Integrating Hakiri with Codeship
At Codeship, we’re pleased to be able to integrate with several third-party products across a variety of areas to ensure your CI/CD workflows are that much smoother. For example, Hakiri is a service for analyzing and monitoring the security of your Rails application dependencies. By using Hakiri, you can be sure that your Ruby gems are up to date and secure.
The Hakiri documentation does a great job of providing more information, in addition to the setup instructions below and our own documentation. We'll cover setups for both Codeship Pro and Codeship Basic.
Codeship Pro
You will need to add your STACK_ID
value to the environment variables that you encrypt and include in your codeship-services.yml file.
To generate your stack ID, you can follow the Hakiri documentation.
Manifest file
You will need a Hakiri manifest file to exist in your repo, unless you want to generate a new one each time you run your CI/CD process.
To generate the manifest file (either in CI/CD or locally so that you can commit it to your repository), you will need to follow the instructions below to install the Hakiri Toolbelt and then run the following command:
hakiri manifest:generate
Installing the Hakiri Toolbelt
To use Hakiri in your CI/CD process, you’ll need to add the Hakiri Toolbelt to a service in your codeship-services.yml file.
To install the Hakiri Toolbelt, you will need to add the following command to the Dockerfile for the service you want to run Hakiri on:
gem install hakiri
Note that this requires the Dockerfile to also have Ruby and the gems binary installed.
Running a scan
Once your Hakiri Stack ID is loaded via your encrypted environment variables and you have defined a service that installs the Hakiri Toolbelt, you can run a Hakiri scan during your CI/CD pipeline by passing the Hakiri Toolbelt commands via the service you have it installed in.
For example:
- name: Hakiri service: app command: hakiri.sh
Inside this hakiri.sh
script, you will have something similar to:
hakiri system:scan hakiri system:sync -s $STACK_ID
There is a larger list of commands you can run over at the Hakiri documentation.
Codeship Basic
For Codeship Basic, you will need to add your STACK_ID
value to your project’s environment variables. You can do this by navigating to Project Settings and then clicking on the Environment tab.
To generate your stack ID, you can follow the Hakiri documentation.
Manifest file
You will need a Hakiri manifest file to exist in your repo, unless you want to generate a new one each time you run your CI/CD process.
To generate the manifest file (either in CI/CD or locally so that you can commit it to your repository), you will need to follow the instructions below to install the Hakiri Toolbelt and then run the following command:
hakiri manifest:generate
Installing the Hakiri Toolbelt
To use Hakiri in your CI/CD process, you’ll need to install the Hakiri Toolbelt via your project’s setup commands.
gem install hakiri
Running a scan
Once your Hakiri Stack ID is loaded via your environment variables and you have installed the Hakiri Toolbelt, you can run a Hakiri scan during your CI/CD pipeline.
You will need to add the following commands to your project’s setup and test commands.
For example:
hakiri system:scan hakiri system:sync -s $STACK_ID
There is a larger list of commands you can run over at the Hakiri documentation.
Stay up to date
We'll never share your email address and you can opt out at any time, we promise.