zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-13 16:17:01 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/architecture/decisions/0009-github-actions.md
Seamus Johnston 8f28b47cd0
Justify GitHub Actions in ADR
2022-08-19 09:50:41 -05:00

29 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 9. GitHub Actions
Date: 2022-08-11
## Status
Accepted
## Context
We need a tool to execute scripts whenever code is modified. These automated tools are called CI/CD pipelines. CI is continuous integration. CD is continuous deployment. These may be slight misnomers, as our project does not seek to integrate or deploy “continuously”.
We want certain tools, such as linters, test harnesses, and static security analysis to run each time new code is submitted via a pull request on GitHub.
We want certain other tools, such as build scripts and deployment scripts, to run whenever code is merged into the authoritative copy (our “main” branch in git).
Many CI/CD tools exist. Some top competitors in this space are GitLab CI/CD, CircleCI, TravisCI, and Jenkins.
GitHub Actions is an easy choice due to its tight integration with GitHub (the Microsoft product in which the code is currently stored).
## Decision
To use GitHub Actions.
## Consequences
The choice of CI/CD pipeline is more closely tied to the infrastructure of a project than to its codebase. It is expected that CI/CD pipeline scripts will need to be rewritten whenever a significant infrastructure change takes place.
Deployment keysand perhaps other secretswill be entrusted to Microsoft and will be vulnerable to technical failures, process failures, or policy failures on their part.
Reference in a new issue View git blame Copy permalink