Pulumi Community #general

little-plumber-23857

07/22/2025, 7:45 AM

How to publish a package for a Private and OpenSource provider when using https://github.com/pulumi/pulumi-go-provider? I'm just wrote an Pulumi provider, which works well locally. Now I want to publish it, so that it can be consumed by everyone. For that I have some question how to do so. • Do I need to build plugin binaries for each OS and CPU arch? ◦ If so, what do I need to set as a download URL? • Is there a best practice workflow for GitHub releases? • How can I apply to be listed in https://www.pulumi.com/registry/ ? Thanks in advance 🙂

eager-twilight-23913

07/23/2025, 2:16 PM

Hello, Our team is experiencing something odd that we feel shouldn't be happening. We're not sure if it is something we are doing wrong or a limitation from pulumi (though we're pretty sure it's the former). We have multiple people in our team doing deployments and have noticed that when a 'new' developer deploys (meaning when the deployment is happening from a different machine than the previous deploment), then the deployment takes a very long time. For example, if I had previously deployed to our production environment, and the new deployment only has about 7-8 lambdas that have changed. It will take me a few minutes to deploy. However, if a different developer in my team had previously deployed to production, and I am deploying, it will deploy every resource we have again and will take a significantly long time. It takes approximately 1.5 to 2 hours on average and last week (on a day when we were deploying to our staging environment) it for some reason took 6 hours and 41 minutes to deploy. We have about 800 resource (most of them lambda functions and aliases). We're not sure why this is happening, but understand that this is not ideal (deployments shouldn't be taking so long and if a similar issue were to happen in production, it means that our systems are down for a whole work day. Why could this be happening? What are some factors that could affect it? Is there a way to make sure this doesn't happen if a new machine is deploying? How can we make sure that happens? Would appreciate anyone to help and am willing to share snippets or more information about how we're setting pulumi up. Thank you 🙂

fast-sandwich-30809

07/24/2025, 3:06 PM

Hey all - I love breaking things in new and exciting ways, and we've really done it this time. We had a stack that we didn't update for years - I won't get into why - but we decided to start from scratch. We deleted the statefile in the backend (azure blob), and spun up a brand new stack with the same name, and have been slowly importing resources - but there are "ghosts" of the old stack still remaining 👻 Specifically, when trying to import a certain resource, we see `previously-imported resources that still specify an ID may not be replaced; please remove the

import

declaration from your program` . If this resource was not under pulumi management, we would expect an import operation here. If this resource was managed, we would expect to see a delete operation in our previous runs, since our program hasn't specified it yet. I don't understand why pulumi thinks it was previously-imported (Is it pulling a backup of the statefile? Is it pulling from the checkpoint/history files?), and I also don't understand why the resource would need replacing.

magnificent-eve-10499

07/24/2025, 3:36 PM

Hi, I wanted to reach out to the team here and find out if there is a pulumi mcp server in the works Discover and install MCP Servers in VS Code?

kind-dinner-41259

07/25/2025, 1:22 AM

Deploying Nextcloud on AWS ECS with Pulumi https://gitlab.com/joevizcara/pulumi-aws https://github.com/joevizcara/pulumi-aws (i'm not a devops engineer. i appreciate any critique and correction.)

rapid-parrot-24984

07/25/2025, 1:17 PM

Hey guys, we are facing the following issue in our

upgrade-provider

workflow:

Copy code

error fetching organization teams: GraphQL: Resource not accessible by integration (organization.teams)

https://github.com/pulumiverse/pulumi-cpln/actions/runs/16513414410/job/46699662668#step:8:512 We believe we need help enabling read organization members and teams (read:org) permission for the

GITHUB_TOKEN

in our Pulumi repository.

fast-sandwich-30809

07/25/2025, 7:38 PM

All, we're seeing a process-hang issue during

refresh

and

up

operations anytime there is an error. Normal operations work fine, but if there's a

diagnosticEvent

with

severity=error

(Ex. trying to create an Azure NSG rule that would conflict with an existing one), the pulumi process hangs. This started some time after

<@UDNQQGNJF>/pulumi@3.177.0

, we started seeing it when we jumped to

3.183

and are still seeing it in

3.185

. I'm not sure if the root issue is in the pulumi daemon, the node sdk, or the azure-native plugin. As far as I can tell, everything is "normal" (for an error condition, ex. I can read the event log) except control is not returned to our automation api wrapper (the promise doesn't resolve/reject). If I run manually / not through CI/CD I can see the dreaded infinite dots

sparse-intern-71089

07/28/2025, 11:25 PM

This message was deleted.

bored-dentist-51768

07/29/2025, 6:24 AM

Hello As of today I cannot edit my environments anymore when I try I got this alert could you help me ?

wide-twilight-48377

07/29/2025, 11:01 AM

Hello, everyone. I'm trying to use the dynamic pulumi-terraform-provider in connection with the latest terraform provider for Nebius AI and the provider is panicking at the

pulumi package add

stage. I can't understand, what's wrong and how to fix it. Terraform is working with that provider totally fine. Panic log in the comment.

modern-spring-15520

07/30/2025, 2:14 PM

FYI: We have a short video out on PulumiTV on tips for increasing deployment frequency.

👍🏻 1

🎉 2

witty-battery-42692

07/31/2025, 10:17 PM

I keep getting google search results for things on pulumi.com\answers and they all 404. Has that been retired? If so, where is the info that used to be there? Those have been the only references I've found for a few things I've looked for

victorious-gold-55753

08/01/2025, 1:31 AM

Hello 👋 I've been using pulumi successfully on my mac. I have PULUMI_CONFIG_PASSPHRASE_FILE properly configured. I have now decided to move the code for execution in the cloud. I do not use the pulumi cloud. I am attempting to init pulumi on the remote instance. I set PULUMI_CONFIG_PASSPHRASE_FILE to a file containing a new password. I ran the following on a virgin al2023 ec2 curl -fsSL https://get.pulumi.com | sh pulumi login --local Logged in to inanna as jenova (file://~) pulumi stack init prod Created stack 'prod' pulumi stack init dev error: could not create secrets manager for new stack: incorrect passphrase That's weird, I wonder what hash pulumi is comparing my new password with? I do have a cloud account, but it's completely empty. Huh? So I put the pw in PULUMI_CONFIG_PASSPHRASE_FILE from my mac into PULUMI_CONFIG_PASSPHRASE_FILE on the remote: cmd❯ pulumi stack init dev Created stack 'dev' How is this even possible? Honestly, I don't really care, what I do care about is I overwrite the new 64 hash pw I used to create prod, and now that's locked unable to be accessed with my old pw. pulumi stack rm prod error: no stack named 'prod' found pulumi stack init prod error: could not create secrets manager for new stack: incorrect passphrase Where is my pw sha (hopefully) being stored such that pulumi cli can tell me I'm using the wrong pw?

high-grass-3103

08/01/2025, 10:51 AM

Hi, I'm seeing a super-weird behaviour. I wanted to change a path in a resource property from "./assets/logo.png" to

${__dirname}/../assets/logo.png

. it's pointing to the same location, just didn't want a relative path. a side-problem is that it's Zitadel provider, which is a total mess, and it doesn't work. So I wanted to rollback. Now when I run

pulumi up

with the new path, the diff shows

Copy code

~ zitadel:index/labelPolicy:LabelPolicy: (update)
    [id=231695030580995897]
    ~ iconPath           : "./assets/logo.png" => "${project root}/assets/logo.png"

but if DON'T approve, rollback the change in source code and run

pulumi up

again, it shows

Copy code

~ zitadel:index/labelPolicy:LabelPolicy: (update)
    [id=231695030580995897]
    ~ iconPath    : "${project root}/assets/logo.png" => "./assets/logo.png"

They can't be both right. I can't refresh either because of https://github.com/pulumiverse/pulumi-zitadel/issues/31 I'm stuck

delightful-memory-59616

08/01/2025, 1:01 PM

has anyone run into an issue where a preview just keeps outputting the same line over and over? And it never finishes? this is only happening locally for me, it runs fine in CI

delightful-memory-59616

08/01/2025, 1:08 PM

This is maybe suspect?

~ taskDefinition: "arn:aws:ecs:us-west-2:---:task-definition/---:591" => [unknown]

delightful-memory-59616

08/01/2025, 2:13 PM

Digging further it seems related to docker and potentially wsl

witty-dress-98303

08/01/2025, 7:23 PM

Hello. I have been using Pulumi for the past few weeks with not any issues. I am developing in GoLang. I am managing resources in Azure. All of a sudden today, when I run

pulumi up

, the preview is generated, but I do not see a prompt to on the action for the changes (yes, no, details). The process completes successfully shows the resources to be created. I have started from scratch in Azure as well as recreated my pulumi stack. I am working in a sandbox environment, so it was not a big deal to delete the resources from Azure manually. I have tried running

pulumi refresh

(successfully) and retrying with the same issue. I have tried using the "-d" flag with no additional information. Any thoughts? UPDATE: I found the issue. Turns out I needed to update Pulumi. I managed to find a GitHub issue with a similar issue. When running
echo $?
it returned 255. I did a brew upgrade pulumi (Macbook) and it resolved the issue.

cool-tomato-73587

08/01/2025, 8:45 PM

Hi, i am trying to use pulumi with github actions but the piple line is failing and i get the error log:

error: could not create secrets manager for new stack: incorrect passphrase

Copy code

name: provision infrastructure

on:
  push:
    branches:
      - main
      - dev
    paths:
      - 'infrastructure/**'
      - '!infrastructure/shared/**'
  pull_request:
    branches:
      - main
      - dev
    paths:
      - 'infrastructure/**'
      - '!infrastructure/shared/**'
  workflow_dispatch:

jobs:
  provision:
    if: github.event_name == 'push'
    name: Pulumi Up
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./infrastructure
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '24'
      - name: Install pnpm
        uses: pnpm/action-setup@v4
      - name: Install dependencies
        run: pnpm install --filter ./infrastructure
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.PULUMI_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.PULUMI_AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}
      - name: Pulumi Up
        uses: pulumi/actions@v6
        with:
          command: up
          stack-name: organization/project/${{ github.ref_name }}
          cloud-url: ${{ secrets.PULUMI_BACKEND_URL }}
          upsert: true
          work-dir: ./infrastructure
        env:
          PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}

cool-tomato-73587

08/01/2025, 8:47 PM

my understanding is that setting PULUMI_CONFIG_PASSPHRASE env would use that for new stack creation and

upsert: true

option creates the stack if not existing already

high-grass-3103

08/01/2025, 9:22 PM

Today I've split my monolithic stack into separate cluster + apps stacks (first step). If I understand it correctly, any common code (helper functions or component resource classes) need to go into separate package (typescript), otherwise importing a stack project into another stack project would result with creating the resources a second time. Anyway,

pulumi state move

command worked great, the biggest struggle I had was with my old resource structure. Thanks, Pulumi team!

💜 4

sparse-gold-10561

08/05/2025, 7:06 PM

Hello Team, it looks like there is a problem with https://app.pulumi.com/ as the base app is returning a 404

wet-gigabyte-99270

08/06/2025, 12:17 PM

Is there any place where I can get hold of the old documentation of Pulumi packages? Trying to debug old EKS code and the package used is 2.0.0, which I cannot find any documentation for.

boundless-artist-90671

08/06/2025, 1:12 PM

Hey there, is there a way to limit the amount of memory used by Pulumi? I'm fulling the memory of my PC till crash when I "up" a specific stack with 5-6k resources.

handsome-hamburger-88779

08/06/2025, 2:32 PM

Hi all, I am trying to deploy a pulumi program from a private github repo with pulumi kubernetes operator (version 2.0.0). I have create ssh deploy key but when I am trying to install the program, my stack is always going stalled because of:

Copy code

"message":"listing: unable to find any valid known_hosts file, set SSH_KNOWN_HOSTS env variable

However, I have provided the SSH_KNOWN_HOSTS to both to the helm release and in the stack manifest to deploy my program? Anyone as ever facing such issue? More details in the 🧵 .

modern-ghost-60077

08/06/2025, 8:09 PM

Hi all, which channel is used for discussing https://github.com/pulumi/pulumi-postgresql?

sparse-intern-71089

08/07/2025, 10:36 AM

This message was deleted.

rapid-parrot-24984

08/07/2025, 12:37 PM

Hey, can we get

enablePullRequestAutoMerge

enabled for our repository? https://github.com/pulumiverse/pulumi-cpln

high-grass-3103

08/07/2025, 6:22 PM

Just had an idea I wanted to drop, maybe someone picks it up. I find configuring servers isn't the easiest task with pulumi, simply because server configuration isn't easily reflected with resource declarations. I know there is

remote

provider, but that's more of an escape hatch (and then

cloud-init

but only for initialization). How about immutable distributions like NixOS (or just Nix)? They have well defined states and well defined state transition points, I think they should work great with pulumi

rough-ice-18151

08/08/2025, 5:28 PM

I'm trying to import a nested resource resource but am having some trouble. I have this `import.json`:

Copy code

{
  "nameTable": {
    "internal-smoketest-master": "urn:pulumi:internal-smoketest::byoc::components:iac:aws:QuestDBCluster$components:iac:aws:Instance::internal-smoketest-master"
  },
  "resources": [
    {
      "id": "eni-attach-0636431dce761a217",
      "type": "aws:ec2/networkInterfaceAttachment:NetworkInterfaceAttachment",
      "name": "internal-smoketest-master-nic-attch",
      "parent": "internal-smoketest-master"
    }
  ]
}

but I'm getting weird error when I try to import the resource:

Copy code

➜  bleh git:(fix-aws-nic-attachments) ✗ pulumi import -f import.json --preview-only --protect=false
Previewing import (internal-smoketest):
     Type                 Name                     Plan     
     pulumi:pulumi:Stack  byoc-internal-smoketest           

Resources:
    47 unchanged

error: anonymous.pp:12,10-35: undefined variable internal-smoketest-master;

Am I doing this right? It's taken me a bit of time to figure out the import file format and nametable structure. For context, the nic attachment is a child of a component resource, "Instance", which itself is a component resource of "QuestDBCluster"