Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: governed pipelines #49

Merged
merged 24 commits into from
Nov 24, 2023
Merged

feature: governed pipelines #49

merged 24 commits into from
Nov 24, 2023

Conversation

jaredfholgate
Copy link
Member

@jaredfholgate jaredfholgate commented Nov 20, 2023
edited
Loading

Overview/Summary

The PR implements governed templates for plan and apply stages to lock down what can be done with the identities.

Azure DevOps and GitHub have different implementations:

  • GitHub: WIF subject is used to specify the template.
  • Azure DevOps: Service Connection is used to specify the template.

This PR fixes/adds/changes/removes

  1. Feature Request: Support governed pipelines #26

Breaking Changes

  1. This will introduce new parameters and deployment artefacts, but will not fundamentally break anything

Testing Evidence

Please provide any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).

As part of this Pull Request I have

  • Checked for duplicate Pull Requests
  • Associated it with relevant issues, for tracking and closure.
  • Ensured my code/branch is up-to-date with the latest changes in the main branch
  • Performed testing and provided evidence.
  • Updated relevant and associated documentation.

@jaredfholgate jaredfholgate self-assigned this Nov 20, 2023
@jaredfholgate jaredfholgate added the PR: Safe to test 🧪 Enables running of End to End Tests label Nov 22, 2023
@luke-taylor
Copy link
Contributor

Looks good, only thing (slightly pedantic so no worries if too difficult). I wouldn't "." some folders here. I think templates/.ci_cd can be just ci_cd because that folder will never be in the target repo(s), whereas templates/.ci_cd/.github/workflows and templates/.ci_cd/.azuredevops will be so it makes sense there. Secondly, maybe the templates/.templates folder could be named something like pipeline_templates or similar.

@jaredfholgate
Copy link
Member Author

Looks good, only thing (slightly pedantic so no worries if too difficult). I wouldn't "." some folders here. I think templates/.ci_cd can be just ci_cd because that folder will never be in the target repo(s), whereas templates/.ci_cd/.github/workflows and templates/.ci_cd/.azuredevops will be so it makes sense there. Secondly, maybe the templates/.templates folder could be named something like pipeline_templates or similar.

I think I did this more for ordering than anything else and is now redundant since we can explicitly set the target folder / file names. I think I will move the azure devops templates to root and remove the dots as suggested. Incoming...

@jaredfholgate jaredfholgate merged commit 898a153 into main Nov 24, 2023
26 checks passed
@jaredfholgate jaredfholgate deleted the feature-governed-pipelines branch November 24, 2023 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@luke-taylor luke-taylor luke-taylor approved these changes

@matt-FFFFFF matt-FFFFFF Awaiting requested review from matt-FFFFFF

Assignees

@jaredfholgate jaredfholgate

Labels
PR: Safe to test 🧪 Enables running of End to End Tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jaredfholgate @matt-FFFFFF @luke-taylor