feat: add Cloudsmith auth #710
Conversation
I think we should add the values as other parameters for the orb job and set them as environment variables. We can then pass those parameters in the CircleCI config generated by Tool Kit. |
|
I've pushed a commit to this branch to illustrate my idea – hope that's okay! |
rowanmanning
force-pushed
the
cloudsmith-orb
branch
from
d932589
to
155f2bc
Compare
This adds in the orb to authenticate with Cloudsmith via OIDC. Our Cloudsmith orb requires two environment variables to work: * CLOUDSMITH_ORGANISATION * CLOUDSMITH_SERVICE_ACCOUNT To allow us to specify these in Tool Kit config instead (which is a lot cleaner, the config lives in the code etc) we need to define a schema for a nonexistent `cloudsmith` plugin and then pass params through into the CircleCI config. Co-Authored-By: Alex Muller <[email protected]> Co-Authored-By: Ivo Murrell <[email protected]>
rowanmanning
force-pushed
the
cloudsmith-orb
branch
from
155f2bc
to
e39055b
Compare
| !toolkit/if-defined '@dotcom-tool-kit/cloudsmith.organisation': | ||
| cloudsmith-org: !toolkit/option '@dotcom-tool-kit/cloudsmith.organisation' | ||
| !toolkit/if-defined '@dotcom-tool-kit/cloudsmith.serviceAccount': | ||
| cloudsmith-service-account: !toolkit/option '@dotcom-tool-kit/cloudsmith.serviceAccount' |
There was a problem hiding this comment.
todo: these lines should be copied to the other deployment jobs now that we've parameterised those too
| @@ -71,6 +71,10 @@ options: | |||
| !toolkit/if-defined '@dotcom-tool-kit/serverless.awsAccountId': | |||
| aws-account-id: !toolkit/option '@dotcom-tool-kit/serverless.awsAccountId' | |||
| system-code: !toolkit/option '@dotcom-tool-kit/serverless.systemCode' | |||
| !toolkit/if-defined '@dotcom-tool-kit/cloudsmith.organisation': | |||
There was a problem hiding this comment.
issue: I've tested and confirmed that Tool Kit will not let you set options for plugins that don't exist (to help catch typos) so we'll have to make a barebones Tool Kit plugin for Cloudsmith.
Description
This adds in the orb to authenticate with Cloudsmith via OIDC. I'm not sure what the next step is to be honest, because the orb works differently to the AWS login one. The only way to auth with Cloudsmith via this orb is by setting two environment variables:
I'd rather these be Tool Kit options because that means the values (non-secrets) are stored as config in our apps. It also means we can default the
financial-timesone more easily.What I don't know how to do is to convert a Tool Kit option to environment variables before we auth and pass them along in a way that means we don't try to auth with Cloudsmith if the options aren't present. Help?
Checklist:
feat(circleci): add support for nightly workflows,fix: set Heroku app name for staging apps too