This message was deleted.

Pulumi includes a

pulumi preview

command that allows you to just preview changes without applying them. You would have to look to your CI to find specific information on how to run that command at PI-time. You might want to use the pulumi docker images to run the command during the workflow of whatever equivalent you have to Gitlab runners/Github actions.

Yep, that's what we're trying. There's no way to apply that preview to an environment like how you can apply a tf plan is there? Otherwise is there a blessed way to compare previews? Otherwise, we'll probably end up writing our own utility to do that.

Not really sure what you're asking. if you like the preview changes you can just run

pulumi up --skip-preview

and now the previewed changes are executed.

So, in terraform, you can apply a plan to an environment directly. The workflow we adopted was: 1. terraform plan against dev (and staging and prod) during a pr 2. merge pr 3. terraform apply the plan generated in step 1 to dev (or staging or prod) The reason we did that was to ensure that if something went weird with the source during the pull request, or a resource drifted in the account, or whatever, the plan that we saw during the pr was exactly the plan that was executed during the apply. The way we're planning to achieve the same with pulumi is: 1. during PR, run pulumi preview against dev (and staging and prod) 2. save off the plan results somewhere (s3) 3. merge the PR 4. Have the pipeline stage for dev (or staging or prod) look up the preview result from earlier, run its own preview, diff the two, and if there is any drift, fail the deployment. Otherwise deploy

Now I see what you're asking for. You want a way to apply the specific preview run during the pull request in case of drift. I'm not sure if pulumi has that feature, but I don't work for them.

You can achieve it by ensuring the same git commit is used at both preview and up time.