Plugin Policy

Introduction

Your application workflow should follow certain standards and precautions to ensure reliability and a smooth release. For example, mandating load testing for production deployments might help you identify performance bottlenecks early rather than face possible outages, unhappy users, or revenue loss.

The Plugin Policy feature in Devtron lets you enforce the presence of specific plugins at various stages in your application's build and deployment pipelines, such as pre-build, post-build, pre-deployment, or post-deployment. Therefore, if the required plugins do not exist in the specified stage(s), you can decide the action (whether to allow or block the pipeline trigger).

Tutorial

Creating a Plugin Policy

1. Go to Global Configurations → Plugin Policy.

   
2. Click + Create Profile.

   
3. Give a name to the profile, e.g., check-jira, and add a description (optional) preferably explaining what it does.

   
4. Choose whether the profile should apply to the Build pipeline or the Deployment pipeline.

1. Under Mandatory Plugin(s), click Add Plugin.

   
2. A list of plugins will appear for you to choose from. Select one or more plugins to make them mandatory for the pipeline you selected in step 4.

   

1. Click Done.

2. Use the dropdown menu to choose the stage (pre or post) at which you wish to enforce your chosen plugin(s). You can select mixed stages too.

   

   Here, Pre means before and Post means after.

3. Decide the action that the system should take in case your policy is not followed by the intended pipelines in your application workflow.

   

   • Allow respective triggers with warning - This will allow the non-compliant pipeline to run. However, it will display an 'Action required' warning at the intended stage (pre/post) of the pipeline in the application's workflow.

   • Block respective triggers immediately - This will not allow the non-compliant pipeline to run (whether manual execution or automated) effective immediately, unless the user configures the mandatory plugins.

   • Block respective triggers from date/time - This will allow the non-compliant pipeline to run only till a given date and time. After that, it will block the non-compliant pipeline unless the user configures the mandatory plugins.

4. Click Save Changes.

Applying a Plugin Policy

1. After you create a policy, you can apply it. Click Apply Profile on the same screen.

   
2. From the Select profiles to apply dropdown, choose the policy you wish to apply. You also have the option to select more than one policy (if they exist) using the checkbox.

   
3. Under Apply selected policies to all pipelines:

   • Global - Select this option to apply your chosen policies to all application workflows across all clusters.

   • By Match Criteria - Select this option to use a combination of filters to decide the target pipelines fulfilling your criteria. Your policy will only apply to such target pipelines.

   
4. (Skip this if you chose Global in the previous step) Upon choosing the By Match Criteria option, the following match criteria are available for you:

   • Project

   • Application

   • Cluster

   • Environment

   • Branch fixed

   • Branch regex

   Once you select the criteria, choose the value displayed to you in the dropdown list as shown below.

   
5. (Optional) You may also write a note for your other team members to understand the intent and context of your policy.

   
6. Click Save Changes.

Once you apply the plugin policy, you can view the pipelines that are not adhering to your policy as shown below. Clicking on the non-compliant pipeline will take you directly to the application workflow prompting you to take action.

Results

Since we created a policy that blocks the trigger of non-compliant deployment pipelines, no user can trigger the deployment unless the mandatory plugins are configured as shown below.

On the other hand, if you selected Build pipeline in step 4 of Creating Plugin Policy, the build trigger would get blocked as shown below.