search

eddiewebb / circleci-queue

CircleCI orb to block/queue jobs to enforce max concurrency limits
MIT License
74 stars 75 forks source link

Make this a first-party rather than third-party orb? #81

Open cjcjameson opened 2 years ago

cjcjameson commented 2 years ago

Is your feature request related to a problem? Please describe.

My organization is security-sensitive and the one-liner at line 48 for the actual execution is really hard to audit.

I want to include this in our pipeline to mutex AWS deployments, but will need admin approval. Not sure if we can justify it.

Describe the solution you'd like

I'd like circleci-queue to be part of the core CircleCI product so I don't have to ask for permission

Describe alternatives you've considered

Additional context

image
eddiewebb commented 2 years ago

Hey there!

I totally appreciate your concern. I'm not sure if circle wants to adopt this, but I'm also pushing native platform level queuing. Trust me, I get it😅

You're more than welcome to copy paste, you could use dynamic config to pull it in from another file or CLI to grab mine live. you can also fork it and publish as a private orb.

I realize all those options have their own caveats/concerns, thanks for raising the need.

cjcjameson commented 2 years ago

@eddiewebb hokay! So even without formally making it part of the project, can you at least get it "certified"? My security team / Circle maintainers say that's all that would be needed.

On https://circleci.com/docs/2.0/orbs-faq/#using-uncertified-orbs it says

Note: Uncertified orbs are not tested or verified by CircleCI. Currently, only orbs created by CircleCI are considered certified. Any other orbs, including partner orbs, and not certified.

So, maybe this is a good one to get certified, and hopefully it's an easy lift organizationally?

eddiewebb commented 2 years ago

Another thought (though likely too late for @cjcjameson , maybe others have similar need).

A new feature of CircleCI allows org admins to audit and approve specific orbs to be used in configurations. Rules can be global or applied to specific projects. This can be at orb level, or pin version to major,minor, patch.

https://circleci.com/docs/config-policy-management-overview/