Sym is all about helping teams weave intelligent approvals into their systems. With our new CircleCI Orb, we’ve extended the range of workflows we support to include CI/CD pipelines. Sym’s CircleCI support means you can integrate risk-based decision making into your automation pipelines with lightweight configurations of Sym’s SDK.
If you’re using CircleCI with GitHub or GitLab, the approval tools at your disposal provide a limited range of out-of-the-box options. Branch protection rules in GitHub and GitLab both allow you to configure approver requirements at the time of merge. CircleCI has an approval job type that will hold a job until someone comes into the app and clicks approve. You can also trigger the approval via the CircleCI API.
Sym helps you build on these approval primitives to create workflows that exactly match your business requirements. With Sym, you can set up intelligent approvals when:
Sym's SDK enables you to not only slot simple approval gates anywhere in your pipeline, but to automate routing and rules so your team is making the right decisions, quickly, with the right context.
Let’s start by looking at how to wire Sym approvals into your CircleCI job. With this improvement, we’ll get the benefits of Slack-based approval while opening up lots of options for intelligent build approval down the road.
After you have followed the next steps, you’ll have a secure, audit-friendly approval flow for your CircleCI builds that surfaces approvals in Slack. The approvals will look like the following:
You can view a full walkthrough on our docs site, but the highlights are:
1. Add a CircleCI API token to your Sym secrets
2. Add a Flow with api as an allowed_source, as well as inputs we can supply from our CircleCI build:
3. Upon approval, use a Sym Hook to tell CircleCI to approve the build.
4. Create a Sym Bot Token for your CircleCI project
5. Wrap the CircleCI approval job type in the Sym Orb’s request and validate jobs:
Once you’ve got the basic flow set up, your CircleCI workflows will make a request to Sym that gets routed to Slack for approval. You’ll see the new steps show up in your CircleCI Dashboard:
Now that you’ve got a Sym flow wired up, you can add conditions to decide when to request approvals, as well as who to ask. There are tons of ways you can configure this with Sym, but we’ll start with an example that uses the Sym Request API’s context feature. With context, you can supply additional data to your flow to assist in routing decisions.
The full implementation for this flow is over in our examples repo!
Let’s say you want to automatically approve changes unless there’s been a modification to your Terraform configs, in which case you want to wait for an approval. You can do this by creating a diff and then passing this data along to Sym in your API context!
1. Generate a list of changed files in your CircleCI config, and persist it into your CircleCI workspace in the sym/contexts path. Sym’s orb will automatically load context files that are saved into this workspace directory:
2. Now in your Sym Flow implementation, add an on_request Hook to check if a diff has been supplied in the context field. If it was, and you detect no Terraform files, then fast track approval!
3. Your users will see the fast-tracked approval in Slack:
Here we’ve covered some of the basics on how to use Sym and CircleCI for intelligent approvals. There’s a lot more to cover here, including:
Reach out if you'd like to give the new Sym orb a try. It's quick, easy and free to try us out.
