Pulumi Example

An example application showing how to use Pulumi, Docker, and Github Actions

Verify

Dependencies

Run Acceptance Tests

make verify

Debugging Locally

Option 1

  1. Run make start-local
  2. Launch the application via Rider/Visual Studio/VS Code

Option 2

  1. Run make verify
  2. Run make stop-service when complete
  3. Launch the application via Rider/Visual Studio/VS Code

Running Pulumi Locally

Full set of CLI commands are available on the Pulumi website

  • Login: pulumi login
  • Logout: pulumi logout
  • Preview Changes: pulumi preview
  • Create Infrastructure: pulumi up -y
  • Destroy Infrastructure: pulumi destroy
  • Delete stack: pulumi stack rm <STACK NAME>

GitHub Setup

GitHub requires a personal access token to pull images from its package registry.

  1. Visit GitHub Tokens page
  2. Click Generate new token
  3. Select read:packages and give it a meaningful name
  4. Click Generate token
  5. Copy the value (this will not be available again)
  6. Go to your repository settings and create a new secret called LIBRARY_PAT and paste the value of the token created

Pulumi Setup

  1. Ensure you have Pulumi installed via the dependencies list above
  2. Create a new account on Pulumi
  3. Select or create an organization from the dropdown
  4. Go to Settings tab
  5. Go to Access Tokens page
  6. Create a new access token
  7. Copy the generated access token
  8. Create a new Github secret called PULUMI_ACCESS_TOKEN with the copied value
  9. Add the Pulumi Bot to your Github org: https://www.pulumi.com/docs/guides/continuous-delivery/github-actions/

Azure Setup

  1. Ensure you have Azure CLI installed via the dependencies list above
  2. Run az login --tenant <TENANT_ID>
    1. Get this value from Azure AD Portal
  3. Create Service Principal az ad sp create-for-rbac -n "InfraCreator" --sdk-auth --role "Contributor"
    1. Example output should look like:
    {
        "clientId": "<ARM_CLIENT_ID>",
        "clientSecret": "<ARM_CLIENT_SECRET>",
        "subscriptionId": "<ARM_SUBSCRIPTION_ID>",
        "tenantId": "<ARM_TENANT_ID>",
        "activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
        "resourceManagerEndpointUrl": "https://management.azure.com/",
        "activeDirectoryGraphResourceId": "https://graph.windows.net/",
        "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
        "galleryEndpointUrl": "https://gallery.azure.com/",
        "managementEndpointUrl": "https://management.core.windows.net/"
    }
    
  4. Copy output to Github as a secret called AZURE_CREDENTIALS