feat: add a new feature to run builds #201
Conversation
|
/run pipeline |
6 similar comments
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
|
/run pipeline |
There was a problem hiding this comment.
Thoughts about the architecture of the solution:
app DA only sets up one application.
project DA sets up multiple complex resources.
Architecturally is it better to align with the app approach and introduce an app-from-source (name negotiable) DA that contains a single build.
Both applications from binary and applications from source are similar. Both require a project.
The 'project' DA could exclude builds, or add applications to be balanced.
| @@ -46,7 +46,7 @@ variable "project_name" { | |||
| variable "builds" { | |||
| description = "A map of code engine builds to be created.[Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-code-engine/blob/main/solutions/project/DA-inputs.md#builds)" | |||
| type = map(object({ | |||
| output_image = string | |||
| output_image = optional(string) | |||
There was a problem hiding this comment.
This should imply a change to the documentation in the link in the description. The DA now has a more complex interaction between this input and container_resgistry_namespace.
| fi | ||
|
|
||
| # Login to IBM Cloud quietly | ||
| if ! ibmcloud login -r "${REGION}" -g "${RESOURCE_GROUP_ID}" --apikey "${IBMCLOUD_API_KEY}" --quiet > /dev/null 2>&1; then |
There was a problem hiding this comment.
If you are concerned about leaking the api key, the --apikey here is usually not necessary. If the IBMCLOUD_API_KEY is set in the environment it will automatically be used by the login without specifying it in the command line. That way you can be sure it won't leak.
| exit 1 | ||
| fi | ||
|
|
||
| ibmcloud login -r "${REGION}" -g "${RESOURCE_GROUP_ID}" --apikey "${IBMCLOUD_API_KEY}" |
There was a problem hiding this comment.
This has a potential to leak the api key if this command line gets echo to the logs.
The --apikey is optional here if the environment variable is set, would suggest just to remove --apikey here.
|
/run pipeline |
|
/run pipeline |
| value = resource.ibm_code_engine_build.ce_build.output_image | ||
| } | ||
|
|
||
| output "output_secret" { |
There was a problem hiding this comment.
I might not have caught this last time. Is this an actual secret or is it the ID of a secret? Should it be marked sensitive?
There was a problem hiding this comment.
it is just a name of a secret, so we are good here
build = {
"build-adn-3" = {
"build_id" = "b522ec47-a1a8-4cf1-8c28-fa2ab28ffa5f"
"id" = "c8e9d124-f0ab-4f36-b09d-a115273005a0/build-adn-3"
"name" = "build-adn-3"
"output_image" = "private.us.icr.io/andrej-test/build-adn-3"
"output_secret" = "andrejsecret3"
}
Description
TestDeployCEProjectDAtest refactoring:- replacedterraform.OutputAllEandterraform.Outputwith own methodgetTerraformOutputto prevent print sensitive outputswriteTfvarsFilefunction to createtfvarsfile and added totemptesting folder to use it instead of CLI vars (prevent print sensitive inputs and solving theError: Can't change variable when applying a saved planissue)New implementation:
Release required?
x.x.X)x.X.x)X.x.x)Release notes content
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers