No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi,

I'm trying to make some checks for configuration drift. I've got a folder which imports a set of resources and generates a `pulumi preview --json` output from them. I'm struggling to get this output to be deterministic. Each time I generate it, the resources are in a different order.

Is there a way around this?

FWIW my code is here:

<https://github.com/cucumber/github-settings/blob/main/.github/workflows/drift.yaml>

Here's the makefile: <https://github.com/cucumber/github-settings/blob/main/Makefile>

It does three stages:

1. go to GitHub's API to fetch the resources, and format them into a shape that `pulumi import` can read (in `import/resources`)
2. use `pulumi import` to generate TypeScript files for each resource type (in `import/src`)
3. run a `pulumi preview` on the TypeScript files to parse them into a summary output.
If there's a simpler way to do this I'd love to hear about it!

Can you leverage `jq` and its sort capabilities?

Yeah, that's going to be my next port of call, I just wondered if  there was a pattern for doing this kind of thing in Pulumi itself. It seems like checking for drift would be a fairly common problem.

No, pretty rare :slightly_smiling_face: I've never checked for drift. Pulumi manages that for me.

Any time drift gets detected manually, we have a little blameless post-mortem and put effort into reducing the risk of it happening again.

You mean because you just never touch the stuff manually?

In this instance we're managing GitHub settings, so the likelyhood of drift is pretty high.