Iterate on the java update job: move worklow to repos (#1616)

Calling upgrade-provider from ci-mgmt does not have the right GitHub
permissions to edit the repository being automated. It works allright
from within the repository as in:
pulumi/pulumi-tls#810

Switching to this pattern where ci-mgmt simply dispatches jobs to
subordinate repositories.

This might need a few more iterations to get quite right.

Author: t0yv0

.github/workflows/update-java.yml

@@ -10,6 +10,11 @@ on:
         description: Desired version of pulumi/pulumi-java to ugprade to.
         required: true
         type: string
+      provider:
+        description: |
+          A single provider, such as 'aws', to update. If 'all' all providers are updated.
+        required: false
+        default: all
 
 env:
   ESC_ACTION_OIDC_AUTH: true
@@ -28,7 +33,19 @@ jobs:
         uses: pulumi/esc-action@cf5b30703ffd5ad60cc3a880c09b3a9592b9372d # v1
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       - id: get-providers
-        run: echo "providers=$(jq . providers.json --compact-output)" >> "$GITHUB_OUTPUT"
+        shell: bash
+        env:
+          PROVIDER: ${{inputs.provider}}
+        run: |
+            case "$PROVIDER" in
+                all)
+                    echo "providers=$(jq . providers.json --compact-output)" >> "$GITHUB_OUTPUT"
+                    ;;
+
+                *)
+                    echo "providers=[\"${PROVIDER}\"]" >> "$GITHUB_OUTPUT"
+                    ;;
+            esac
         working-directory: provider-ci
     outputs:
       providers: ${{ steps.get-providers.outputs.providers }}
@@ -49,37 +66,33 @@ jobs:
       - name: Fetch secrets from ESC
         id: esc-secrets
         uses: pulumi/esc-action@cf5b30703ffd5ad60cc3a880c09b3a9592b9372d # v1
-
-      - name: Checkout provider sources
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          repository: pulumi/pulumi-${matrix.provider}
-          path: provider
-
-      - name: Install upgrade-provider
-        run: go install github.com/pulumi/upgrade-provider@main
-        shell: bash
-
-      - name: Install pulumictl
-        uses: jaxxstorm/[email protected]
-        with:
-          repo: pulumi/pulumictl
-
-      - name: Install Pulumi CLI
-        uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6
-
-      - name: "Set up git identity: name"
-        run: git config --global user.name '${{ github.actor }}'
-        shell: bash
-
-      - name: Upgrade Java
+      - name: Format inputs
         shell: bash
+        id: format-inputs
         env:
-          P: pulumi/pulumi-${{matrix.provider}}
-          V: ${{inputs.pulumi-java-version}}
+          V: ${{ inputs.pulumi-java-version }}
         run: |
-          cd provider
-          upgrade-provider "$P" --kind=java --java-version="$V"
-
+          INPUTS_JSON=$(jq -n --arg v "$V" '{version: $v}')
+          echo "json=$INPUTS_JSON" >> "$GITHUB_OUTPUT"
+      - name: pulumi-${{ matrix.provider }} main
+        id: upgrade-on-main
+        uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4
+        continue-on-error: true
+        with:
+            workflow: upgrade-java.yml
+            token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
+            repo: pulumi/pulumi-${{ matrix.provider }}
+            inputs: ${{ steps.format-inputs.outputs.json }}
+            ref: main
+      - name: pulumi-${{ matrix.provider }} master
+        id: upgrade-on-master
+        if: steps.upgrade-on-main.outcome == 'failure'
+        uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4
+        with:
+            workflow: upgrade-java.yml
+            token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
+            repo: pulumi/pulumi-${{ matrix.provider }}
+            ref: master
+            inputs: ${{ steps.format-inputs.outputs.json }}
       - name: Sleep to prevent hitting secondary rate limits
         run: sleep 1

provider-ci/internal/pkg/templates/bridged/.github/workflows/upgrade-java.yml

@@ -0,0 +1,62 @@
+# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
+
+name: Upgrade Java
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: |
+          The version of pulumi/pulumi-java to upgrade to, without the 'v' prefix
+        required: true
+        type: string
+      upgradeProviderVersion:
+        description: |
+          Version of upgrade-provider to use. This must be a valid git reference in the pulumi/upgrade-provider repo. Defaults to "main"
+
+          See https://go.dev/ref/mod#versions for valid versions. E.g. "v0.1.0", "main", "da25dec".
+        default: main
+        type: string
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  upgrade_java:
+    name: upgrade-java
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout Repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # Persist credentials so upgrade-provider can push a new branch.
+          persist-credentials: true
+
+      - name: Setup tools
+        uses: ./.github/actions/setup-tools
+        with:
+          tools: pulumictl, pulumicli, go
+
+      - name: Install upgrade-provider
+        run: go install github.com/pulumi/upgrade-provider@${{ inputs.upgradeProviderVersion || 'main' }}
+        shell: bash
+
+      - name: "Set up git identity"
+        run: |
+          git config --global user.name '[email protected]'
+          git config --global user.email '[email protected]'
+        shell: bash
+
+      - name: Upgrade Java
+        shell: bash
+        id: upgrade_provider
+        env:
+          V: ${{inputs.version}}
+          REPO: ${{github.repository}}
+        run: |
+          upgrade-provider "$REPO" --kind=java --java-version="$V"

provider-ci/test-providers/acme/.github/workflows/upgrade-java.yml

@@ -0,0 +1,62 @@
+# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
+
+name: Upgrade Java
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: |
+          The version of pulumi/pulumi-java to upgrade to, without the 'v' prefix
+        required: true
+        type: string
+      upgradeProviderVersion:
+        description: |
+          Version of upgrade-provider to use. This must be a valid git reference in the pulumi/upgrade-provider repo. Defaults to "main"
+
+          See https://go.dev/ref/mod#versions for valid versions. E.g. "v0.1.0", "main", "da25dec".
+        default: main
+        type: string
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  upgrade_java:
+    name: upgrade-java
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout Repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # Persist credentials so upgrade-provider can push a new branch.
+          persist-credentials: true
+
+      - name: Setup tools
+        uses: ./.github/actions/setup-tools
+        with:
+          tools: pulumictl, pulumicli, go
+
+      - name: Install upgrade-provider
+        run: go install github.com/pulumi/upgrade-provider@${{ inputs.upgradeProviderVersion || 'main' }}
+        shell: bash
+
+      - name: "Set up git identity"
+        run: |
+          git config --global user.name '[email protected]'
+          git config --global user.email '[email protected]'
+        shell: bash
+
+      - name: Upgrade Java
+        shell: bash
+        id: upgrade_provider
+        env:
+          V: ${{inputs.version}}
+          REPO: ${{github.repository}}
+        run: |
+          upgrade-provider "$REPO" --kind=java --java-version="$V"

provider-ci/test-providers/aws/.github/workflows/upgrade-java.yml

@@ -0,0 +1,62 @@
+# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
+
+name: Upgrade Java
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: |
+          The version of pulumi/pulumi-java to upgrade to, without the 'v' prefix
+        required: true
+        type: string
+      upgradeProviderVersion:
+        description: |
+          Version of upgrade-provider to use. This must be a valid git reference in the pulumi/upgrade-provider repo. Defaults to "main"
+
+          See https://go.dev/ref/mod#versions for valid versions. E.g. "v0.1.0", "main", "da25dec".
+        default: main
+        type: string
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  upgrade_java:
+    name: upgrade-java
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout Repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # Persist credentials so upgrade-provider can push a new branch.
+          persist-credentials: true
+
+      - name: Setup tools
+        uses: ./.github/actions/setup-tools
+        with:
+          tools: pulumictl, pulumicli, go
+
+      - name: Install upgrade-provider
+        run: go install github.com/pulumi/upgrade-provider@${{ inputs.upgradeProviderVersion || 'main' }}
+        shell: bash
+
+      - name: "Set up git identity"
+        run: |
+          git config --global user.name '[email protected]'
+          git config --global user.email '[email protected]'
+        shell: bash
+
+      - name: Upgrade Java
+        shell: bash
+        id: upgrade_provider
+        env:
+          V: ${{inputs.version}}
+          REPO: ${{github.repository}}
+        run: |
+          upgrade-provider "$REPO" --kind=java --java-version="$V"

provider-ci/test-providers/cloudflare/.github/workflows/upgrade-java.yml

@@ -0,0 +1,62 @@
+# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
+
+name: Upgrade Java
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: |
+          The version of pulumi/pulumi-java to upgrade to, without the 'v' prefix
+        required: true
+        type: string
+      upgradeProviderVersion:
+        description: |
+          Version of upgrade-provider to use. This must be a valid git reference in the pulumi/upgrade-provider repo. Defaults to "main"
+
+          See https://go.dev/ref/mod#versions for valid versions. E.g. "v0.1.0", "main", "da25dec".
+        default: main
+        type: string
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  upgrade_java:
+    name: upgrade-java
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout Repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # Persist credentials so upgrade-provider can push a new branch.
+          persist-credentials: true
+
+      - name: Setup tools
+        uses: ./.github/actions/setup-tools
+        with:
+          tools: pulumictl, pulumicli, go
+
+      - name: Install upgrade-provider
+        run: go install github.com/pulumi/upgrade-provider@${{ inputs.upgradeProviderVersion || 'main' }}
+        shell: bash
+
+      - name: "Set up git identity"
+        run: |
+          git config --global user.name '[email protected]'
+          git config --global user.email '[email protected]'
+        shell: bash
+
+      - name: Upgrade Java
+        shell: bash
+        id: upgrade_provider
+        env:
+          V: ${{inputs.version}}
+          REPO: ${{github.repository}}
+        run: |
+          upgrade-provider "$REPO" --kind=java --java-version="$V"