You are viewing a single thread.
View all comments View context
0 points

But… also in ArgoCD you just set up which branch you want to look at

permalink
report
parent
reply
0 points

Yes, but Gitlab doesn’t allow for easy access rules.

Basically, OPS wants full control of the repo, since they are the ones being blamed if something goes wrong. There’s no way to enforce, that only a certain set of users can make changes to a branch - all such restrictions can be circumvented rather easily. So the solution is a shadow copy of the repo that only gets updated on release and Argo only deploys a specific tag (i.e. release).

We’re not talking about just some enterprise microservice, but stuff in the public administration/government sphere. The tradeoffs are a bit different there.

permalink
report
parent
reply
0 points

I didn’t know that GitLab doesn’t allow that! We use BitBucket and there it’s extremely easy to put branch restrictions so that only certain Usergroups are allowed to merge into the release-branches

permalink
report
parent
reply
0 points

Bitbucket also doesn’t enforce these rules properly. You can simply change the rules, merge, then change back.

The only way around that is to restrict every developer account into oblivion and only have an ops guy as repo admin, but I think most ops teams have better things to do.

permalink
report
parent
reply

Programmer Humor

!programmerhumor@lemmy.ml

Create post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.

Community stats

  • 5.2K

    Monthly active users

  • 878

    Posts

  • 8.8K

    Comments

Community moderators