bweber/library-example

Pulumi Example

An example application showing how to use Pulumi, Docker, and Github Actions

Dependencies

• Docker
• Docker Compose
• .NET 6
• .NET EF Tools
• Azure CLI
• Pulumi

Run Acceptance Tests

make verify

Debugging Locally

Option 1

1. Run make start-local
2. Launch the application via Rider/Visual Studio/VS Code

Option 2

1. Run make verify
2. Run make stop-service when complete
3. Launch the application via Rider/Visual Studio/VS Code

Running Pulumi Locally

Full set of CLI commands are available on the Pulumi website

• Login: pulumi login
• Logout: pulumi logout
• Preview Changes: pulumi preview
• Create Infrastructure: pulumi up -y
• Destroy Infrastructure: pulumi destroy
• Delete stack: pulumi stack rm <STACK NAME>

GitHub Setup

GitHub requires a personal access token to pull images from its package registry.

1. Visit GitHub Tokens page
2. Click Generate new token
3. Select read:packages and give it a meaningful name
4. Click Generate token
5. Copy the value (this will not be available again)
6. Go to your repository settings and create a new secret called LIBRARY_PAT and paste the value of the token created

Pulumi Setup

1. Ensure you have Pulumi installed via the dependencies list above
2. Create a new account on Pulumi
3. Select or create an organization from the dropdown
4. Go to Settings tab
5. Go to Access Tokens page
6. Create a new access token
7. Copy the generated access token
8. Create a new Github secret called PULUMI_ACCESS_TOKEN with the copied value
9. Add the Pulumi Bot to your Github org: https://www.pulumi.com/docs/guides/continuous-delivery/github-actions/

Azure Setup

1. Ensure you have Azure CLI installed via the dependencies list above
2. Run az login --tenant <TENANT_ID>
   1. Get this value from Azure AD Portal
3. Create Service Principal az ad sp create-for-rbac -n "InfraCreator" --sdk-auth --role "Contributor"
   1. Example output should look like:

   {
       "clientId": "<ARM_CLIENT_ID>",
       "clientSecret": "<ARM_CLIENT_SECRET>",
       "subscriptionId": "<ARM_SUBSCRIPTION_ID>",
       "tenantId": "<ARM_TENANT_ID>",
       "activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
       "resourceManagerEndpointUrl": "https://management.azure.com/",
       "activeDirectoryGraphResourceId": "https://graph.windows.net/",
       "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
       "galleryEndpointUrl": "https://gallery.azure.com/",
       "managementEndpointUrl": "https://management.core.windows.net/"
   }
   

4. Copy output to Github as a secret called AZURE_CREDENTIALS