Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add pulumi to the project to start deploying infrastructure #290

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add pulumi to the project to start deploying infrastructure #290

wants to merge 1 commit into from

Conversation

iainlane
Copy link
Owner

@iainlane iainlane commented Jun 6, 2024

We're using Pulumi here to deploy two things

  • A Cloudfront distribution
  • An OIDC provider

This required a small amount of reconfiguration of the linters to allow for the slightly different settings that Pulumi requires.

We've added pulumi to the dev container so that it can be run from there.

We're also adding a GitHub Actions workflow to deploy the infrastructure when the code is pushed to the main branch, using the OIDC provider (which has been applied manually to bootstrap the process).

@iainlane iainlane force-pushed the iainlane/pulumi branch 13 times, most recently from 479511c to c6883b4 Compare June 7, 2024 19:59
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 7, 2024
edited
Loading

🍹 preview on coldoutsi.de/organization/coldoutsi.de/dev

Pulumi report 
Previewing update (dev):
@ previewing update...........

@ previewing update....
pulumi:pulumi:Stack coldoutsi.de-dev running 
@ previewing update.........
pulumi:providers:aws aws-us-east-1  
@ previewing update.....
aws:acm:Certificate dev-cert  
aws:route53:Zone zone  
aws-native:s3:Bucket requestLogs  
aws-native:cloudfront:CachePolicy coldoutsi.de-cache-policy  
aws:route53:Record dev-cert-validation  
aws-native:cloudfront:Distribution coldoutsi.de-dev  
aws:acm:CertificateValidation certificateValidation  
pulumi:pulumi:Stack coldoutsi.de-dev running read aws-native:kms:Alias stateBucketKey
aws-native:iam:OidcProvider github-oidc  
aws:route53:Record dns-dev.coldoutsi.de  
aws-native:iam:Role oidcRole  
aws-native:iam:RolePolicy cloudControlGetResourcesPolicy  
aws-native:s3:BucketPolicy stateBucketPolicy  
@ previewing update....
pulumi:pulumi:Stack coldoutsi.de-dev running read aws-native:kms:Alias stateBucketKey
pulumi:pulumi:Stack coldoutsi.de-dev running read aws-native:kms:Key stateBucketKey
aws-native:kms:Key stateBucketKey  warning: Can't import write-only properties: bypassPolicyLockoutSafetyCheck, pendingWindowInDays, rotationPeriodInDays
pulumi:pulumi:Stack coldoutsi.de-dev running read aws-native:kms:Key stateBucketKey
aws-native:iam:RolePolicy kmsReadOnlyPolicy  
@ previewing update....
aws-native:kms:Key stateBucketKey  1 warning
pulumi:pulumi:Stack coldoutsi.de-dev  
Diagnostics:
aws-native:kms:Key (stateBucketKey):
warning: Can't import write-only properties: bypassPolicyLockoutSafetyCheck, pendingWindowInDays, rotationPeriodInDays

Resources:
15 unchanged

@iainlane
Add pulumi to the project to start deploying infrastructure
0880121 
We're using Pulumi here to deploy two things

- A Cloudfront distribution
- An OIDC provider

This required a small amount of reconfiguration of the linters to allow for the
slightly different settings that Pulumi requires.

We've added pulumi to the dev container so that it can be run from there.

We're also adding a GitHub Actions workflow to deploy the infrastructure
when the code is pushed to the main branch, using the OIDC provider (which has
been applied manually to bootstrap the process).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@iainlane