Is there a way to use podman with pulumi? Use case: 1. Have a podman (OCI) image get built (can be done outside of pulumi script if needed) 2. Push it to ECR 3. Use it as a lambda image

You can run Pulumi inside a container, and you use Pulumi to deploy images for later use. It's not clear from your question which you mean, but both are possible. Pulumi even publishes OCI images for your use. I used to use Pulumi exclusively from images.

Specifically, pushing images to ECR. The only way I know is to build an OCI image within the pulumi code with

@pulumi/docker

or

@pulumi/docker-build

(this resource) and set the

registry

or

registries

property to an ECR repository url Docker not allowed in the company I work for — We’re moving everything to podman

Docker is podman, for all intents and purposes 🙂 Pulumi is not for pushing images to ECR. Pulumi can do it via the Docker provider (which can be configured to use podman, iirc). However, pushing an image is usually something that happens in your build pipeline, not your deploy pipeline. Typically: 1. You would have a Pulumi project for building your app-deployment infrastructure, including ECR and whatever infra you run your app in. This is deployed very, very rarely. 2. You would have a "normal" build that builds images and pushes them to the ECR repo built in step 1. This happens very, very frequently. 3. You would have a "normal" deployment pipeline, that may use a Pulumi project, Octopus, bespoke code, or whatever you use to deploy your app from ECR to your app infrastructure. It may be triggered from step 2 (CD), or maybe a bit less frequently than that (gated / triggered deployments). Crucially, the code that creates your ECR instance isn't invoked when building or deploying your app. There are of course lots of other use cases, and maybe you do need to update your lambda and your ECR in one project.

I've not tried it for use in pulumi, but podman does provide a way to fake the docker socket, which is needed for the docker provider. There's some details here on it: https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md#socket-activation-of-the-api-service I've generally built and pushed images outside of pulumi though

This is the sort of thing people use Dagger for (dagger.io). Lots of folks using the two together since Dagger also uses real code language SDKs (and you can run it locally as well as in CI). Of course many ways to do this part. You “could” have a Dagger pipeline (implemented as some Dagger functions) that takes your source code and builds an image, pushes it to ECR, triggers Pulumi to create the AWS Lambda infra, and Lambda function that uses your pushed image.