Skip to content

Pulumi»

Info

Feature previews are subject to change, may contain bugs, and have not yet been refined based on real production usage.

At a high level, Pulumi works similarly to Terraform. It uses a state backend, supports dry runs, and reconciles the actual infrastructure with your desired state. In this article, we’ll explain how Spacelift concepts map to Pulumi workflows.

If you prefer hands-on learning, check out our quickstart guides for each Pulumi-supported runtime:

If you're new to Pulumi, we recommend starting with TypeScript—it provides a great developer experience with type safety and is widely supported across Pulumi's ecosystem.

The core concepts of Spacelift remain the same when using Pulumi. Below, we’ll cover some lower-level details that may be helpful.

Run Execution»

Initialization»

As described in Run Initializing, Pulumi initialization runs the following:

  • pulumi login with your configured login URL
  • pulumi stack select --create --select with your configured Pulumi stack name (set in vendor-specific settings, not the Spacelift Stack name)

After this, all pre-initialization hooks will run.

Planning»

We use pulumi preview --refresh --diff --show-replacement-steps to display planned changes.

Applying»

We use pulumi up --refresh --diff --show-replacement-steps to apply changes.

Additional CLI Arguments»

You can pass additional CLI arguments using the SPACELIFT_PULUMI_CLI_ARGS_preview, SPACELIFT_PULUMI_CLI_ARGS_up, and SPACELIFT_PULUMI_CLI_ARGS_destroy environment variables.

Policies»

Most policies remain unchanged. The main difference is with the plan policy. Instead of a raw Terraform plan in the terraform field, you’ll receive a pulumi field containing the raw Pulumi plan, following this schema:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
  "pulumi": {
    "steps": [
      {
        "new": {
          "custom": "boolean",
          "id": "string",
          "inputs": "object - input properties",
          "outputs": "object - output properties",
          "parent": "string - parent resource of this resource",
          "provider": "string - provider this resource comes from",
          "type": "string - resource type",
          "urn": "string - resource URN"
        },
        "old": {
          "custom": "boolean",
          "id": "string",
          "inputs": "object - input properties",
          "outputs": "object - output properties",
          "parent": "string - parent resource of this resource",
          "provider": "string - provider this resource comes from",
          "type": "string - resource type",
          "urn": "string - resource URN"
        },
        "op": "string - same, refresh, create, update, delete, create-replacement, or delete-replaced",
        "provider": "string - provider this resource comes from",
        "type": "string - resource type",
        "urn": "string - resource URN"
      }
    ]
  },
  "spacelift": {"...": "..."}
}

Pulumi secrets are detected and encoded as [secret] instead of showing the actual value. For this reason, no additional string sanitization is performed on Pulumi plans.

Limitations»

  • Spacelift module CI/CD is not available for Pulumi.
  • Import is not supported for Pulumi. Instead, you can run a task to import resources into your state.