Test and document the steps to use CI/CD for external repo for security checks
Now that we have CI/CD for external repo we need to document how to leverage this feature to have "security pipelines" for GitHub projects. This can be a good driver for interested customers that want to use GitLab for security checks.
We could consider different scenarios:
- GitHub.com repo and GitLab.com CI/CD
- GitHub Enterprise and GitLab.com CI/CD
- GitHub Enterprise and GitLab Enterprise
- GitHub.com and GitLab Enterprise
I suppose the most important cases are 1
and 2
, so we can focus on them first.
For each case, we should test and document how to set up the project, and which are the expected results. This could be done as a technical article (https://docs.gitlab.com/ce/development/writing_documentation.html#technical-articles).
Example TOC:
- Setup
- create a CI/CD project for external repo on GitLab
- connect your GitHub.com account using OAuth2
- select one of the projects hosted on GitHub
- (optional) schedule a pipeline to run checks automatically every hour
- push a
.gitlab-ci.yml
with the security pipeline definition to the original GitHub project - Usage
- push changes to the original project on GitHub
- wait for the status no GitHub to update
- click the link to go to the GitLab pipeline
- select the security tab to see the report