I've just come across Pulumi. It looks super interesting. I was wondering if it's possible for each of my services to have their own Pulumi code in their own repo, but have an

infrastructure

repo that could pull in their resources for a single deployment mechanism? Would anyone advise against that?

Totally possible - and a very reasonable approach. Indeed, because you can use NPM (or pip) packages, you could have your services publish real NPM packages and then consume those from your

infrastructure

repo (instead of just `git clone`ing the service repo - though that would work fine too). Packages provide a native way to do versioning and dependency management.

Is there an example of this approach? Something simple, like a repo consuming a bucket creation from another package? I couldn't see any dependency stuff in the exampes on GitHub 🙂

@quiet-wolf-18467 you can check out the aws-infra repo for that

I'll take a look. Thanks

I'll just mention an alternative pattern that I've seen users be successful with, because publishing/consuming packages and managing versions can be a little tricky for simple cases. You can always use Git submodules for this. Have N repos, and then just aggregate them all in your infrastructure repo within submodules. Git submodules are certainly not without their flaws, but this can be a quick and easy way to get up and running.

Importing as git references to a particular commit SHA or tag probably is a nicer workflow too than publishing packages to npm

Has anyone attempted "GitOps" pipelines with Pulumi?

Has anyone attempted “GitOps” pipelines with Pulumi?

Yes - many Pulumi users are using a GitOps style deployment pipeline. See https://pulumi.io/reference/cd.html for details on CI integration.

I'll +1 attest to that. I've got Pulumi GitOps pipelines as well.

Anything you can share, @wooden-toddler-96888?

I'd say my only current fear/pain point is pressing "Ctrl+C" when something's happening on my local env, and then having to manually reconcile the stack. So I occasionally fear what happens if some operation times out when Travis CI is running the update. I'm pretty sure at some point the various modules can get the state in the cloud for what resources are pending, completed, etc. But for simple websites, or pushes to S3, etc. it's a lot better than Github->CodeBuild->AWS CLI->S3 + manually configured S3 bucket + manually pointed CloudFront distro, etc.