https://pulumi.com logo
Title
l

little-van-8457

05/06/2021, 2:25 AM
Hello friends, I want to try CI/CD Integration Assistant in Pulumi 3.0. However, I can't find the entrance. May you send me the entrance or the guide docs? thx!
b

brainy-church-78120

05/06/2021, 2:32 AM
hi @little-van-8457, from the console ui, if you navigate to a stack, then the settings tab of that stack, then integrations you will find the ci/cd integration assistant. related docs are here: https://www.pulumi.com/docs/intro/console/ci-cd-integration-assistant/
l

little-van-8457

05/06/2021, 11:30 AM
Thanks a lot, but I can't find it in settings tab.The uploaded image is what in my settings tab.
b

brainy-church-78120

05/06/2021, 12:54 PM
@little-van-8457 is this your personal account or an organization?
l

little-van-8457

05/07/2021, 3:06 AM
It's my personal account
b

brainy-church-78120

05/07/2021, 4:13 AM
the CI/CD assistant is only available in organizations
l

little-van-8457

05/07/2021, 6:56 AM
Wow, I got it. Thanks a lot
hello, I encountered a problem when trying CD/CD Integration Assistant. I used Gihub Actions to run CI/CD, which showed me the error: "PULUMI_ACCESS_TOKEN must be set for login during non-interactive CLI sessions". The Actions Yaml copied from the template is as follows:
name: Preview or update Pulumi app serverless/aws-typescript/dev
on:
  push:
    branches:
      - master
    paths:
      - '**/*'
  pull_request:
    branches:
      - master
    paths:
      - '**/*'

# These are the environment variables that jobs in the workflow have access to.
# By defining them here, all jobs/steps will have access to these variables.
env:
  # IMPORTANT! You must map the env vars for your cloud provider here even though you add them as secrets
  # to this repository.
  # See the setup page for cloud providers here: <https://www.pulumi.com/docs/intro/cloud-providers/>.
  # For example, if you are using AWS, then you should add the following:
  ALICLOUD_ACCESS_KEY: ${{ secrets.ALICLOUD_ACCESS_KEY }}
  ALICLOUD_SECRET_KEY: ${{ secrets.ALICLOUD_SECRET_KEY }}
  ALICLOUD_REGION: ${{ secrets.ALICLOUD_REGION }}
  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
  PULUMI_STACK_NAME: serverless/aws-typescript/dev
  PULUMI_WORKING_DIRECTORY: ./

jobs:
  pulumi:
    name: Pulumi
    runs-on: ubuntu-latest
    steps:

      # Turnstyle is used to prevent multiple push jobs from running at the same time. We
      # limit it to push jobs to allow PR jobs to run concurrently.
      - name: Turnstyle
        if: ${{ github.event_name == 'push' }}
        uses: softprops/turnstyle@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - uses: actions/checkout@v2

      - name: Use Node.js
        uses: actions/setup-node@v1
        with:
          node-version: 12.x

      - name: Install Pulumi CLI
        uses: pulumi/action-install-pulumi-cli@v1.0.1

      - name: Restore npm dependencies
        run: |
          npm --prefix $PULUMI_WORKING_DIRECTORY ci
          # If you are using yarn instead with Pulumi, comment the above line and uncomment the below line.
          # yarn install --cwd $PULUMI_WORKING_DIRECTORY

      - name: PR previews
        run: pulumi preview -s $PULUMI_STACK_NAME --cwd $PULUMI_WORKING_DIRECTORY
        if: ${{ github.event_name == 'pull_request' }}

      - name: Apply infrastructure update
        run: pulumi update --yes -s $PULUMI_STACK_NAME --cwd $PULUMI_WORKING_DIRECTORY
        if: ${{ github.event_name == 'push' }}
The PULUMI_ACCESS_TOKEN has been set in the github secrets environment which seems to be unavailable. Please help me with the error. Thanks!!
Here is the image:
b

brainy-church-78120

05/09/2021, 7:55 PM
@clever-sunset-76585 would you mind helping out with this?
c

clever-sunset-76585

05/10/2021, 7:02 PM
@little-van-8457 your config looks right to me. I am assuming that you generated a Pulumi access token from https://app.pulumi.com/account/tokens and pasted that in the GitHub Actions settings for the repository or organization? A common thing I come across is when you copy/paste the token in GH settings, you should make sure that there is no leading or trailing whitespace character that would make the value invalid.
@little-van-8457 not sure if you have resolved this issue, but I ran across this problem myself just now. The symptom I had was similar to yours, you can see that all secret values are blank in the screenshot you pasted where as when a workflow can read secrets you’ll see the masked
***
characters like in the screenshot I have attached. In my case it was because it was an automated PR created by Dependabot. Dependabot PRs are treated like forks and so an approval was required in order for the workflow to access the repo secrets. Similarly, in your case it could be that the user who created the PR does not have access to read the secrets in your case.
l

little-van-8457

05/17/2021, 11:54 AM
@clever-sunset-76585 I have solved the problem. I created secrets content in 'Environment secrets', which should be created in 'Repository secrets'. Anyway, thanks my friend.
👍🏻 1
@clever-sunset-76585 Hi, I wonder that if there is a way to judge if the resource is impoted or not? I don't want to pulumi import the resource repeatedly.
c

clever-sunset-76585

05/17/2021, 4:42 PM
I take it that you are using the
import
resource option to import a resource?
I created secrets content in ‘Environment secrets’, which should be created in ‘Repository secrets’
Wonderful! If managing environments works for your setup, that’s good! It’s an easy way to manage multiple sets of secrets, too.
l

little-van-8457

05/19/2021, 1:56 AM
@clever-sunset-76585 I am using pulumi import to import online resource to local stack in my program. But there isn’t imoprt method in pulumi automation api and I didn’t find the way to judge if the resource is imported or not. I use runPulumiCmd api to run pulumi import to import resource repeatedly.Could you help me with these problems?