patternbashpulumiTip
pulumi preview and pulumi up: the plan-apply cycle in Pulumi
Viewed 0 times
pulumi previewpulumi updiffci-cdpull requestgithub actionsskip-preview
Problem
New Pulumi users skip
pulumi preview and run pulumi up directly, missing the opportunity to review changes before they are applied. In CI, pulumi up without a prior review step can deploy unreviewed infrastructure changes.Solution
Always run
GitHub Actions example:
pulumi preview before pulumi up in development, and use pulumi up --diff for a more detailed diff. In CI, use pulumi preview on PRs and pulumi up --yes on merge.# Development workflow
pulumi preview # Show planned changes
pulumi preview --diff # Show detailed property-level diff
pulumi up # Interactively apply (asks confirmation)
# CI workflow on PR
pulumi preview --json > preview.json
# CI workflow on merge to main
pulumi up --yes --skip-previewGitHub Actions example:
- name: Pulumi Preview
run: pulumi preview
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
if: github.event_name == 'pull_request'
- name: Pulumi Up
run: pulumi up --yes
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
if: github.ref == 'refs/heads/main'Why
pulumi preview reads current state and computes the diff without making any changes. It is the safest way to validate that a code change produces the expected infrastructure modifications.Gotchas
pulumi up --skip-previewapplies without showing a preview — only use in automated pipelines where preview was already run- The Pulumi GitHub App can post preview summaries as PR comments automatically
- preview can fail if provider credentials are invalid — fix auth issues before planning
--diffshows the full before/after property values, which may expose secrets in CI logs
Context
Pulumi development workflow and CI/CD pipeline integration
Revisions (0)
No revisions yet.