Adopt pulumi/ci-mgmt for Github Actions workflow automation

[ringods]

Hello, Zitadel team. Ringo here from Pulumi 👋🏻

I noticed this provider wasn't updated in quite a while. Allow me to help you a bit in getting more automation in place to make almost synchronous releases when you create new Terraform provider releases.

I initiated this automated setup manually the first time. The Makefile now has a target titled ci-mgmt which can be used to synchronize the build procedure of a Pulumi provider based on templates managed in https://github.com/pulumi/ci-mgmt. This whole build setup is also what drives the release procedure of all the providers managed by Pulumi. (Note that Pulumiverse is an OSS community which means that the providers here are not maintained by Pulumi Corp.)

The regular templates are aimed to work within the pulumi Github organization, expecting the Pulumi bot account to be active and some credentials configured. External parties have a better chance of reusing these workflows by adopting the external-bridged-provider template, which is what I activated here.

This PR configures the config file .ci-mgmt.yaml as needed, after which I reran make ci-mgmt to regenerate all the build files. The Makefile was also regenerated, so I reran the full build in a last step using make clean provider build_sdks. This leads to all the changes in the sdk/** folder.

This is a first PR. I will follow up more PRs containing upgrades to newer TF provider versions and more.

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

Maintainer note: consult the runbook for dealing with any breaking changes.

[eliobischof]

Thank you very much for your help @ringods 🙏 We hope that automation helps us with the maintenance 🚀

[ringods]

@eliobischof expect a few more subsequent PRs to bring other aspects up to date.

This PR added a resync_build.yaml Github Actions workflow. For this to work correctly, you do need to configure a Github access token with more permissions. We are in the process of documenting all of this. In the meantime, see my comment here on what the permissions of the token should be:

pulumi/pulumi-tf-provider-boilerplate#240 (comment)

You see the name of the Github Secret to configure in the code snippet above my comment.

[eliobischof]

@eliobischof expect a few more subsequent PRs to bring other aspects up to date.

This PR added a resync_build.yaml Github Actions workflow. For this to work correctly, you do need to configure a Github access token with more permissions. We are in the process of documenting all of this. In the meantime, see my comment here on what the permissions of the token should be:

pulumi/pulumi-tf-provider-boilerplate#240 (comment)

You see the name of the Github Secret to configure in the code snippet above my comment.

@ringods I'm afraid managing secrets in this pulumiverse repo is beyond my control.
However, I noticed that the last run failed due to the missing workflows permission https://github.com/pulumiverse/pulumi-zitadel/actions/runs/13645549137/job/38143701693

BTW, I'm struggling a lot upgrading the zitadel terraform provider to v1.3.0 or even v2.0.2. I hope having the workflows updated allows me to just use an improved upgrade-provider workflow when it's available. For example one that allows passing the --major flag.

[ringods]

@eliobischof Pulumiverse manages all Github org settings data driven using Pulumi code in their infra repository. I updated the permissions you all have on your own repository:

pulumiverse/infra#302

Once this is applied, you should be able to set a proper Github token.