Merge branch 'master' into deployments-page-fix

Author: CamSoper

.claude/commands/add-borders.md

@@ -0,0 +1,104 @@
+---
+description: Add 1px grey borders to PNG images in a documentation file.
+---
+
+# Usage
+
+`/add-borders <doc-file-path>`
+
+Analyze PNG images referenced in the specified markdown file at {{arg}} and add 1px #999999 (medium grey) borders to any images that don't already have them. This improves visual clarity and consistency of screenshots and diagrams in documentation.
+
+---
+
+## Process
+
+### 1. Verify prerequisites
+
+Before running the border tool, ensure dependencies are installed:
+
+```bash
+cd /workspaces/src/pulumi/docs/scripts/image-borders && pipenv install
+```
+
+If this is the first run or if Pillow is not yet installed, the installation will complete automatically.
+
+### 2. Run the border addition tool
+
+Execute the Python script with the provided documentation file:
+
+```bash
+cd /workspaces/src/pulumi/docs && pipenv run python scripts/image-borders/add_borders.py {{arg}}
+```
+
+The script will:
+- Parse the markdown file to find all PNG image references
+- Check each image's edge pixels to detect existing borders
+- Add a 1px #999999 border to images that don't have one
+- Skip images that already have a grey border (within tolerance)
+- Display a summary of modified and skipped images
+
+### 3. Review the results
+
+The script outputs:
+- **Modified**: Images that received new borders
+- **Skipped**: Images that already had borders
+
+Example output:
+```
+Found 3 PNG image(s)
+
+✓ Added border: content/docs/esc/assets/create-environment.png
+✓ Added border: content/docs/esc/assets/editor-before-save.png
+⊘ Skipped (has border): content/docs/esc/assets/editor-after-save.png
+
+Summary:
+  Modified: 2
+  Skipped: 1
+```
+
+### 4. Verify the changes
+
+After borders are added:
+1. View the modified images to ensure borders look correct
+2. Check that border width and color (#CCCCCC) are appropriate
+3. Verify the images still display correctly in the documentation
+
+You can preview the documentation locally:
+```bash
+make serve
+```
+
+Then navigate to the affected page at http://localhost:1313
+
+### 5. Commit the changes (if appropriate)
+
+If the borders improve the documentation quality, commit the modified images:
+
+```bash
+git add <image-files>
+git commit -m "Add 1px borders to documentation images for visual clarity"
+```
+
+---
+
+## Options
+
+The script supports additional options:
+
+- `--dry-run` - Show what would be done without making changes
+- `--repo-root <path>` - Specify repository root (auto-detected by default)
+
+Example with dry run:
+```bash
+pipenv run python scripts/image-borders/add_borders.py {{arg}} --dry-run
+```
+
+---
+
+## Notes
+
+- The script uses edge pixel analysis to detect existing borders with 80% confidence threshold
+- Handles RGBA images (preserves transparency)
+- Uses #999999 (medium grey) for visibility on both white and light backgrounds
+- Only processes PNG files (ignores JPG, GIF, SVG, etc.)
+- Modifies images in place (use git to revert if needed)

.claude/commands/glow-up.md

@@ -76,8 +76,13 @@ Read the entire target file and perform comprehensive analysis:
 
 For each image or diagram referenced in the document:
 
-1. Use the Read tool to view the image
-2. Analyze the image for the following issues:
+1. **Check for missing borders on PNG images**: Run the border detection script with dry-run mode to deterministically identify which PNG images need borders:
+   ```bash
+   cd /workspaces/src/pulumi/docs/scripts/image-borders && pipenv run python add_borders.py <file-path> --dry-run
+   ```
+   The script will report which images would be modified vs skipped.
+
+2. Regardless of existing borders, use the Read tool to view the image and analyze the image for the following issues:
 
 **Screenshots:**
 - Missing or inadequate alt text (accessibility requirement)
@@ -163,6 +168,7 @@ Develop a detailed plan organized by issue category:
    - Images to convert to Mermaid/GoAT
    - Unnecessary images to remove
    - File format or size optimizations
+   - PNG images that need 1px grey borders for visual clarity
 
 **7. Content enhancements** — List specific recommendations:
    - Unclear sections that need rewriting
@@ -204,7 +210,8 @@ Once approved, implement the changes in logical order:
 4. **Style improvements** (remove filler, simplify sentences, active voice)
 5. **Link improvements** (improve link text, add cross-references)
 6. **Image improvements** (add alt text, remove unnecessary images, flag outdated screenshots)
-7. **Content enhancements** (rewrite unclear sections, add context)
+7. **Add borders to PNG images** (run `/add-borders <file-path>` if PNG images need borders)
+8. **Content enhancements** (rewrite unclear sections, add context)
 
 Use the TodoWrite tool to track progress through the improvements.
 

Pipfile

@@ -0,0 +1,11 @@
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+
+[dev-packages]
+
+[requires]
+python_version = "3.11"

STYLE-GUIDE.md

@@ -77,6 +77,14 @@ The symbol is not needed in regular in-text links within documentation pages.
 
 ---
 
+## Images and Media
+
+- Use relative paths for images stored in the same directory or a subdirectory.  
+- Provide descriptive alt text for all images.
+- For partial screenshots where the image may be hard to distinguish from the page background, add a 1px gray #999999 border.
+
+---
+
 ## Notes / Callouts
 
 Use the `{{ notes }}` shortcode sparingly. Supported levels:

content/_index.md

@@ -93,6 +93,8 @@ customer_logos:
       link: /case-studies/
     - name: unity
       link: /case-studies/
+    - name: supabase
+      link: /case-studies/
     - name: ae-networks
       link: /case-studies/
     - name: deloitte
@@ -152,6 +154,12 @@ customer_quotes:
       "Pulumi Neo addresses our biggest challenge of <b>eliminating the infrastructure bottleneck</b> that slows down our entire engineering organization. To get to market faster, we require infrastructure intelligence that understands our environment, respects our guardrails, and keeps humans in the loop so we can <b>move faster, safely</b>."
     author: Richard Genthner, Chief Information Security Officer
     logo: boost-insurance
+  supabase:
+    text: |
+      "Since it's just another programming language with control structures and external packages, it makes for a good transition from application code to infrastructure as code. <b>Infrastructure contributors grew from 1-2 people to over 40 active engineers</b> across the organization."
+    author: Paul Cioanca, Platform Engineer
+    logo: supabase
+    link: /case-studies/supabase/
   clear:
     text: |
       “We’ve spent a lot of time building our internal developer platform. We moved from a lower-level Terraform and HCL-based interface to Pulumi, letting us use a custom, higher-level, and much simpler-to-use YAML schema we’ve defined. <b>We've made cloud infrastructure really easy to use for our developers.</b>”

content/blog/aws-organizations-tag-policies/index.md

@@ -0,0 +1,55 @@
+---
+title: "Enforce AWS Organizations Tag Policies with Pulumi"
+date: 2025-11-20T10:00:00-08:00
+authors:
+  - alejandro-cotroneo
+meta_desc: "Pulumi partners with AWS to bring AWS Organizations Tag Policies validation to infrastructure as code, enforcing mandatory tagging requirements."
+allow_long_title: true
+meta_image: "meta.png"
+tags:
+  - aws
+  - pulumi-service
+  - policy-as-code
+  - crossguard
+  - features
+  - governance
+  - compliance
+---
+
+Tags are the foundation of cloud governance, enabling cost allocation, ownership tracking, compliance reporting, and automation across your AWS infrastructure. Yet missing or inconsistent tags remain one of the most common governance challenges. Manual tag enforcement is error-prone, and discovering missing tags after deployment means your cost reports and compliance audits are already operating with incomplete data.
+
+Today, we're excited to announce a new pre-built policy pack created in partnership with AWS: **AWS Organizations Tag Policies**. This pack validates your infrastructure as code against tag policies configured in AWS Organizations, blocking deployments when required tags are missing and shifting tag governance left into your development workflow. Define your tag requirements once in AWS Organizations and enforce them consistently across all your Pulumi deployments.
+
+<!--more-->
+
+## How it works
+
+The new policy pack integrates directly with your AWS Organizations Tag Policies as the single source of truth. No separate policy configuration or custom code required. When you run `pulumi up`, the pack retrieves your tag requirements from your AWS organization and validates that every resource has the required tags.
+
+Start by enabling the pack in advisory mode to surface tagging violations in Pulumi Cloud's [Policy Findings](/docs/insights/policy/policy-findings/) hub without blocking deployments. This collaborative workspace allows your team to triage, prioritize, and systematically remediate missing tags. Once your infrastructure is compliant, switch to mandatory mode to prevent future non-compliant deployments.
+
+## Getting started
+
+The pack works with both AWS Classic and AWS Native Pulumi providers, covering the full range of taggable AWS resources. To get started:
+
+1. **Configure tag policies** in AWS Organizations following the [AWS documentation](https://docs.aws.amazon.com/organizations/latest/userguide/enforce-required-tag-keys-iac.html).
+1. **Grant required permissions** by adding the `resourcegroupstaggingapi:ListRequiredTags` permission to the IAM role or user that runs your Pulumi deployments.
+1. **Enable the pack in Pulumi Cloud**:
+   1. From within your organization, navigate to the **Policies** tab
+   1. Under Policy Packs, select the **Available** tab
+   1. Select **AWS Organizations Tag Policies** and select **Add to organization**
+   1. From the Organizations tab, apply the policy to a Policy Group
+1. **Configure enforcement level**: Set to advisory for warnings or mandatory to block non-compliant deployments.
+
+Within minutes, every Pulumi deployment in your organization will validate tag compliance, ensuring that no resources are created without required tags.
+
+## Try it today
+
+The AWS Organizations Tag Policies policy pack is now available to all Pulumi Team and Enterprise customers.
+
+- [Get started with the integration](/docs/insights/policy/integrations/aws-organizations-tag-policies/)
+- [Learn about enforcing tag policies with AWS Organizations Tag Policies](https://docs.aws.amazon.com/organizations/latest/userguide/enforce-required-tag-keys-iac.html)
+- [Sign up for Pulumi Cloud](https://app.pulumi.com/signup) if you're new to Pulumi
+- [Join the Community Slack](https://slack.pulumi.com/) to share feedback
+
+We're excited to partner with AWS on this capability and help organizations proactively enforce tag governance. Give it a try and let us know what you think!

content/blog/aws-organizations-tag-policies/meta.png

@@ -83,7 +83,6 @@ Pulumi’s 2025 advancements, including [Pulumi Kubernetes Operator 2.0 GA](http
 - [Bring Your YAML and Helm, Then Evolve](/blog/beyond-yaml-kubernetes-2026-automation-era/#bring-your-yaml-and-helm-then-evolve)
 - [Begin Your Kubernetes Automation Journey](/blog/beyond-yaml-kubernetes-2026-automation-era/#begin-your-kubernetes-automation-journey)
 - [Workshop: From Zero to Production in Kubernetes](/blog/beyond-yaml-kubernetes-2026-automation-era/#workshop-from-zero-to-production-in-kubernetes)
-- [Visit Pulumi at KubeCon 2025 Booth 1045](/blog/beyond-yaml-kubernetes-2026-automation-era/#visit-pulumi-at-kubecon-2025-booth-1045)
 - [Final Thoughts](/blog/beyond-yaml-kubernetes-2026-automation-era/#final-thoughts)
 
 ## Why Kubernetes Needs to Go Beyond YAML
@@ -186,17 +185,6 @@ Join the hands-on workshop [*From Zero to Production in Kubernetes*](https://www
 
 [Register now](https://www.pulumi.com/events/from-zero-to-production-in-kubernetes/).
 
-## Visit Pulumi at KubeCon 2025 Booth #1045
-
-If you plan to attend [KubeCon + CloudNativeCon North America 2025](https://www.pulumi.com/kubecon/), visit **Booth #1045** to see Kubernetes automation in action.
-
-- Live infrastructure automation across multiple clusters
-- Pulumi Neo generating production-ready infrastructure code from natural language
-- Policy as Code for Kubernetes security and compliance
-- Expert sessions with Pulumi engineers for real-world use cases
-
-[Schedule your expert session](https://calendly.com/pulumi-meetings/demo-pulumi-at-kubecon-atlanta) and explore how Pulumi simplifies Kubernetes at scale.
-
 ## Final Thoughts
 
 Kubernetes in 2026 and beyond is not just for platform engineers. It is for DevOps professionals, SREs, and cloud teams, big and small, responsible for maintaining infrastructure security, reliability, and performance.

content/blog/beyond-yaml-kubernetes-2026-automation-era/index.md

@@ -10,14 +10,12 @@ aliases:
     - /case-studies/lykke/
 
 featured_customer:
-  name: unity
-  headline_stat: 80%
+  name: supabase
+  headline_stat: 1 week
   headline: |
-    Reduction in deployment times, from weeks to
-    hours, significantly improving Unity's time to market.
+    Infrastructure readiness for new region deployment, enabling rapid global expansion.
   quote: |
-    "Terraform relies on HCL and lacks support for concepts like classes, objects and inheritance.
-    An equivalent deployment would take more lines of code while yielding IaC that is less reusable."
+    "The infrastructure team acts as groundkeepers of our Pulumi practices, not gatekeepers, but promoters for the entire org."
 
 customer_logos:
   logos:
@@ -27,6 +25,7 @@ customer_logos:
     - name: moderna
     - name: docker
     - name: unity
+    - name: supabase
     - name: ae-networks
     - name: deloitte
     - name: stokespace

content/case-studies/_index.md

@@ -13,6 +13,7 @@ menu:
 aliases:
 - /docs/administration/access-identity/rbac/teams/
 - /docs/pulumi-cloud/access-management/rbac/teams/
+- /docs/pulumi-cloud/access-management/teams/
 ---
 
 {{% notes "info" %}}