From 6603868c2fe7af53677f48aa54daf06cde9c9e0c Mon Sep 17 00:00:00 2001 From: James Denyer Date: Thu, 3 Oct 2024 13:39:11 -0700 Subject: [PATCH 1/2] new bitbucket guide --- .../continuous-delivery/bitbucket.md | 108 ++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 content/docs/iac/packages-and-automation/continuous-delivery/bitbucket.md diff --git a/content/docs/iac/packages-and-automation/continuous-delivery/bitbucket.md b/content/docs/iac/packages-and-automation/continuous-delivery/bitbucket.md new file mode 100644 index 000000000000..763cde755f45 --- /dev/null +++ b/content/docs/iac/packages-and-automation/continuous-delivery/bitbucket.md @@ -0,0 +1,108 @@ +--- +title_tag: "Using Bitbucket Pipelines | CI/CD" +meta_desc: This page details how to use Bitbucket Pipelines to manage deploying staging and production stacks based on commits to specific Git branches. +title: Bitbucket Pipelines +h1: Pulumi CI/CD & Bitbucket +meta_image: /images/docs/meta-images/docs-meta.png +menu: + iac: + name: Bitbucket Pipelines + parent: iac-packages-automation-cicd + weight: 2 + usingpulumi: + parent: cont_delivery + weight: 1 + +--- + +[Bitbucket Pipelines](https://support.atlassian.com/bitbucket-cloud/docs/get-started-with-bitbucket-pipelines/) is an CI/CD service built into Bitbucket Cloud. It allows you to build, test, and deploy your code automatically to your Pulumi staging and production stacks based on commits to specific Git branches. + +This guide provides examples for integrating Bitbucket Pipelines with a [Pulumi AWS TypeScript project](/docs/iac/get-started/), but the outlined steps can be adapted for other projects in your favorite language. + +## Prerequisites + +- Sign up for a [Pulumi account](https://app.pulumi.com) +- Create a [Pulumi Access Token](https://app.pulumi.com/account/tokens) +- Install the [latest Pulumi CLI](/docs/install/) +- Create a [Bitbucket account](bitbucket.org) with Pipelines enabled +- Create a [new Bitbucket repository](https://support.atlassian.com/bitbucket-cloud/docs/create-a-git-repository/), and ensure you do not initialize it with a README + +- Create a [new Pulumi project](https://www.pulumi.com/learn/pulumi-fundamentals/create-a-pulumi-project/) and [initialize it as a git repository](https://git-scm.com/docs/git-init) + +## Setting up environment variables + +To use Pulumi within Bitbucket Pipelines, there are a few environment variables you'll need to set. + +The first is `PULUMI_ACCESS_TOKEN`, which is required to authenticate with Pulumi in order to +perform the `preview` or `update`. + +Next, you will need to set environment variables specific to your cloud resource provider. +For example, if your stack is managing resources on AWS, you will need to set `AWS_ACCESS_KEY_ID` and +`AWS_SECRET_ACCESS_KEY`. + +{{% notes type="info" %}} + +Add these variables in Bitbucket to your **Repository settings > Repository variables**, ensuring you click on the **Secured** checkbox, as is a security best practice to mark any sensitive variables as protected in Bitbucket. You can learn more about how to protect environment variables by referencing their [variables and secrets](https://support.atlassian.com/bitbucket-cloud/docs/variables-and-secrets/) documentation. + +{{% /notes %}} + +## Bitbucket pipeline configuration + +In Bitbucket, a CI/CD pipeline is defined in a yaml file labeled `.bitbucket-pipelines.yml`. This file must exist in the root of your repository and defines how Bitbucket Pipelines will build and deploy your Pulumi stack. + +Here's an example configuration: + +```yaml +# This is an example Bitbucket starter pipeline configuration +# Use a skeleton to build, test and deploy using manual and parallel steps +# ----- +# You can specify a custom docker image from Docker Hub as your build environment. + +image: atlassian/default-image:4 + +pipelines: + pull-requests: + '**': + - step: + script: + - if [ "${BITBUCKET_PR_DESTINATION_BRANCH}" != "main" ]; then printf 'target branch not main, skipping preview'; exit; fi + - step: + name: 'Run Pulumi Preview' + image: pulumi/pulumi-nodejs:latest + script: + - npm ci + - pulumi login + - pulumi stack select $STACK + - pulumi preview + + branches: + main: + - step: + name: 'Run Pulumi Up' + image: pulumi/pulumi-nodejs:latest + script: + - npm ci + - pulumi login + - pulumi stack select $STACK + - pulumi up --yes + +``` + +When working with Pulumi in Bitbucket Pipelines with Pulumi, you will need to specify when certain actions, like previews, are run. + +```yaml +'**': + - step: + script: + - if [ "${BITBUCKET_PR_DESTINATION_BRANCH}" != "main" ]; then printf 'target branch not main, skipping preview'; exit; fi +'**': + - step: + script: + - if [ "${BITBUCKET_PR_DESTINATION_BRANCH}" != "main" ]; then printf 'target branch not main, skipping preview'; exit; fi +``` + +This step and script ensures that the following Pulumi preview step only runs if the pull request is targeting the main branch. This avoids unnecessary previews for pull requests to other branches. + +## Running the pipeline + +Once the `.bitbucket-pipelines.yml` is committed, each push to the repository will trigger the pipeline, automating the deployment of your infrastructure. You can monitor the pipeline status in the **Pipelines** tab in Bitbucket. From 63f30a11c691b043075e19a3ebe12c0b257deb74 Mon Sep 17 00:00:00 2001 From: James Denyer Date: Thu, 3 Oct 2024 14:26:18 -0700 Subject: [PATCH 2/2] adding bitbucket logo to hub page, fixing some new url paths --- .../continuous-delivery/_index.md | 48 ++++++++++--------- static/logos/tech/ci-cd/bitbucket.svg | 26 ++++++++++ 2 files changed, 52 insertions(+), 22 deletions(-) create mode 100644 static/logos/tech/ci-cd/bitbucket.svg diff --git a/content/docs/iac/packages-and-automation/continuous-delivery/_index.md b/content/docs/iac/packages-and-automation/continuous-delivery/_index.md index 4ac67adb703a..ce99a81626f0 100644 --- a/content/docs/iac/packages-and-automation/continuous-delivery/_index.md +++ b/content/docs/iac/packages-and-automation/continuous-delivery/_index.md @@ -27,44 +27,44 @@ process that you have today. For example, doing code reviews via Pull Requests, analysis tools, and running unit and integration tests as appropriate. It all "just works" for your cloud infrastructure the same way it would for your application code. -Pulumi can easily integrate into any continuous integration/continuous delivery (CI/CD) system. If your CI/CD system isn't listed below or you are testing something new, see [adding support for CI/CD systems](/docs/using-pulumi/continuous-delivery/add-support-for-cicd-systems). +Pulumi can easily integrate into any continuous integration/continuous delivery (CI/CD) system. If your CI/CD system isn't listed below, or you are testing something new, see [adding support for CI/CD systems](/docs/iac/packages-and-automation/add-support-for-cicd-systems). -> Looking to troubleshoot failures related to running Pulumi in CI/CD? Check out our [CI/CD troubleshooting guide](/docs/using-pulumi/continuous-delivery/troubleshooting-guide). +> Looking to troubleshoot failures related to running Pulumi in CI/CD? Check out our [CI/CD troubleshooting guide](/docs/iac/packages-and-automation/troubleshooting-guide).
- + AWS Code Services

AWS Code Services

 - + Azure DevOps

Azure DevOps

 - + CircleCI

CircleCI

 - + Codefresh

Codefresh

 - + GitHub Actions

GitHub Actions

 - + GitLab CI

GitLab CI

 - + Google Cloud Build

Google Cloud Build

 - + Jenkins

Jenkins

 - + Octopus Deploy

Octopus Deploy

 @@ -72,28 +72,32 @@ Pulumi can easily integrate into any continuous integration/continuous delivery Pulumi Deployments

Pulumi Deployments

- + Pulumi Kubernetes Operator

Pulumi Kubernetes Operator

 - + JetBrains TeamCity

JetBrains TeamCity

 - }}"> + }}"> Spinnaker

Spinnaker

 - + TravisCI

TravisCI

 + + Bitbucket +

Bitbucket

+
> Pulumi can also bridge results from your CI/CD system with GitHub, surfacing the results of stack updates -> on GitHub pull requests. See the [Pulumi GitHub App](/docs/using-pulumi/continuous-delivery/github-app/) for more information. +> on GitHub pull requests. See the [Pulumi GitHub App](/docs/iac/packages-and-automation/continuous-delivery/github-app/) for more information. -### Configuration and Secrets +### Configuration and secrets Pulumi is designed to be entirely code-centric, including the way in which configuration and secrets are managed. Configuration values and secrets are stored safely inside of `Pulumi.yaml` files, which you will commit. @@ -103,18 +107,18 @@ Secret configuration values are encrypted on [app.pulumi.com](https://app.pulumi source code repository. But you can use your own secrets provider, ensuring that only you have access to your sensitive information. See [Managing Secrets with Pulumi](/blog/managing-secrets-with-pulumi/) for more information. -### Managing Complex Environments +### Managing complex environments Most real-world environments are complex. Perhaps you have a networking stack that's independent from your data -and application stacks. Pulumi [supports "stack references"](/docs/guides/organizing-projects-stacks), which +and application stacks. Pulumi [supports "stack references"](/docs/iac/guides/organizing-projects-stacks), which permit one stack to depend upon another. This facilitates continuous delivery and integration at scale. -### Using Branches for Environments +### Using branches for environments Pulumi is agnostic to what sort of branching strategy you take. Most customers use Git-based flows; the most common is -to use one branch-per-[stack](/docs/concepts/stack/). This allows you to control deployments to environments +to use one branch-per-[stack](/docs/iac/concepts/stack/). This allows you to control deployments to environments using your usual commit, code review, and approval process, such as GitHub pull requests. If you are using GitHub pull requests to trigger updates, you will likely want to use the -[Pulumi GitHub App](/docs/using-pulumi/continuous-delivery/github-app/). This gives you interactive infrastructure change previews +[Pulumi GitHub App](/docs/iac/packages-and-automation/github-app/). This gives you interactive infrastructure change previews inside of your Pull Request, making it easier to see, review, and comment on any changes before a deployment occurs. diff --git a/static/logos/tech/ci-cd/bitbucket.svg b/static/logos/tech/ci-cd/bitbucket.svg new file mode 100644 index 000000000000..f179fa7ee596 --- /dev/null +++ b/static/logos/tech/ci-cd/bitbucket.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + +