feat: add Pulumi support

Signed-off-by: David Flanagan <david@rawkode.com>

pkg/universe.dagger.io/x/david@rawkode.dev/pulumi/example.cue

@@ -0,0 +1,29 @@
+package rawkode_pulumi_example
+
+import (
+	"dagger.io/dagger"
+	"universe.dagger.io/x/david@rawkode.dev/pulumi"
+)
+
+dagger.#Plan & {
+	client: {
+		filesystem: {
+			"./": read: {
+				contents: dagger.#FS
+			}
+		}
+		env: {
+			PULUMI_CONFIG_PASSPHRASE: dagger.#Secret
+			PULUMI_ACCESS_TOKEN:      dagger.#Secret
+		}
+	}
+	actions: {
+		rawkode: pulumi.#Up & {
+			stack:       "test"
+			stackCreate: true
+			runtime:     "nodejs"
+			accessToken: client.env.PULUMI_ACCESS_TOKEN
+			source:      client.filesystem."./".read.contents
+		}
+	}
+}

pkg/universe.dagger.io/x/david@rawkode.dev/pulumi/pulumi.cue

@@ -0,0 +1,81 @@
+// Run a Pulumi program
+package pulumi
+
+import (
+	"dagger.io/dagger"
+	"dagger.io/dagger/core"
+	"universe.dagger.io/docker"
+	"universe.dagger.io/bash"
+)
+
+// Run a `pulumi up`
+#Up: {
+	// Source code of Pulumi program
+	source: dagger.#FS
+
+	// Pulumi version
+	version: string | *"latest"
+
+	// Pulumi runtime used for this Pulumi program
+	runtime: "dotnet" | "go" | "nodejs" | "python"
+
+	// Name of your Pulumi stack
+	// Example: "production"
+	stack: string
+
+	// Create the stack if it doesn't exist
+	stackCreate: *false | true
+
+	// API token if you want to use Pulumi SaaS state backend
+	accessToken?: dagger.#Secret
+
+	// Passphrase if you want to use local state backend (Cached by Dagger in buildkit)
+	passphrase?: dagger.#Secret
+
+	// Build a docker image to run the netlify client
+	_pull_image: docker.#Pull & {
+		source: "pulumi/pulumi-\(runtime):\(version)"
+	}
+
+	// Run Pulumi up
+	container: bash.#Run & {
+		input: *_pull_image.output | docker.#Image
+		script: {
+			_load: core.#Source & {
+				path: "."
+				include: ["*.sh"]
+			}
+			directory: _load.output
+			filename:  "up.sh"
+		}
+		env: {
+			PULUMI_STACK:   stack
+			PULUMI_RUNTIME: runtime
+
+			if true == stackCreate {
+				PULUMI_STACK_CREATE: "1"
+			}
+
+			if passphrase != _|_ {
+				PULUMI_CONFIG_PASSPHRASE: passphrase
+			}
+			if accessToken != _|_ {
+				PULUMI_ACCESS_TOKEN: accessToken
+			}
+		}
+		workdir: "/src"
+		mounts: {
+			"src": {
+				dest:     "/src"
+				contents: source
+			}
+			"node_modules": {
+				dest:     "/src/node_modules"
+				type:     "cache"
+				contents: core.#CacheDir & {
+					id: "pulumi-npm-cache"
+				}
+			}
+		}
+	}
+}

pkg/universe.dagger.io/x/david@rawkode.dev/pulumi/up.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+set -xeo pipefail
+
+if test -v PULUMI_CONFIG_PASSPHRASE || test -v PULUMI_CONFIG_PASSPHRASE_FILE; then
+  echo "PULUMI_CONFIG_PASSPHRASE is set, using a local login"
+  pulumi login --local
+fi
+
+# Using Pulumi SaaS
+# We need to check for an existing stack with the name
+# If it exists, refresh the config
+# If it doesn't, create the stack
+if test -v PULUMI_ACCESS_TOKEN; then
+  if (pulumi stack ls | grep -e "^${STACK_NAME}"); then
+    echo "Stack exists, let's refresh"
+    pulumi stack select ${PULUMI_STACK}
+    # Could be first deployment, so let's not worry about this failing
+    pulumi config refresh --force || true
+  else
+    echo "Stack does not exist, let's create"
+    pulumi stack init ${PULUMI_STACK}
+  fi
+else
+  # Not using Pulumi SaaS, relying on local stack files
+  if test -v PULUMI_STACK_CREATE && test ! -f Pulumi.${PULUMI_STACK}.yaml; then
+    pulumi stack init ${PULUMI_STACK}
+  fi
+fi
+
+case $PULUMI_RUNTIME in
+  nodejs)
+    npm install
+    ;;
+
+  *)
+    echo -n "unknown"
+    ;;
+esac
+
+pulumi up --stack ${PULUMI_STACK} --yes