https://pulumi.com
Join Slack
This message was deleted.
# general
s
This message was deleted.
b
hi! did you try setting a passphrase as per the message?
c
I don't have a passphrase, I created the stack with a KMS secrets provider
b
can you verify in the 
Pulumi.<stackname>.yaml
that it's set correctly? Can you also double check that the aws keys you're using in the action have access to that KMS key. I can't seem to repro this at the moment
c
Yes, my stack config is correct and has not changed. In local I can preview and up, without problem
Copy code
secretsprovider: <awskms://a26f6499-1234-1234-ba8e-asdasdasd?region=us-east-1>
encryptedkey: AQICAHhccp+(....)==
config:
  github:organization: some-org
Only thing i can think about is that I used the same kms for another project, but since in local it works i'm not sure if that is a problem
b
hmm this is quite strange, it's seemingly not detecting you're using a cloud secrets manager: https://github.com/pulumi/pulumi/blob/71910a1c52d3cd0b7b9a7b5a8b8d49089f75c5b2/pkg/cmd/pulumi/crypto.go#L56
can you try specifying the stack explicitly in the args with 
-s <stackname>
c
That arg is to the action? or to the pulumi cli?
b
on the action:
Copy code
with:
          args: preview -s <stackname>
c
Yeah, that fixed it, so seems like it is not identifying the stack properly. Having the other project with the same kms may have to do with that?
b
there's some stack detection logic in the action here: https://github.com/pulumi/pulumi/blob/master/dist/actions/entrypoint.sh#L52-L59 so i think this is expected, do you have multiple stacks in your project root?
c
Ohh yes, sorry, I thought it took it from the yaml file. But something still confuses me. Where does the 
.pulumi/ci.json
file comes from? On this project I only have one stack. But seems like if I use the same backed for different projects, all stacks appear 🤔
b
yeah your stacks can also be detected from the state file as well. You'd create the 
.pulumi/ci.json
yourself
c
any documentation about this file? what fields should it have? were else is it used?
Also i think there is still some buggy logic, from my understanding give the "wrong" config i had, it should have ended here: https://github.com/pulumi/pulumi/blob/master/dist/actions/entrypoint.sh#L63 Instead of not identifying the stack correctly and messing up the cloud secrets provider I think the problem is that here 
# If there's no stack mapping file, we are on master, and there's a single stack, use it.
we are assuming that case, instead of checking for it? Not sure if maybe I'm not getting the logic right, would like your feedback on that and I could open a PRs with some improvements there if that's the case
4 Views
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by