Document Deployments remediation process and behavior

[Copilot]

This PR adds comprehensive documentation for Pulumi Deployments remediation functionality, addressing the lack of detail about what happens when remediation runs.

Changes Made

Added new section: "Understanding Drift Remediation"

• Explains the technical process (pulumi up --refresh)
• Details the step-by-step remediation workflow:
  1. Refresh the state
  2. Compare with desired state
  3. Generate execution plan
  4. Apply changes
• Clarifies that remediation treats IaC as the authoritative source of truth

Added new section: "When Drift is Detected"

• Explains three response options when drift occurs:
  1. Remediate drift (restore to IaC state)
  2. Refresh (accept cloud changes)
  3. Manual review
• Provides guidance on choosing the appropriate approach

Enhanced existing content with cross-references

• Updated brief remediation mention to link to detailed documentation
• Added reference from auto-remediation configuration step

Added guidance sections

• When to use remediation vs alternatives
• Safety considerations and best practices
• Clear comparison between remediation and refresh operations

Why This Matters

Previously, the documentation only briefly mentioned that remediation "will run a pulumi up --refresh to treat the Pulumi program as the source of truth," but didn't explain what this actually means for users or what they can expect to happen to their infrastructure.

This documentation now provides:

• Clear understanding of the remediation process
• Guidance on when remediation is appropriate
• Safety considerations for production environments
• Technical details about the underlying operations

Fixes #15379.

[!WARNING]

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• cdn.cypress.io
  • Triggering command: /usr/local/bin/node index.js --exec install (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[meagancojocar]

Your section is more verbose than the rest of the page, format it to be the same style

[Copilot]

Your section is more verbose than the rest of the page, format it to be the same style

Condensed the verbose sections to match the page style. Replaced detailed explanations with concise bullet points and streamlined the content while preserving essential information. Commit 6066ed0.

[!WARNING]

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• cdn.cypress.io
  • Triggering command: /usr/local/bin/node index.js --exec install (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list

[meagancojocar]

don't change anything in the yarn.lock file and make it 2 paragraphs total, its still too verbose.

[Copilot]

don't change anything in the yarn.lock file and make it 2 paragraphs total, its still too verbose.

Condensed the content to exactly 2 paragraphs total and reverted the yarn.lock changes as requested. The documentation now provides essential information about drift remediation behavior in a concise format that matches the page style. Commit aa69c7f.

[!WARNING]

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• cdn.cypress.io
  • Triggering command: /usr/local/bin/node index.js --exec install (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list

[meagancojocar]

this is good but add back the explanation of what a remediation does

[Copilot]

this is good but add back the explanation of what a remediation does

Added back the explanation of what remediation does while keeping it concise. The documentation now includes the technical process: refreshing state, comparing with desired state, and generating/applying changes to align infrastructure with code. Commit 8674aae.

[!WARNING]

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• cdn.cypress.io
  • Triggering command: /usr/local/bin/node index.js --exec install (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list