Project 15
Training exercise.
Brief recommendation for boss
Is the CICD viable for this purpose?
yes, but they can't see the problem details (as they are displayed only in Reunite)
How would credentials be transmitted to the contractor?
share it with an encrypted message
Is that secure?
No, there are no scopes for the api keys. They can inject users via scim to our organization.
Do you see any potential pitfalls?
No scopes on api key is a pitfall
What made you smile?
- Use of prefix for created branches to avoid name clash
- CICD works smoothly except for merging PRs with broken checks
- Setup is easy and clear enough for a developer
What did you find confusing?
- There should be no warning for internal repo. Especially with "Unknown" as the source.
- Would be good to generate api key inline.
- "Copied" tooltip and icon change would be nice for api key.
- Copy button for variable name would be nice.
- Copy code button could also be inline in the guide block.
- "Copy the code sample to the created file." is weird. What is "code sample"? It should be "Copy the pipeline code on the left".
- Points 3 and 4 are in the wrong order. You should first copy the code and then create the file.
- Scorecard failed status could be in red in push action logs.
- There is scorecard output in push but not link checker.
- On deploys page it should show failed check labels.
- We didn't expect automerge when there are failed checks (lint).
- Major problem is no scopes for API keys.