circleci-queue icon indicating copy to clipboard operation
circleci-queue copied to clipboard

Published 20 hours ago verified publisher icon eddiewebb

Make this a first-party rather than third-party orb?

Open cjcjameson opened this issue 3 years ago • 3 comments

Is your feature request related to a problem? Please describe.

My organization is security-sensitive and the one-liner at line 48 for the actual execution is really hard to audit.

I want to include this in our pipeline to mutex AWS deployments, but will need admin approval. Not sure if we can justify it.

Describe the solution you'd like

I'd like circleci-queue to be part of the core CircleCI product so I don't have to ask for permission

Describe alternatives you've considered

  • Looking for other orbs
  • Copy-Pasta the contents of your orb into our yaml (with attribution somehow? TBD)

Additional context

image

cjcjameson avatar Jun 01 '22 00:06 cjcjameson

Hey there!

I totally appreciate your concern. I'm not sure if circle wants to adopt this, but I'm also pushing native platform level queuing. Trust me, I get it😅

You're more than welcome to copy paste, you could use dynamic config to pull it in from another file or CLI to grab mine live. you can also fork it and publish as a private orb.

I realize all those options have their own caveats/concerns, thanks for raising the need.

eddiewebb avatar Jun 01 '22 01:06 eddiewebb

@eddiewebb hokay! So even without formally making it part of the project, can you at least get it "certified"? My security team / Circle maintainers say that's all that would be needed.

On https://circleci.com/docs/2.0/orbs-faq/#using-uncertified-orbs it says

Note: Uncertified orbs are not tested or verified by CircleCI. Currently, only orbs created by CircleCI are considered certified. Any other orbs, including partner orbs, and not certified.

So, maybe this is a good one to get certified, and hopefully it's an easy lift organizationally?

cjcjameson avatar Jun 07 '22 18:06 cjcjameson

Another thought (though likely too late for @cjcjameson , maybe others have similar need).

A new feature of CircleCI allows org admins to audit and approve specific orbs to be used in configurations. Rules can be global or applied to specific projects. This can be at orb level, or pin version to major,minor, patch.

https://circleci.com/docs/config-policy-management-overview/

eddiewebb avatar Oct 29 '22 11:10 eddiewebb