From 9d3698f84b68d38c456bca80cd102da93fd285f3 Mon Sep 17 00:00:00 2001 From: Philip Hayton Date: Fri, 25 Aug 2023 10:21:50 +0100 Subject: [PATCH] docs: example setup for circle ci (#1207) * docs: example setup for circle ci * docs: Update docs/guides/ci-setup.md Co-authored-by: elsapet * Update docs/guides/ci-setup.md Co-authored-by: elsapet * docs: add basic example for CircleCI * Update docs/guides/ci-setup.md Co-authored-by: elsapet --------- Co-authored-by: elsapet --- docs/guides/ci-setup.md | 67 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/docs/guides/ci-setup.md b/docs/guides/ci-setup.md index 6baf4210e..7a0c8656c 100644 --- a/docs/guides/ci-setup.md +++ b/docs/guides/ci-setup.md @@ -37,6 +37,73 @@ GitLab's guide on [Running CI/CD jobs in Docker containers](https://docs.gitlab. For more details and additional configuration, see our [guide to using GitLab](/guides/gitlab/). +## CircleCI + +To integrate with CircleCI, you can add the following job to your `.circleci/config.yml` + +```yml +version: 2.1 + +jobs: + bearer: + machine: + image: ubuntu-2204:2023.07.2 + environment: + # Set to default branch of your repo + DEFAULT_BRANCH: main + steps: + - checkout + - run: curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh -s -- -b /tmp + - run: CURRENT_BRANCH=$CIRCLE_BRANCH SHA=$CIRCLE_SHA1 /tmp/bearer scan . + +workflows: + test: + jobs: + - bearer +``` + +A more advanced example using a Github repository and reviewdog for PR comments: + +```yml +version: 2.1 + +jobs: + bearer: + machine: + image: ubuntu-2204:2023.07.2 + environment: + # Set to default branch of your repo + DEFAULT_BRANCH: main + steps: + - checkout + - run: curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh -s -- -b /tmp + - run: curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b /tmp + - run: | + CURRENT_BRANCH=$CIRCLE_BRANCH SHA=$CIRCLE_SHA1 /tmp/bearer scan . --format=rdjson --output=rd.json || export BEARER_EXIT=$? + cat rd.json | REVIEWDOG_GITHUB_API_TOKEN=$GITHUB_TOKEN /tmp/reviewdog -f=rdjson -reporter=github-pr-review + exit $BEARER_EXIT + +workflows: + test: + jobs: + - bearer: + filters: + branches: + # No need to run a check on default branch + ignore: main + context: + - bearer + # make sure to set GITHUB_TOKEN in your context + +``` + +The `GITHUB_TOKEN` in this case just requires read and write access to pull requests for the repository. + +{% callout "warn" %} +Currently DEFAULT_BRANCH is hard coded and diff scanning is not supported because base branch information is not available in Circle CI. +In the future we hope to support diff scanning in Circle CI by having the CLI call the Github API for the details. +{% endcallout %} + ## Universal setup For other services, we recommend selecting the [installation method](/reference/installation/) that best fits the platform.