stale-answer-3416211/14/2023, 6:07 PM
salmon-account-7457211/14/2023, 8:29 PM
stale-answer-3416211/14/2023, 8:36 PM
in an isolated environment. A distroless container that only knows about pulumi such as Chainguard here is very appealing. I realize this image from Chainguard is more suited to automated deployments but I really like the idea of devcontainer -> pulumi deployment (or wherever) as that gives a full sbom on the provisioning toolchain, bypasses errors in user environments, and hopefully some protection from insecure vscode extensions.
salmon-account-7457211/14/2023, 9:07 PM