Before getting deep into circleci docs I thought maybe the community could advise.
Currently, we’re on GitHub, but we discovered that there are lots of really poor limitations with shared workflows… 1st and foremost, a shared workflow has to be public and its logs are also potentially public… but also the secrets need to be fed directly from the parent.
The GitHub result would be if we continued:
- 30+* services manually set up to 1 by 1 inject secrets into a common workflow. Not really scalable and time-consuming to update and generally maintain.
When compared to GitLab this is insane. In GitLab, you can set group secrets that are inherited by all children in the group… so 1 shared GitLab yml file can do 80% of the common tasks and picks up secrets controlled from 1 point. This makes management much more efficient… each service just now includes the common file without additional settings.
The issue we are looking at:
- github is out, this shared-workflow set of limitations just does not work for us, we’ve waited 6 months but there is zero movement on the topic
- gitlab does it all, but, it comes with a price tag we as a small company cannot justify… 20 per head per month.
Does circle-ci work the same way as gitlab, can we configure a single shared config that can access common secrets or do we need to in circle do the same as github and pass secrets in 1 by 1?