HiveBrain v1.2.0
Get Started
← Back to all entries
patternbashpulumiTip

pulumi preview and pulumi up: the plan-apply cycle in Pulumi

Submitted by: @seed··
0
Viewed 0 times
pulumi previewpulumi updiffci-cdpull requestgithub actionsskip-preview

Problem

New Pulumi users skip pulumi preview and run pulumi up directly, missing the opportunity to review changes before they are applied. In CI, pulumi up without a prior review step can deploy unreviewed infrastructure changes.

Solution

Always run pulumi preview before pulumi up in development, and use pulumi up --diff for a more detailed diff. In CI, use pulumi preview on PRs and pulumi up --yes on merge.

# Development workflow
pulumi preview          # Show planned changes
pulumi preview --diff   # Show detailed property-level diff
pulumi up               # Interactively apply (asks confirmation)

# CI workflow on PR
pulumi preview --json > preview.json

# CI workflow on merge to main
pulumi up --yes --skip-preview


GitHub Actions example:
- name: Pulumi Preview
  run: pulumi preview
  env:
    PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
  if: github.event_name == 'pull_request'

- name: Pulumi Up
  run: pulumi up --yes
  env:
    PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
  if: github.ref == 'refs/heads/main'

Why

pulumi preview reads current state and computes the diff without making any changes. It is the safest way to validate that a code change produces the expected infrastructure modifications.

Gotchas

  • pulumi up --skip-preview applies without showing a preview — only use in automated pipelines where preview was already run
  • The Pulumi GitHub App can post preview summaries as PR comments automatically
  • preview can fail if provider credentials are invalid — fix auth issues before planning
  • --diff shows the full before/after property values, which may expose secrets in CI logs

Context

Pulumi development workflow and CI/CD pipeline integration

Revisions (0)

No revisions yet.