<@UBAJ7TD53> I have another observation / request....
# general
@creamy-potato-29402 I have another observation / request. As you can see above I’m injecting a short-lived access token into the docker build command (via
password: execSync('gcloud auth print-access-token').toString('utf8'))
). This access token changes on every
pulumi up
invocation and because of this pulumi shows the resource as updated on every invocation. I’m not sure if it’s a good design decision that pulumi considers the password / access_token part of the permanent state / checkpoint of the resource since it’s more or less a secret that it just needed to create the resource but not a crucial part of the resource itself (i.e. unlike a password of a database resource). Also for GCR there is no classic notion of a long lived username / password (see https://cloud.google.com/container-registry/docs/advanced-authentication) . I think the easiest / quick-win for me would be if you allow to disable authentication (i.e. skip
docker login
) since my local docker is already authenticated automatically via gcloud which is registered as docker credential helper (see also https://cloud.google.com/sdk/gcloud/reference/auth/configure-docker).
@glamorous-printer-66548 cool, will take a look today.
Thanks a lot for the feedback!
@glamorous-printer-66548 to update, we have a big release tomorrow, so this might have to wait until then.
thanks for your patience.