Add OIDC orb (#28)

Updated set_env_vars_for_pip to use cloudsmith-oidc orb for auth
Updated set_env_vars_for_twine to use cloudsmith-oidc orb for auth
Updated upload_python_package to use cloudsmith-oidc orb for auth
Removed command authenticate_with_oidc
Updated examples and tests

---------

Co-authored-by: robertboulton <[email protected]>

Author: robgodfrey

.circleci/test-deploy.yml

@@ -20,36 +20,6 @@ release-filters: &release-filters
     only: /^v[0-9]+\.[0-9]+\.[0-9]+$/
 
 jobs:
-  # Create jobs to test the commands of your orbs.
-  # You may want to add additional validation steps to ensure the commands are working as expected.
-
-  test-authenticate_with_oidc:
-    docker:
-      - image: cimg/base:current
-    resource_class: small
-    steps:
-      - checkout
-      - cloudsmith-circleci/authenticate_with_oidc:
-          service_account: "circleci-orb-testing"
-      - run:
-          name: Assert environment variables have been set
-          command: | 
-            if [ $CLOUDSMITH_ORGANISATION != "financial-times" ]
-            then
-              echo "Test failed: CLOUDSMITH_ORGANISATION has not been set correctly."
-              exit 1
-            fi
-            if [ $CLOUDSMITH_SERVICE_ACCOUNT != "circleci-orb-testing" ]
-            then
-              echo "Test failed: CLOUDSMITH_SERVICE_ACCOUNT has not been set."
-              exit 1
-            fi
-            if [ -z $CLOUDSMITH_OIDC_TOKEN ]
-            then
-              echo "Test failed: CLOUDSMITH_OIDC_TOKEN has not been set."
-              exit 1
-            fi
-            echo "All tests passed."
 
   test-set_env_vars_for_pip:
     docker:
@@ -59,7 +29,6 @@ jobs:
       - checkout
       - cloudsmith-circleci/set_env_vars_for_pip:
           repository: "circleci-orb-testing"
-          service_account: "circleci-orb-testing"
       - run:
           name: Assert environment variables have been set
           command: | 
@@ -82,7 +51,6 @@ jobs:
       - checkout
       - cloudsmith-circleci/set_env_vars_for_pip:
           repository: "circleci-orb-testing"
-          service_account: "circleci-orb-testing"
       - run: python -m pip install simplepkg==0.0.1 --index-url "$CLOUDSMITH_PIP_INDEX_URL"
 
   test-pip_install_requirements_example:
@@ -93,7 +61,6 @@ jobs:
       - run: echo "simplepkg==0.0.1" > requirements.txt
       - cloudsmith-circleci/set_env_vars_for_pip:
           repository: "circleci-orb-testing"
-          service_account: "circleci-orb-testing"
       - run: python -m pip install -r requirements.txt --index-url "$CLOUDSMITH_PIP_INDEX_URL"
 
   test-configure_pip_example:
@@ -104,7 +71,6 @@ jobs:
       - run: echo "simplepkg==0.0.1" > requirements.txt
       - cloudsmith-circleci/set_env_vars_for_pip:
           repository: "circleci-orb-testing"
-          service_account: "circleci-orb-testing"
       - run: python -m pip config set global.index-url "$CLOUDSMITH_PIP_INDEX_URL"
       - run: python -m pip install -r requirements.txt
 
@@ -116,7 +82,6 @@ jobs:
       - checkout
       - cloudsmith-circleci/set_env_vars_for_twine:
           repository: "circleci-orb-testing"
-          service_account: "circleci-orb-testing"
       - run:
           name: Assert environment variables have been set
           command: | 
@@ -156,7 +121,6 @@ jobs:
             python -m pip install twine --upgrade --user
       - cloudsmith-circleci/set_env_vars_for_twine:
           repository: "circleci-orb-testing"
-          service_account: "circleci-orb-testing"
       - run:
           name: twine upload package to Cloudsmith
           command: |
@@ -182,17 +146,13 @@ jobs:
           working_directory: .circleci/simplepkg-py
       - cloudsmith-circleci/upload_python_package:
           repository: "circleci-orb-testing"
-          service_account: "circleci-orb-testing"
           dist_dir: .circleci/simplepkg-py/dist
 
 workflows:
   test-deploy:
     jobs:
       # Make sure to include "filters: *filters" in every test job you want to run as part of your deployment.
       # Test your orb's commands in a custom job and test your orb's jobs directly as a part of this workflow.
-      - test-authenticate_with_oidc:
-          context: circleci-orb-publishing
-          filters: *filters
       - test-set_env_vars_for_pip:
           context: circleci-orb-publishing
           filters: *filters
@@ -226,7 +186,6 @@ workflows:
           # Ensure this job requires all test jobs and the pack job.
           requires:
             - orb-tools/pack
-            - test-authenticate_with_oidc
             - test-set_env_vars_for_pip
             - test-pip_install_package_example
             - test-pip_install_requirements_example

README.md

@@ -8,15 +8,15 @@ A CircleCI orb to assist with downloading from and publishing packages to Clouds
 
 ## Getting started
 
-The orb commands need the following parameters:
+The orb commands require the following environment variables to be set:
 
-* `repository` : The identity/slug of the Cloudsmith repository
+* `CLOUDSMITH_ORGANISATION` : The identity/slug of the Cloudsmith organisation to use when authenticating with OIDC. Defaults to "financial-times" if not set.
+* `CLOUDSMITH_SERVICE_ACCOUNT` : The identity/slug of the Cloudsmith service account to use when authenticating with OIDC.
 
-* `service_account` : The identity/slug of the Cloudsmith service account to use when authenticating with OIDC
+These are used to authenticate with Cloudsmith using OIDC and can be found in the [Cloudsmith UI](https://cloudsmith.io/).
 
-This can be found in the [Cloudsmith UI](https://cloudsmith.io/orgs/financial-times/).
-
-The orb provides commands to set environment variables for various package managment tools (e.g. pip).
+The orb provides commands to set environment variables for various package managment tools (e.g. pip) and to publish
+packages using the Cloudsmith CLI.
 
 ---
 

src/@orb.yml

@@ -1,7 +1,15 @@
 version: 2.1
 
-description: >
-  Install packages from and publish packages to Cloudsmith using short-lived OIDC credentials
+orbs:
+  cloudsmith-oidc: ft-circleci-orbs/[email protected]
+
+description: |
+  Install packages from and publish packages to Cloudsmith using short-lived OIDC credentials.
+  Note, all commands require the following environment variables to be set:
+   - CLOUDSMITH_ORGANISATION : The identity/slug of the Cloudsmith organisation to use when authenticating with OIDC. Defaults to "financial-times" if not set.
+   - CLOUDSMITH_SERVICE_ACCOUNT : The identity/slug of the Cloudsmith service account to use when authenticating with OIDC.
+  These are used to authenticate with Cloudsmith using OIDC and can be found in the Cloudsmith UI - https://cloudsmith.io/.
+
 display:
   home_url: "https://github.com/ft-circleci-orbs/cloudsmith-circleci-orb"
   source_url: "https://github.com/ft-circleci-orbs/cloudsmith-circleci-orb"

src/commands/authenticate_with_oidc.yml

@@ -6,20 +6,13 @@ parameters:
   repository:
     description: The identity/slug of the Cloudsmith repository
     type: string
-  service_account:
-    description: The identity/slug of the Cloudsmith service account to use when authenticating with OIDC
-    type: string
 steps:
-  - authenticate_with_oidc:
-      service_account: <<parameters.service_account>>
-  - run:
-      name: Cloudsmith - Configure domains
-      command: <<include(scripts/configure_cloudsmith_domains.sh)>>
   - run:
-      name: Cloudsmith - Configure repository
-      command: |
-        echo "export CLOUDSMITH_REPOSITORY=\"<<parameters.repository>>\"" >> $BASH_ENV
-        echo "CLOUDSMITH_REPOSITORY=<<parameters.repository>>"
+      name: Cloudsmith - Configure defaults
+      command: <<include(scripts/configure_cloudsmith_defaults.sh)>>
+  - cloudsmith-oidc/authenticate_with_oidc
   - run:
       name: Cloudsmith - Set CLOUDSMITH_PIP_INDEX_URL environment variable
       command: <<include(scripts/set_env_vars_for_pip.sh)>>
+      environment:
+        CLOUDSMITH_REPOSITORY: <<parameters.repository>>

src/commands/set_env_vars_for_pip.yml

@@ -6,20 +6,13 @@ parameters:
   repository:
     description: The identity/slug of the Cloudsmith repository
     type: string
-  service_account:
-    description: The identity/slug of the Cloudsmith service account to use when authenticating with OIDC
-    type: string
 steps:
-  - authenticate_with_oidc:
-      service_account: <<parameters.service_account>>
-  - run:
-      name: Cloudsmith - Configure domains
-      command: <<include(scripts/configure_cloudsmith_domains.sh)>>
   - run:
-      name: Cloudsmith - Configure repository
-      command: |
-        echo "export CLOUDSMITH_REPOSITORY=\"<<parameters.repository>>\"" >> $BASH_ENV
-        echo "CLOUDSMITH_REPOSITORY=<<parameters.repository>>"
+      name: Cloudsmith - Configure defaults
+      command: <<include(scripts/configure_cloudsmith_defaults.sh)>>
+  - cloudsmith-oidc/authenticate_with_oidc
   - run:
       name: Cloudsmith - Set CLOUDSMITH_TWINE environment variables
       command: <<include(scripts/set_env_vars_for_twine.sh)>>
+      environment:
+        CLOUDSMITH_REPOSITORY: <<parameters.repository>>

src/commands/set_env_vars_for_twine.yml

@@ -5,14 +5,15 @@ parameters:
   repository:
     description: The identity/slug of the Cloudsmith repository
     type: string
-  service_account:
-    description: The identity/slug of the Cloudsmith service account to use when authenticating
-    type: string
   dist_dir:
     description: The distribution directory where package source distribution and wheel files are located
     type: string
     default: "dist"
 steps:
+  - run:
+      name: Cloudsmith - Configure defaults
+      command: <<include(scripts/configure_cloudsmith_defaults.sh)>>
+  - cloudsmith-oidc/authenticate_with_oidc
   - run:
       name: Cloudsmith - Install CLI
       command: |
@@ -26,16 +27,10 @@ steps:
         echo "Cloudsmith CLI installed OK."
 
         cloudsmith --version
-  - authenticate_with_oidc:
-      service_account: <<parameters.service_account>>
-  - run:
-      name: Cloudsmith - Configure repository and dist_dir
-      command: |
-        echo "export CLOUDSMITH_REPOSITORY=\"<<parameters.repository>>\"" >> $BASH_ENV
-        echo "CLOUDSMITH_REPOSITORY=<<parameters.repository>>"
-
-        echo "export DIST_DIR=\"<<parameters.dist_dir>>\"" >> $BASH_ENV
-        echo "DIST_DIR=<<parameters.dist_dir>>"
   - run:
       name: Cloudsmith - Upload python package file(s)
       command: <<include(scripts/upload_python_package.sh)>>
+      environment:
+        CLOUDSMITH_REPOSITORY: <<parameters.repository>>
+        DIST_DIR: <<parameters.dist_dir>>
+

src/commands/upload_python_package.yml

@@ -13,7 +13,6 @@ usage:
         - run: python -m ensurepip --upgrade
         - ft-cloudsmith/set_env_vars_for_pip:
             repository: "your-repository-id"
-            service_account: "your-service-account-id"
         - run: python -m pip config set global.index-url "$CLOUDSMITH_PIP_INDEX_URL"
         - run: python -m pip install -r requirements.txt
   workflows:

src/examples/configure_pip_index_url.yml

@@ -13,7 +13,6 @@ usage:
         - run: python -m ensurepip --upgrade
         - ft-cloudsmith/set_env_vars_for_pip:
             repository: "your-repository-id"
-            service_account: "your-service-account-id"
         - run: python -m pip install your-package==0.0.0 --index-url "$CLOUDSMITH_PIP_INDEX_URL"
   workflows:
     main:

src/examples/pip_install_package.yml

@@ -13,7 +13,6 @@ usage:
         - run: python -m ensurepip --upgrade
         - ft-cloudsmith/set_env_vars_for_pip:
             repository: "your-repository-id"
-            service_account: "your-service-account-id"
         - run: python -m pip install -r requirements.txt --index-url "$CLOUDSMITH_PIP_INDEX_URL"
   workflows:
     main: