Hello Team, I am currently working on a project to design a CI/CD process for managing account-level database objects (such as users, roles, databases) using Pulumi. To refine our approach, I'm looking for insights from those who have experience with similar projects. Could you kindly share the Git workflows you have found to be most effective for this task? Additionally, I'm curious about the branching strategies that have worked well in your experience. I truly appreciate your time and assistance.

I'm not there yet, currently setting everything in our dev account, some of it which will make it to production. Using pulumi config parameters to handle differences between accounts.

Thank you for the response! And what about the configurations. What approach will you use to maintain the resources? I was thinking of creating a configuration file, maybe in JSON format, where I will persist all the resources of the same type (e.g. warehouses, users). And then in the Pulumi code, I will read it and create the appropriate resources.

Hi Angel. I am currently working on setting up Pulumi Automation processing YAML files where we store definition of our Snowflake Account-Level objects. So pretty similar idea to yours. We also want to combine it with DBT to deploy database objects (tables, views, etc.). We are still in the implementation phase with a small PoV. We use DevOps for version control and release pipelines for deployment.

Hi @purple-dress-65045, yes, indeed I will be using it for Snowflake too, however for DCM tool I will leverage the Schemachange. I would love to stay in touch and share ideas with each other.

Hi Angel, sure, let's stay in touch and share the knowledge,

Hi @purple-dress-65045, hope you are doing well! Do you have any progress on the CI/CD pipeline design? One of my biggest concerns is managing the database user accounts because there we could have 2 types of objects: • team member users - these are shared between environments (they are not env specific). For example that would be user accounts for developers, analysts, etc • service users - these would be used by the automated processes and they would be environment specific. For example, DEV_LOADER, PROD_LOADER, etc For that reason, I am wondering what would be the most suitable git workflow. When should the team member users be deployed throughout our CI/CD pipeline - in the dev or test or prod branch? I am open to any other suggestions on how to handle that situation. Maybe using another tool or approach? Thank you for your time! P.S.: If you want I could share the project structure and the idea behind Pulumi's code implementation.