init pulumi policy

Signed-off-by: Olivier Vernin <[email protected]>

updatecli/policies/pulumi/CHANGELOG.md

@@ -0,0 +1,5 @@
+# CHANGELOG
+
+## 0.1.0
+
+ * Initial release

updatecli/policies/pulumi/Policy.yaml

@@ -0,0 +1,29 @@
+---
+# Policy.yaml contains metadata for the Updatecli policy.
+
+## Authors is the policy authors
+authors:
+ - olivier Vernin <[email protected]>
+
+## URL is the policy url
+url: ghcr.io/updatecli/policies/updatecli/pulumi
+
+## Documentation is the policy documentation URL
+documentation: https://github.com/updatecli/policies/blob/main/updatecli/policies/pulumi/README.md
+
+## Source is the policy source URL
+source: https://github.com/updatecli/policies/blob/main/updatecli/policies/pulumi/
+
+# Version is the policy version. 
+version: 0.1.0
+
+## Vendor is the policy vendor
+vendor: Updatecli Project
+
+# License is the policy licenses
+licenses:
+ - "Apache-2.0 license"
+
+# Description is the short policy description
+description: |
+ Bump Pulumi golang packages to align with versions defined in github.com/pulumi/pulumi-terraform-bridge

updatecli/policies/pulumi/README.md

@@ -0,0 +1,85 @@
+# README
+
+WARNING: This policy is written for demo purpose and will be relocated to a better place if needed.
+
+## DESCRIPTION
+
+Bump Pulumi golang packages to align with versions defined in github.com/pulumi/pulumi-terraform-bridge
+
+Pulumi can "bridge" TF providers. In this setup, the Pulumi provider uses this Go module:
+
+github.com/pulumi/pulumi-terraform-bridge
+
+The provider *and* the bridge uses the core Pulumi SDK:
+
+github.com/pulumi/pulumi/pkg/v3
+github.com/pulumi/pulumi/sdk/v3
+
+Upgrading the dependency on pulumi-terraform-bridge, I need to upgrade core pulumi SDK (sdk & pkg) to the same version that the bridge uses.
+
+
+## HOW TO USE
+
+**Show**
+
+They are two different approaches to see the content of this policy:
+
+Using the policy from the local filesystem by running:
+
+ updatecli manifest show --config updatecli.d --values values.d/default.yaml
+
+Using the policy from the registry by running:
+
+ updatecli manifest show $OCI_REGISTRY/< insert your policy name>:v0.1.0
+
+
+**Use**
+
+Similarly to the show command, they are two ways to execute an Updatecli policy, either using the local file or the one stored on the registry.
+
+Using the policy from the local filesystem by running:
+
+ updatecli diff --config updatecli.d --values values.d/default.yaml
+
+Using the policy from the registry by running:
+
+ updatecli diff ghcr.io/updatecli/policies/<a policy name>:v0.1.0
+
+
+If "diff" is replaced by "apply", then the policy will be executed in enforce mode.
+
+⚠ Any values files specified at runtime will override default values set from the policy bundle
+
+**Login**
+
+Regardless your Updatecli policy is meant to be public or private, you probably always want to be authenticated with your registry, by running:
+
+ docker login "$OCI_REGISTRY"
+
+INFO: OCI_REGISTRY can be any OCI compliant registry such as [Zot](https://github.com/project-zot/zot), [DockerHub](https://hub.docker.com), [ghcr.io](https://ghcr.io),etc.
+
+**Publish**
+
+Policies defines in this repository can be published to your registry by running:
+
+ updatecli manifest push \
+  --config updatecli.d \
+  --values values.d/default.yaml \
+  --policy Policy.yaml \
+  --tag "$OCI_REGISTRY/<insert your policy name>" \
+  .
+
+⚠ The tag is defined by the version field in the policy file
+⚠ The latest tag always represents the latest version published from
+a semantic versioning point of view.
+
+## NEXT STEPS
+
+Feel free to look on the [Updatecli documentation](https://updatecli.io) to learn more about how to use Updatecli.
+
+Another good starting point is to understand how to use [update-compose.yaml](https://www.updatecli.io/docs/core/compose/) to orchestrate multiple Updatecli policies.
+
+## CONTRIBUTING
+
+This document has been generated from this [template](https://github.com/updatecli/updatecli/blob/main/pkg/core/scaffold/readme.go).
+Feel free to suggest any improvements or open an [issue](https://github.com/updatecli/updatecli/issues).

updatecli/policies/pulumi/testdata/values.yaml

@@ -0,0 +1,9 @@
+scm:
+ default: 
+ owner: pulumiverse
+ repository: pulumi-talos
+ branch: main
+ user: updatecli
+ email: 
+ #username: 
+ #token:

updatecli/policies/pulumi/updatecli.d/pulumi-pkg.yaml

@@ -0,0 +1,65 @@
+---
+name: "deps: bump github.com/pulumi/pulumi/pkg/v3"
+
+## scms defines the source control management system to interact with.
+scms:
+ default:
+ kind: github
+ spec:
+ owner: "{{ .scm.default.owner }}"
+ repository: "{{ .scm.default.repository }}"
+ branch: "{{ .scm.default.branch }}"
+ user: "{{ .scm.default.user }}"
+ email: "{{ .scm.default.email }}"
+ username: '{{ requiredEnv "UPDATECLI_GITHUB_ACTOR" }}'
+ token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
+
+## actions defines what to do when a target with the same scmid is modified.
+actions:
+ default:
+ kind: "github/pullrequest"
+ scmid: "default"
+ spec:
+ automerge: false
+ labels:
+ - "dependencies"
+
+## sources defines where to find the information.
+sources:
+ bridge:
+ scmid: "default"
+ kind: "golang/gomod"
+ spec:
+ file: "provider/go.mod"
+ module: "github.com/pulumi/pulumi-terraform-bridge/v3"
+
+ pulumi/pkg:
+ name: 'Get github.com/pulumi/pulumi/pkg/v3 version used by github.com/pulumi/pulumi-terraform-bridge/v3 {{ source "bridge" }}'
+ kind: "golang/gomod"
+ dependson:
+ - "bridge"
+ spec:
+ file: 'https://raw.githubusercontent.com/pulumi/pulumi-terraform-bridge/{{ source "bridge" }}/go.mod'
+ module: "github.com/pulumi/pulumi/pkg/v3"
+
+conditions:
+ pulumi/pkg:
+ name: 'is github.com/pulumi/pulumi/pkg/v3 is defined'
+ scmid: "default"
+ disablesourceinput: true
+ kind: "golang/gomod"
+ spec:
+ file: "provider/go.mod"
+ module: "github.com/pulumi/pulumi/pkg/v3"
+
+targets:
+ pulumi/pkg:
+ name: 'deps: bump github.com/pulumi/pulumi/pkg/v3 to {{ source "pulumi/pkg" }}'
+ scmid: "default"
+ kind: "golang/gomod"
+ sourceid: "pulumi/pkg"
+ spec:
+ file: "provider/go.mod"
+ module: "github.com/pulumi/pulumi/pkg/v3"
+
+version: 0.76.0

updatecli/policies/pulumi/updatecli.d/pulumi-sdk.yaml

@@ -0,0 +1,65 @@
+---
+name: Default pipeline name
+
+## scms defines the source control management system to interact with.
+scms:
+ default:
+ kind: github
+ spec:
+ owner: "{{ .scm.default.owner }}"
+ repository: "{{ .scm.default.repository }}"
+ branch: "{{ .scm.default.branch }}"
+ user: "{{ .scm.default.user }}"
+ email: "{{ .scm.default.email }}"
+ username: '{{ requiredEnv "UPDATECLI_GITHUB_ACTOR" }}'
+ token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
+
+## actions defines what to do when a target with the same scmid is modified.
+actions:
+ default:
+ kind: "github/pullrequest"
+ scmid: "default"
+ spec:
+ automerge: false
+ labels:
+ - "dependencies"
+
+## sources defines where to find the information.
+sources:
+ bridge:
+ scmid: "default"
+ kind: "golang/gomod"
+ spec:
+ file: "provider/go.mod"
+ module: "github.com/pulumi/pulumi-terraform-bridge/v3"
+
+ pulumi/sdk:
+ name: 'Get github.com/pulumi/pulumi/sdk/v3 version used by github.com/pulumi/pulumi-terraform-bridge/v3 {{ source "bridge" }}'
+ kind: "golang/gomod"
+ dependson:
+ - "bridge"
+ spec:
+ file: 'https://raw.githubusercontent.com/pulumi/pulumi-terraform-bridge/{{ source "bridge" }}/go.mod'
+ module: "github.com/pulumi/pulumi/sdk/v3"
+
+conditions:
+ pulumi/sdk:
+ name: 'is github.com/pulumi/pulumi/sdk/v3 defined'
+ scmid: "default"
+ disablesourceinput: true
+ kind: "golang/gomod"
+ spec:
+ file: "provider/go.mod"
+ module: "github.com/pulumi/pulumi/sdk/v3"
+
+targets:
+ pulumi/sdk:
+ name: 'deps: bump github.com/pulumi/pulumi/sdk/v3 to {{ source "pulumi/sdk" }}'
+ scmid: "default"
+ kind: "golang/gomod"
+ sourceid: "pulumi/sdk"
+ spec:
+ file: "provider/go.mod"
+ module: "github.com/pulumi/pulumi/sdk/v3"
+
+version: 0.76.0

updatecli/policies/pulumi/values.yaml

@@ -0,0 +1,10 @@
+---
+# Values.yaml contains settings that be used from Updatecli manifest.
+# scm:
+# default:
+# user: updatecli-bot
+# email: [email protected]
+# owner: github_owner
+# repository: github_repository
+# username: "updatecli-bot"
+# branch: main