42
Allow non-Owners to publish Orbs (aka granular permissions for orb publishing)
Activity
Newest
Oldest
O
Oran Bartell
Merged in a post:
Permit non-admins to publish unlisted orbs
A
Alex Turek
Right now we have our orbs repo set up to auto-publish after a successful master build. But the only people who can do that are CircleCI admins, who are of necessity Github org admins. This means we have to give GH admin to every dev who is working on our (private, internal to the company) orbs.
It'd be great to not have to grant that permission, or bottleneck on our few Github admins to update our internal orbs.
CCI-I-1398
K
Kristofer Borgstrom
Really hoping for a solution ASAP. Obviously making every developer and bot a github organization owner is not a feasible solution as it would completely destroy the whole access control setup. Thus killing off options of automated releases and developers handling publishing.
D
Dominik K
Related idea, but not restricted to unlisted orbs: https://ideas.circleci.com/ideas/CCI-I-1108
A
Alex Charles
Great idea! I've also encountered this at my organization.
S
Steven Harman
Needing to be an org-wide Admin to publish/update a production Orb is large hurdle for us. At best it means using some shared secrets - an API Token for some Admin - via Context/Env Var. This has a downside of rolling those crews if/when that GitHub admin leaves. Or we need to roll them for compliance or another reason.
At worst, it means a subset of our folks become gatekeepers for all of our Orb-related needs. And as the folks doing org-wide admin is intentionally limited, that's not going to work.
Hopefully something team-based can be rolled out!
C
Christer Edvartsen
Assigning permissions for publishing orbs based on teams sounds like a good idea.