Home

Awesome

Pulumi GitHub Actions

Pulumi's GitHub Actions deploy apps and infrastructure to your cloud of choice, using just your favorite language and GitHub. This includes previewing, validating, and collaborating on proposed deployments in the context of Pull Requests, and triggering deployments or promotions between different environments by merging or directly committing code.

Getting Started

name: Pulumi
on:
  push:
    branches:
      - main
jobs:
  up:
    name: Preview
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: pulumi/actions@v6
        with:
          command: preview
          stack-name: org-name/stack-name
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

This will check out the existing directory and run pulumi preview.

Configuration

The action can be configured with the following arguments:

Extra options

By default, this action will try to authenticate Pulumi with Pulumi Cloud. If you have not specified a PULUMI_ACCESS_TOKEN then you will need to specify an alternative backend via the cloud-url argument.

Installation Only

If you want to only install the Pulumi CLI, omit the command field of the action.

- uses: pulumi/actions@v6

This will install Pulumi and exit without performing any other operations.

Stack Outputs

Stack outputs are available when using this action. When creating a stack as follows:

package main

import (
	random "github.com/pulumi/pulumi-random/sdk/v2/go/random"
	"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		p, err := random.NewRandomPet(ctx, "my-user-name", &random.RandomPetArgs{})
		if err != nil {
			return err
		}
		ctx.Export("pet-name", p)
		return nil
	})
}

We can see that pet-name is an output. To get the value of this output in the action, we would use code similar to the following:

- uses: pulumi/actions@v6
  id: pulumi
  env:
    PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
  with:
    command: up
    cloud-url: gs://my-bucket
    stack-name: org-name/stack-name
- run: echo "My pet name is ${{ steps.pulumi.outputs.pet-name }}"

the pet-name is available as a named output

Run echo "My pet name is pretty-finch"

Referencing Sensitive Values

We suggest that any sensitive environment variables be referenced using GitHub Secrets, and consuming them using the secrets attribute on your workflow's action.

Example workflows

The Pulumi GitHub action uses the Pulumi Automation API in order to coordinate the Pulumi operations. This means that there is no supporting functionality for npm or pip installs. This functionality should be deferred to the correct GitHub Marketplace actions that support it.

Release Cadence

As of v3.18, we are intending to move to a monthly cadence for minor releases. Minor releases will be published around the beginning of the month. We may cut a patch release instead, if the changes are small enough not to warrant a minor release. We will also cut patch releases periodically as needed to address bugs.

Migrating from v5

v6 of the Pulumi Action updates the behavior of the refresh option. Previously, if refresh was true, the action would run pulumi refresh before the desired command. In v6, the pulumi up and pulumi preview commands will be run with the --refresh flag if refresh is true.

Migrating from v4

v5 of the Pulumi Action updates the NodeJS runtime from Node 16 to Node 20. Users of GitHub Enterprise will have to upgrade to v3.6 or newer. All other users are unaffected.

Migrating from v3

v4 of the Pulumi Action updates the NodeJS runtime from Node 12 to Node 16. Users of GitHub Enterprise will have to upgrade to v3.4 or newer. All other users are unaffected.

Migrating from GitHub Action v1 and v2

Here are some pointers when migrating from v1 to v2 of our GitHub Action.

- uses: actions/setup-node@v1
with:
  node-version: 14.x
- run: pip install -r requirements
  working-directory: infra