Closed KyleTryon closed 1 year ago
In response to Solutions, section 3.
should test RC006 automatically assume the URL is unreachable for private orbs?
As stated in this comment, we could specify an environment variable which specifies the orb is private. This environment variable could be automatically set with the orb init
command in the CircleCI CLI as a part of the initialization process. The users could still manually resolve issues but we may be able to use the metadata to offer better error messaging or automated configuration.
Throwing a random idea out: What about elevating some metadata about the private nature of the orb into the @orb.yml
? Obviously, at the moment that's assumed to be a standard set of orb metadata, and the only thing triggering an orb to be private is the commands I fire at the CLI to make it public or private or not.
Perhaps there needs to be an additional level of metadata, such that a key/value pair should be in the metadata that's checked against the permissioning. Say there was a value in the @orb.yml
file, maybe visibility: private
, and if the orb is being published a PUBLIC, there's a warning and a failure. (possibly one you could "accept" with a CLI flag?)
otherwise, it sort of feels like all of this "external" stuff i have to go to make it go private - i have to call the CLI differently when setting it up, (with the proposal outlined at top here) i have to add an environment variable to my build pipeline, etc. why add all these things if they could be part of the metadata and then automation could infer it?
@adamdmharvey I somewhat agree. We actually wanted to do this back when we added the display
key which includes your source url and home url, which didn't originally exist. I actually voted to call the key metadata
. The issue is, orb config is CircleCI config, so anything that would become part of the orb source code, needs to be valid CircleCI config. That said, we could potentially strip that information out of the @orb.yml
file when packing.
Given the changes made recently, I think we can re-word this issue now to say that the only issue is that some tests, such as RC006 may not be expected to pass on a private orb. I will close this issue when #181 is merged, and open a new issue now expanding from this one.
Thanks for the work, Kyle & team !
@KyleTryon quick question. Orb-tools still seems to pull in 0.1.26094
through the Docker executor. If we bump that to 0.1.26343
passing org id and slug should work, right? Right now on it fails with orb-tools as the version of the CLI being pulled in doesn't support it yet.
@tdeekens ahh good call thank you. I just saw it looks like the image was updated at least today: https://hub.docker.com/r/circleci/circleci-cli/tags
Let me know if it is still an issue.
I assume you were trying to take advantage of envsubst
?
I assume you were trying to take advantage of envsubst?
No not really. Mainly given the default executor of the Orb pulling in 0.1.26094
here by default means by default orb-tools
doesn't support private Orbs using private Orbs unless I am missing something.
Ah no you are not wrong! Thank you @tdeekens. This is why we previously were not pinned to a tag, we'll need to issue a quick patch. Great call out thank you. Orb tools v12.0.1 incoming
Ah no you are not wrong! Thank you @tdeekens. This is why we previously were not pinned to a tag, we'll need to issue a quick patch. Great call out thank you. Orb tools v12.0.1 incoming
Thanks I was already wondering if I live twice as I was quite sure it was latest
once 🐱 .
Thanks for the quick release. I am getting this error when publishing and I fail to trace it's origin. Can you help?
Hey @tdeekens would you mind opening a new issue and sharing as much of your config as possible? Here it looks like no orb source file was passed to the publish command. We may need to see most or all of the config, it may help to write into the support team if there is any sensitive information.
Reference this template for using Orb Tools 12: https://github.com/CircleCI-Public/Orb-Template/tree/main/.circleci
Thanks. Maybe just an error then in adjusting the parameter names.
Problem:
There are a few considerations to take into account when publishing private orbs, which differ from the process to public orbs. I am creating this issue to track and discuss all private orb related issues with Orb-Tools so that we might find a common solution.
Issues:
circleci orb validate
command, which fails in private orbs.Solution Discussion
CIRCLECI_TOKEN
must be present, which can be resolved by attaching your restricted publishing context to thepack
job. Full commentRC006
andRC008
check for the validity of URLs supplied to the orb's display area. With a private orb, it is expected that thesource_url
tested byRC006
Full commentisPrivate=true
. However, if this is currently only helpful for the RC006 test, I think it may not be a worthy change yet.