Configuring Continuous Integration Tools
Application Dependency Management (ADM) requires authorization to access the continuous integration tool.
You must provide this as a token that's stored as a secret in a vault. Each of the external continuous integration tools provide a means of generating this token. The OCI DevOps build pipeline doesn't require a token.
This section includes configuring the following pipelines and workflow:
Configuring a DevOps Build Pipeline
Create a build pipeline in the DevOps service if it doesn’t exist. For more information, see Creating a Build Pipeline.
Configuring a GitHub Actions Workflow
To configure a GitHub Actions workflow, create a personal access token (PAT) using the instructions provided in the GitHub documentation. See Creating a token. The token must follow the principle of least privilege and only have permission to access the repository being monitored by the Application Dependency Management service.
Configure the token with the following parameters:
Parameter | Setting |
---|---|
Expiration | Select a time period appropriate to the project. |
Repositories | Select top-level option. This is applicable only if you're using the GitHub repository. Use the same token that's used to configure the GitHub repository. |
Workflow | Select the workflow. |
Immediately copy the token to a secure location because you can't retrieve the token later. Store the token as a secret in the vault. See Managing Vault Secrets.
Provide the following information to configure a GitHub Actions workflow:
- URL of the GitHub project containing the workflow, for example
https://github.com/example/project
. - Username for the repository (corresponding to the token).
- Name of the vault and secret containing a personal access token for the workflow.
- Name of the workflow or filename of the workflow.
- (Optional) Additional parameters required by the workflow.
Access to a GitHub project is granted using the personal access token of a user account. We recommend that you create a machine user account, provide it with the minimal amount of project access that's required, and add it as a collaborator to the project. For more information, see Machine users.
Configuring a GitLab Pipeline
To configure a GitLab pipeline, create a personal access token (PAT) using the instructions provided in the GitLab documentation. See Create a personal access token. The token must follow the principle of least privilege and only have permission to access the repository being monitored by the Application Dependency Management service.
Configure the token with the following permissions:
Permission | Description |
---|---|
api | Scope for controlling a pipeline |
Immediately copy the token to a secure location because you can't retrieve the token later. Store the token as a secret in the vault. See Managing Vault Secrets.
Create a trigger token using the instructions provided in the GitLab documentation and store it as a secret in the vault. See Create a trigger token.
Provide the following information to configure a GitLab pipeline:
- URL of the GitLab project containing the pipeline, for example
https://gitlab.com/example/project
. - Username for the repository (corresponding to the access token).
- Name of the vault and secret containing a personal access token for the pipeline.
- Name of the vault and secret containing the trigger token for the pipeline.
- (Optional) Additional parameters required by the pipeline.
Access to a GitLab project is granted using the personal access token of a user account. We recommend that you create a service account (a separate account that's authorized to access GitLab APIs), provide it with the minimal amount of project access that's required including access to the repository, and add it as a collaborator to the project.