Hi, this is maybe not pulumi specific, but I’m wondering what’s the best practice to deal with this: I have a project that will build docker images, push them to AWS ECR and then invoke a pulumi stack that does setup lambda functions with these images. How do you go about the “tagging” the images so that the

pulumi up

step will update the lambda function if a new image has been pushed? If I use “latest” as tag, it will not update, as pulumi does not detect any changes and lambda functions do not automatically pull in new images. Do you have any examples that you could point me to? I’d like to get an idea of the options & best practices here.

Not sure it's best practice and it was only for small scale docker things but I have in the past either used timestamps as tags, or skipped tags all together and just used the full image shas (If lambda supports that)

Yes, using the

shas

is what I want, maybe I wasn’t clear: Should I update the pulumi source code everytime I release a new image? This would make the build process somewhat strange, as the new images is built and pushed in the same repository just before calling pulumi. Or would I figure out the sha to use dynamically in the pulumi program?

I would not change source code. If you can work it out in the program that's probably nicest, but if thats not doable I would pass them in as config values.