Skip to content

Latest commit

 

History

History
93 lines (72 loc) · 3.94 KB

ci_survey.md

File metadata and controls

93 lines (72 loc) · 3.94 KB
Raw

Appendix: Review of CI/CD systems

The intention is to do a comprehensive review of all widely used CI/CD systems and make sure they cleanly fit into the schema.

Lists:

Cloud Hosted

  • AWS CodeBuild

  • Azure Pipelines

  • Bitbucket Pipelines

  • Circle CI

  • Cirrus CI

  • GitHub Actions

    • source: git repo on GitHub
    • builder:
      • orchestrator: hosted
      • worker: hosted or custom (called a "runner")
    • build steps:
      • configuration: source
      • id: $WORKFLOW:$JOB (.github/workflows/$WORKFLOW)
      • parameters:
    • isolation: n/a (self-hosted)

  • GitLab CI/CD

    • source: git repo on GitLab or GitHub
    • builder:
      • orchestrator: hosted
      • worker: custom (called a "runner")
    • build steps:
      • configuration: source
      • id:
      • parameters:

  • Google Cloud Build - Triggers

    • source: git repo on GitHub or Google Source Repositories
    • source:
      • tarball on Google Cloud Storage
      • git repo on Google Source Repository or GitHub (RepoSource)
        • NOTE: includes build directory and substitutions!
      • NOTE: It's not at all clear what happens when you use the gcloud command. I'm guessing it uploads a tarball to GCS?
    • builder: single orchestrator, hosted or custom worker
    • entry point: Dockerfile or cloudbuild.yaml or cloudbuild.json in any directory (not sure of precidence). Two types of builds:
      • Steps are specified in the API. This doesn't really fit with out Provenance API and should be relegated to another type of attestation, if at all.
      • Steps are specified in a source file
        • triggered if filename is used, which specifies the path to the config
    • runs in a Docker container

  • Google Cloud Build - Manual Builds

    • fully automated: NO (build steps defined in request)
    • out of scope
    • source:
      • tarball on Google Cloud Storage
      • git repo on Google Source Repository or GitHub (RepoSource)
        • NOTE: includes build directory and substitutions!
      • NOTE: It's not at all clear what happens when you use the gcloud command. I'm guessing it uploads a tarball to GCS?

  • Semaphore

  • Travis CI

Self-Hosted

TODO