diff --git a/lib/schemas/src/plugins.ts b/lib/schemas/src/plugins.ts index 9bcb05db9..8751e1666 100644 --- a/lib/schemas/src/plugins.ts +++ b/lib/schemas/src/plugins.ts @@ -1,6 +1,7 @@ import { z } from 'zod' import { CircleCISchema } from './plugins/circleci' +import { CloudsmithSchema } from './plugins/cloudsmith' import { DopplerSchema } from './plugins/doppler' import { RootSchema } from './plugins/dotcom-tool-kit' import { HerokuSchema } from './plugins/heroku' @@ -28,6 +29,7 @@ export const legacyPluginOptions: Record = { export const PluginSchemas = { 'app root': RootSchema, '@dotcom-tool-kit/circleci': CircleCISchema, + '@dotcom-tool-kit/cloudsmith': CloudsmithSchema, '@dotcom-tool-kit/doppler': DopplerSchema, '@dotcom-tool-kit/heroku': HerokuSchema, '@dotcom-tool-kit/lint-staged-npm': LintStagedNpmSchema, diff --git a/lib/schemas/src/plugins/cloudsmith.ts b/lib/schemas/src/plugins/cloudsmith.ts new file mode 100644 index 000000000..9604b624b --- /dev/null +++ b/lib/schemas/src/plugins/cloudsmith.ts @@ -0,0 +1,6 @@ +import { z } from 'zod' + +export const CloudsmithSchema = z.object({ + organisation: z.string().optional(), + serviceAccount: z.string().optional() +}) diff --git a/orb/src/@orb.yml b/orb/src/@orb.yml index 0199f6703..cd39cbadb 100644 --- a/orb/src/@orb.yml +++ b/orb/src/@orb.yml @@ -13,5 +13,6 @@ display: orbs: node: circleci/node@5.0.2 change-api: financial-times/change-api@1.0.9 + cloudsmith-oidc: ft-circleci-orbs/cloudsmith-oidc@1.0.0 aws-cli: circleci/aws-cli@3.1.4 serverless-framework: circleci/serverless-framework@2.0.2 diff --git a/orb/src/jobs/deploy-production.yml b/orb/src/jobs/deploy-production.yml index 978ddcfd9..6a83829cf 100644 --- a/orb/src/jobs/deploy-production.yml +++ b/orb/src/jobs/deploy-production.yml @@ -11,13 +11,30 @@ parameters: The system-code of the system being changed. Defaults to the repository name. type: string + cloudsmith-org: + default: 'financial-times' + type: string + cloudsmith-service-account: + default: '' + type: string executor: << parameters.executor >> +environment: + CLOUDSMITH_ORGANISATION: << parameters.cloudsmith-org >> + CLOUDSMITH_SERVICE_ACCOUNT: << parameters.cloudsmith-service-account >> + steps: - attach-workspace - setup_remote_docker: docker_layer_caching: true + - when: + condition: + and: + - << parameters.cloudsmith-org >> + - << parameters.cloudsmith-service-account >> + steps: + - cloudsmith-oidc/authenticate_with_oidc - when: condition: and: diff --git a/orb/src/jobs/deploy-review.yml b/orb/src/jobs/deploy-review.yml index 5de86b997..329260a04 100644 --- a/orb/src/jobs/deploy-review.yml +++ b/orb/src/jobs/deploy-review.yml @@ -8,13 +8,30 @@ parameters: system-code: default: '' type: string + cloudsmith-org: + default: 'financial-times' + type: string + cloudsmith-service-account: + default: '' + type: string executor: << parameters.executor >> +environment: + CLOUDSMITH_ORGANISATION: << parameters.cloudsmith-org >> + CLOUDSMITH_SERVICE_ACCOUNT: << parameters.cloudsmith-service-account >> + steps: - attach-workspace - setup_remote_docker: docker_layer_caching: true + - when: + condition: + and: + - << parameters.cloudsmith-org >> + - << parameters.cloudsmith-service-account >> + steps: + - cloudsmith-oidc/authenticate_with_oidc - when: condition: and: diff --git a/orb/src/jobs/deploy-staging.yml b/orb/src/jobs/deploy-staging.yml index b1749b2e7..5084dc3f3 100644 --- a/orb/src/jobs/deploy-staging.yml +++ b/orb/src/jobs/deploy-staging.yml @@ -2,13 +2,30 @@ parameters: executor: default: default type: executor + cloudsmith-org: + default: 'financial-times' + type: string + cloudsmith-service-account: + default: '' + type: string executor: << parameters.executor >> +environment: + CLOUDSMITH_ORGANISATION: << parameters.cloudsmith-org >> + CLOUDSMITH_SERVICE_ACCOUNT: << parameters.cloudsmith-service-account >> + steps: - attach-workspace - setup_remote_docker: docker_layer_caching: true + - when: + condition: + and: + - << parameters.cloudsmith-org >> + - << parameters.cloudsmith-service-account >> + steps: + - cloudsmith-oidc/authenticate_with_oidc - run: name: Deploy to staging command: npx dotcom-tool-kit deploy:staging diff --git a/plugins/circleci-deploy/.toolkitrc.yml b/plugins/circleci-deploy/.toolkitrc.yml index 2461ad1d7..1bb54c7a5 100644 --- a/plugins/circleci-deploy/.toolkitrc.yml +++ b/plugins/circleci-deploy/.toolkitrc.yml @@ -71,6 +71,10 @@ options: !toolkit/if-defined '@dotcom-tool-kit/serverless.awsAccountId': aws-account-id: !toolkit/option '@dotcom-tool-kit/serverless.awsAccountId' system-code: !toolkit/option '@dotcom-tool-kit/serverless.systemCode' + !toolkit/if-defined '@dotcom-tool-kit/cloudsmith.organisation': + cloudsmith-org: !toolkit/option '@dotcom-tool-kit/cloudsmith.organisation' + !toolkit/if-defined '@dotcom-tool-kit/cloudsmith.serviceAccount': + cloudsmith-service-account: !toolkit/option '@dotcom-tool-kit/cloudsmith.serviceAccount' - name: 'nightly' jobs: - name: 'deploy-review'