Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add Cloudsmith auth #710

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: add Cloudsmith auth #710

wants to merge 1 commit into from

Conversation

rowanmanning
Copy link
Member

@rowanmanning rowanmanning commented Nov 13, 2024

Description

This adds in the orb to authenticate with Cloudsmith via OIDC. I'm not sure what the next step is to be honest, because the orb works differently to the AWS login one. The only way to auth with Cloudsmith via this orb is by setting two environment variables:

  • CLOUDSMITH_ORGANISATION
  • CLOUDSMITH_SERVICE_ACCOUNT

I'd rather these be Tool Kit options because that means the values (non-secrets) are stored as config in our apps. It also means we can default the financial-times one more easily.

What I don't know how to do is to convert a Tool Kit option to environment variables before we auth and pass them along in a way that means we don't try to auth with Cloudsmith if the options aren't present. Help?

Checklist:

  • My branch has been rebased onto the latest commit on main (don't merge main into your branch)
  • My commit messages are conventional commits, for example: feat(circleci): add support for nightly workflows, fix: set Heroku app name for staging apps too

@ivomurrell
Copy link
Contributor

What I don't know how to do is to convert a Tool Kit option to environment variables before we auth and pass them along in a way that means we don't try to auth with Cloudsmith if the options aren't present. Help?

I think we should add the values as other parameters for the orb job and set them as environment variables. We can then pass those parameters in the CircleCI config generated by Tool Kit.

@ivomurrell
Copy link
Contributor

I've pushed a commit to this branch to illustrate my idea – hope that's okay!

@rowanmanning rowanmanning force-pushed the cloudsmith-orb branch 2 times, most recently from 155f2bc to e39055b Compare November 14, 2024 15:22
@rowanmanning rowanmanning marked this pull request as ready for review November 14, 2024 15:22
@rowanmanning rowanmanning requested a review from a team as a code owner November 14, 2024 15:22
Copy link
Contributor

@ivomurrell ivomurrell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll fix the issues myself don't worry 😁

plugins/circleci-deploy/.toolkitrc.yml Show resolved Hide resolved
@@ -71,6 +71,10 @@ options:
!toolkit/if-defined '@dotcom-tool-kit/serverless.awsAccountId':
aws-account-id: !toolkit/option '@dotcom-tool-kit/serverless.awsAccountId'
system-code: !toolkit/option '@dotcom-tool-kit/serverless.systemCode'
!toolkit/if-defined '@dotcom-tool-kit/cloudsmith.organisation':
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue: I've tested and confirmed that Tool Kit will not let you set options for plugins that don't exist (to help catch typos) so we'll have to make a barebones Tool Kit plugin for Cloudsmith.

This adds in the orb to authenticate with Cloudsmith via OIDC. Our
Cloudsmith orb requires two environment variables to work:

  * CLOUDSMITH_ORGANISATION
  * CLOUDSMITH_SERVICE_ACCOUNT

To allow us to specify these in Tool Kit config instead (which is a lot
cleaner, the config lives in the code etc) we need to define a schema
for a nonexistent `cloudsmith` plugin and then pass params through into
the CircleCI config.

Co-Authored-By: Alex Muller <alexmuller@users.noreply.github.com>
Co-Authored-By: Ivo Murrell <ivomurrell@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants