CircleCI Integration
First time using CircleCI? Please refer to the following documentation.
Introduction​
CircleCI is a CI/CD platform that has the purpose of bringing agility to the pipeline creation process. One of its main features is its extensibility, through the so-called Orbs it is possible to add custom jobs, commands and executors. Currently, the integration with Conviso's products takes advantage of CircleCI's native docker support, and runs through a docker image made available on Dockerhub with a CLI-like tool available on PyPi.
Requirements​
For the Cloud version, support is native. However, for the enterprise version, in order for the experience with Conviso's services to be complete, it is necessary to be aware of the requirements below:
-
Build environment with Docker
-
External access (can be limited to Conviso, Dockerhub and Conviso registry)
First Steps​
After configuring your VCS access policies in CircleCI, on the Project Dashboard page you will be able to see all the repositories available for creating Pipelines. If there is already a description of a pipeline in the repository, it will be available in the .circleci
folder at the root of the repository, in the config.yml file. It is important that Conviso jobs are set up correctly along with the rest of the workflow. If there is no pipeline yet, clicking on the Setup project button for your repository will open an editor for the creation of pipelines.
Variables Setup​
Authentication between CircleCI and Conviso Platform takes place through an API key. For this to happen safely, it is recommended to use the Environment Variables of Pipeline. They can be defined by project or else by context.
Project Variables Setup​
In this case, the variable will be restricted to the execution of pipelines of the selected project. To configure this way, follow the steps below:
-
From the Project Dashboard menu, select the desired project;
-
In the upper right corner, click on Project Settings;
-
In the left menu, click on Environment Variables and then on the Add Environment Variable button;
-
Name the variable CONVISO_API_KEY and add the API key available in your Conviso Platform profile.
Context Variables Setup​
In this case, the variable will be visible to all projects associated with the specified context. To configure this way, follow the steps below:
-
In the Organization Settings menu, select the Contexts option;
-
Select the desired context or create a new one by clicking on New Context. For example you can name this new context as Conviso. For the purpose of this tutorial we will do that;
-
After selecting the desired context, click on Add Environment Variable. You can then add a new variable called CONVISO_API_KEY with the value of Conviso API Key generated before.
For the jobs to load the created context, you need to configure them in the workflows session of the configuration file.
Let us configure Circle CI pipeline in order to run Conviso AST:​
version: 2.1
jobs:
conviso-ast:
docker:
- image: convisoappsec/convisocli:latest
steps:
- setup_remote_docker
- checkout
- run:
name: "Conviso AST"
command: "conviso ast run"
# Orchestrate jobs using workflows
# See: https://circleci.com/docs/workflows/ & https://circleci.com/docs/configuration-reference/#workflows
workflows:
security: # This is the name of the workflow, feel free to change it to better match your workflow.
# Inside the workflow, you define the jobs you want to run.
jobs:
- conviso-ast:
context: Conviso # has an env var called CONVISO_API_KEY