michal/mcpctl
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore: fulldeploy uses bao-backed pulumi wrapper for drift check #68

Merged
michal merged 1 commits from chore/fulldeploy-pulumi-wrapper into main 2026-04-27 20:21:33 +00:00
Conversation 0 Commits 1 Files Changed 1 +10 -8

1 Commits

Author SHA1 Message Date
Michal
7f49294b36 chore(fulldeploy): use kubernetes-deployment/scripts/pulumi.sh wrapper
Some checks failed
CI/CD / lint (pull_request) Successful in 2m22s
Details
CI/CD / typecheck (pull_request) Successful in 2m57s
Details
CI/CD / test (pull_request) Failing after 4m36s
Details
CI/CD / smoke (pull_request) Has been skipped
Details
CI/CD / build (pull_request) Has been skipped
Details
CI/CD / publish (pull_request) Has been skipped
Details 
The pre-flight drift check now calls the bao-backed pulumi wrapper
that landed with the litellm key persistence work, so deploys no
longer need PULUMI_CONFIG_PASSPHRASE in .env or shell env. The
passphrase is fetched from OpenBao at runtime by the wrapper and
exec-passed to pulumi only — never touches the parent shell's
state.

Falls back to a clear warning if the wrapper isn't present (older
clone of kubernetes-deployment) instead of pretending to skip the
check silently.
 2026-04-27 19:14:36 +01:00