No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi team! Is there a way to use Pulumi ESC (specifically, `pulumi env run` ) in Github actions?

Yes!  You can run that as long as you have a PULUMI_ACCESS_TOKEN you can run the pulumi commands.  You could either store an access token as a secret or your can use our <https://www.pulumi.com/blog/oidc-trust-relationships/|Pulumi OIDC Trust> to setup with our github <https://www.pulumi.com/blog/oidc-trust-github-action/|auth action>.

Any docs or pointers on doing this? Should we use this action: <https://github.com/pulumi/setup-pulumi>

I ask because it hasn't been updated in some time.

From there is there a convenient way to export all environment variables form ESC into the environment for the rest of the actions run? or do we just need to make sure to run every step with `pulumi env run` as a wrapper over the command?

The recommended action to use now is <https://github.com/pulumi/actions#installation-only|pulumi/actions>

> From there is there a convenient way to export all environment variables form ESC into the environment for the rest of the actions run?
I expect you can probably push the env vars into <https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#example-of-writing-an-environment-variable-to-github_env|GITHUB_ENV> and have them accessible for all future commands, but haven't tested this out and not sure of the exact incantation. Will make sure to document this.

Based on <https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#example-of-writing-an-environment-variable-to-github_env|github docs>, I think something like the following should do the trick

```pulumi env open my_org/my_env --format dotenv >> $GITHUB_ENV```

I just tried to do this and got an error
```Run bash ./test.sh
Reminder: prod isn't tested by default as it disturbs everyone. To test all environments, use --all
Logging in using access token from PULUMI_ACCESS_TOKEN
./test.sh: Testing 'CFG0120-Sample-RDS-db-90pct-CPU-sandbox'
./test.sh: Running command: pulumi env run aws-pin-prod-legacy -- aws cloudwatch set-alarm-state --alarm-name ''CFG0120-Sample-RDS-db-90pct-CPU-sandbox'' --state-value ALARM --state-reason 'testing purposes'
Error: [404] Not Found: Environment 'aws-pin-prod-legacy' not found```
Here is my Github actions code:
```name: deploy to sandbox and run test, on PRs

on:
  push:
    branches:
      - master
  pull_request: {}

jobs:
  deploy-and-test:
    name: deploy to sandbox and run test script
    runs-on: ubuntu-latest
    steps:
    # checkout the repo code (eyeroll)
    - name: Check out the repository code
      uses: actions/checkout@v4
    # run test script
    - name: run test.sh
      run: bash ./test.sh
      env:
        PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}```
Logging in with the same token on my laptop cli, works fine.

You'll need to specify your org name, i.e. `pulumi env run {my-org}/aws-pin-prod-legacy`

It works on your machine because you likely have a default org set