Versions Compared

Version Old Version 23 New Version 24
Changes made by

John McKeever

John McKeever

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Identifying the ‘severity’ of each rule. The MettleCI tools that use Compliance results (the Workbench user interface and the mettleci compliance test CLI command) need to know how to respond to Compliance Rule breaches. How a rule’s breach should be indicated in Workbench or whether its use in a CI pipeline should produce a warning message or abort the pipeline entirely can be defined using Tags.

  • Grouping Compliance Rules into ‘bundles’ of functionally related rules. This could enable users to report or test by functional area. Functional groups into which Compliance Rules could be bundled might be Performance, Security, Maintainability, etc. Tagging also permits a single rule to be associated with multiple functional areas, if required.

  • Enabling the fine-grained sharing of rules across teams within organisations (i.e. tags could be used to identify which DataStage teams they apply to)

  • Defining rules’ behaviour in different environments (e.g. Workbench vs. CI/CD plans)

Some notes on Tag behaviour:

...

Tags are case insensitive.

...

We strongly recommend that the values your use for Tags employ only alphanumeric characters (0-9, a-Z, A-Z) as we can’t guarantee the support for non-alphanumeric tags across all potential platforms and use cases.

The

...

The default behaviour of not specifying any ‘Exclude’ tags is that nothing is excluded.

...

When no ‘Include’ and ‘Exclude’ tags are specified Compliance Rules are not scanned recursively (existing behaviour).  When at least one tag is specified (either Include or Exclude), rules are scanned recursively.

...

You can use * to match all tags so you can use * to include everything and leave Exclude tags blank. This will trigger recursive scanning of rules (different from leaving both blank which results in the existing, shallow, non-recursive behaviour).

The example CI/CD build pipelines that ship with MettleCI demonstrate the use of tags to identify which rules inhibit the successful completion of CI.

...

The mettleci compliance test command (available within the Compliance namespace of the MettleCI Command Line Interface) provides -include-tag and -exclude-tag options to filter the rules which will be used by the command. MettleCI interprets these options so that set of include tags is used first, then the set of exclude tags is removed. In the diagram above, only the rules with tags in set A and NOT in B will be used to select Compliance Rules (formally referred to as the 'relative complement of B in A'). Similarly, the .

Some notes on Tag behaviour:

  • Tags are case insensitive.

  • We strongly recommend that the values your use for Tags employ only alphanumeric characters (0-9, a-Z, A-Z) as we can’t guarantee the support for non-alphanumeric tags across all potential platforms and use cases.

  • The default behaviour of not specifying an Include tags option is that everything is included.

  • The default behaviour of not specifying any Exclude tags option is that nothing is excluded.

  • The default behaviour of not specifying any Include or Exclude tag options is that everything is included.

  • When no Include and Exclude tags are specified Compliance Rules are not scanned recursively (existing behaviour).  When at least one tag is specified (either Include or Exclude), rules are scanned recursively.

  • You can use * to match all tags so you can use * to include everything and leave Exclude tags blank. This will trigger recursive scanning of rules (different from leaving both blank which results in the existing, shallow, non-recursive behaviour).

Workbench Configuration

The MettleCI Workbench permits you to specify which include and exclude tags will be used when testing your Job’s Compliance interactively from within the Workbench interface.

...