New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Buildkite OIDC support #4159
base: master
Are you sure you want to change the base?
Conversation
This doesn't yet add tests, but should be functional. I'm testing end-to-end using a local development copy of Buildkite.
Codecov Report
@@ Coverage Diff @@
## master #4159 +/- ##
==========================================
- Coverage 98.73% 98.70% -0.03%
==========================================
Files 302 302
Lines 6852 6857 +5
==========================================
+ Hits 6765 6768 +3
- Misses 87 89 +2
|
I wrapped that big ruby command up into a Buildkite plugin: https://github.com/sj26/rubygems-oidc-buildkite-plugin which means the pipeline can now look like this -- although I fudged it to download an existing gem and use my local environments in the screenshot example: steps:
- key: gem-publish
plugins:
- sj26/rubygems-oidc:
token: rg_oidc_akr_...
command: |
puts "--- Build gem"
gem build *.gem
echo "--- Push gem"
gem push *.gem |
@segiddins wonderful! What sort of testing and coverage would you like here? How can I help land support into rubygems.org? 🙏 |
Hi folks! I'd love to land this into rubygems.org, and start using it for our gem publishing flows for things like rspec-buildkite and buildkite-test_collector. How can I help? |
Would it be helpful to add gem push instructions into the app, like for GitHub? I can wrap up the instructions I posted earlier: |
You should be able to from https://rubygems.org/profile/oidc/api_key_roles |
Oh nice! I just couldn't find the link. I'll give it a go and report back. |
Any news @sj26? |
Add support for Buildkite OIDC tokens.
This doesn't yet add tests, but should be functional. I'm testing end-to-end using a local development copy of Buildkite.
I can see some good end-to-end tests, eg.
test/system/oidc_test.rb
, but unsure if you'd like those per issuer, or some other issuer-specific testing. Please let me know what coverage you would like 🙏