diff --git a/lib/schemas/src/plugins.ts b/lib/schemas/src/plugins.ts index d473dee1e..1f809216c 100644 --- a/lib/schemas/src/plugins.ts +++ b/lib/schemas/src/plugins.ts @@ -1,6 +1,7 @@ import { z } from 'zod' import { CircleCISchema } from './plugins/circleci' +import { CloudsmithSchema } from './plugins/cloudsmith' import { DopplerSchema } from './plugins/doppler' import { RootSchema } from './plugins/dotcom-tool-kit' import { HerokuSchema } from './plugins/heroku' @@ -28,6 +29,7 @@ export const legacyPluginOptions: Record = { export const PluginSchemas = { 'app root': RootSchema, '@dotcom-tool-kit/circleci': CircleCISchema, + '@dotcom-tool-kit/cloudsmith': CloudsmithSchema, '@dotcom-tool-kit/doppler': DopplerSchema, '@dotcom-tool-kit/heroku': HerokuSchema, '@dotcom-tool-kit/lint-staged-npm': LintStagedNpmSchema, diff --git a/lib/schemas/src/plugins/cloudsmith.ts b/lib/schemas/src/plugins/cloudsmith.ts new file mode 100644 index 000000000..20791837b --- /dev/null +++ b/lib/schemas/src/plugins/cloudsmith.ts @@ -0,0 +1,10 @@ +import { z } from 'zod' + +export const CloudsmithSchema = z.object({ + serviceAccount: z + .string() + .optional() + .describe( + 'the Cloudsmith service account. this will probably be your team name followed by the permissions access, e.g., cp-reliability-read-write.' + ) +}) diff --git a/orb/src/@orb.yml b/orb/src/@orb.yml index 0199f6703..cd39cbadb 100644 --- a/orb/src/@orb.yml +++ b/orb/src/@orb.yml @@ -13,5 +13,6 @@ display: orbs: node: circleci/node@5.0.2 change-api: financial-times/change-api@1.0.9 + cloudsmith-oidc: ft-circleci-orbs/cloudsmith-oidc@1.0.0 aws-cli: circleci/aws-cli@3.1.4 serverless-framework: circleci/serverless-framework@2.0.2 diff --git a/orb/src/jobs/deploy-production.yml b/orb/src/jobs/deploy-production.yml index 978ddcfd9..6a83829cf 100644 --- a/orb/src/jobs/deploy-production.yml +++ b/orb/src/jobs/deploy-production.yml @@ -11,13 +11,30 @@ parameters: The system-code of the system being changed. Defaults to the repository name. type: string + cloudsmith-org: + default: 'financial-times' + type: string + cloudsmith-service-account: + default: '' + type: string executor: << parameters.executor >> +environment: + CLOUDSMITH_ORGANISATION: << parameters.cloudsmith-org >> + CLOUDSMITH_SERVICE_ACCOUNT: << parameters.cloudsmith-service-account >> + steps: - attach-workspace - setup_remote_docker: docker_layer_caching: true + - when: + condition: + and: + - << parameters.cloudsmith-org >> + - << parameters.cloudsmith-service-account >> + steps: + - cloudsmith-oidc/authenticate_with_oidc - when: condition: and: diff --git a/orb/src/jobs/deploy-review.yml b/orb/src/jobs/deploy-review.yml index 5de86b997..329260a04 100644 --- a/orb/src/jobs/deploy-review.yml +++ b/orb/src/jobs/deploy-review.yml @@ -8,13 +8,30 @@ parameters: system-code: default: '' type: string + cloudsmith-org: + default: 'financial-times' + type: string + cloudsmith-service-account: + default: '' + type: string executor: << parameters.executor >> +environment: + CLOUDSMITH_ORGANISATION: << parameters.cloudsmith-org >> + CLOUDSMITH_SERVICE_ACCOUNT: << parameters.cloudsmith-service-account >> + steps: - attach-workspace - setup_remote_docker: docker_layer_caching: true + - when: + condition: + and: + - << parameters.cloudsmith-org >> + - << parameters.cloudsmith-service-account >> + steps: + - cloudsmith-oidc/authenticate_with_oidc - when: condition: and: diff --git a/orb/src/jobs/deploy-staging.yml b/orb/src/jobs/deploy-staging.yml index b1749b2e7..5084dc3f3 100644 --- a/orb/src/jobs/deploy-staging.yml +++ b/orb/src/jobs/deploy-staging.yml @@ -2,13 +2,30 @@ parameters: executor: default: default type: executor + cloudsmith-org: + default: 'financial-times' + type: string + cloudsmith-service-account: + default: '' + type: string executor: << parameters.executor >> +environment: + CLOUDSMITH_ORGANISATION: << parameters.cloudsmith-org >> + CLOUDSMITH_SERVICE_ACCOUNT: << parameters.cloudsmith-service-account >> + steps: - attach-workspace - setup_remote_docker: docker_layer_caching: true + - when: + condition: + and: + - << parameters.cloudsmith-org >> + - << parameters.cloudsmith-service-account >> + steps: + - cloudsmith-oidc/authenticate_with_oidc - run: name: Deploy to staging command: npx dotcom-tool-kit deploy:staging diff --git a/package-lock.json b/package-lock.json index d43cb2ca7..19165713b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1093,6 +1093,7 @@ }, "core/sandbox": { "version": "1.0.0", + "extraneous": true, "license": "ISC", "workspaces": [ "packages/*" @@ -6449,6 +6450,10 @@ "resolved": "plugins/circleci-npm", "link": true }, + "node_modules/@dotcom-tool-kit/cloudsmith": { + "resolved": "plugins/cloudsmith", + "link": true + }, "node_modules/@dotcom-tool-kit/commitlint": { "resolved": "plugins/commitlint", "link": true @@ -25765,10 +25770,6 @@ "version": "2.1.2", "license": "MIT" }, - "node_modules/sandbox": { - "resolved": "core/sandbox", - "link": true - }, "node_modules/sax": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", @@ -30761,6 +30762,18 @@ "node": ">= 14" } }, + "plugins/cloudsmith": { + "name": "@dotcom-tool-kit/cloudsmith", + "version": "0.1.0", + "license": "ISC", + "engines": { + "node": "18.x || 20.x", + "npm": "7.x || 8.x || 9.x || 10.x" + }, + "peerDependencies": { + "dotcom-tool-kit": "4.x" + } + }, "plugins/commitlint": { "name": "@dotcom-tool-kit/commitlint", "version": "1.0.0", diff --git a/plugins/cloudsmith/.toolkitrc.yml b/plugins/cloudsmith/.toolkitrc.yml new file mode 100644 index 000000000..8ac1e05a0 --- /dev/null +++ b/plugins/cloudsmith/.toolkitrc.yml @@ -0,0 +1,33 @@ +version: 2 + +plugins: + - '@dotcom-tool-kit/circleci-deploy' + +options: + hooks: + - CircleCi: + workflows: + - name: 'tool-kit' + jobs: + - name: 'deploy-review' + custom: + cloudsmith-org: financial-times + !toolkit/if-defined '@dotcom-tool-kit/cloudsmith.serviceAccount': + cloudsmith-service-account: !toolkit/option '@dotcom-tool-kit/cloudsmith.serviceAccount' + - name: 'deploy-staging' + custom: + cloudsmith-org: financial-times + !toolkit/if-defined '@dotcom-tool-kit/cloudsmith.serviceAccount': + cloudsmith-service-account: !toolkit/option '@dotcom-tool-kit/cloudsmith.serviceAccount' + - name: 'deploy-production' + custom: + cloudsmith-org: financial-times + !toolkit/if-defined '@dotcom-tool-kit/cloudsmith.serviceAccount': + cloudsmith-service-account: !toolkit/option '@dotcom-tool-kit/cloudsmith.serviceAccount' + - name: 'nightly' + jobs: + - name: 'deploy-review' + custom: + cloudsmith-org: financial-times + !toolkit/if-defined '@dotcom-tool-kit/cloudsmith.serviceAccount': + cloudsmith-service-account: !toolkit/option '@dotcom-tool-kit/cloudsmith.serviceAccount' diff --git a/plugins/cloudsmith/package.json b/plugins/cloudsmith/package.json new file mode 100644 index 000000000..5f78fbb4f --- /dev/null +++ b/plugins/cloudsmith/package.json @@ -0,0 +1,31 @@ +{ + "name": "@dotcom-tool-kit/cloudsmith", + "version": "0.1.0", + "description": "", + "main": "lib", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "FT.com Platforms Team ", + "license": "ISC", + "repository": { + "type": "git", + "url": "https://github.com/financial-times/dotcom-tool-kit.git", + "directory": "plugins/cloudsmith" + }, + "bugs": "https://github.com/financial-times/dotcom-tool-kit/issues", + "homepage": "https://github.com/financial-times/dotcom-tool-kit/tree/main/plugins/cloudsmith", + "files": [ + "/lib", + ".toolkitrc.yml" + ], + "engines": { + "node": "18.x || 20.x", + "npm": "7.x || 8.x || 9.x || 10.x" + }, + "peerDependencies": { + "dotcom-tool-kit": "4.x" + } +} + diff --git a/plugins/cloudsmith/readme.md b/plugins/cloudsmith/readme.md new file mode 100644 index 000000000..051cc18c0 --- /dev/null +++ b/plugins/cloudsmith/readme.md @@ -0,0 +1,28 @@ +# @dotcom-tool-kit/cloudsmith + +## Installation & Usage + +With Tool Kit [already set up](https://github.com/financial-times/dotcom-tool-kit#installing-and-using-tool-kit), install this plugin as a dev dependency: + +```sh +npm install --save-dev @dotcom-tool-kit/cloudsmith +``` + +And add it to your repo's `.toolkitrc.yml`: + +```yml +plugins: + - '@dotcom-tool-kit/cloudsmith' +``` + + +## Plugin-wide options + +### `@dotcom-tool-kit/cloudsmith` + +| Property | Description | Type | +| :--------------- | :---------------------------------------------------------------------------------------------------------------------------------------- | :------- | +| `serviceAccount` | the Cloudsmith service account. this will probably be your team name followed by the permissions access, e.g., cp-reliability-read-write. | `string` | + +_All properties are optional._ + diff --git a/scripts/create-plugin.js b/scripts/create-plugin.js index f33e804ed..b782ece2b 100755 --- a/scripts/create-plugin.js +++ b/scripts/create-plugin.js @@ -36,10 +36,10 @@ pkg.author = 'FT.com Platforms Team ' pkg.files = ['/lib', '.toolkitrc.yml'] pkg.engines = { node: '18.x || 20.x', - npm: '7.x || 8.x || 9.x' + npm: '7.x || 8.x || 9.x || 10.x' } pkg.peerDependencies = { - 'dotcom-tool-kit': '3.x' + 'dotcom-tool-kit': '4.x' } fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2)) @@ -64,6 +64,31 @@ fs.writeFileSync('tsconfig.json', JSON.stringify(tsconfig, null, 2)) console.log('📄 adding empty toolkit config') fs.writeFileSync('.toolkitrc.yml', 'version: 2\n') +console.log('📖 adding simple README') +fs.writeFileSync( + 'readme.md', + `#dotcom-tool-kit/${name} + +## Installation & Usage + +With Tool Kit [already set up](https://github.com/financial-times/dotcom-tool-kit#installing-and-using-tool-kit), install this plugin as a dev dependency: + +\`\`\`sh +npm install --save-dev @dotcom-tool-kit/${name} +\`\`\` + +And add it to your repo's \`.toolkitrc.yml\`: + +\`\`\`yml +plugins: + - '@dotcom-tool-kit/${name}' +\`\`\` + + + +` +) + console.log('🔗 adding reference to root tsconfig') const rootTsconfig = JSON.parse(fs.readFileSync('../../tsconfig.json')) rootTsconfig.references.push({ path: directory })