Private orb support - Githubissues

CircleCI-Public / orb-tools-orb

Various tools for authoring and publishing CircleCI orbs

https://circleci.com/orbs/registry/orb/circleci/orb-tools

MIT License

51 stars 74 forks source link

Private orb support #175

Closed terraboops closed 1 year ago

terraboops commented 1 year ago

Adds Private Orb support to pack.

terraboops commented 1 year ago

Thanks @Jaryt, I've made the requested changes! Let me know if there's anything else! 🎉

KyleTryon commented 1 year ago

Hey folks, I am looking into #158 which appears related. Where is --org-slug coming from in this example?

terraboops commented 1 year ago

@KyleTryon - I found that here: https://discuss.circleci.com/t/using-the-cli-to-validate-a-config-that-references-a-private-orb/41383/13

I thought it was an undocumented feature of orb validation, but it seems it may only validate configs!

As I was thinking about this, it occurred to me: should we split up the validate and pack functionality here into two separate commands? We could leave the validate command unmodified if we did that. This would avoid the need for undocumented features. Private orb users could add those undocumented features on their own if needed.

Splitting up validate and pack may also make it possible to create an orb for the first time via CircleCI. Currently, I suppose the initial orb setup must be done manually from CLI - is that correct? That may pose security concerns for some organizations.

KyleTryon commented 1 year ago

Ok I have taken a look through, I think we should already covered, but your issue is newer than the supposed solution so I will pry a little deeper.

On Aug 24th, we merged #161 which was focused on supporting server installations, but should have had the affect of resolving this too.

Resulting in the current validation code: https://github.com/CircleCI-Public/orb-tools-orb/blob/b2058d635bed47809091dfa22ba76d19d1cb5a69/src/scripts/validate.sh#L9

--org-slug is valid and documented for circleci config validate and is used to fetch the imported orbs within the config.

This is not a valid flag for circleci orb validate, however --token is, which I think may be our silver bullet. You would likely already be attaching a context with CIRCLE_TOKEN to your publishing jobs, this is telling me that you may need to attach it to your pack job as well if you are creating a private orb.

      - orb-tools-alpha/pack:
+       context: orb-publisher
          filters:
            tags:
              only: /.*/

KyleTryon commented 1 year ago

Hello all, To help condense the conversation around private orbs I have opened a new issue here for discussion so we can find a unified solution: https://github.com/CircleCI-Public/orb-tools-orb/issues/179

I will be closing this issue for now to keep the conversation in one location. We will open one or more PRs based on the conversation in this thread.

terraboops commented 1 year ago

Great - thanks!