CircleCI Partner Review
EricRibeiro opened this issue ยท 11 comments
Hello GitGuardian team ๐
I am from the @circleci Community and Partner Engineering team, here to help with a review for the CircleCI orb partnership. I have a few items listed below for changes:
- Fix the "Circle CI" typo in the orb description.
The proper spelling is "CircleCI".
- Remove the reusable executor.
You need to have the ggshield binary in your environment for your orb to work. And the way you are achieving this is by using the image gitguardian/ggshield. Meaning if the orb user were to change the executor or the image, your orb wouldn't have the binary and, consequently, won't work.
The best way to address this is by removing your reusable executor and defining it directly in the job. You can refer to this example on how to do it.
- Remove the reusable command.
Your command is a single shell command tightly coupled to your image. In this specific use-case, you want to have it as a run step in your job instead of a dedicated command:
steps:
- checkout
- run: ggshield scan ci
After addressing the issues above, please provide us with a successful run link.
Should you have any questions, feel free to post them here, and I'll be happy to help!
Hello @EricRibeiro,
First, thank you for your long review and explanation, we appreciate it a lot. I am sorry for the long delay to reply to it.
About your second point
Remove the reusable executor.
Its goal is to allow our users to pin the version of ggshield they want to use. Is there any way to achieve that using the solution you propose?
Hi @jeremyds ๐
Thank you for looking into it.
You can have the tag parameterized in your job as such:
jobs:
scan:
parameters:
base_revision:
description: pipeline base_revision
type: string
revision:
description: pipeline revision
type: string
tag:
description: Pick a specific gitguardian/ggshield image variant: https://hub.docker.com/r/gitguardian/ggshield/tags
default: latest
type: string
environment:
CIRCLE_RANGE: << parameters.base_revision >>...<<parameters.revision>>
docker:
- image: gitguardian/ggshield:<<parameters.tag>>
steps:
- checkout
- scan-command
Please let me know if you have any other questions.
Thanks for the explanation!
Would you mind to review the corresponding PR: #5?
๐
Thank you for the changes!
I've left my review in the PR.
Hi @jeremyds ๐
I can see that you fixed the run command. It's looking good!
Can you also make the changes requested by @agateau-gg? I am also of the opinion that the description can be improved. After that, we need a screenshot of a pipeline successfully running with this orb, and we are good to go!
@jeremyds, any updates on your side?
@EricRibeiro I am trying to publish the orb. I get this error at first:
Error: Unable to publish orb: Non-nullable field was null.
Something unexpected happened.
I setup a new token, the person who set the previous one is not longer a employee of gitguardian. I now have
Error: AUTHORIZATION_FAILURE
Reading both https://circleci.com/docs/2.0/creating-orbs/ and https://circleci-public.github.io/circleci-cli/circleci_orb_publish.html I don't understand yet what is the issue.
I was able to figure out myself that a PAT from a org admin is required ;)
Here is a screenshot from a pipeline running the latest version of the orb (@volatile) for this linked to a personal repo I use to leak fake secrets for testing purpose.
Thanks a lot for your help!
Thanks, @jeremyds. It's all looking good now!
Can you email me your company logo at eric.ribeiro@circleci.com? I need it to certify the orb.
Hi @jeremyds ๐
The orb is now certified: https://circleci.com/developer/orbs/orb/gitguardian/ggshield