We are standardizing our way to deploy software using templates in our CI/CD system.
Basically, the developer adds a ticket to JIRA and after 6 minutes later some magic happens and there is a repository, a pipeline that builds, run tests, coverage, security, and publish the "service" on the 4 environments that we have on the cloud. Actually, 3 (DTA) as production needs manual approval (bank's bureaucracy).<p>Repositories will have by default master branch locked, minimum of 2 reviewers for pull-requests, etc.<p>There are a limited number of templates (api, queue consumer, etc..) that we support right now and we are adding more as we can. These templates come with examples and already with the main project and the unit tests one.<p>The developers have no permission to create the repository themselves. They have to use the "repository vending machine" described above.<p>That saves us a lot of time, ensures compliance and security and makes it easy to move people from one team to another as the process is always the same.<p>Customization is possible for intermediate parts of the process, but any pull requests with changes to the YAML files will require an SRE to approve it.<p>The drawback is, of course, lack of freedom for the developers and we are getting some pushback because of it. The main argument is that this goes against the "you build it, you run it" and they don't want to be tied to a "set of mandatory templates".<p>How do you do it in your organization?
How do you ensure security, compliance and a good level of automation for your build pipelines?