Global Pipelines
This functionality is designed so that, whoever has permissions to add variables in the CI platform, can leave certain fratures fixed in the pipelines at the organization level.
Examples:
- The team leader takes the definition that all the pipelines of the organization must have approvals in the stg environment.
- The team leader takes the definition that in all the pipelines of the organization a code quality analysis must be executed.
Usage​
- GitHub Actions
- GitLab
- Azure DevOps
- Bitbucket
1. Add as variables in GitHub the values you want to set from this list
shamanops_global_pipeline_environments
*
This value must be set if you want to fix the pull of environments you want to use.
Options: full-with-drp | full | mid | minimal | available
shamanops_global_pipeline_canary_dev
*
This value must be set if you want to fix the Canary Deployment in the dev environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_canary_stg
*
This value must be set if you want to fix the Canary Deployment in the stg environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_canary_prod
*
This value must be set if you want to fix the Canary Deployment in the prod environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_dev
*
This value must be set if you want to fix the approvers in the dev environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_stg
*
This value must be set if you want to fix the approvers in the stg environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_prod
*
This value must be set if you want to fix the approvers in the prod environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sca_enabled
*
This value must be set if you want to fix the execution of the SCA scan.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sca_blocker
*
This value must be set if you want to fix that the result of the SCA scan you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sast_enabled
*
This value must be set if you want to fix the execution of the SAST check.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sast_blocker
*
This value must be set if you want to fix that the result of the SAST check you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_stress_enabled
*
This value must be set if you want to fix the execution of the Stress test.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_stress_blocker
*
This value must be set if you want to fix that the result of the Stress test you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_functional_analysis_enabled
*
This value must be set if you want to fix the execution of the Functional analysis.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_functional_analysis_blocker
*
This value must be set if you want to fix that the result of the Functional analysis you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_secrets_in_code_blocker
*
This value must be set if you want to fix that the result of the detection of Secrets in code you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_repository_metrics_enabled
*
This value must be set if you want to fix that information from the repositories be used for metrics.
To activate it, the value of the variable must be ‘true’.
1. Add as variables in GitLab the values you want to set from this list
shamanops_global_pipeline_environments
*
This value must be set if you want to fix the pull of environments you want to use.
Options: full-with-drp | full | mid | minimal | available
shamanops_global_pipeline_canary_dev
*
This value must be set if you want to fix the Canary Deployment in the dev environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_canary_stg
*
This value must be set if you want to fix the Canary Deployment in the stg environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_canary_prod
*
This value must be set if you want to fix the Canary Deployment in the prod environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_dev
*
This value must be set if you want to fix the approvers in the dev environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_stg
*
This value must be set if you want to fix the approvers in the stg environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_prod
*
This value must be set if you want to fix the approvers in the prod environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sca_enabled
*
This value must be set if you want to fix the execution of the SCA scan.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sca_blocker
*
This value must be set if you want to fix that the result of the SCA scan you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sast_enabled
*
This value must be set if you want to fix the execution of the sast check.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sast_blocker
*
This value must be set if you want to fix that the result of the SAST check you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_stress_enabled
*
This value must be set if you want to fix the execution of the Stress test.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_stress_blocker
*
This value must be set if you want to fix that the result of the Stress test you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_functional_analysis_enabled
*
This value must be set if you want to fix the execution of the Functional analysis.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_functional_analysis_blocker
*
This value must be set if you want to fix that the result of the Functional analysis you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_secrets_in_code_blocker
*
This value must be set if you want to fix that the result of the detection of Secrets in code you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_repository_metrics_enabled
*
This value must be set if you want to fix that information from the repositories be used for metrics.
To activate it, the value of the variable must be ‘true’.
1. Add as variables to the previously created shamanops-keyvault in Azure DevOps the values you want to set from this list.
In case you need to create the Key Vault from scratch, you cand find how here
shamanops_global_pipeline_environments
*
This value must be set if you want to fix the pull of environments you want to use.
Options: full-with-drp | full | mid | minimal | available
shamanops_global_pipeline_canary_dev
*
This value must be set if you want to fix the Canary Deployment in the dev environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_canary_stg
*
This value must be set if you want to fix the Canary Deployment in the stg environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_canary_prod
*
This value must be set if you want to fix the Canary Deployment in the prod environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_dev
*
This value must be set if you want to fix the approvers in the dev environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_stg
*
This value must be set if you want to fix the approvers in the stg environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_prod
*
This value must be set if you want to fix the approvers in the prod environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sca_enabled
*
This value must be set if you want to fix the execution of the SCA scan.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sca_blocker
*
This value must be set if you want to fix that the result of the SCA scan you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sast_enabled
*
This value must be set if you want to fix the execution of the SAST check.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sast_blocker
*
This value must be set if you want to fix that the result of the SAST check you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_stress_enabled
*
This value must be set if you want to fix the execution of the Stress test.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_stress_blocker
*
This value must be set if you want to fix that the result of the Stress test you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_functional_analysis_enabled
*
This value must be set if you want to fix the execution of the Functional analysis.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_functional_analysis_blocker
*
This value must be set if you want to fix that the result of the Functional analysis you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_secrets_in_code_blocker
*
This value must be set if you want to fix that the result of the detection of Secrets in code you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_repository_metrics_enabled
*
This value must be set if you want to fix that information from the repositories be used for metrics.
To activate it, the value of the variable must be ‘true’.
1. Add as Workspace variables in the shamanops project in Bitbucket the values you want to set from this list
shamanops_global_pipeline_environments
*
This value must be set if you want to fix the pull of environments you want to use.
Options: full-with-drp | full | mid | minimal | available
shamanops_global_pipeline_canary_dev
*
This value must be set if you want to fix the Canary Deployment in the dev environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_canary_stg
*
This value must be set if you want to fix the Canary Deployment in the stg environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_canary_prod
*
This value must be set if you want to fix the Canary Deployment in the prod environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_dev
*
This value must be set if you want to fix the approvers in the dev environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_stg
*
This value must be set if you want to fix the approvers in the stg environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_approvals_prod
*
This value must be set if you want to fix the approvers in the prod environment.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sca_enabled
*
This value must be set if you want to fix the execution of the SCA scan.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sca_blocker
*
This value must be set if you want to fix that the result of the SCA scan you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sast_enabled
*
This value must be set if you want to fix the execution of the SAST check.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_sast_blocker
*
This value must be set if you want to fix that the result of the SAST check you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_stress_enabled
*
This value must be set if you want to fix the execution of the Stress test.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_stress_blocker
*
This value must be set if you want to fix that the result of the Stress test you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_functional_analysis_enabled
*
This value must be set if you want to fix the execution of the Functional analysis.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_functional_analysis_blocker
*
This value must be set if you want to fix that the result of the Functional analysis you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_secrets_in_code_blocker
*
This value must be set if you want to fix that the result of the detection of Secrets in code you are executing to be blocking for the continuation of the pipeline.
To activate it, the value of the variable must be ‘true’.
shamanops_global_pipeline_repository_metrics_enabled
*
This value must be set if you want to fix that information from the repositories be used for metrics.
To activate it, the value of the variable must be ‘true’.