Current state:
The configuration / state of shared actions is part of the shared actions. This causes a problem to frequently release the shared-actions and requires downstream workflows to be updated each time.
Usecase:
- Updating existing value of input parameters requires releasing of action and bumping it in downstream
- Security management ops like toggling global / repo specific security controls from a central place without needing to modify / bump versions in downstream
- Skipping any controls to bypass and use break glass strategy without needing to release
Instances:
- SCA control failures due to upstream dependency (Grype) CDN issue
- Docker CIS control failure due to GHCR (TooManyRequests) issue
Target State:
- The goal is to NOT frequently update and release shared actions when modifying configuration.
- Central config management of sec controls across different scopes (global org wide , repository specific) toggles
- Inject configuration of security controls in downstream pipelines dynamically for each scan
Ideas:
- Feature flags
- Shared action Configuration release / rollout strategy plan
Current state:
The configuration / state of shared actions is part of the shared actions. This causes a problem to frequently release the shared-actions and requires downstream workflows to be updated each time.
Usecase:
Instances:
Target State:
Ideas: