Currently, our CI/CD pipeline lacks flexibility and security in how tests are executed. We need to improve the flow to ensure that:
-
Build, Lint, and Unit Tests:
- These steps should run in any environment (e.g., local, PR, main branch, etc.).
- They must not have access to secret values (e.g., API keys, credentials) to prevent accidental exposure.
- This ensures that basic checks are always performed without risking sensitive data.
-
Integration Tests:
- Integration tests should only run after explicit approval from repository owners or maintainers.
- These tests should be triggered manually or via a specific command (e.g.,
/run-integration-tests in a PR comment).
- This step should only run after the code has been reviewed and approved to avoid unnecessary resource usage and ensure security.
Proposed Changes:
- Refactor the CI/CD pipeline to separate concerns:
- A lightweight pipeline for Build, Lint, and Unit Tests that runs on every push or PR.
- A secure, gated pipeline for Integration Tests that requires manual intervention.
- Ensure that secret values are only accessible in the Integration Tests step, and only when explicitly triggered by authorized users.
Acceptance Criteria:
- Build, Lint, and Unit Tests run in all environments without access to secrets.
- Integration Tests are only triggered manually by owners/maintainers after code review.
- Secrets are securely managed and only exposed in the Integration Tests step when necessary.
- Documentation is updated to reflect the new CI/CD flow.
Currently, our CI/CD pipeline lacks flexibility and security in how tests are executed. We need to improve the flow to ensure that:
Build, Lint, and Unit Tests:
Integration Tests:
/run-integration-testsin a PR comment).Proposed Changes:
Acceptance Criteria: