https://pulumi.com logo
#general
Title
# general
s

stale-answer-34162

11/14/2023, 6:07 PM
does anyone use devcontainers to provide isolation to their pulumi codebase? I had a notion of doing this but was unsure of the best way to do it. it would be awesome to use cgr.dev/chainguard/pulumi:latest as an image.
s

salmon-account-74572

11/14/2023, 8:29 PM
We have done (are doing) some work around devcontainers to help simplify/streamline Pulumi provider development, but this is different/distinct from what you’re talking about, I believe. I personally haven’t used a devcontainer to run my Pulumi programs, but it’s certainly an interesting idea worth exploring.
s

stale-answer-34162

11/14/2023, 8:36 PM
I like the idea of running
pulumi up
in an isolated environment. A distroless container that only knows about pulumi such as Chainguard here is very appealing. I realize this image from Chainguard is more suited to automated deployments but I really like the idea of devcontainer -> pulumi deployment (or wherever) as that gives a full sbom on the provisioning toolchain, bypasses errors in user environments, and hopefully some protection from insecure vscode extensions.
s

salmon-account-74572

11/14/2023, 9:07 PM
Yep, totally get it