This repository contains the source for Pulumi's official Docker images. Pulumi publishes and supports the following images:
pulumi/pulumi: A "kitchen sink" image that includes the Pulumi CLI and all supported SDKs (Golang, Python, Node, Dotnet, Java).pulumi/pulumi-base: A slim image that contains the Pulumi CLI, but no SDK(s).pulumi/pulumi-go: A slim image that contains the Pulumi CLI along with the Golang Pulumi SDK.pulumi/pulumi-python: A slim image that contains the Pulumi CLI along with the Python runtime and Pulumi SDK.pulumi/pulumi-nodejs: A slim image that contains the Pulumi CLI along with the Node runtime and Pulumi SDK and is suitable for both TypeScript and JavaScript development.pulumi/pulumi-dotnet: A slim image that contains the Pulumi CLI along with the .NET runtime and Pulumi SDK.pulumi/pulumi-java: A slim image that contains the Pulumi CLI along with the Java runtime and Pulumi SDK.
Tags on each image match the installed version of Pulumi. The latest tag matches the latest production version of Pulumi.
The base and SDK-specific images are considerably smaller than the combined pulumi/pulumi container (100 to 150 MB, compared to ~1 GB for the combined image, depending on the base OS).
Each of the images described above (except the full pulumi/pulumi image) are built on a matrix of the following base images and platforms:
- debian/debian:11-slim, (AKA "bullseye") tagged with the following suffixes:
-debian-amd64: Image manifest for thelinux/amd64platform.-debian-arm64: Image manifest for thelinux/arm64platform.-debian: Manifest list of-debian-amd64and-debian-arm64. Executingdocker pullagainst this tag will grab the appropriate image for the supported platform you are currently running, and thus should be the default choice.
- redhat/ubi8-minimal, tagged with a suffix of
-ubi. UBI images usemicrodnfas a package manager instead of yum to minimize the size of the image. We currently only supportlinux/amd64for our UBI SDK images.
Images with no suffix tag are identical to the corresponding -debian tag.
Images are pushed to:
- .NET 6.0
- Go 1.21
- JDK 11
- Node.js 18
- Python 3.9
Language runtimes are kept up-to-date with current LTS versions. You can pin the image tag to a particular version in order to avoid unintended upgrades.
Images are scanned nightly for vulnerabilities. Results are checked periodically for issues that can be remediated (best effort), however there are some issues over which we have no control, e.g. vulnerabilities in base images for which there is no known remediation.
In order to try and keep the images flexible and try to meet as many use cases as possible, none of these images have CMD or entrypoint set, so you'll need to specify the commands you want to run, for example:
docker run -e PULUMI_ACCESS_TOKEN=<TOKEN> -v "$(pwd)":/pulumi/projects $IMG /bin/bash -c "npm ci && pulumi preview -s <stackname>"The base and SDK images do not include additional tools you might want to use when running a Pulumi provider. For example, if you're using the pulumi-kubernetes provider with Helm, you'll need to use these images as a base image, and install helm as part of your CI setup.
The images in this repository are released automatically as part of the release process for the pulumi CLI. You can expect new minor releases roughly every week, with patch releases more frequently as necessary.
The image tags for each image in this repository mirror the git tags on the pulumi CLI. Thus, when pulumi v3.35.1 is released, you will find a corresponding Docker image pulumi/pulumi:3.35.1 in DockerHub, ECR, and GHCR.