I am running a github action that will build a docker image tagged w/ current git SHA, and push to ecr. I then have an action that will use pulumi to deploy a fargate ecs task using the image tagged/pushed by the previous step. It is important for us to separate our versioned build artifact from the code that deploys said artifact to a given environment, so we will be using raw docker commands to do the building / pushing, and will use pulumi to actually deploy to fargate ecs. I will however, need access to the SHA of the commit (available on github runner environment) inside my pulumi code that deploys to fargate. I couldn't find any documentation on reading environment variables from system env in my pulumi code. Is it as simple as using

process.env

(node)?

yes!

@steep-toddler-94095 Do you happen to be using system env for the same use case as I have described here? I'd really like to know if there is a way to perform image build / tag / push with pulumi while still being able to use a custom image tag (commit SHA). I suppose then I could have a build stack and a deploy stack for each service

I'm not using a system env but i know Pulumi will be able to read them just fine with

process.env

What I do to tag my images with the git sha is I just use (for TypeScript)

execSync('git rev-parse --short HEAD').toString().trim()

since i run my pulumi code from the cloned repo.

Which resource / version do you use for defining your docker image? awsx? aws?

I'm just using the

@pulumi/docker

package's

Image

class. does that answer your question or did i misinterpret you?

It definitely does. I should be using

@pulumi/docker