Weโ€™re currently in the process of migrating from c...
# getting-started
m
Weโ€™re currently in the process of migrating from clickops to Pulumi. Previously, we just github actions to deploy our images to GCP. With Pulumi, should we stick with using GH actions to deploy our images? or should we use Pulumi to deploy the images? ๐Ÿ™‚ I think im misunderstanding something fundamental to IaC ๐Ÿ˜… Thanks!
l
If you're paying for the enhanced version with Pulumi Deployments, then there's a good case to use it. If nothing else, it clearly separates the line between building/packaging (GitHub) and deploying (Pulumi).
Functionally though, no there's no real difference between running the Pulumi action / CLI from GitHub, versus running Pulumi Deployments from the service.
m
Im just thinking, in case of maintainability, practically every engineer (in our company) knows docker push ๐Ÿ™‚ But not many yet are familiar enough with Pulumi ๐Ÿ™‚
So does that mean thereโ€™s no real benefit to using pulumi for pushing artifacts vs gh actions? ๐Ÿ™‚
l
docker push
pushes an OCI to a registry. That (in my opinion) is completely separate to Pulumi's role. Pulumi should not do that.
You might have a Pulumi project that creates the OCI registry that you push your images to. That's fine.
t
I don't know about Pulumi deployments so much but gh actions to push to Pulumi cloud still make sense. Pulumi cloud will manage your desired state and log everything for posterity and audits
l
And you might have a Pulumi project that creates the Kubernetes cluster that runs your OCI images.
But Pulumi doesn't push a development artifact (OCI image) to an artifact repository. That's what CI is for.
t
So gh actions can CD your stuff using Pulumi. Then changes to your Pulumi code can act automatically change infra deploy
l
Yes, but you were talking about OCI images, which don't overlap with that.
t
So as @little-cartoon-10569 mentioned, your actions build the new image, and if you want to update the infra (perhaps change which image you deploy or cloud setup) that goes into your Pulumi code
๐Ÿค” 1
m
@thankful-flower-8175 i sitll want our pulumi to run through our github actions to manage our resources and states Im just not sure about artifact deployment ๐Ÿ™‚
t
I agree with @little-cartoon-10569. Use a docker GitHub action for that and keep it separate
And use a Pulumi action for deployment
m
Good points @thankful-flower-8175 and @little-cartoon-10569 To be specific, we use Google Cloud Run. That means we need to tell our Google Cloud Run service which image:tag it needs to use. So although I can deploy the image to the registry using a simple docker push, I need to update that Google Cloud Run service so that it knows what image:tag to use - and thatโ€™s where Pulumi should come in Did I get that right? ๐Ÿ™‚
t
Sounds right. I did something similar a while back. I I'll send my Pulumi project
l
Yes. You should deploy every merged commit to the registry, but you might not want to deploy every updated image to the cloud. So your CD pipeline can be controlled separately, maybe via tags, gitops, or button push.
Plus: you should have your Google Cloud infra in Pulumi too!
(Separate project, obviously)
m
Got it. thanks! ๐Ÿ™‚
(and yes, our Google Cloud Infra is now in Pulumi as well ๐Ÿ˜„ )
๐Ÿš€ 1
this is jank so word of caution
iirc though cloud run does not use the latest pushed image so you need to make sure you run your pulumi deploy on each push
iirc pulumi up will update it to the latest image you have pushed with the given tag
When I was using pulumi for this project, I learned more about how to deploy to cloud from pulumi's docs than I did from Google's haha
btw in that file I sent you I am using pulumi to build the image which I think is equally fine
if you use a regular docker push action then make it run before the deploy one
m
@thankful-flower-8175 so if set my Cloud Run service to point to
my-image:latest
and I deploy a new
my-image:latest
, it will not be automatically be picked up?
t
I do not believe it will since latest is a pointer and it is read/pulled when cloud run starts iiuc