From de5b424c90c137b9a64c9b6742fe4fbab6a371eb Mon Sep 17 00:00:00 2001
From: Pulumi Bot <bot@pulumi.com>
Date: Tue, 10 Dec 2024 05:35:46 +0000
Subject: [PATCH 1/3] [internal] Update GitHub Actions workflow files

---
 .github/actions/setup-tools/action.yml     |  4 +--
 .github/workflows/build_provider.yml       | 30 +++++++++++++++++++++-
 .github/workflows/build_sdk.yml            |  2 +-
 .github/workflows/community-moderation.yml |  2 +-
 .github/workflows/prerequisites.yml        |  8 +++---
 .github/workflows/pull-request.yml         |  4 +--
 examples/labels-combinations-go/go.mod     |  2 +-
 examples/labels-combinations-go/go.sum     |  4 +--
 upstream.sh                                |  2 +-
 9 files changed, 43 insertions(+), 15 deletions(-)

diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml
index 6a711d4184..13f8158365 100644
--- a/.github/actions/setup-tools/action.yml
+++ b/.github/actions/setup-tools/action.yml
@@ -30,7 +30,7 @@ runs:
 
     - name: Install pulumictl
       if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl')
-      uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0
+      uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0
       with:
         tag: v0.0.46
         repo: pulumi/pulumictl
@@ -43,7 +43,7 @@ runs:
 
     - name: Install Schema Tools
       if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools')
-      uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0
+      uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0
       with:
         repo: pulumi/schema-tools
 
diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml
index d4b9769d0d..c029a65fd9 100644
--- a/.github/workflows/build_provider.yml
+++ b/.github/workflows/build_provider.yml
@@ -50,8 +50,36 @@ jobs:
           path: provider/cmd/pulumi-resource-gcp
       - name: Restore makefile progress
         run: make --touch provider schema
-      - name: Build & package provider
+
+      - name: Build provider
+        if: matrix.platform.os != 'windows'
+        run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-gcp
+
+      - name: Build windows provider
+        if: matrix.platform.os == 'windows'
+        run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-gcp.exe
+
+      - name: Sign windows provider
+        if: matrix.platform.os == 'windows'
+        run: |
+          az login --service-principal \
+            -u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \
+            -p ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} \
+            -t ${{ secrets.AZURE_SIGNING_TENANT_ID }} \
+            -o none;
+
+          wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar;
+
+          java -jar jsign-6.0.jar \
+             --storetype AZUREKEYVAULT \
+             --keystore "PulumiCodeSigning" \
+             --url ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} \
+             --storepass "$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken)" \
+             bin/windows-amd64/pulumi-resource-gcp.exe;
+
+      - name: Package provider
         run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
+
       - name: Upload artifacts
         uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml
index 5878ea2ac4..ba31c580ca 100644
--- a/.github/workflows/build_sdk.yml
+++ b/.github/workflows/build_sdk.yml
@@ -53,7 +53,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Cache examples generation
-        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
         with:
           path: |
             .pulumi/examples-cache
diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml
index c353895e24..8eefeb73ec 100644
--- a/.github/workflows/community-moderation.yml
+++ b/.github/workflows/community-moderation.yml
@@ -25,7 +25,7 @@ jobs:
     - if: steps.sdk_changed.outputs.changed == 'true' &&
         github.event.pull_request.head.repo.full_name != github.repository
       name: Send codegen warning as comment on PR
-      uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0
+      uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
       with:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         message: >
diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml
index 0e5bc8f736..3a7a441792 100644
--- a/.github/workflows/prerequisites.yml
+++ b/.github/workflows/prerequisites.yml
@@ -59,7 +59,7 @@ jobs:
       with:
         set-env: 'PROVIDER_VERSION'
     - name: Cache examples generation
-      uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
+      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
       with:
         path: |
           .pulumi/examples-cache
@@ -87,10 +87,10 @@ jobs:
         } >> "$GITHUB_ENV"
     - if: inputs.is_pr && inputs.is_automated == false
       name: Comment on PR with Details of Schema Check
-      uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0
+      uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
       with:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        comment_tag: schemaCheck
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        comment-tag: schemaCheck
         message: >+
           ${{ env.SCHEMA_CHANGES }}
 
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index e6e1a6fa0d..de27a83eba 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -36,9 +36,9 @@ jobs:
       with:
         persist-credentials: false
     - name: Comment PR
-      uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0
+      uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
       with:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        github-token: ${{ secrets.GITHUB_TOKEN }}
         message: >
           PR is now waiting for a maintainer to run the acceptance tests.
 
diff --git a/examples/labels-combinations-go/go.mod b/examples/labels-combinations-go/go.mod
index 1441c638da..47268d7903 100644
--- a/examples/labels-combinations-go/go.mod
+++ b/examples/labels-combinations-go/go.mod
@@ -4,7 +4,7 @@ go 1.21
 
 require (
 	github.com/pulumi/pulumi-gcp/sdk/v8 v8.0.0-alpha.0
-	github.com/pulumi/pulumi/sdk/v3 v3.140.0
+	github.com/pulumi/pulumi/sdk/v3 v3.142.0
 )
 
 replace github.com/pulumi/pulumi-gcp/sdk/v8 => ../../sdk
diff --git a/examples/labels-combinations-go/go.sum b/examples/labels-combinations-go/go.sum
index 22da94d1a1..16a7bbf58f 100644
--- a/examples/labels-combinations-go/go.sum
+++ b/examples/labels-combinations-go/go.sum
@@ -150,8 +150,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435
 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
 github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs=
 github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c=
-github.com/pulumi/pulumi/sdk/v3 v3.140.0 h1:+Z/RBvdYg7tBNkBwk4p/FzlV7niBT3TbLAICq/Y0LDU=
-github.com/pulumi/pulumi/sdk/v3 v3.140.0/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI=
+github.com/pulumi/pulumi/sdk/v3 v3.142.0 h1:SmcVddGuvwAh3g3XUVQQ5gVRQUKH1yZ6iETpDNHIHlw=
+github.com/pulumi/pulumi/sdk/v3 v3.142.0/go.mod h1:PvKsX88co8XuwuPdzolMvew5lZV+4JmZfkeSjj7A6dI=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
diff --git a/upstream.sh b/upstream.sh
index 640b836321..ce90039c3a 100755
--- a/upstream.sh
+++ b/upstream.sh
@@ -286,7 +286,7 @@ rebase() {
     interactive_flag="--interactive"
   fi
   if ! git rebase --onto "${onto}" ${interactive_flag}; then
-    echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory."
+    echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory. Once the rebase is complete, run '${original_exec} check_in' to write to commits back to patches."
     exit 1
   fi
   cd ..

From b6e63cd6e79b49934fea13cb66b98d47c11273bd Mon Sep 17 00:00:00 2001
From: Ian Wahbe <me@iwahbe.com>
Date: Tue, 10 Dec 2024 16:25:46 +0100
Subject: [PATCH 2/3] Don't run `go test` in JSON mode (#2722)

Follow-up on https://github.com/pulumi/pulumi-gcp/pull/2712.
---
 .ci-mgmt.yaml                              | 2 +-
 .github/workflows/master.yml               | 2 +-
 .github/workflows/prerelease.yml           | 2 +-
 .github/workflows/release.yml              | 2 +-
 .github/workflows/run-acceptance-tests.yml | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.ci-mgmt.yaml b/.ci-mgmt.yaml
index 35d64d2ea3..c057c9a611 100644
--- a/.ci-mgmt.yaml
+++ b/.ci-mgmt.yaml
@@ -38,6 +38,6 @@ actions:
         make upstream
     - name: Run provider tests
       run: |
-        cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
+        cd provider && go test -v -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
 # Use `pulumi convert` for translating examples from TF to Pulumi.
 pulumiConvert: 1
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index a1580a8b72..23d87b5599 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -195,7 +195,7 @@ jobs:
         make upstream
     - name: Run provider tests
       run: |
-        cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
+        cd provider && go test -v -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
     - name: Run tests
       run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4
     strategy:
diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
index 4601b8ff04..0950dac80d 100644
--- a/.github/workflows/prerelease.yml
+++ b/.github/workflows/prerelease.yml
@@ -136,7 +136,7 @@ jobs:
         make upstream
     - name: Run provider tests
       run: |
-        cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
+        cd provider && go test -v -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
     - name: Run tests
       run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
     strategy:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5736af2851..8b336057ab 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -142,7 +142,7 @@ jobs:
         make upstream
     - name: Run provider tests
       run: |
-        cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
+        cd provider && go test -v -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
     - name: Run tests
       run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
     strategy:
diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml
index 5121476d96..e4ef8741a5 100644
--- a/.github/workflows/run-acceptance-tests.yml
+++ b/.github/workflows/run-acceptance-tests.yml
@@ -191,7 +191,7 @@ jobs:
         make upstream
     - name: Run provider tests
       run: |
-        cd provider && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
+        cd provider && go test -v -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
     - name: Run tests
       if: matrix.testTarget == 'local'
       run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -skip TestPulumiExamples -parallel 4 .

From b00094d5ee9dfdaf2cbfcf4158ff84b8cf482e08 Mon Sep 17 00:00:00 2001
From: Ian Wahbe <me@iwahbe.com>
Date: Tue, 10 Dec 2024 17:11:06 +0100
Subject: [PATCH 3/3] Don't specify `name` for TestRegress1036

Specifying `name` causes the test to fail when run at the same time as another CI
pipeline, since the specified name must be project unique.
---
 examples/regress-1036/__main__.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/examples/regress-1036/__main__.py b/examples/regress-1036/__main__.py
index 87e2ba4142..780e7ae158 100644
--- a/examples/regress-1036/__main__.py
+++ b/examples/regress-1036/__main__.py
@@ -6,6 +6,5 @@
 private_zone = gcp.dns.ManagedZone("private",
     description=description,
     dns_name="example.net.",
-    name="private",
     visibility="private",
 )