actions icon indicating copy to clipboard operation
actions copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Support for Stack Tags

Open nstires-ctgx opened this issue 2 years ago • 4 comments

Hello!

When spinning up new stacks via GH Actions, we should be able to specify a list of tags to apply similar to config-map:

- uses: pulumi/actions@v4
  with:
    command: up
    stack-name: acme-org/${{ env.PROJECT_ALIAS }}
    work-dir: init
    upsert: true
    config-map: "{
      argoDefaultRole: {value: ${{ vars.ARGO_DEFAULT_ROLE }}, secret: false},
      environment: {value: ${{ inputs.environment }}, secret: false},
      helmBranch: {value: ${{ vars.HELM_BRANCH }}, secret: false},
      region: {value: ${{ env.REGION }}, secret: false},
      projectId: {value: ${{ env.PROJECT_ALIAS }}, secret: false},
      projectFolder: {value: ${{ vars.GCP_PROJECT_FOLDER }}, secret: false},
      subdomain: {value: ${{ env.SUBDOMAIN }}, secret: false}
      }"
    stack-tags: "{
      cloud: gcp,
      environment: ${{ inputs.environment }},
      partition: ${{ env.PROJECT_ALIAS }},
      type: kubernetes
      }"
  env:
    PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ADMIN }}
  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

We're adopting stack tags to manage the growing number of stacks deployed. Being able to populate these alongside the deployment is ideal.

Affected area/feature

Pulumi Service

nstires-ctgx avatar Sep 20 '23 17:09 nstires-ctgx

You can do this just via configMap, there's a config key "pulumi:tags" that the engine will pick up to set stack tags with. https://www.pulumi.com/docs/concepts/config/

Frassle avatar Sep 20 '23 19:09 Frassle

Not having any luck with this, tried a couple different methods:

- uses: pulumi/actions@v4
  with:
    command: up
    stack-name: acme-team/${{ env.PROJECT_ALIAS }}
    work-dir: init
    upsert: true
    config-map: "{
      argoDefaultRole: {value: ${{ vars.ARGO_DEFAULT_ROLE }}, secret: false},
      environment: {value: ${{ inputs.environment }}, secret: false},
      helmBranch: {value: ${{ vars.HELM_BRANCH }}, secret: false},
      region: {value: ${{ env.REGION }}, secret: false},
      projectId: {value: ${{ env.PROJECT_ALIAS }}, secret: false},
      projectFolder: {value: ${{ vars.GCP_PROJECT_FOLDER }}, secret: false},
      subdomain: {value: ${{ env.SUBDOMAIN }}, secret: false}
      pulumi:tags:environment: {value: ${{ inputs.environment }}, secret: false},
      pulumi:tags:partition: {value: ${{ env.PROJECT_ALIAS }}, secret: false},
      pulumi:tags:type: {value: ${{ inputs.cloud }}, secret: false}
      }"
  env:
    PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ADMIN }}

Gives error: error: invalid configuration key: could not parse pulumi:tags:environment as a configuration key (configuration keys should be of the form '<namespace>:<name>')

- uses: pulumi/actions@v4
  with:
    command: up
    stack-name: acme-team/${{ env.PROJECT_ALIAS }}
    work-dir: init
    upsert: true
    config-map: "{
      argoDefaultRole: {value: ${{ vars.ARGO_DEFAULT_ROLE }}, secret: false},
      environment: {value: ${{ inputs.environment }}, secret: false},
      helmBranch: {value: ${{ vars.HELM_BRANCH }}, secret: false},
      region: {value: ${{ env.REGION }}, secret: false},
      projectId: {value: ${{ env.PROJECT_ALIAS }}, secret: false},
      projectFolder: {value: ${{ vars.GCP_PROJECT_FOLDER }}, secret: false},
      subdomain: {value: ${{ env.SUBDOMAIN }}, secret: false}
      pulumi:tags: {
        environment: {value: ${{ inputs.environment }}, secret: false},
        partition: {value: ${{ env.PROJECT_ALIAS }}, secret: false},
        type: {value: ${{ inputs.cloud }}, secret: false}
      }
      }"
  env:
    PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ADMIN }}

Gives error: error: getting stack tags: pulumi:tags must be an object of strings Same with:

  config-map: "{
      argoDefaultRole: {value: ${{ vars.ARGO_DEFAULT_ROLE }}, secret: false},
      environment: {value: ${{ inputs.environment }}, secret: false},
      helmBranch: {value: ${{ vars.HELM_BRANCH }}, secret: false},
      region: {value: ${{ env.REGION }}, secret: false},
      projectId: {value: ${{ env.PROJECT_ALIAS }}, secret: false},
      projectFolder: {value: ${{ vars.GCP_PROJECT_FOLDER }}, secret: false},
      subdomain: {value: ${{ env.SUBDOMAIN }}, secret: false}
      pulumi:tags: {
        environment: ${{ inputs.environment }},
        partition: ${{ env.PROJECT_ALIAS }},
        type: ${{ inputs.cloud }}
      }
      }"

nstires-ctgx avatar Sep 20 '23 21:09 nstires-ctgx

pulumi:tags must be an object of strings

tags has probably stricter validation than needed, but it won't accept bools or numbers currently. So if inputs.cloud is resolving to "true", yaml will parse that as a bool not a string and tags will reject it. Wrapping things in double quotes will tell the yaml parser that this really should be a string.

Frassle avatar Oct 04 '23 07:10 Frassle

pulumi:tags must be an object of strings

tags has probably stricter validation than needed, but it won't accept bools or numbers currently. So if inputs.cloud is resolving to "true", yaml will parse that as a bool not a string and tags will reject it. Wrapping things in double quotes will tell the yaml parser that this really should be a string.

Can you provide an example of what this should look like?

nstires-ctgx avatar Oct 04 '23 19:10 nstires-ctgx