IBM Cloud Docs
Plan limitations and usage

Plan limitations and usage

The use of IBM Cloud® Continuous Delivery is limited to the building, deploying, testing, and ongoing operations of applications on the IBM Cloud platform or other compatible platform-as-a-service or infrastructure-as-a-service offerings.

Scope of a service instance

You must have a Continuous Delivery service instance to create and use DevOps toolchains that include the Delivery Pipeline, Git Repos and Issue Tracking, and DevOps Insights tool integrations. A service instance resides in a region and belongs to a resource group. The Continuous Delivery service instance in a specific region and resource group governs and meters your usage of all of the toolchains in the same region and resource group.

Pricing plans

The following table outlines the pricing plans of Continuous Delivery:

Table 1. Pricing plans
Plan Cost Limits
Lite Free The Lite plan offers the full capabilities of Continuous Delivery with limits on usage.
Professional Paid The Professional plan offers the full capabilities of Continuous Delivery with no limits on usage.

You can have at most one Lite service instance per account. It is recommended that you use the Professional plan if you want to work with toolchains in multiple resource groups, or within multiple regions.

For more information about the plans, see pricing plans.

Usage metrics

Continuous Delivery service instances track and report usage metrics within your IBM Cloud account. Depending on the pricing plan of a service instance, the metrics might affect usage cost, usage limits, or both. The following table outlines the usage metrics of Continuous Delivery:

Table 2. Usage metrics for Lite and Professional plans
Usage Metric Summary
Authorized users AUTHORIZED_USERS_PER_MONTH A count of the average number of authorized users of the service instance within a given month.
Pipeline runs JOB_EXECUTIONS_PER_MONTH A count of the total number of pipeline Tekton step or classic job runs within a given month.

Consolidated billing

By default, Continuous Delivery service instances report usage independently of each other. If you have organized your toolchains into multiple resource groups in a standalone IBM Cloud account or across several IBM Cloud accounts in an enterprise, then users of your toolchains might be reported as authorized users multiple times from corresponding multiple instances of the Continuous Delivery service.

For example, a developer on a Git Repos and Issue Tracking project that is integrated into two toolchains in different resource groups will be counted and, under the Professional plan, billed for twice.

You can enable the consolidated billing feature of a Continuous Delivery service instance with the Professional plan in an enterprise account to cause the service to consolidate the authorized users from all Continuous Delivery service instances in your enterprise hierarchy, within a region, into one list. By using this feature, you can ensure that an authorized user email will only be counted and billed for once within your enterprise and region.

The consolidated billing feature is available with the Continuous Delivery Professional plan only. Consolidation occurs only within the region containing the Continuous Delivery service instance which has the consolidated billing feature enabled.

Consolidated billing is disabled by default.

How do you enable consolidated billing?

To enable consolidated billing, you must have an instance of Continuous Delivery with the Professional plan in an enterprise account, and you must have access to the instance with the Editor or Administrator role.

To enable consolidated billing:

  1. Login to IBM Cloud.
  2. Select the enterprise account within which you want to consolidate billing.
  3. Go to the Resource list.
  4. In the Product column, in the filter text box, type Continuous Delivery to view your existing services.
  5. Locate the Continuous Delivery service instance to which you want to consolidate billing.
  6. Click on the name of the instance.
  7. Click Manage > Consolidated billing.
  8. In the Enable consolidated billing section, click the toggle button On.
  9. In the Consolidated authorized users section, review the list of Email addresses to ensure it is complete and correct.

The Consolidated billing tab is available only in Continuous Delivery service instances with the Professional plan located within the enterprise account (the top most account in the enterprise hierarchy).

If you change the plan of a Continuous Delivery service instance that has consolidated billing enabled from Professional to another plan, consolidated billing will be disabled automatically. To re-enable consolidated billing, you must first change the plan back to Professional.

How do you disable consolidated billing?

  1. Follow steps 1 to 7 in How do you enable consolidated billing?.
  2. In the Enable consolidated billing section, click the toggle button Off.

How does consolidated billing work?

By default, each Continuous Delivery service instance is responsible for reporting its own count of authorized users. When consolidated billing is enabled on a service instance in the enterprise account, that instance takes over responsibility for reporting the number of authorized users on behalf of all service instances in the same region and in the enterprise hierarchy, including those in all child accounts, and including any other instances in other resource groups in the enterprise account. The instance gathers up the lists of authorized users from all instances in the region and in the hierarchy, eliminates duplicate email addresses, and reports a count of the resulting consolidated list of authorized user email addresses to the enterprise account.

To review the consolidated list of authorized user email addresses:

  1. Login to IBM Cloud.
  2. Select the enterprise account.
  3. Go to the Resource list.
  4. In the Product column, in the filter text box, type Continuous Delivery to view your existing services.
  5. Locate the Continuous Delivery service instance that has consolidated billing enabled.
  6. Click on the name of the instance.
  7. Click Manage > Consolidated billing.
  8. Review the list of Email addresses in the Consolidated authorized users section.

The list of consolidated authorized users is read-only, because it is computed from the authorized users lists of all service instances in the enterprise hierarchy.

When consolidated billing is enabled on a service instance, the Manage > Authorized users tabs on all other service instances in the enterprise hierarchy will inform you that the service instances are participating in consolidated billing.

Limitations of consolidated billing

  • Consolidated billing requires an enterprise account hierarchy. You cannot enable consolidated billing across resource groups in a standalone account.
  • Consolidated billing requires the Professional plan. Consolidated billing cannot be enabled on a Continuous Delivery service instance with any other plan. Authorized users are consolidated only from Continuous Delivery service instances with the Professional plan. For example, Lite plan Continuous Delivery service instances do not participate in consolidated billing.
  • Consolidated billing can be enabled only on a service instance in the enterprise account.
  • Consolidated billing can be enabled on at most one service instance in the enterprise account.
  • Consolidated billing applies to authorized users only. Consolidated billing does not affect how pipeline runs are reported.
  • Consolidated billing is confined to a single given region. Usage cannot be consolidated from one region to another.
  • While consolidated billing is enabled on a Continuous Delivery service instance, all other Professional plan instances of the service in the enterprise hierarchy report zero authorized users, even though they continue to list their authorized users.

Deleting a Continuous Delivery service instance in a Consilidated Blling-enabled enterprise account stops billing for that instance.Other instances of the service in the enterprise and region resume normal billing. Consolidated billing is not automatically reactivated when a deleted service instance is restored during reclamation. To re-enable consolidated billing for a restored service instance, go to Manage > Consolidated billing in your restored Continuous Delivery service instance tab.

Authorized users

Continuous Delivery pricing plans are defined and priced based on the number of authorized users for a service instance. Authorized users are added automatically to a service instance in response to usage of the service instance. You can review and manage the list of authorized users on the Manage > Authorized users tab of a Continuous Delivery service instance. If consolidated billing is enabled, you can review the consolidated list of authorized users on the Manage > Consolidated billing tab of the Continuous Delivery service instance in the enterprise account.

If your toolchain integrates Git Repos and Issue Tracking projects in the open-toolchain group that is provided by IBM, such as in us-south.git.cloud.ibm.com/open-toolchain, members of these projects are not counted as authorized users of your toolchains.

The Lite plan is subject to limits. For more information about Continuous Delivery plans, see the service catalog.

You can maintain an activity log related to authorized users. For more information about viewing, managing, and auditing service-initiated and user-initiated activities in your IBM Cloud® Continuous Delivery instances, see IBM Cloud Activity Tracker events.

How are users counted for instances of Continuous Delivery in resource groups?

Users are counted and managed by using the list of authorized users that belongs to each Continuous Delivery service instance. Users are automatically added to this list when they meet any of the following criteria:

  • View, edit, or run (either directly in the user interface or indirectly by committing to a repo) a delivery pipeline.
  • Interact with DevOps Insights.
  • Have Developer (or greater) access to a repo in Git Repos and Issue Tracking that allows them to commit and push changes to that repo. Users of Git Project Access Tokens with the Developer (or greater) role are counted as authorized users. These users appear in the list of authorized users as bot users.

Users with only the Guest or Reporter roles are not automatically added to the authorized users list. To prevent users from accessing toolchains and automatically being added to the authorized user list for a Continuous Delivery service instance, complete the following actions:

  • Remove the user's access to the toolchain from IAM.
  • Remove Developer and higher access from all Git Repos and Issue Tracking repos that are attached to all of the toolchains in the resource group and region by removing their repo access or downgrading their role to Guest or Reporter.

The specific activities that are used to automatically count users, and the method for counting those users might change over time. However, the process for counting users will continue to comply with the terms of Continuous Delivery plans. You can also manually add users to the list of authorized users, at any time.

For more information about using IAM to manage access to toolchains in a resource group or the toolchain itself, see Managing user access to toolchains with Identity and Access Management. For more information about managing access to a Git Repos and Issue Tracking repo, see Project's members.

The method that you use to organize toolchains within resource groups directly impacts user access and billing. By default, when a user uses toolchains in multiple regions or resource groups, they are counted and billed for each Continuous Delivery service instance within each unique pairing of region and resource group. If you have an enterprise account and are using the Continuous Delivery Professional plan, you might be able to reduce the total count of authorized users billed within the enterprise by enabling consolidated billing.

You can manage the list of authorized users on the Manage tab within the Continuous Delivery service instance.

  1. Go to the Resource list for your IBM Cloud account.
  2. In the Product column, in the filter text box, type Continuous Delivery to view your existing services.
  3. For each service, click the hyperlink in the Name column.
  4. In the Manage > Authorized users tab, you can view, add, or remove users from the list of authorized users, as needed.
  5. If you have enabled consolidated billing, in the Manage > Consolidated billing tab you can view the consolidated list of authorized users.

Users are automatically added or added again when they use the Continuous Delivery service.

Viewing billing and usage information

You can view all of the instances of the Continuous Delivery service in your account and the number of users and pipeline executions that are reported against each instance in an IBM Cloud Public environment.

  1. From the menu bar, click Manage > Billing and usage.
  2. Click Usage.
  3. In the Services section, click View plans for the Continuous Delivery service.
  4. Click View details for the plan that you want to view information about.
  5. Click View instance details for the instance of Continuous Delivery that you want to view usage information for.

The AUTHORIZED_USERS_PER_MONTH metric is calculated based on a monthly average of users that is counted daily.

If consolidated billing is enabled, the Continuous Delivery service instance in the enterprise account that is enabled will report the consolidated AUTHORIZED_USERS_PER_MONTH metrics. All other service instances in the enterprise hierarchy will report zero.

What happens when you exceed the limits of your service plan?

The Lite service plan has limitations such as on the number of authorized users of the service, and on the number of Classic Delivery Pipeline jobs or Tekton steps that can run per month. For more information about the plan, see the service catalog. If any of the plan limitations are exceeded in a billing period, the service suspends. For example, Classic Delivery Pipeline jobs and Tekton pipeline steps do not run for the remainder of the billing period.

Upgrading to the Professional plan will remove these limitations and reactivate the service.

How can you change to a different service plan?

You can upgrade from the Continuous Delivery Lite service plan to the Professional plan.

  1. From the console, click the Menu icon Menu icon > Resource list to view your list of resources.
  2. Click the Continuous Delivery service that you want to upgrade.
  3. Click Plan in the Continuous Delivery service instance dashboard.
  4. In the Change pricing plan section, select Professional to upgrade to the Continuous Delivery Professional plan, and click Save.
  5. After you change your plan, you must restage your app. Go to your resource list to find the app that the service is bound to. Click the Menu icon Menu icon > Resource list. In the app menu, select Restart App.

Changing a plan through the CLI

As an alternative to the console, you can change the Continuous Delivery service's pricing plan by using the IBM Cloud command-line interface (CLI).

  1. Check whether the service is enabled with the resource controller.

    ibmcloud catalog service continuous-delivery

    If the service is enabled with the resource controller (RC), it lists RC Compatible true. Make note of the ID of the plan that you want to change to.

    ID                 59b735ee-5938-4ebd-a6b2-541aef2d1f68
Name               continuous-delivery
Kind               service
Provider           IBM
Tags               dev_ops, eu_access, gc_migrate, ibm_created, lite, rc_compatible
Active             true
Description        Support DevOps best practices by using Git, issue tracking, and CI/CD pipelines in the Cloud.
Bindable           false
Original Name      continuous-delivery
RC Compatible      true
RC Provisionable   true
IAM Compatible     true
Children           Name                      Kind         ID
                   lite                      plan         a35fb0e9-4fc2-400e-8161-49078e5af632
                   professional              plan         9ca4dc64-bc7b-4aba-9c1c-8bbf30ff127e

  2. Change the plan for your service instance by using the ibmcloud resource service-instance-update command.

    ibmcloud resource service-instance-update <service_instance_name>
--service-plan-id <plan_id>

Delivery Pipeline usage

Delivery pipelines under a Continuous Delivery service instance Lite plan have several limitations.

  • The 500-step and job run limit includes both pipeline steps for Tekton pipelines and pipeline job runs for Classic pipelines. If your pipeline has many steps within a single run, such as with the DevSecOps pipelines, you might reach this limit quickly.
  • Delivery pipeline failures, excluding skipped step runs and Classic job runs, are counted as part of the 500 Tekton step run limit per month. This 500-step run limit also applies to Classic job runs for Classic pipelines.
  • All of your toolchains and all of your pipelines within those toolchains that are in the same resource group contribute to the same limit of 500 Tekton step runs per month. The same limit is used because pipeline step runs and job runs are counted at the resource group level for a specific Continuous Delivery instance.

A five-day grace period is offered the first time that you reach the 500-step run limit. This grace period is offered only once.

The retention period for pipelines varies based on the pipeline type and the plan that is selected for the Continuous Delivery service instance.

  • Classic pipelines retain a maximum of 10 stage runs on either plan.
  • Tekton pipelines under the Professional plan retain PipelineRuns and their logs for one year.
  • Tekton pipelines under the Lite plan retain PipelineRuns and their logs for 30 days.

The acceptable usage behaviors include, but are not limited to, these behaviors:

  • The compilation and assembly of artifacts for supported programming languages.
  • The automated deployment of application artifacts, configurations, and supporting resources or services.
  • Testing, validation, and other development event-generated behavior that is triggered as the result of a development process.

The usage behaviors that are not permitted include, but are not limited to, these behaviors:

  • The use of pipeline jobs or workers for general compute behaviors, such as Bitcoin mining, distributed denial-of-service attacks, and malicious or offensive behavior to other clients or users within the IBM Cloud platform or general internet users.
  • The use in the normal development process for sites or services that promote hate speech, or other activities that violate the IBM Business Conduct Guidelines.
  • The use of event-generated behavior for malicious intrusion or attacks against IBM Cloud or other sites.

At the discretion of IBM, users who violate the acceptable usage behaviors of the Continuous Delivery services or the IBM Business Conduct Guidelines can be disabled without notice. At the discretion of IBM, some services can be restored if users correct their usage behaviors after they are notified of the offensive action. Otherwise, accounts can be suspended or terminated.

Git repos and issue tracking limitations

Git Repos and Issue Tracking is built on GitLab Community Edition and hosted by IBM on IBM Cloud, however, a few GitLab options are not available:

  • Because Delivery Pipeline provides continuous integration and continuous delivery for IBM Cloud, the continuous integration features in GitLab are not supported.
  • GitLab admin functions are not available because they are managed by IBM.
  • Git Repos and Issue Tracking might not be fully accessible.

Git repos and issue tracking user information and content

Three types of Git Repos and Issue Tracking projects are available:

  • Public projects are visible to all site visitors. The content in a public project is visible to everyone who accesses Continuous Delivery even if they are not invited to the project.
  • Private projects are visible to select users only. For more information about granting users access to a project, see Project members.
  • Internal projects are visible to all logged-in users. Any user who has an IBM Cloud account can view these projects.

For more information about the project settings, see Change project visibility.

When you use Git Repos and Issue Tracking, the content that you contribute to a project is licensed under any terms that are specified in that project. When you create a project, include a file that describes the license that applies to the content. When you contribute to a project, your name and the email address that is associated with your commits might be visible to the public. The email address that is associated with your IBM Cloud account is used when you create commits through the Git Repos and Issue Tracking web interface.

Link a Continuous Delivery service instance to a Git Project

Git projects must be linked to a Continuous Delivery service instance that uses a toolchain because Git Repos and Issue Tracking are a component of the Continuous Delivery service. Adding your project to a toolchain makes it easier to use other tools such as Continuous Delivery Pipelines or DevOps Insights. Thus, it streamlines your development workflows and improves your code quality.

To link your Continuous Delivery service instance and toolchain instance to a Git project, you can use the UI or API.

Linking Continuous Delivery and toolchain instances in the UI

Linking a new project

You must link Continuous Delivery and toolchain instances in the UI when you're creating a new project. It is mandatory to link an existing CD and a toolchain instances in the UI.

Linking an existing project

  1. Go to Projects > General > Settings
  2. Select the project that you want to add instances to.
  3. Go to Continuous Delivery > Expand to update or add a Continuous Delivery and toolchain instance.

Link Continuous Delivery and toolchain instances by using the API

You can link Continuous Delivery and toolchain instances when you're using the API to create a new project.

  • Use an optional header IBM-CLOUD-API-KEY to add Continuous Delivery and toolchains while creating a project. Generate the key value for your API key from here.

  • Add request parameters toolchain_ID and cd_instance to link your Git project to a specific Continuous Delivery and toolchain instance.

    • The toolchain_id parameter supersedes the cd_instance parameter. If both are provided, the toolchain ID is used. However, if only the cd_instance parameter is given, a default toolchain is automatically created for the specified CD instance.

    • To successfully use these request parameters, you must use the IBM-CLOUD-API-KEY header.

To find your Continuous Delivery and toolchain instance IDs:

  1. Go to Resources in IBM Console.
  2. From your Resources, click the required toolchain or Continuous Delivery instance.
  3. Click Details to view and copy the GUID and CRN details. For toolchain_ID parameter, use the toolchain's GUID. For cd_instance parameter, use either GUID or CRN as its value.