travis to only run builds after a code review about devrel HOT 3 CLOSED

Fully agree with the points raised about malicious code. Even more so every PR author could de-facto deploy arbitrary proxies in the devrel org.

To reduce the chance of unwanted turnaround times during code reviews we could also split the current run-pipeline.sh into:

• pre-deploy: Consisting of static code analysis, unit testing and potentially packaging
• deploy: Consisting of the proxy deployment as well as all the testing against the deployed proxies.

And have the pre-deploy phase run automatically (without any Apigee credentials or environment) and manually trigger the second deploy step.

from devrel.

It might also be worthwhile to discuss if the individual proxies need to remain deployed after the deployment is verified. This could prevent us from clients calling the devrel org proxies outside of the automated deployment pipeline and validation. Additionally we would not necessarily restrict multiple demos/labs from overlapping in their base path.

from devrel.

Well, there is not much else we can do I guess then splitting the execution as you explained there @danistrebel. Luckily run-pipeline naturally seems split in that way - the parts before and after the individual solution pipeline execution steps.

So any PR that fixes this issue could look at the nightly/PR flags and decide whether to execute individual pipelines or not.

Your idea to potentially cleanup the org is a good one as well but I feel it can be implemented in a separate issue as it is not a blocker atm.

Makes sense?

from devrel.