diff --git a/radar/infrastructure_ci_cd/admin_labs.yaml b/radar/infrastructure_ci_cd/admin_labs.yaml index f7a68196..1ffdd8cb 100644 --- a/radar/infrastructure_ci_cd/admin_labs.yaml +++ b/radar/infrastructure_ci_cd/admin_labs.yaml @@ -16,13 +16,8 @@ rationale: | * Status subscription * How easy is setup * How to configure status page for Hii retail services, Relevate per customer and Platform services - * more details for the assessment available at - https://docs.google.com/presentation/d/16iPTFRKRX1n_xX_RB1S2soXo8-qeliRkWQAfes2nHCg/edit?usp=sharing + * more details for the assessment available in these + [slides](https://docs.google.com/presentation/d/16iPTFRKRX1n_xX_RB1S2soXo8-qeliRkWQAfes2nHCg/edit?usp=sharing) license: commercial: company: Admin Labs - description: https://www.adminlabs.com/status-pages-pricing/ -tags: - - Services status check - - Hii Retail - - Relevate diff --git a/radar/infrastructure_ci_cd/ant.yaml b/radar/infrastructure_ci_cd/ant.yaml index 254e24d1..4e1315fe 100644 --- a/radar/infrastructure_ci_cd/ant.yaml +++ b/radar/infrastructure_ci_cd/ant.yaml @@ -2,6 +2,8 @@ name: Apache Ant blip: - date: 2018-03-20 ring: HOLD + - date: 2024-08-09 + ring: ARCHIVE description: | Apache Ant is a build tool designed to replace Make in early 2000. It is implemented in Java, configured with XML and primarily used to configure diff --git a/radar/infrastructure_ci_cd/appveyor.yaml b/radar/infrastructure_ci_cd/appveyor.yaml index 4aae3e15..72b3aa5f 100644 --- a/radar/infrastructure_ci_cd/appveyor.yaml +++ b/radar/infrastructure_ci_cd/appveyor.yaml @@ -6,6 +6,8 @@ blip: ring: TRIAL - date: 2019-11-15 ring: HOLD + - date: 2024-08-09 + ring: ARCHIVE description: | Appveyor is an elastic SaaS CI/CD platform focused on the Microsoft development ecosystem. It's based on dockerized ephemeral builds configured with `appveyor.yml` files following the [pipelines as code](pipelines_as_code.html) diff --git a/radar/infrastructure_ci_cd/auth0.yaml b/radar/infrastructure_ci_cd/auth0.yaml index 740b14ee..2bc4820b 100644 --- a/radar/infrastructure_ci_cd/auth0.yaml +++ b/radar/infrastructure_ci_cd/auth0.yaml @@ -2,6 +2,8 @@ name: Auth0 blip: - date: 2020-06-15 ring: HOLD + - date: 2024-08-09 + ring: ARCHIVE description: | [Auth0](https://auth0.com) is a SaaS for user and machine-machine authentication. It supports local users and federated login over social, Open ID, ADFS and SAML. diff --git a/radar/infrastructure_ci_cd/aws_lambda.yaml b/radar/infrastructure_ci_cd/aws_lambda.yaml index 32667e9d..2d3040f5 100644 --- a/radar/infrastructure_ci_cd/aws_lambda.yaml +++ b/radar/infrastructure_ci_cd/aws_lambda.yaml @@ -4,6 +4,8 @@ blip: ring: TRIAL - date: 2019-02-20 ring: HOLD + - date: 2024-08-09 + ring: ARCHIVE description: | AWS Lambdas are serverless functions managed by AWS and automatically scaled to handle varying load. They support multiple languages such as Java, Node.js diff --git a/radar/infrastructure_ci_cd/cake.yaml b/radar/infrastructure_ci_cd/cake.yaml index 28b033a2..4da860d5 100644 --- a/radar/infrastructure_ci_cd/cake.yaml +++ b/radar/infrastructure_ci_cd/cake.yaml @@ -4,6 +4,8 @@ blip: ring: ASSESS - date: 2019-06-10 ring: TRIAL + - date: 2024-08-09 + ring: ARCHIVE description: | Cake (C# Make) is a cross-platform build automation system with a C# DSL for tasks such as compiling code, copying files and folders, running unit tests, compressing files and building NuGet packages. diff --git a/radar/infrastructure_ci_cd/circleci.yaml b/radar/infrastructure_ci_cd/circleci.yaml index e954edb0..bad97bb1 100644 --- a/radar/infrastructure_ci_cd/circleci.yaml +++ b/radar/infrastructure_ci_cd/circleci.yaml @@ -4,6 +4,8 @@ blip: ring: ASSESS - date: 2019-11-15 ring: HOLD + - date: 2024-08-09 + ring: ARCHIVE description: | CircleCI is an elastic SaaS CI/CD platform. It's based on dockerized ephemeral builds configured with `.circleci/config.yml` files following the [pipelines as code](pipelines_as_code.html) principles. diff --git a/radar/infrastructure_ci_cd/cloud_run.yaml b/radar/infrastructure_ci_cd/cloud_run.yaml index 948da06b..0f961e4e 100644 --- a/radar/infrastructure_ci_cd/cloud_run.yaml +++ b/radar/infrastructure_ci_cd/cloud_run.yaml @@ -1,5 +1,4 @@ -name: Cloud Run for Anthos -shortname: Cloud Run +name: Cloud Run logo: https://cloud.google.com/images/serverless/cloud-run.svg blip: - date: 2020-02-05 @@ -7,29 +6,18 @@ blip: - date: 2020-10-05 ring: ADOPT description: | - Cloud Run is a servless compute platform on Google Cloud Platform that automatically scales your stateless containers. - Cloud Run is built on top of Knative and Kubernetes and abstract away most of the complexity to allow development - teams to deliver stateless containers. + Cloud Run is a serverless compute platform on Google Cloud Platform that automatically scales your + stateless containers. rationale: | Cloud Run reduces the cognitive load that is introduced by Kubernetes and Knative. It allows the development teams to focus on the application. To use Cloud Run, you must containerize your application, keep it stateless and write it as an request/event-driven application. - Cloud Run comes in two flavors: - - 1. Fully-managed by Google - 2. Cloud Run for Anthos, running on GKE with Knative - - We have adopted Cloud Run for Anthos as this gives us a serverless compute platform from the developer perspective, - but also supports the nobs we need to turn in the cloud native platform. - - With Cloud Run for Anthos, we support a continuous deployment pipeline with GitHub Actions, policy-based + With Cloud Run, we support a continuous deployment pipeline with GitHub Actions, policy-based authorization with Open Policy Agent and integrated metrics and monitoring with Cloud Operations. license: commercial: company: Google - description: | - Use of this software requires a license for Google Cloud Platform. related: - infrastructure_ci_cd/gcf.yaml - infrastructure_ci_cd/gcp.yaml diff --git a/radar/infrastructure_ci_cd/gcf.yaml b/radar/infrastructure_ci_cd/gcf.yaml index 992ab3d0..a75a3668 100644 --- a/radar/infrastructure_ci_cd/gcf.yaml +++ b/radar/infrastructure_ci_cd/gcf.yaml @@ -18,6 +18,9 @@ rationale: | * Managing and sharing code across services is more complex * local or offline testing is more difficult if not impossible. + While there can be a place for Cloud Functions, we have put it on hold and recommend Cloud Run over functions. + Cloud Functions v2 is essentially Cloud Run with a build pipeline in-front. As we're building containers in our + CI/CD pipelines there's not much differences left. license: commercial: company: Google @@ -25,7 +28,7 @@ license: Use of this software requires a license for Google Cloud Platform. related: - infrastructure_ci_cd/gcp.yaml - - infrastructure_ci_cd/knative.yaml + - infrastructure_ci_cd/cloud_run.yaml tags: - cloud - gcp diff --git a/radar/infrastructure_ci_cd/gcp.yaml b/radar/infrastructure_ci_cd/gcp.yaml index b61d9d17..ad345059 100644 --- a/radar/infrastructure_ci_cd/gcp.yaml +++ b/radar/infrastructure_ci_cd/gcp.yaml @@ -17,7 +17,7 @@ description: | rationale: | Since we have chosen to go with Google Cloud, This blip represent all services that are considered to be part of the core package for GCP. - Therefore all the services gathered here are consolidated into a single blip for brewity. + Therefore all the services gathered here are consolidated into a single blip for brevity. license: commercial: company: Google diff --git a/radar/infrastructure_ci_cd/github.yaml b/radar/infrastructure_ci_cd/github.yaml index 1a919400..333f5cc3 100644 --- a/radar/infrastructure_ci_cd/github.yaml +++ b/radar/infrastructure_ci_cd/github.yaml @@ -15,7 +15,7 @@ description: | rationale: | Using GitHub makes it easier to collaborate with colleagues and peers and look back at previous versions of your work. We have many integrations to github - from other tools, e.g Spinnaker, Sonarcube, Jenkins. + from other tools, e.g Spinnaker, Sonarcloud, Jenkins. license: commercial: company: GitHub diff --git a/radar/infrastructure_ci_cd/github_actions.yaml b/radar/infrastructure_ci_cd/github_actions.yaml index a4ac868e..de366b07 100644 --- a/radar/infrastructure_ci_cd/github_actions.yaml +++ b/radar/infrastructure_ci_cd/github_actions.yaml @@ -12,7 +12,7 @@ description: | rationale: | GitHub Actions support CI on a variety of build platforms including Windows, MacOS and Linux. You have the option to build in pre-built containers, bring your own, or build on VMs. There already exists an enormous collection of - community actions to move quickly with intergrating with 3rd party sevices. The pricing model is highly competitive, + community actions to move quickly with integrating with 3rd party services. The pricing model is highly competitive, and would allow us to significantly reduce our spend compared to CircleCI or Appveyor. It is CI as a Service, which is the direction we want to move. diff --git a/radar/infrastructure_ci_cd/grunt.yaml b/radar/infrastructure_ci_cd/grunt.yaml index bddd881c..fe7fc78a 100644 --- a/radar/infrastructure_ci_cd/grunt.yaml +++ b/radar/infrastructure_ci_cd/grunt.yaml @@ -3,6 +3,8 @@ logo: https://gruntjs.com/img/grunt-logo.svg blip: - date: 2019-02-20 ring: HOLD + - date: 2024-08-09 + ring: ARCHIVE description: | The JavaScript task runner. rationale: | diff --git a/radar/infrastructure_ci_cd/gulp.yaml b/radar/infrastructure_ci_cd/gulp.yaml index e70c7bea..e2d32302 100644 --- a/radar/infrastructure_ci_cd/gulp.yaml +++ b/radar/infrastructure_ci_cd/gulp.yaml @@ -3,6 +3,8 @@ logo: https://upload.wikimedia.org/wikipedia/commons/7/72/Gulp.js_Logo.svg blip: - date: 2019-02-20 ring: HOLD + - date: 2024-08-09 + ring: ARCHIVE description: | Gulp is a toolkit for automating painful or time-consuming tasks in your development workflow, so you can stop messing around and build something. diff --git a/radar/infrastructure_ci_cd/identityserver.yaml b/radar/infrastructure_ci_cd/identityserver.yaml index b7a920e4..d624f446 100644 --- a/radar/infrastructure_ci_cd/identityserver.yaml +++ b/radar/infrastructure_ci_cd/identityserver.yaml @@ -2,6 +2,8 @@ name: IdentityServer blip: - date: 2019-05-22 ring: HOLD + - date: 2024-08-09 + ring: ARCHIVE description: | [IdentityServer](http://docs.identityserver.io/en/latest/) is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. diff --git a/radar/infrastructure_ci_cd/istio.yaml b/radar/infrastructure_ci_cd/istio.yaml index 53df6b2b..6593cdd4 100644 --- a/radar/infrastructure_ci_cd/istio.yaml +++ b/radar/infrastructure_ci_cd/istio.yaml @@ -5,6 +5,8 @@ blip: ring: ASSESS - date: 2020-04-13 ring: TRIAL + - date: 2024-08-09 + ring: ARCHIVE description: | Cloud platforms provide a wealth of benefits for the organizations that use them. However, there’s no denying that adopting the cloud can put strains on DevOps teams. diff --git a/radar/infrastructure_ci_cd/jib.yaml b/radar/infrastructure_ci_cd/jib.yaml index 6f8385cb..b10a925d 100644 --- a/radar/infrastructure_ci_cd/jib.yaml +++ b/radar/infrastructure_ci_cd/jib.yaml @@ -5,6 +5,8 @@ blip: ring: ASSESS - date: 2020-01-27 ring: TRIAL + - date: 2024-08-09 + ring: ARCHIVE description: | Jib builds optimized Docker and OCI images for your Java applications without a Docker daemon. It is available as plugins for Maven and Gradle and as a Java library. diff --git a/radar/infrastructure_ci_cd/kustomize.yaml b/radar/infrastructure_ci_cd/kustomize.yaml index 1e34067a..aff0b947 100644 --- a/radar/infrastructure_ci_cd/kustomize.yaml +++ b/radar/infrastructure_ci_cd/kustomize.yaml @@ -2,6 +2,8 @@ name: Kustomize blip: - date: 2019-10-03 ring: TRIAL + - date: 2024-08-09 + ring: ARCHIVE description: | Kustomize introduces a template-free way to customize application configuration for Kubernetes. Simplifies the use of off-the-shelf applications. diff --git a/radar/infrastructure_ci_cd/opa.yaml b/radar/infrastructure_ci_cd/opa.yaml index 3747d748..e4ce7d7b 100644 --- a/radar/infrastructure_ci_cd/opa.yaml +++ b/radar/infrastructure_ci_cd/opa.yaml @@ -1,4 +1,5 @@ -name: OPA +name: Open Policy Agent +logo: https://www.openpolicyagent.org/img/logo.png blip: - date: 2020-03-11 ring: ASSESS @@ -7,8 +8,6 @@ blip: - date: 2020-08-29 ring: ADOPT description: | - Open Policy Agent -rationale: | As the technology landscape is becoming more complex, concerns such as security need more automation and engineering practices. When building systems, we need to take into consideration security policies, which are rules and procedures to protect our systems from threats and disruption. For example, access control policies define and enforce who can @@ -19,6 +18,12 @@ rationale: | policy enforcement across the stack. OPA provides a high-level declarative language that let’s you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more. +rationale: | + We use OPA to secure all our APIs. OPA allows us to express security policies in a technology agnostic language + (Rego) and decouples authorization decisions from application business logic. + + We prefer to run OPA an ingestor sidecar that intercepts and authorizes all API calls prior to dispatching them + to the API. license: open-source: name: Apache-2.0 diff --git a/radar/infrastructure_ci_cd/ory_hydra.yaml b/radar/infrastructure_ci_cd/ory_hydra.yaml index 5587d424..fefa19e5 100644 --- a/radar/infrastructure_ci_cd/ory_hydra.yaml +++ b/radar/infrastructure_ci_cd/ory_hydra.yaml @@ -2,13 +2,15 @@ name: ORY Hydra blip: - date: 2021-01-29 ring: ASSESS + - date: 2024-08-09 + ring: ARCHIVE description: | [ORY Hyrda](https://www.ory.sh/hydra/) OAuth 2.0 and OpenID Certified OpenID Connect Server. rationale: | - ORY Hydra is a fully compiant OAuth2.0 and OpenID Connect Server. We plan to utilize Hydra to support the OAuth Client - Credential Flow which is not currently supported by Google Identity Platform. The Client Credential Flow is used to - enable machine authentication, where a client_id and client_secret are exchanged for a signed JWT which is used for - authentication to Extenda Retail APIs. Things that we want to assess are as follows + ORY Hydra is a fully compliant OAuth2.0 and OpenID Connect Server. We plan to utilize Hydra to support the + OAuth Client Credential Flow which is not currently supported by Google Identity Platform. The Client Credential + Flow is used to enable machine authentication, where a client_id and client_secret are exchanged for a signed + JWT which is used for authentication to Extenda Retail APIs. Things that we want to assess are as follows * Ease of Deployment * Scalability diff --git a/radar/infrastructure_ci_cd/saltstack.yaml b/radar/infrastructure_ci_cd/saltstack.yaml index b3f86fa6..83d31c4d 100644 --- a/radar/infrastructure_ci_cd/saltstack.yaml +++ b/radar/infrastructure_ci_cd/saltstack.yaml @@ -4,6 +4,8 @@ blip: ring: ADOPT - date: 2020-06-15 ring: HOLD + - date: 2024-08-09 + ring: ARCHIVE description: | SaltStack is a deployment and monitoring platform. rationale: | diff --git a/radar/infrastructure_ci_cd/skaffold.yaml b/radar/infrastructure_ci_cd/skaffold.yaml index 4f15b3e6..d0577d65 100644 --- a/radar/infrastructure_ci_cd/skaffold.yaml +++ b/radar/infrastructure_ci_cd/skaffold.yaml @@ -2,6 +2,8 @@ name: Skaffold blip: - date: 2020-04-16 ring: TRIAL + - date: 2024-08-09 + ring: ARCHIVE description: | [Skaffold](https://skaffold.dev/) is a command line tool that facilitates continuous development for K8s applications. You can iterate on your application source code locally diff --git a/radar/infrastructure_ci_cd/spinnaker.yaml b/radar/infrastructure_ci_cd/spinnaker.yaml index e13a387b..96a0fc53 100644 --- a/radar/infrastructure_ci_cd/spinnaker.yaml +++ b/radar/infrastructure_ci_cd/spinnaker.yaml @@ -2,6 +2,8 @@ name: Spinnaker blip: - date: 2019-05-22 ring: ADOPT + - date: 2024-08-09 + ring: ARCHIVE description: | Spinnaker is an open-source, multi-cloud continuous delivery platform that helps you release software changes with high velocity and confidence. diff --git a/radar/infrastructure_ci_cd/stream_io.yaml b/radar/infrastructure_ci_cd/stream_io.yaml index cce11556..df123b10 100644 --- a/radar/infrastructure_ci_cd/stream_io.yaml +++ b/radar/infrastructure_ci_cd/stream_io.yaml @@ -3,6 +3,8 @@ shortname: Stream.io blip: - date: 2020-07-02 ring: ASSESS + - date: 2024-08-09 + ring: ARCHIVE description: | [Stream](https://getstream.io/) enables us to build chat/feeds/push message functionality without implementing backend and transport. It has stylable components for diff --git a/radar/infrastructure_ci_cd/terraform.yaml b/radar/infrastructure_ci_cd/terraform.yaml index 1214d4b0..924317fa 100644 --- a/radar/infrastructure_ci_cd/terraform.yaml +++ b/radar/infrastructure_ci_cd/terraform.yaml @@ -6,7 +6,6 @@ description: | HashiCorp Terraform allows you to declare infrastructure as code. rationale: Terraform is the preferred IoC configuration tool in use at Extenda Retail. - It is for example used by IS/IT and for all our AWS services. license: open-source: name: MPL-2.0 diff --git a/radar/infrastructure_ci_cd/vale.yaml b/radar/infrastructure_ci_cd/vale.yaml index 5576b7c9..563c4786 100644 --- a/radar/infrastructure_ci_cd/vale.yaml +++ b/radar/infrastructure_ci_cd/vale.yaml @@ -2,6 +2,8 @@ name: Vale blip: - date: 2021-08-19 ring: ASSESS + - date: 2024-08-09 + ring: ARCHIVE description: | [Vale](https://github.com/errata-ai/vale) is a command-line tool that brings code-like linting to prose. It's fast, cross-platform (Windows, macOS, and Linux), and highly customizable. diff --git a/radar/infrastructure_ci_cd/vernemq.yaml b/radar/infrastructure_ci_cd/vernemq.yaml index 3d3014af..d3ce2061 100644 --- a/radar/infrastructure_ci_cd/vernemq.yaml +++ b/radar/infrastructure_ci_cd/vernemq.yaml @@ -4,6 +4,8 @@ logo: https://vernemq.com/images/og-vernemq-logo.png blip: - date: 2021-01-28 ring: ASSESS + - date: 2024-08-09 + ring: ARCHIVE description: | [VerneMQ](https://vernemq.com) is first and foremost a MQTT publish/subscribe message broker which implements the OASIS industry standard MQTT protocol. But VerneMQ is also built to take messaging and IoT diff --git a/radar/infrastructure_ci_cd/yum.yaml b/radar/infrastructure_ci_cd/yum.yaml index ff2d7c21..42519d82 100644 --- a/radar/infrastructure_ci_cd/yum.yaml +++ b/radar/infrastructure_ci_cd/yum.yaml @@ -2,6 +2,8 @@ name: YUM blip: - date: 2018-03-20 ring: TRIAL + - date: 2024-08-09 + ring: ARCHIVE description: | Linux package management to find packages and resolve dependencies between RPM packages. rationale: |