docs: example setup for circle ci (#1207)

* docs: example setup for circle ci * docs: Update docs/guides/ci-setup.md Co-authored-by: elsapet <[email protected]> * Update docs/guides/ci-setup.md Co-authored-by: elsapet <[email protected]> * docs: add basic example for CircleCI * Update docs/guides/ci-setup.md Co-authored-by: elsapet <[email protected]> --------- Co-authored-by: elsapet <[email protected]>
Bearer · Aug 25, 2023 · 9d3698f · 9d3698f
1 parent d35f9e0
commit 9d3698f
Showing 1 changed file with 67 additions and 0 deletions.
diff --git a/docs/guides/ci-setup.md b/docs/guides/ci-setup.md
@@ -37,6 +37,73 @@ GitLab's guide on [Running CI/CD jobs in Docker containers](https://docs.gitlab.
 
 For more details and additional configuration, see our [guide to using GitLab](/guides/gitlab/).
 
+## CircleCI
+
+To integrate with CircleCI, you can add the following job to your `.circleci/config.yml`
+
+```yml
+version: 2.1
+
+jobs:
+  bearer:
+    machine:
+      image: ubuntu-2204:2023.07.2
+    environment:
+      # Set to default branch of your repo
+      DEFAULT_BRANCH: main
+    steps:
+      - checkout
+      - run: curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh -s -- -b /tmp
+      - run: CURRENT_BRANCH=$CIRCLE_BRANCH SHA=$CIRCLE_SHA1 /tmp/bearer scan .
+
+workflows:
+  test:
+    jobs:
+      - bearer
+```
+
+A more advanced example using a Github repository and reviewdog for PR comments:
+
+```yml
+version: 2.1
+
+jobs:
+  bearer:
+    machine:
+      image: ubuntu-2204:2023.07.2
+    environment:
+      # Set to default branch of your repo
+      DEFAULT_BRANCH: main
+    steps:
+      - checkout
+      - run: curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh -s -- -b /tmp
+      - run: curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b /tmp
+      - run: |
+          CURRENT_BRANCH=$CIRCLE_BRANCH SHA=$CIRCLE_SHA1 /tmp/bearer scan . --format=rdjson --output=rd.json || export BEARER_EXIT=$?
+          cat rd.json | REVIEWDOG_GITHUB_API_TOKEN=$GITHUB_TOKEN /tmp/reviewdog -f=rdjson -reporter=github-pr-review
+          exit $BEARER_EXIT
+
+workflows:
+  test:
+    jobs:
+      - bearer:
+          filters:
+            branches:
+              # No need to run a check on default branch
+              ignore: main
+          context:
+            - bearer
+            # make sure to set GITHUB_TOKEN in your context
+
+```
+
+The `GITHUB_TOKEN` in this case just requires read and write access to pull requests for the repository.
+
+{% callout "warn" %}
+Currently DEFAULT_BRANCH is hard coded and diff scanning is not supported because base branch information is not available in Circle CI.
+In the future we hope to support diff scanning in Circle CI by having the CLI call the Github API for the details.
+{% endcallout %}
+
 ## Universal setup
 
 For other services, we recommend selecting the [installation method](/reference/installation/) that best fits the platform.