GitHub Actions with .NET, Part 4 - Building an S3 bucket with Pulumi

Full source code available here.

This is a small post showing how to create an AWS S3 bucket using GitHub Actions and Pulumi, and in the next post I’ll show how to use GitHub Actions to deploy an artifact from GitHub Actions to that S3 bucket.

This post and the next are a pair, one using Actions to build the infrastructure, and the next using Actions to leverage the built infrastructure.

The Basics

You need a GitHub account, a Pulumi account, and an AWS account. AWS offers a free tier, this is something I discussed with Martin Beeby on a podcast we made.

GitHub Secrets

Once you have the required accounts, generate tokens for GitHub to access AWS and Pulumi.

In your repository, go to Settings, then Secrets. Add the below secrets.

That’s all on the secrets side.

The Pulumi Stack

I’ve written a few posts about Pulumi, they should get you going if you have never used it before.

This stack setups up a single S3 bucket, nothing more. It does NOT lockdown access to it, files you upload will be available publicly. If you want to see how to block public access to the bucket see this post.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
using Pulumi;
using S3 = Pulumi.Aws.S3;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        // Create an AWS resource (S3 Bucket)
        string resource_prefix = "PulumiGitHubAction";

        var s3Bucket = new S3.Bucket($"{resource_prefix}_S3Bucket", new S3.BucketArgs
        {
            BucketName = "pulumi-github-action-s3-bucket-for-artifacts",
            Versioning = new Aws.S3.Inputs.BucketVersioningArgs
            {
                Enabled = true,
            },
        });

        // Export the name of the bucket
        this.BucketName = s3Bucket.BucketName;
    }

    [Output]
    public Output<string> BucketName { get; set; }
}

The Workflow

To run GitHub Actions, a workflow file is needed. Add a .github/workflows directory.

Add the below file and name it with a .yaml extension. This will build the Pulumi binary, and run pulumi up, passing in the AWS credentials.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
name: Create S3 Bucket for Artifacts
on:
  push:
    branches: [ main ]
jobs:
  up:
    name: Pulumi up
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Setup .NET
        uses: actions/setup-dotnet@v1
        with:
          dotnet-version: 3.1.x
      - name: Restore dependencies
        run: dotnet restore
      - name: Build
        run: dotnet build --no-restore
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-region: ${{ secrets.AWS_REGION }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      - run: npm install
      - uses: pulumi/actions@v3.1.0
        with:
          command: up
          stack-name: dev
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

When this code is pushed to GitHub, the Action will kick-off. You should see output that looks like this.

Note lines 58 and 62, one bucket created.

And in AWS, here is the bucket.

Full source code available here.

comments powered by Disqus

Related