Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expand on baselines lifecycle #1524

Open
BernieWhite opened this issue May 5, 2023 · 0 comments
Open

Expand on baselines lifecycle #1524

BernieWhite opened this issue May 5, 2023 · 0 comments
Labels
feature: baselines Issues that affect baselines

Comments

@BernieWhite
Copy link
Member

BernieWhite commented May 5, 2023
edited

Currently customers can configure a single baseline to use. For general use, the baseline is defined on the workflow as an input parameter.

For cases with lots of workflows, this may create undue burden updating these workflows to point to the new baseline.

Setting by environment variable

If the baseline can be set by environment variable, a GitHub repository could set the environment variable which would be inherited by all repos. Azure DevOps would be via variable template/ variable group.

Technically this could already be done by passing the environment variable as a parameter in the GitHub Action. However there is no documentation for this approach.

Pros:

  • Low maintenance.
  • Flexible options to run different baselines with different environment variables.

Cons:

  • No code change, so no PR.
  • Privileged operation for the repository.

Options file

The baseline could be set by options file, this is mostly implemented for setting baselines via module configuration. i.e. rule.baseline.

Pros:

  • Low maintenance
  • Code change, so required PR and test validation as part of the process.

Cons:

  • Does not support environments natively, but different options files can be used.
  • Multi-module scenarios are not currently supported.
  • Only a single baseline can be selected currently.

Baseline group

Provide an option to configure a baseline group, which is friendly name for the baseline but one that can be set within options.

For example:

baseline:
  group:
    recommended: PSRule.Rules.Azure\Azure.Default
    preview: PSRule.Rules.Azure\Azure.Preview
# Analyze Azure resources using PSRule for Azure
- name: Analyze Azure template files
  uses: microsoft/[email protected]
  with:
    modules: 'PSRule.Rules.Azure'
    baseline: '@recommended'

Pros:

  • Low maintenance
  • Code change, so required PR and test validation as part of the process.
  • Allows a different baseline tags to be configured within the pipeline, baseline can be bumped without updating the pipeline.

Cons:

  • Multi-module scenarios are not currently supported.
  • Only a single baseline can be selected currently.
@BernieWhite BernieWhite added the feature: baselines Issues that affect baselines label May 5, 2023
@BernieWhite BernieWhite mentioned this issue Jun 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature: baselines Issues that affect baselines
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BernieWhite