https://pulumi.com logo
Title
p

powerful-printer-57241

04/06/2023, 10:26 AM
Hello, we are using the Pulumi Action in GitHub Actions to preview and deploy the stacks, using a service principal authentication against Azure. I wanted to move away from using environment variables to having the authentication info defined in the stack itself, so moving from ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_SUBSCRIPTION_ID and ARM_TENANT_ID to having
azure-native:clientId: ...
azure-native:clientSecret:
  secure: ...
azure-native:subscriptionId: ...
azure-native:tenantId: ...
in the stack's config file. However, with this change, we started getting this error in the GitHub Action:
azure-native:resources:ResourceGroup <resource-group-name> refreshing (22s) error: obtain subscription() from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.
What are we missing? I am pretty sure we authenticated in this way before in GitHub Actions.
m

melodic-tomato-39005

04/06/2023, 3:26 PM
Hi Standa! At first glance, your configuration seems correct. Which makes me think that perhaps you’re applying it to the wrong stack? Config is per-stack whereas environment variables are global.
p

powerful-printer-57241

04/06/2023, 4:05 PM
It seems like it's picking up the correct stack. In the GitHub action output, I can see
Refresh stack on <org>/shared/develop
  Refreshing (<org>/develop)
The repository looks like this
Shared
  Pulumi.yaml
  Pulumi.develop.yaml
  Pulumi.demo.yaml
  ...
And the action looks like this
name: infrastructure-preview
on:
  pull_request:
    paths:
      - 'Shared/**'
jobs:
  preview:
    name: Preview ${{ matrix.stack }}
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          - stack: shared/develop
            dir: ./Shared
          - stack: shared/demo
            dir: ./Shared
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-dotnet@v3
        with:
          dotnet-version: '7.0.x'
      - name: Preview ${{ matrix.stack }}
        uses: pulumi/actions@v4
        with:
          command: preview
          stack-name: mews/${{ matrix.stack }}
          work-dir: ${{ matrix.dir }}
          diff: true
          refresh: true
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
So I think it should pick up the correct YAML config file...
m

melodic-tomato-39005

04/06/2023, 5:22 PM
Ok. Just to confirm, you’re seeing the expected config entries when you run
pulumi config --stack <org>/develop
?
p

powerful-printer-57241

04/08/2023, 3:57 PM
Yes, I do