This repository contains the source for Pulumi's official Docker images. Pulumi publishes and supports the following images:
pulumi/pulumi
: A "kitchen sink" image that includes the Pulumi CLI and all supported SDKs (Golang, Python, Node, Dotnet, Java).pulumi/pulumi-base
: A slim image that contains the Pulumi CLI, but no SDK(s).pulumi/pulumi-go
: A slim image that contains the Pulumi CLI along with the Golang Pulumi SDK.pulumi/pulumi-python
: A slim image that contains the Pulumi CLI along with the Python runtime and Pulumi SDK.pulumi/pulumi-nodejs
: A slim image that contains the Pulumi CLI along with the Node runtime and Pulumi SDK and is suitable for both TypeScript and JavaScript development.pulumi/pulumi-dotnet
: A slim image that contains the Pulumi CLI along with the .NET runtime and Pulumi SDK.pulumi/pulumi-java
: A slim image that contains the Pulumi CLI along with the Java runtime and Pulumi SDK.
Tags on each image match the installed version of Pulumi. The latest
tag matches the latest production version of Pulumi.
The base and SDK-specific images are considerably smaller than the combined pulumi/pulumi
container (100 to 150 MB, compared to ~1 GB for the combined image, depending on the base OS).
Each of the images described above (except the full pulumi/pulumi
image) are built on a matrix of the following base images and platforms:
- debian/debian:11-slim, (AKA "bullseye") tagged with the following suffixes:
-debian-amd64
: Image manifest for thelinux/amd64
platform.-debian-arm64
: Image manifest for thelinux/arm64
platform.-debian
: Manifest list of-debian-amd64
and-debian-arm64
. Executingdocker pull
against this tag will grab the appropriate image for the supported platform you are currently running, and thus should be the default choice.
- redhat/ubi8-minimal, tagged with a suffix of
-ubi
. UBI images usemicrodnf
as a package manager instead of yum to minimize the size of the image. We currently only supportlinux/amd64
for our UBI SDK images.
Images with no suffix tag are identical to the corresponding -debian
tag.
Images are pushed to:
Images are scanned nightly for vulnerabilities. Results are checked periodically for issues that can be remediated (best effort), however there are some issues over which we have no control, e.g. vulnerabilities in base images for which there is no known remediation.
In order to try and keep the images flexible and try to meet as many use cases as possible, none of these images have CMD
or entrypoint set, so you'll need to specify the commands you want to run, for example:
docker run -e PULUMI_ACCESS_TOKEN=<TOKEN> -v "$(pwd)":/pulumi/projects $IMG /bin/bash -c "npm ci && pulumi preview -s <stackname>"
The base and SDK images do not include additional tools you might want to use when running a Pulumi provider. For example, if you're using the pulumi-kubernetes provider with Helm, you'll need to use these images as a base image, and install helm
as part of your CI setup.
The images in this repository are released automatically as part of the release process for the pulumi
CLI. You can expect new minor releases roughly every other week, with patch releases more frequently as necessary.
The image tags for each image in this repository mirror the git tags on the pulumi
CLI. Thus, when pulumi v3.35.1
is released, you will find a corresponding Docker image pulumi/pulumi:3.35.1
in DockerHub, ECR, and GHCR.