.pulumi-staging.io
-  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
-  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
-  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
-  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
-  PULUMI_ENABLE_RESOURCE_REFERENCES: 1
-  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
-  DOTNET_VERSION: "6.x"
-  GO_VERSION: "1.21.x"
-  JAVA_VERSION: "11"
-  NODE_VERSION: "20.x"
-  PYTHON_VERSION: "3.9"
-
+    AWS_REGION: us-west-2
+    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    GOLANGCI_LINT_VERSION: v1.64.8
+    NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+    PROVIDER: eks
+    PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+    PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+    PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+    PULUMI_API: https://api.pulumi-staging.io
+    PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+    SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+    SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+    SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+    SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+    PULUMI_ENABLE_RESOURCE_REFERENCES: 1
+    PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+    DOTNET_VERSION: "6.x"
+    GO_VERSION: "1.21.x"
+    JAVA_VERSION: "11"
+    NODE_VERSION: "20.x"
+    PYTHON_VERSION: "3.9"
 esc:
-  enabled: true
-
+    enabled: true
 actions:
-  preTest:
-    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
-        aws-region: ${{ env.AWS_REGION }}
-        aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
-        role-duration-seconds: 7200
-        role-session-name: aws@githubActions
-        role-to-assume: ${{ steps.esc-secrets.outputs.AWS_CI_ROLE_ARN }}
-  preBuild:
-    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
-        aws-region: ${{ env.AWS_REGION }}
-        aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
-        role-duration-seconds: 7200
-        role-session-name: aws@githubActions
-        role-to-assume: ${{ steps.esc-secrets.outputs.AWS_CI_ROLE_ARN }}
-
+    preTest:
+        - name: Configure AWS Credentials
+          uses: aws-actions/configure-aws-credentials@v4
+          with:
+            aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
+            aws-region: ${{ env.AWS_REGION }}
+            aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
+            role-duration-seconds: 7200
+            role-session-name: aws@githubActions
+            role-to-assume: ${{ steps.esc-secrets.outputs.AWS_CI_ROLE_ARN }}
+    preBuild:
+        - name: Configure AWS Credentials
+          uses: aws-actions/configure-aws-credentials@v4
+          with:
+            aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
+            aws-region: ${{ env.AWS_REGION }}
+            aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
+            role-duration-seconds: 7200
+            role-session-name: aws@githubActions
+            role-to-assume: ${{ steps.esc-secrets.outputs.AWS_CI_ROLE_ARN }}
 releaseVerification:
-  nodejs: examples/cluster
-  dotnet: examples/cluster-cs
+    nodejs: examples/cluster
+    dotnet: examples/cluster-cs

.config/mise.lock

@@ -0,0 +1,39 @@
+[[tools.dotnet]]
+version = "8.0.414"
+backend = "asdf:dotnet"
+
+[[tools."github:pulumi/pulumictl"]]
+version = "0.0.50"
+backend = "github:pulumi/pulumictl"
+
+[[tools."github:pulumi/schema-tools"]]
+version = "0.6.0"
+backend = "github:pulumi/schema-tools"
+
+[[tools.go]]
+version = "1.24.2"
+backend = "core:go"
+
+[[tools.golangci-lint]]
+version = "1.64.8"
+backend = "aqua:golangci/golangci-lint"
+
+[[tools.gradle]]
+version = "7.6.6"
+backend = "aqua:gradle/gradle"
+
+[[tools.java]]
+version = "corretto-11.0.28.6.1"
+backend = "core:java"
+
+[[tools.node]]
+version = "20.19.5"
+backend = "core:node"
+
+[[tools.pulumi]]
+version = "3.173.0"
+backend = "aqua:pulumi/pulumi"
+
+[[tools.python]]
+version = "3.11.8"
+backend = "core:python"

.config/mise.test.toml

@@ -0,0 +1,7 @@
+# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
+
+# Overrides tool versions for test workflows
+
+[tools]
+# always use pulumi latest for tests
+pulumi = "latest"

.config/mise.toml

@@ -0,0 +1,27 @@
+# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
+# You can create your own root-level mise.toml file to override/augment this. See https://mise.jdx.dev/configuration.html
+
+[env]
+_.source = "{{config_root}}/scripts/get-versions.sh"
+
+[tools]
+
+# Runtimes
+# TODO: we may not need `get_env` once https://github.com/jdx/mise/discussions/6339 is fixed
+go = "{{ get_env(name='GO_VERSION_MISE', default='latest') }}"
+node = '20'
+python = '3.11.8'
+dotnet = '8.0'
+# Corretto version used as Java SE/OpenJDK version no longer offered
+java = 'corretto-11'
+
+# Executable tools
+pulumi = "{{ get_env(name='PULUMI_VERSION_MISE', default='latest') }}"
+"github:pulumi/pulumictl" = 'latest'
+"github:pulumi/schema-tools" = "latest"
+gradle = '7.6'
+golangci-lint = "1.64.8" # See note about about overrides if you need to customize this.
+
+[settings]
+experimental = true # Required for Go binaries (e.g. pulumictl).
+lockfile = true

.github/workflows/build_provider.yml

@@ -56,12 +56,13 @@ jobs:
       - uses: MOZGIII/install-ldid-action@v1
         with:
           tag: v2.1.5-procursus2
-      - name: Setup tools
-        uses: ./.github/actions/setup-tools
+      - name: Setup mise
+        uses: jdx/mise-action@v3
         with:
-          tools: pulumictl, go
-          # use per-platform/arch caches instead since we are doing cross-builds
-          cache-go: false
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          cache_key: "mise-{{platform}}-{{file_hash}}"
+          # only saving the cache in the prerequisites job
+          cache_save: false
       # Based on https://github.com/actions/cache/blob/main/examples.md#go---modules
       - name: Get GOCACHE
         id: gocache

.github/workflows/build_sdk.yml

@@ -58,15 +58,28 @@ jobs:
         name: Fetch secrets from ESC
         uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
       - name: Cache examples generation
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
         with:
           path: |
             .pulumi/examples-cache
           key: ${{ runner.os }}-${{ hashFiles('provider/go.sum') }}
-      - name: Setup tools
-        uses: ./.github/actions/setup-tools
+      - name: Setup mise
+        uses: jdx/mise-action@v3
         with:
-          tools: pulumictl, pulumicli, ${{ matrix.language }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          cache_key: "mise-{{platform}}-{{file_hash}}"
+          # only saving the cache in the prerequisites job
+          cache_save: false
+      - name: Setup Go Cache
+        if: matrix.language == 'go' || contains(matrix.language, 'go')
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+        with:
+          cache-dependency-path: |
+            provider/*.sum
+            upstream/*.sum
+            sdk/go/*.sum
+            sdk/*.sum
+            *.sum
       - name: Prepare local workspace
         run: make prepare_local_workspace
         env:
@@ -79,6 +92,7 @@ jobs:
         run: make --touch provider schema
       - name: Build SDK
         run: make build_${{ matrix.language }}
+
       - name: Check worktree clean
         id: worktreeClean
         uses: pulumi/git-status-check-action@v1
@@ -90,6 +104,7 @@ jobs:
             sdk/go/**/pulumiUtilities.go
             sdk/nodejs/package.json
             sdk/python/pyproject.toml
+            sdk/java/build.gradle
       - name: Commit ${{ matrix.language }} SDK changes for Renovate
         # If the worktree is dirty and this is a Renovate PR to bump
         # dependencies, commit the updated SDK and push it back to the PR. The

.github/workflows/license.yml

@@ -30,11 +30,13 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - name: Setup tools
-        uses: ./.github/actions/setup-tools
+      - name: Setup mise
+        uses: jdx/mise-action@v3
         with:
-          tools: go
-          cache-go: false
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          cache_key: "mise-{{platform}}-{{file_hash}}"
+          # only saving the cache in the prerequisites job
+          cache_save: false
       - run: make prepare_local_workspace
         continue-on-error: true
         env:

.github/workflows/lint.yml

@@ -30,13 +30,11 @@ jobs:
       uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         persist-credentials: false
-    - name: Install go
-      uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+    - name: Setup mise
+      uses: jdx/mise-action@v3
       with:
-        # The versions of golangci-lint and setup-go here cross-depend and need to update together.
-        go-version: 1.23
-        # Either this action or golangci-lint needs to disable the cache
-        cache: false
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        cache_save: false # A different job handles caching our tools.
     - name: disarm go:embed directives to enable lint
       continue-on-error: true # this fails if there are no go:embed directives
       run: |
@@ -49,5 +47,5 @@ jobs:
     - name: golangci-lint
       uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6
       with:
-        version: v1.64.6
+        install-mode: none # Handled by mise.
         working-directory: provider