Update to README and remove requirement that bucket names start with codeguru-reviewer #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 30 commits
December 17, 2021 13:33
added 7 commits
January 11, 2022 11:33
martinschaef
requested review from
awsgaucho,
senguptaaritra,
vishaalt and
xxz-dev
vishaalt
approved these changes
Feb 3, 2022
README.md
Outdated
| ### Using Encryption | ||
|
|
||
| CodeGuru Reviewer allows you to use a customer managed key (CMCMK) to encrypt content of the S3 bucket that is used | ||
| store source and build artifacts, and all metadata and recommendations that are produced by CodeGuru Reviewer. |
| throw new GuruCliException(ErrorCodes.BAD_BUCKET_NAME, | ||
| config.getBucketName() + " is not a valid bucket name for CodeGuru."); | ||
| Log.warn("CodeGuru Reviewer has default settings only for buckets that are prefixed with " | ||
| + "codeguru-reviewer. If you choose a different, read the instructions in the README."); |
awsgaucho
reviewed
Feb 3, 2022
| push: | ||
| branches: | ||
| - main | ||
| on: [push, pull_request, workflow_dispatch] |
There was a problem hiding this comment.
Last time I had both of push and pull_request enabled (unrestricted, like here, for both events in all branches), I quickly realized that doing so triggered a LOT of analyses. Every push to a feature branch with an open PR also counts as a pull_request event, so you end up running 2x Guru for each push to any PR.
Have you considered unrestricted pull_request, but push only for main?
| accepts bucket names that start with the prefix `codeguru-reviewer-`. | ||
| supports bucket names that start with the prefix `codeguru-reviewer-` out of the box. If you choose a different naming | ||
| pattern for your bucket you need to: | ||
| 1. Grant `S3:GetObject` permissions on their S3 bucket to `codeguru-reviewer.amazonaws.com` |
| supports bucket names that start with the prefix `codeguru-reviewer-` out of the box. If you choose a different naming | ||
| pattern for your bucket you need to: | ||
| 1. Grant `S3:GetObject` permissions on their S3 bucket to `codeguru-reviewer.amazonaws.com` | ||
| 2. If you are using SSE on the S3 bucket, Grant `KMS::Decrypt` permissions to `codeguru-reviewer.amazonaws.com` |
|
|
||
| ### Using Encryption | ||
|
|
||
| CodeGuru Reviewer allows you to use a customer managed key (CMCMK) to encrypt content of the S3 bucket that is used |
There was a problem hiding this comment.
s/to encrypt content of the/to encrypt the content of the/
README.md
Outdated
| ### Using Encryption | ||
|
|
||
| CodeGuru Reviewer allows you to use a customer managed key (CMCMK) to encrypt content of the S3 bucket that is used | ||
| store source and build artifacts, and all metadata and recommendations that are produced by CodeGuru Reviewer. |
There was a problem hiding this comment.
s/used store/used to store/
|
|
||
| CodeGuru Reviewer allows you to use a customer managed key (CMCMK) to encrypt content of the S3 bucket that is used | ||
| store source and build artifacts, and all metadata and recommendations that are produced by CodeGuru Reviewer. | ||
| First, create a customer owned key in KMS. |
There was a problem hiding this comment.
s/customer owned/customer managed/ ?
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
|
||
| ```json | ||
| { | ||
| "Sid": "Allow CodeGuru to use the key to decrypt artifact", |
There was a problem hiding this comment.
nit: replace "artifact" with "artifacts" (or with "the artifact" if just one)
| } | ||
| } | ||
| ``` | ||
| Then, enable server-side for the bucket that you are using with CodeGuru Reviewer. The bucket name should be |
There was a problem hiding this comment.
s/enable server-side/enable server-side encryption/
| throw new GuruCliException(ErrorCodes.BAD_BUCKET_NAME, | ||
| config.getBucketName() + " is not a valid bucket name for CodeGuru."); | ||
| Log.warn("CodeGuru Reviewer has default settings only for buckets that are prefixed with " | ||
| + "codeguru-reviewer. If you choose a different, read the instructions in the README."); |
There was a problem hiding this comment.
s/different/different name/
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
Update to README and remove requirement that bucket names start with codeguru-reviewer-*
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.