Pipelines and discovery

A common shape: your pipeline needs a property from a resource that exists in your cloud account but isn't managed by formae yet. A legacy database owned by another team. Shared infrastructure. Anything brought up before formae arrived.

Hard-coding the value in a CI variable works once and rots. Reading it via formae inventory against a discovered-but-unmanaged resource keeps the pipeline correct as long as the resource exists.

Make the resource discoverable

Apply a target that points at the cloud account or scope where the resource lives. No stack, no resources - just a target.

amends "@formae/forma.pkl"
import "@formae/formae.pkl"
import "@aws/aws.pkl"

forma {
    new formae.Target {
        label = "shared-rds-account"
        config = new aws.Config { region = "us-east-1" }
    }
}
formae apply --mode reconcile target.pkl

Discovery starts scanning every 10 minutes by default. Resources surface as managed: false: visible to inventory and extract, untouched by apply.

In the pipeline

Once discovery has picked the resource up, query it from a job step:

DB_HOST=$(formae inventory resources \
  --query='managed:false label:legacy-orders-db' \
  --output-consumer=machine \
  | jq -r '.Resources[0].ReadOnlyProperties.endpoint.address')
echo "db_host=$DB_HOST" >> $GITHUB_OUTPUT

The next job consumes via ${{ needs.lookup.outputs.db_host }} (or the equivalent in GitLab CI).

Same pattern as a managed resource. The only difference is the managed:false filter on the query.

Adoption path

If you later decide to bring the resource under management, slice it out by query and apply with a stack:

formae extract --query='managed:false label:legacy-orders-db' orders-db.pkl

Edit orders-db.pkl to give it a stack, then:

formae apply --mode reconcile orders-db.pkl

For larger adoption efforts, slice by team, by resource type, or by environment - one stack per slice. A single-file dump of an entire estate is not a useful artifact; resources without stacks are not really managed.

What's next