template ci/cd pipeline enforcement
I was wondering if there is a way to disable the template editor in the ui or making it read only even for owners(although that wouldn't fix them having cli/api access)
I am basically looking for a way that can enforce template changes through merge request using ci coder service account with gitlab pipelines.
11 Replies
<#1273026731938283590>
Category
Feature request
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
hey @Spiked_Grape, this isn't possible yet, i guess you could reserve the owner role the service account used for CI
please open a feature request via GH Issues
GitHub
Issues · coder/coder
Provision remote development environments via Terraform - Issues · coder/coder
@Phorcys ok thanks. what about not making templates available to everyone by default. Is there a flag/option for that? If I am testing out a new template, currently I push it via cli then go change the permissions in the ui.
well, except not giving them the owner/admin role I don't think so
i'm not sure
maybe you can do it via the API, I don't know if there's a flag, I will take a look
Hi @Spiked_Grape there are settings to manage templates accesss
See https://coder.com/docs/templates/permissions
You can use
--private
flag from CLI
it will work with
From coder templates create--help
@Atif what about the deprecation notice at the top of that page.
I thought you have to templates push now and that doesn't show a private or group option
create
was deprecated in favor of merging the functionality in push
I am sorry, I missed that deprecation notice. --private
should work with push
too.
Let me know if it doesn't. And we can fix it and if it works we will update docs to reflect the change.hello @Spiked_Grape -- any luck?
Hi I was looking at the new docs that use the coderd terraform provider.
https://coder.com/docs/templates/change-management
Where you can use acl for the permissions etc. but I haven't had a chance to try it out yet.
So when you using ci cd to add new versions, I would want to add a new version map to version list inside the existing template resource?
Change management - Coder Docs
Versioning templates with git and CI
I don't think that would be needed -- looks like it would just grab whatever you have in the template directory and push it if contents have changed!