hi all, just looking for some guidance on how to manage pure pulumi packages through CI/CD. We have a handful of Pulumi packages (typescript) that contain just infrastructure and no application code, the best example of this is our AWS VPC. What I was thinking was having this code built and published to our private NPM registry during the CI process. Once it comes to deployment, that module will be downloaded and

pulumi up

will be run from the root. this feels kind of funny though… what do you guys think and/or how are you managing Pulumi packages between CI and CD?

For reusable components (e.g.

ComponentResource

resources like VPCs), this is a great way to do it. 👍

what if its not the reusable parts, what if its the actual implementation?

Would love for others to chime in... But for the actual implementation a git repo with tags or branches is likely the best option as gives you versioning and predictability without additional overhead.

yeah we’ve got that, what i’m looking for guidance on is how people take their pulumi source code from git and deploy it

Old thread I know, but we've found significant success shrinkwrapping Pulumi + dependencies into a container and running that in a target environment. It means that our application environments do not need network access to our NPM registry and it means that we have specific, dedicated Pulumi+deploy revisions archived. If our code needs a rollback but rolling back infrastructure would then be destructive, we can (and do) run code version X-1 with infrastructure version X, with the intent being that code version X+1 and infrastructure version X+1 sync back up. I would recommend pretty strongly against relying on the current state of an NPM registry for doing your deploys, even if you run it yourself. Being able to safely deploy with minimal infrastructure-in-place--you're not going to get around your provider eating it, but you should be able to get around your NPM registry eating it--is important.

thanks for that ed, really useful. Building a deploy container is an interesting idea, definitely going to give that a try 👍