-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add Cloudsmith auth #710
base: main
Are you sure you want to change the base?
Conversation
I think we should add the values as other parameters for the orb job and set them as environment variables. We can then pass those parameters in the CircleCI config generated by Tool Kit. |
I've pushed a commit to this branch to illustrate my idea – hope that's okay! |
155f2bc
to
e39055b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll fix the issues myself don't worry 😁
@@ -71,6 +71,10 @@ options: | |||
!toolkit/if-defined '@dotcom-tool-kit/serverless.awsAccountId': | |||
aws-account-id: !toolkit/option '@dotcom-tool-kit/serverless.awsAccountId' | |||
system-code: !toolkit/option '@dotcom-tool-kit/serverless.systemCode' | |||
!toolkit/if-defined '@dotcom-tool-kit/cloudsmith.organisation': |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
issue: I've tested and confirmed that Tool Kit will not let you set options for plugins that don't exist (to help catch typos) so we'll have to make a barebones Tool Kit plugin for Cloudsmith.
This adds in the orb to authenticate with Cloudsmith via OIDC. Our Cloudsmith orb requires two environment variables to work: * CLOUDSMITH_ORGANISATION * CLOUDSMITH_SERVICE_ACCOUNT To allow us to specify these in Tool Kit config instead (which is a lot cleaner, the config lives in the code etc) we need to define a schema for a nonexistent `cloudsmith` plugin and then pass params through into the CircleCI config. Co-Authored-By: Alex Muller <alexmuller@users.noreply.github.com> Co-Authored-By: Ivo Murrell <ivomurrell@users.noreply.github.com>
e39055b
to
d3606b8
Compare
Description
This adds in the orb to authenticate with Cloudsmith via OIDC. I'm not sure what the next step is to be honest, because the orb works differently to the AWS login one. The only way to auth with Cloudsmith via this orb is by setting two environment variables:
I'd rather these be Tool Kit options because that means the values (non-secrets) are stored as config in our apps. It also means we can default the
financial-times
one more easily.What I don't know how to do is to convert a Tool Kit option to environment variables before we auth and pass them along in a way that means we don't try to auth with Cloudsmith if the options aren't present. Help?
Checklist:
feat(circleci): add support for nightly workflows
,fix: set Heroku app name for staging apps too