Monitor and integrate repository without writing .circleci file to repository root

circle.yml

#1

For a multitude of reasons which are not worth discussing at this stage - I need to start performing CI on a group of projects.

Every CI I’ve seen, with the exception of Jenkins (which I’m really not eager to use) - (Travis, Codeship, CircleCI, Drone) requires the writing of a file or set of files to configure CI i.e. .travis.yml, .codeship.yml, .circle.yml, yada, yada, yada.

But… and here’s the big but, I can’t do that. I can’t write these files. Is there any way your product can integrate without writing those files to the repository?


#2

Could you elaborate on what the problems you’re having are with storing config in the repo?

Is the issue that they can’t be stored statically at all for some reason and need to be passed it at runtime somehow?

Is it that you need to share config across many repos?

Is it that there are sensitive things you want to put in config that shouldn’t be seen by those with access to the code?

Is it that you need to protect who can edit the config differently than who can edit the code?


#3

Yep. In this specific case, 20 public repositories, no write access, also unable to install GitHub hooks.

No

Could be an issue, but not at the moment. Aware the SaaS CI providers support encrypted secrets in config.

Not an immediate issue, but could be in some situations.


#4

If you can’t install the webhooks is it safe to then assume you are not an admin on these repos? How would you hope to trigger a CI process to start without such automation at the github level? Or are you looking only for manual runs?

Are these repos related in that you want to run all of them as a group? Or each has its own independent config for CI and stands alone?


#5

If you can’t install the webhooks is it safe to then assume you are not an admin on these repos?

I am not admin, I have forked them… but I don’t want to interfere with upstream merging when it eventually happens - checksums are also important.

How would you hope to trigger a CI process to start without such automation at the github level? Or are you looking only for manual runs?

CI SaaS polling the repo’s for changes.

Are these repos related in that you want to run all of them as a group? Or each has its own independent config for CI and stands alone?

Some are top level and depend on the others. They all have a test suite, and they all produce an artefact which should be uploaded (either Linux packages or language specific archives of compiled bytecode.


#6

Can you just tell Git to ignore the .circleci/config.yml file? This way you can add your fork itself to CircleCI and do everything normally.


#7

Nope.

This is Erlang so package management consist of a file containing git repo names, tag/branch or checksum and each of the dependencies also contain a file with this information.

CI workflow

  1. Check out the top level project (which I want to CI).
  2. It fetches it’s dependencies from git (each of which I want to CI).
  3. Checks out checksummed version (using the lock file)

Upon crafting a release, and it’s the releases I want to build, and there’s lots of them - a lock file is generated, the lock file contains a master list of dependencies and their respective name, branch/tag AND checksums.

The checksum is critical to the build, if it’s changed, well, things would get complex.

That’s why I say I can’t put the configuration file into the repository - I mean, there’s probably lots of reasons why it’s a bad thing to configure CI based upon an artefact added to a code repository but this is the blocker for me (in this particular case).

Does that make sense?


#8