CircleCI Ideas

Allow non-Owners to publish Orbs (aka granular permissions for orb publishing)

Could be a project level API key with publishing permissions, or use team membership like contexts do.  Some means to expand the population of folks who can deploy prod versions of orbs without giving them global admin rights in GH.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jul 30 2019
  • Taking votes
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    30 Jul 18:14

    Assigning permissions for publishing orbs based on teams sounds like a good idea.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    27 Aug 18:57

    Needing to be an org-wide Admin to publish/update a production Orb is large hurdle for us. At best it means using some shared secrets - an API Token for some Admin - via Context/Env Var. This has a downside of rolling those crews if/when that GitHub admin leaves. Or we need to roll them for compliance or another reason.

     

    At worst, it means a subset of our folks become gatekeepers for all of our Orb-related needs. And as the folks doing org-wide admin is intentionally limited, that's not going to work.

     

    Hopefully something team-based can be rolled out!