https://pulumi.com logo
Join Slack
Powered by
Pulumi doesn’t seem to be detecting CI properly an...
# general
p
Pulumi doesn’t seem to be detecting CI properly anymore and is asking for the 
--yes
option. Is this intentional?
g
If you are on 2.0.0, yes. See https://github.com/pulumi/pulumi/blob/master/CHANGELOG.md#200-2020-04-16 for more info about this.
p
Hmm gotcha. It seems that Pulumi’s recommendation to simply get the latest version during CI isn’t a good one then. This means that any CI workflow that is relying on the latest version and was not using 
--yes
will now fail.
g
Can you point me to where we recommend that? We should likely update that.
p
And every other CI guide has a link to the install page which doesn’t have instructions on how to properly install a pinned version
g
Thanks. I'll open an issue to add a note to those about pinning versions.
p
I think recommending to install a specific version, or at least a version range that will have no breaking changes, should be done for CI
Cool, thanks!
s
I’m getting this issue as well.. I’m using the pulumi CircleCI orb located here: https://circleci.com/orbs/registry/orb/pulumi/pulumi#commands-update
g
@strong-iron-54278 I believe you can specify 
version
as part of the login command to pin the version.
g
You can indeed set the version in the CircleCI orb :) I’ve just updated all my CircleCI builds to use Pulumi 2.0.0
s
Pinning the version now. @green-morning-1318 are you using the pulumi orbs?
g
Yup
p
By the way, would it be possible to have a behavior similar to 1.0 back? It was very useful for 
--yes
to be implicit in CI. For example, could we set a 
PULUMI_NON_INTERACTIVE
env var to not have to pass 
--yes
?
c
Why that instead of just passing 
--yes
?
p
Right now we have scripts that take care of deployments, we call these in CI. We also call these manually. Being able to turn this functionality on during CI while not hardcoding it in the scripts would be very useful. Hardcoding it in the scripts would make the scripts dangerous to run locally. Using 
--yes
outside of the script’s context doesn’t make it clear where that argument is going. For example, we have npm scripts called 
deploy
but they might not all use Pulumi. Running 
npm deploy -- --yes
for all packages isn’t right since not all deploy scripts will expect that argument
We could definitely write some bash scripts that check for an env var and add 
--yes
for us, but then we would have to do that for every Pulumi script and we would basically be implementing the feature we’re asking for ourselves. So I was just wondering if it could be provided by the CLI out of the box 🙂
c
Seems more like it should be in your script to do this. The change was explicitly done so that if you are in a non-interactive environment, it didn’t auto apply.
I would probably make your script check for the 
CI
env var, and if set, apply 
--yes
.
As most CI systems set 
CI
.
p
It’s not very ergonomic to have to wrap every call to 
pulumi up
with this logic. Wouldn’t you agree that having some sort of environment variable would help?
c
Personally no since I would want it to be explicit in the command.
I’m not related to the pulumi project though, maybe they feel otherwise, but I doubt it.
p
For example, instead of having 
"deploy": "pulumi up"
, we would need to do 
"deploy": "if [ \"PULUMI_NON_INTERACTIVE\" = true ]; then pulumi up --yes; else pulumi up; fi"
One would have to do this everywhere, and in a large monorepo doing multiple projects per deployment this is very error prone
But yeah, I agree it’s a matter of personal opinion. I also agree with the decision of making it explicit and not just doing it by default in CI. At the same time, though, having a way to opt into that behavior might not be that bad? What are your thoughts on this @white-balloon-205?
w
As noted above - the motivation for this change was to fix a real risk of accidentally auto-accepting an update. I do think this was worth addressing. In general, it does seem in general you will want different commands to execute for "non-interactive" vs. "interactive" workflows. For the former, you will want 
--yes
or 
--skip-preview
. For the latter you will want the interactive review workflow. Can you give more detail on why you want a single 
pulumi up
command in scripts that covers both of these scenarios?
c
For example, I’d just do a 
deploy:ci
script and then you don’t have to worry about it.
p
We have a monorepo managed by Lerna and Yarn workspaces. The way we make a package “deployable” is by having a 
deploy
script in package.json. We were just trying to reuse the exact same scripts during CI while having any interactive requirements turned off. We could have scripts with conditional logic or have separate scripts as @cool-egg-852 just suggested and all this would be fine. It just would mean that now we have two sources of truth as far as deployment scripts go. This is not a big issue, really just a small QoL change.
@white-balloon-205, I agree that removing the accidental auto update is very important. What I’m suggesting is adding the global auto update as an opt in. Maybe that’s not a good idea though
w
What I’m suggesting is adding the global auto update as an opt in.
Curious what you'd want that to look like? An env var perhaps?
p
Yup, maybe something like 
PULUMI_NON_INTERACTIVE=1
?
And then that could be easily added to the CI configuration
w
Yeah - I think that's a reasonable thing to consider adding. Want to open an issue to suggest it?
c
I wouldn’t call it that, because it isn’t explicit in what it does. It simply implies it is non-interactive, which is exactly where this change was made. Instead, maybe 
PULUMI_ALWAYS_YES=1
p
Yeah, perhaps that name is more appropriate
I’ll open the issue @white-balloon-205
@cool-egg-852, you seem to have some thoughts on this so I welcome your feedback in the issue 🙂
c
The ALWAYS_YES part makes sense to me. The other name doesn’t. But the idea makes sense if it helps your needs.
👍 1
Open in Slack
PreviousNext
Powered by