Skip to content

Elevating IaC Workflows with Spacelift Stacks and Dependencies 🛠️

Register for the July 23 demo →

Pulumi»

Info

Feature previews are subject to change, may contain bugs, and have not yet been ironed out based on real production usage.

On a high level, Pulumi has a very similar flow to Terraform. It uses a state backend, provides dry run functionality, reconciles the actual world with the desired state. In this article we'll dive into how each of the concepts in Spacelift translates into working with Pulumi.

However, if you're the type that prefers to start with doing, instead of reading too much, there are quickstarts for each of the runtimes supported by Pulumi:

In case you're just getting started with Pulumi, we'd recommend you to start with Javascript. Believe it or not, it's actually the most pleasant experience we had with Pulumi! Later you can also easily switch to languages which compile to Javascript, like TypeScript or ClojureScript.

The high level concepts of Spacelift don't change when used with Pulumi. Below, we'll cover a few lower level details, which may be of interest.

Run Execution»

Initialization»

Previously described in Run Initializing, in Pulumi the initialization will run:

  • pulumi login with your configured login URL
  • pulumi stack select --create --select with your configured Pulumi stack name (the one you set in vendor-specific settings, not the Spacelift Stack name)

It will then commence to run all pre-initialization hooks.

Planning»

We run pulumi preview --refresh --diff --show-replacement-steps in order to show planned changes.

Applying»

We run pulumi up --refresh --diff --show-replacement-steps in order to apply changes.

Additional CLI Arguments»

Passing additional CLI arguments can be done via the SPACELIFT_PULUMI_CLI_ARGS_preview, the SPACELIFT_PULUMI_CLI_ARGS_up and the SPACELIFT_PULUMI_CLI_ARGS_destroy environment variables.

Policies»

Most policies don't change at all. The one that changes most is the plan policy. Instead of the terraform raw plan in the terraform field, you'll get a pulumi field with the raw Pulumi plan and the following schema:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
  "pulumi": {
    "steps": [
      {
        "new": {
          "custom": "boolean",
          "id": "string",
          "inputs": "object - input properties",
          "outputs": "object - output properties",
          "parent": "string - parent resource of this resource",
          "provider": "string - provider this resource stems from",
          "type": "string - resource type",
          "urn": "string - urn of this resource"
        },
        "old": {
          "custom": "boolean",
          "id": "string",
          "inputs": "object - input properties",
          "outputs": "object - output properties",
          "parent": "string - parent resource of this resource",
          "provider": "string - provider this resource stems from",
          "type": "string - resource type",
          "urn": "string - urn of this resource"
        },
        "op": "string - same, refresh, create, update, delete, create-replacement or delete-replaced",
        "provider": "string - provider this resource stems from",
        "type": "string - resource type",
        "urn": "string - urn of this resource"
      }
    ]
  },
  "spacelift": {"...": "..."}
}

Pulumi secrets are detected and encoded as [secret] instead of the actual value, that's why there's no other string sanitization going on with Pulumi plans.

Modules»

Spacelift module CI/CD isn't currently available for Pulumi.