Targets
Targets define where a Task will run and using what credentials, after which teams review them.
The Target Object#
name#
The name of the Target.
message#
A description for the Target.
type#
The type of the integration for the Target.
channel#
The name of the Slack channel to send the review messages.
review#
The review configuration for Target: none, default, or teams.
| Review Mode | Description |
|---|---|
none | The default mode. Skips reviews and new Tasks are ready to run. |
anyone | Anyone with access to the review message in Slack can review the Task. You can control who can review the Task by using a private Slack channel. |
team | Only people from specific teams can review the Tasks. Requires a list of team names in the reviewers option. At least one person from each team has to approve the Task. |
reviewers#
A comma-separated list of names with the Teams that must review Tasks on this Target.
channel#
The name of the Slack channel to send review messages. Optional when review=none
secrets#
A list of key-value pairs with passwords and keys required to run tasks. The required secret names are defined on the type of Integration in the Target.
runner#
Where tasks will run.
runops-hosted: runners will access resources reachable from the internet, like AWS or GCP APIs. They require no additional setup.
self-hosted: require additional setup to reach resources running on private networks.
token#
The secret token used to setup self-hosted runners
For runops V2 runner, below configuration is required
runner_provider#
The entity responsible for executing the tasks.
| Provider | Description |
|---|---|
runops | Runops open source runner. Faster and can run "on premise". |
github | Default runner, if not provided. |
secret_provider#
If using runops runner, then a third party secret provider is required. AWS secrets maneger, Hashcorp vault (databases and KV engines supported).)
| Provider | Description |
|---|---|
aws | If using AWS secrets manager. |
hashcorp/db | If using hashcorp vault databases engine (dynamic secrets). |
hashcorp/kv | If using hashcorp vault KV engine (static secrets). |
secret_path#
The name or the path of the secret. For AWS, the secret name. For vault, the path, including the engine (i.e. '/v1/secret/foo' or '/databases/creds/my-postgres')
tags#
Tags are used to bind the runner to run only specific targets. Normally this is related to environments, such as 'dev' or 'prod', but can be any string.
config#
Configs are mostly used for hashcorp vault databases engines. Since this engine does not return the HOST and the PORT of the DB, some extra config is required (JSON format)
--config '{"PG_HOST":"", "PG_PORT":5432}'