Setting up CI/CD
OnePub provides integration with your CI/CD tool environment.
The leakage of a OnePub token is a serious security risk.
A person with access to a OnePub Token can perform any action the owner of that token can perform.
Continuous Integration (testing)
When you run integration tests you need the ability to get package dependencies (including transitive dependencies).
If any of these dependencies are hosted by OnePub then you need to provide your CI environment with a OnePub Token.
Permissions
If the CI action downloads one or more dart dependencies (including transitive dependencies) then the Member associated with the OnePub Token must have the download privileges for each of those packages.
The most common to ensure the required privileges is to associate the Member with the set of Teams that manage those packages.
Continuous Deployment
If your CD environment needs to publish packages hosted on OnePub then you need to provide your CD environment with a OnePub token.
Permissions
If the CD action uploads a new version of a package then the Member associated with the OnePub Token must have upload privileges.
If the CI action downloads one or more dart dependencies (including transitive dependencies) then the Member associated with the OnePub Token must have the download privileges for each of those packages.
If you are going to publish multiple packages during a single CD action then you need to make the user an Uploader for each of the packages.
Expiry
All OnePub tokens, whether obtained during a login or via the onepub export
command, expire after 30 days.
Workflow
The following steps need to be carried out:
Create a specialised Member for the CI/CD action.
Add the new Member to a Team associated with each of the package dependencies (don't forget transitional dependencies).
If necessary add the Member to multiple Teams to acquire access to all of the package dependencies.
If the CD Action will publish a package then add the Member as a Package Owner to the package(s) the CD Action publishes.
Export the CD/CI Members token from the CLI using the
onepub export
command.Deploy the token to your CI/CD environment
Add onepub to your CI/CD action
Import the token into your CI/CD action via the 'onepub import' command.
Last updated