The Pulumiverse organization has some infrastructure to support its operation. This repository manages as much as possible of this setup using Pulumi IaC.
Status: Partially Automated
The Github provider doesn't contain the functionality to configure all of the organization level settings. The following settings are controlled manually as a result:
- Workflow permissions: default set to
Read repository contents permissioninstead ofRead and write permission
The following resources within the organization on Github is managed by Pulumi code:
- Teams
- Membership to organization and teams
- Repositories and team access
Each repository which publishes artifacts to package registries will get separate publishing tokens to the respective package registries.
Please read the documentation on Authoring & Publishing before continuing with the specifics below.
Notes:
-
Manually authoring a Pulumi schema file. The JSON schema file is used by
pulumi-gen-xyzto create language-specific SDKs. It is, therefore, a central requirement for any resource provider. Provider schemas can be handwritten, or alternatively machine-generated by combining API specification with pulumi-specific logic.When writing the schema by hand, it is helpful to associate the JSON schema in your IDE for completion or Intellisense features to work:
Visual Studio Code: the easiest option is to map the schema file in your User Settings which enables it for all your provider projects:
"json.schemas": [ { "fileMatch": [ "/provider/cmd/pulumi-*/schema.json" ], "url": "https://raw.githubusercontent.com/pulumi/pulumi/master/pkg/codegen/schema/pulumi.json" } ]This repository provides the xyz example schema to get you started. The AWS Native Provider schema provides a much larger example. Refer to the package schema documentation for additional details when writing the schema.
-
to use custom package names for Terraform bridge providers, please ensure you minimally use
github.com/pulumi/pulumi-terraform-bridge v3.21.0. -
when publishing plugin binaries for providers as Github releases, make sure your users are running Pulumi 3.35.3 or up. Make sure to set the plugin download URL consistently to
github://api.github.com/pulumiverse.In
schema.json, add a toplevel entry like this:"pluginDownloadURL": "github://api.github.com/pulumiverse",
When bridging a Terraform provider, add the following to
providers/resources.go:func Provider() tfbridge.ProviderInfo { ... // Create a Pulumi provider mapping prov := tfbridge.ProviderInfo{ ... // PluginDownloadURL is an optional URL used to download the Provider // for use in Pulumi programs PluginDownloadURL: "github://api.github.com/pulumiverse", ... } ... }
Status: Manual
All members of the Pulumiverse Governance Board receive admin/owner rights on
the pulumiverse organization on the NPM Registry.
Having this organization ensures we have the @pulumiverse/... package
namespace available and claimed.
We encourage all publishable artifacts to use this namespace. For Pulumi
packages, set the package name in the schema.json file:
{
...
"language": {
"nodejs": {
"packageName": "@pulumiverse/<package>",
...
}
}
}For a Terraform bridged provider, add this to resources.go:
func Provider() tfbridge.ProviderInfo {
...
// Create a Pulumi provider mapping
prov := tfbridge.ProviderInfo{
...
JavaScript: &tfbridge.JavaScriptInfo{
PackageName: "@pulumiverse/<package>",
...
},
...
}
...
}Status: Manual
Pypi doesn't have the notion of an organization or team account. A separate
user account pulumiverse is the owner of all Python packages published
under the Pulumiverse wings.
The credentials to access this user account are shared securely with the members of the Pulumi Governance Board.
We encourage all publishable artifacts to use the pulumiverse_ prefix.
For Pulumi packages, set the package name in the schema.json file:
{
...
"language": {
"python": {
"packageName": "pulumiverse_<package>",
...
}
}
}For a Terraform bridged provider, add this to resources.go:
func Provider() tfbridge.ProviderInfo {
...
// Create a Pulumi provider mapping
prov := tfbridge.ProviderInfo{
...
Python: &tfbridge.PythonInfo{
PackageName: "pulumiverse_<package>",
...
},
...
}
...
}Go doesn't have or need a central repository. The generated Go SDK for a Pulumi package must be committed into the Git repository and properly tagged.
To publish Go packages, the base import path must be set correctly in the
generated go.mod file.
For Pulumi packages, set the package name in the schema.json file:
{
...
"language": {
"go": {
"importBasePath": "github.com/pulumiverse/pulumi-<package>/sdk/go/<package>"
...
}
}
}For a Terraform bridged provider, add this to resources.go:
func Provider() tfbridge.ProviderInfo {
...
// Create a Pulumi provider mapping
prov := tfbridge.ProviderInfo{
...
Golang: &tfbridge.GolangInfo{
ImportBasePath: filepath.Join(
fmt.Sprintf("github.com/pulumiverse/pulumi-%[1]s/sdk/", mainPkg),
tfbridge.GetModuleMajorVersion(version.Version),
"go",
mainPkg,
),
...
},
...
}
...
}Nuget doesn't have the notion of an organization or team account. A separate
user account pulumiverse is the owner of all .NET packages published
under the Pulumiverse wings.
The credentials to access this user account are shared securely with the members of the Pulumi Governance Board.
To publish Nuget packages, the base namespace must be set correctly configured.
For Pulumi packages, set the namespace in the schema.json file:
{
...
"language": {
"csharp": {
"rootNamespace": "Pulumiverse",
...
}
}
}For a Terraform bridged provider, add this to resources.go:
func Provider() tfbridge.ProviderInfo {
...
// Create a Pulumi provider mapping
prov := tfbridge.ProviderInfo{
...
CSharp: &tfbridge.CSharpInfo{
RootNamespace: "Pulumiverse",
...
},
...
}
...
}Status: Manual
- DNS hosting of
pulumiverse.com
Status: Manual
Membership to https://app.pulumi.com/pulumiverse is managed manually, given there
currently is no Pulumi provider to their own platform. This is requested as
#18 and in development
according the public roadmap.
We will start using the provider once the first release becomes available.