https://pulumi.com logo
#general
Title
# general
b

breezy-butcher-78604

11/14/2019, 1:27 AM
hi all, just looking for some guidance on how to manage pure pulumi packages through CI/CD. We have a handful of Pulumi packages (typescript) that contain just infrastructure and no application code, the best example of this is our AWS VPC. What I was thinking was having this code built and published to our private NPM registry during the CI process. Once it comes to deployment, that module will be downloaded and
pulumi up
will be run from the root. this feels kind of funny though… what do you guys think and/or how are you managing Pulumi packages between CI and CD?
g

gentle-diamond-70147

11/14/2019, 1:42 AM
For reusable components (e.g.
ComponentResource
resources like VPCs), this is a great way to do it. 👍
b

breezy-butcher-78604

11/14/2019, 2:03 AM
what if its not the reusable parts, what if its the actual implementation?
g

gentle-diamond-70147

11/14/2019, 2:56 AM
Would love for others to chime in... But for the actual implementation a git repo with tags or branches is likely the best option as gives you versioning and predictability without additional overhead.
b

breezy-butcher-78604

11/14/2019, 2:57 AM
yeah we’ve got that, what i’m looking for guidance on is how people take their pulumi source code from git and deploy it
b

boundless-monkey-50243

11/20/2019, 4:35 PM
Old thread I know, but we've found significant success shrinkwrapping Pulumi + dependencies into a container and running that in a target environment. It means that our application environments do not need network access to our NPM registry and it means that we have specific, dedicated Pulumi+deploy revisions archived. If our code needs a rollback but rolling back infrastructure would then be destructive, we can (and do) run code version X-1 with infrastructure version X, with the intent being that code version X+1 and infrastructure version X+1 sync back up. I would recommend pretty strongly against relying on the current state of an NPM registry for doing your deploys, even if you run it yourself. Being able to safely deploy with minimal infrastructure-in-place--you're not going to get around your provider eating it, but you should be able to get around your NPM registry eating it--is important.
b

breezy-butcher-78604

11/21/2019, 1:16 AM
thanks for that ed, really useful. Building a deploy container is an interesting idea, definitely going to give that a try 👍