justinvp
commented
8 months ago there is a bit of friction in getting those providers downloaded where they are needed, such as the deployment agents
Can you provide more details on the friction?
Open MMartyn opened 8 months ago
justinvp
commented
8 months ago there is a bit of friction in getting those providers downloaded where they are needed, such as the deployment agents
Can you provide more details on the friction?
ringods
commented
8 months ago @MMartyn when building your providers, you can use the pluginDownloadUrl to point to a private location:
Here is an example from a non-Pulumi owned package, living in another Github organization: https://github.com/pulumiverse/pulumi-unifi/blob/main/provider/cmd/pulumi-resource-unifi/schema.json#L14
You can have private Github releases for the plugin binaries because Pulumi picks up the GITHUB_TOKEN to authenticate. Your SDKs can be published to a private registry like Artifactory or Nexus. Hope this already helps a bit.
MMartyn
commented
8 months ago there is a bit of friction in getting those providers downloaded where they are needed, such as the deployment agents
Can you provide more details on the friction?
Some of the friction is needing to have the consumers set up their GITHUB_TOKEN in order to pull the binaries and another would be needing to specify the providers explicitly in the stacks like so:
provider:
type: pulumi:providers:foo
defaultProvider: true
options:
version: "0.0.1"
pluginDownloadURL: github://api.github.com/org/fooYou can have private Github releases for the plugin binaries because Pulumi picks up the
GITHUB_TOKENto authenticate
Once, I set the download url on the provider, I see that the deployment agent was able to download the provider, so seems deployments are ok in this regard.
ringods
commented
8 months ago @MMartyn the need to set the pluginDownloadUrl when using Pulumi YAML is needed for any non-Pulumi owned package, public and private.
https://www.pulumi.com/docs/languages-sdks/yaml/yaml-language-reference/#resource-options
This is not needed for regular language SDKs as this url is integrated in the generated SDKs, for instance:
https://github.com/pulumiverse/pulumi-unifi/blob/main/sdk/nodejs/package.json#L27
MMartyn
commented
8 months ago The main pain point that pushed me to opening this was that it at first seemed like I would need to manually setup a GITHUB_TOKEN in the deployment agent for private providers to work. However, it ended up not being the case as the agent already had a token it could use to get the private provider (although it isn't clear to me how that mechanism works). So that said, the only remaining parts that I find a bit of a chore are ensuring users set up their GITHUB_TOKEN's and finding an appropriate place to host the SDKs.
Feel free to close this as my main issue ended up being fine.
raysango
commented
2 weeks ago I'm also using a private Github repo to host my provider, When I set the pluginDownloadURL to the artificat download url and set GITHUB_TOKEN I get a 404 HTTP error fetching plugin from https://github.com/{ORG}/{REPO}/releases/download/v1.3.1/pulumi-resource-vital-v1.3.1-darwin-amd64.tar.gz
ringods
commented
1 week ago @raysango did you leverage the explicit Github release support?
Can you verify that you can download the file using curl and a Personal Access Token?
Hello!
I am currently building internal MLC providers for my company and there is a bit of friction in getting those providers downloaded where they are needed, such as the deployment agents. It would be very beneficial if there were a mechanism built into Pulumi Cloud that would allow me to host those for the organization that the agents and cli would automatically understand how to download. I am thinking something along the lines of how Terraform Cloud allows you to have private modules.
Issue details
Affected area/feature
Pulumi Service