Skip to content

Pulumi»

Info

Feature previews are subject to change, may contain bugs, and have not yet been refined based on real production usage.

On a high level, Pulumi has a very similar flow to OpenTofu/Terraform. It uses a state backend, provides dry run functionality, reconciles the actual world with the desired state. In this article we'll dive into how each of the concepts in Spacelift translates into working with Pulumi.

If you prefer hands-on learning, check out our quickstart guides for each Pulumi-supported runtime:

If you’re new to Pulumi, we recommend starting with Javascript—it’s the most user-friendly experience we’ve had with Pulumi. You can easily switch to other languages that compile to Javascript, like TypeScript or ClojureScript, later on.

The core concepts of Spacelift remain the same when using Pulumi. Below, we’ll cover some lower-level details that may be helpful.

Run Execution»

Initialization»

As described in Run Initializing, Pulumi initialization runs the following:

  • pulumi login with your configured login URL
  • pulumi stack select --create --select with your configured Pulumi stack name (set in vendor-specific settings, not the Spacelift Stack name)

After this, all pre-initialization hooks will run.

Planning»

We use pulumi preview --refresh --diff --show-replacement-steps to display planned changes.

Applying»

We use pulumi up --refresh --diff --show-replacement-steps to apply changes.

Additional CLI Arguments»

You can pass additional CLI arguments using the SPACELIFT_PULUMI_CLI_ARGS_preview, SPACELIFT_PULUMI_CLI_ARGS_up, and SPACELIFT_PULUMI_CLI_ARGS_destroy environment variables.

Policies»

Most policies don't change at all. The one that changes most is the plan policy. Instead of the OpenTofu/Terraform raw plan in the terraform field, you'll get a pulumi field with the raw Pulumi plan and the following schema:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
  "pulumi": {
    "steps": [
      {
        "new": {
          "custom": "boolean",
          "id": "string",
          "inputs": "object - input properties",
          "outputs": "object - output properties",
          "parent": "string - parent resource of this resource",
          "provider": "string - provider this resource comes from",
          "type": "string - resource type",
          "urn": "string - resource URN"
        },
        "old": {
          "custom": "boolean",
          "id": "string",
          "inputs": "object - input properties",
          "outputs": "object - output properties",
          "parent": "string - parent resource of this resource",
          "provider": "string - provider this resource comes from",
          "type": "string - resource type",
          "urn": "string - resource URN"
        },
        "op": "string - same, refresh, create, update, delete, create-replacement, or delete-replaced",
        "provider": "string - provider this resource comes from",
        "type": "string - resource type",
        "urn": "string - resource URN"
      }
    ]
  },
  "spacelift": {"...": "..."}
}

Pulumi secrets are detected and encoded as [secret] instead of showing the actual value. For this reason, no additional string sanitization is performed on Pulumi plans.

Limitations»

  • Spacelift module CI/CD is not available for Pulumi.
  • Import is not supported for Pulumi. Instead, you can run a task to import resources into your state.