Allow non-Owners to publish Orbs (aka granular permissions for orb publishing) | Orbs

CircleCI Ideas

Create

Home

Orbs

Allow non-Owners to publish Orbs (aka granular permissions for orb publishing)

Eddie

Could be a project level API key with publishing permissions, or use team membership like contexts do. Some means to expand the population of folks who can deploy prod versions of orbs without giving them global admin rights in GH.

CCI-I-1108

July 30, 2019

Steven Harman

Needing to be an org-wide Admin to publish/update a production Orb is large hurdle for us. At best it means using some shared secrets - an API Token for some Admin - via Context/Env Var. This has a downside of rolling those crews if/when that GitHub admin leaves. Or we need to roll them for compliance or another reason.
At worst, it means a subset of our folks become gatekeepers for all of our Orb-related needs. And as the folks doing org-wide admin is intentionally limited, that's not going to work.
Hopefully something team-based can be rolled out!

Christer Edvartsen

Assigning permissions for publishing orbs based on teams sounds like a good idea.