#gitops (2019-05)

Discuss continuous delivery of infrastructure Archive: https://archive.sweetops.com/gitops/

2019-05-01

btai avatar

@Erik Osterman (Cloud Posse) do you have a trigger based off of a release or just a tag in codefresh?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

release only

btai avatar

thats nice

btai avatar

i cant seem to find that in circle

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i guess tag will work well enough

btai avatar

like the webhook will fire off from github, but circle doesnt listen for that

btai avatar

yeah im using tag, which circle does listen to

btai avatar

but obviously would have liked it to be release instead

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(codefresh even listens for github comments)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

“ok to deploy”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

btai avatar

im going to work with the free version of codefresh on my own time so i can make a pitch to move

btai avatar

do you find your team going through alot of builds though?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

codefresh is moving to a new model based on concurrent steps

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that’ll make it a lot easier

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

unlimited builds

btai avatar

pricing will not be per build?

btai avatar

ooh

btai avatar

that’d be nice not to have to worry about optimizing the types of builds youre making

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, the realized the pricing model before was prohibitive/restrictive

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

when in fact, you want people to use it as much as possible

btai avatar

yeah

btai avatar

do you know what their new pricing model will look like?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

jump into #codefresh and inquire about it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

someone will reach out to you

btai avatar

thanks

btai avatar

@Erik Osterman (Cloud Posse) are you doing release/tag permission restrictions in github? those dont seem available

btai avatar
Locking/auditing for tags · Issue #1091 · isaacs/github

Right now, it's basically impossible to have any protection around tags: Anyone with write access to a repo can push any tags. There's no auditing/logging of tag changes. Any number of thin…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

unfortunately, github doesn’t support that. there are a few workarounds.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Option 1. Codefresh will soon be adding permissions around “approval” steps; (right now anyone can approve). You can wait for this. Option 2. Embed the deployment permissions into the deploy pipeline by looking at the code committer. This can run as just a separate step in the pipeline.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Option 2 is my pref

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we don’t have an example of this right now

btai avatar

yeah

btai avatar

thats what im going to do in circle

btai avatar

unfortunately its hardcoded into the code

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i recommend just checking github team membership

btai avatar

thats not provided out of the box by circle, are you hitting the gh api to grab that?

btai avatar

i only get the username of whoever triggered the build

btai avatar

yeah i will just hit the GH api

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, you’ll need to hit the github API

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/github-authorized-keys

Use GitHub teams to manage system user accounts and authorized_keys - cloudposse/github-authorized-keys

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but I would create a new cli tool that simple does this one thing

btai avatar

yeah that’s what I am planning on doing

btai avatar

python + argparse

:--1:1
    keyboard_arrow_up