feat: Download CLI if preinstalled version is known bad

Sometimes a release of the CLI contains a bug that is bad enough that we'd prefer users avoid using that version, to avoid the issue. For example, a bug that could cause stack corruption. We'd like to have a holistic way to "taint" a bad release, but in the meantime, one tactical change is to have the action prefer downloading a more recent version of the CLI if the version that is preinstalled has known issues. For now, the list is hardcoded, but in the future it could be stored in a centralized location that the action could check.
pulumi · Jun 2, 2023 · 85ac325 · 85ac325
1 parent 8b366c4
commit 85ac325
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## HEAD (Unreleased)
 
+- feat: Download CLI if preinstalled version has a known issue.
+
 --
 
 ## 4.3.0 (2023-05-12)

diff --git a/src/libs/pulumi-cli.ts b/src/libs/pulumi-cli.ts
@@ -7,6 +7,22 @@ import * as semver from 'semver';
 import * as exec from './exec';
 import { getVersionObject } from './libs/get-version';
 
+/**
+ * Returns true if the version is known to have issues and should not be used
+ * if already installed on the runner. Instead, proceed to downloading the CLI.
+ */
+function isKnownBadVersion(version: string): boolean {
+  const knownBadVersions = new Set([
+    // The following versions have a regression with the `--target` and
+    // `--target-replace` flags that may cause stack corruption when used.
+    // See: https://github.com/pulumi/pulumi/issues/12964
+    '3.66.0',
+    '3.67.0',
+    '3.67.1',
+  ]);
+  return knownBadVersions.has(version);
+}
+
 export async function getVersion(): Promise<string | undefined> {
   const res = await exec.exec('pulumi', ['version']);
 
@@ -58,8 +74,13 @@ export async function downloadCli(range: string): Promise<void> {
     const runnerVersion = await getVersion();
 
     if (runnerVersion) {
-      // Check if runner version matches
-      if (semver.satisfies(runnerVersion, range)) {
+      if (isKnownBadVersion(runnerVersion)) {
+        // If the version on the runner is known bad, proceed to downloading the CLI to get
+        // a more recent version.
+        core.info(
+          `Pulumi version ${runnerVersion} has a known issue. Proceeding to download`,
+        );
+      } else if (semver.satisfies(runnerVersion, range)) {
         // If runner version matches, skip downloading CLI by exiting the function
         core.info(
           `Pulumi version ${runnerVersion} is already installed on this machine. Skipping download`,
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,6 +2,8 @@ @@
     ## HEAD (Unreleased)
+    - feat: Download CLI if preinstalled version has a known issue.
     --
     ## 4.3.0 (2023-05-12)
@@ Expand Down @@