Ability to use security groups for contexts used by github app type pipelines
in progress
D
Daniel Lund
We want to be able to use github apps to centralise circle ci config for some of our deployments so its easy to propagate changes to the pipelines and avoid copy pasting the same pipeline in multiple repo's. However, we also want to restrict access to contexts such as our prod deploy context for this group of services but GitHub app based pipelines don't support this in their current state.
The ability to restrict context access via security groups is a vital piece of the puzzle as we don't want ALL members of our GitHub org accessing these contexts
makmalon Elon
The ability to restrict context access via security groups is a vital piece of the puzzle as we don't want ALL members of our GitHub org accessing these contexts @block blast free.
H
Hailey Nelson
@basketball stars I completely agree, adding security group support for GitHub App-based pipelines would make centralized CircleCI configs far safer and more scalable by properly controlling access to sensitive deployment contexts.
c
charlesrutabanzibwa123@gmail.com
What should I do then for I expect GitHub would help me to archive the goal. The restrictions now imposed make me fail to archive what I expected.
D
Daniel Lund
At the moment github app type pipelines still don't support security groups on contexts.
We have contexts that are restricted to specific GitHub groups already, its more the fact we cant use those restrictions if we have a GitHub app type pipeline is the problem: https://circleci.com/docs/guides/integration/github-apps-integration/#restrict-a-context-to-a-security-group
Nathan Fish
marked this post as
in progress
Nathan Fish
marked this post as
planned
We are working on group apis to manage contexts. This should allow you to sync (with some work on your part) GitHub security groups to CircleCI groups and contexts.
https://circleci.com/docs/api/v2/#tag/Groups for group management
and
https://circleci.com/docs/api/v2/#tag/Context/operation/createContextRestriction for context restrictions by group.