What's the canonical way to inject dynamic configu...
# general
What's the canonical way to inject dynamic configuration? Use case: Our CI/CD process will in two separate runners: 1. build, tag, and push an image with the SHA1 of the repo 2. (in a more privileged runner later) use the SHA1 of the repo as the image tag for a Kubernetes deployment The runner can't mutate the Pulumi config (or commit it) between steps. Is the canonical solution to
pulumi config set
pulumi up
... or?
I plan to do the same thing, but our ci process is changing/committing code in the build/test phase: - build/tag images with commit sha - test (assume success here) - git flow start release xxx - bump version numbers in manifests -
pulumi config set version xxx
- retag gcr images from sha with xxx - git flow finish release xxx (pushes code to github) Then we have a different ci job running on merges to
pulumi up -y
or at least that is the plan at this point.
I’m open to other ideas, but in this case we are fully reproducible/redeployable with the version of code committed
GitLab CI/CD is designed around immutable/idempotent pipelines (for better or worse), so the runner has a read-only token for pulling
We focused on auto-release and did it with circleci, git-flow, and some custom scripts. All this is definitely dependent on choices you make for your toolchain.