update(CENG-750): Refresh Circle Orb for Cloudsmith#17
Merged
BartoszBlizniak merged 9 commits intocloudsmith-io:masterfrom Apr 6, 2026
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Refreshes the Cloudsmith CircleCI orb to reach feature parity with other CI integrations by adding first-class OIDC auth, switching to a zipapp-based CLI install, updating the default executor image, and modernizing the orb’s publish pipeline + docs.
Changes:
- Add/expand orb commands for OIDC authentication and CLI installation (zipapp by default), and deprecate the
publishwrapper command. - Update the default executor to
cimg/python:3.12and add new usage examples aligned with the recommended OIDC + direct CLI pattern. - Migrate CI release tooling to
circleci/orb-tools@12.4.0, add.yamllint, and rewrite/extend README documentation.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
src/executors/default.yml |
Switch default executor to cimg/python and update tag default/documentation. |
src/examples/command-publish.yml |
Bump example orb version to 2.0.0 and add YAML document start. |
src/examples/cli-with-oidc.yml |
Add recommended end-to-end OIDC + CLI + direct cloudsmith usage example. |
src/examples/authenticate-with-oidc.yml |
Add auth-only OIDC example (no CLI install required). |
src/commands/publish.yml |
Mark publish command as deprecated and add migration guidance. |
src/commands/install-cli.yml |
Implement zipapp-first CLI install with optional pip install and config.ini writing. |
src/commands/ensure-api-key.yml |
Minor messaging/formatting update and add YAML document start. |
src/commands/authenticate-with-oidc.yml |
Add retries, audience support, dependency checks, and improved curl handling. |
src/@orb.yml |
Add orb metadata file (document start + description + display links). |
src/@orb.yaml |
Remove prior orb metadata file (renamed to .yml). |
README.md |
Rewrite README with command reference, executor docs, usage examples, and updated dev/release docs. |
.yamllint |
Add yamllint configuration (including requiring YAML document start). |
.circleci/config.yml |
Replace custom publish job with orb-tools lint/pack/review/publish workflows and dev/prod release filtering. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
BartoszBlizniak
commented
Apr 1, 2026
BartoszBlizniak
commented
Apr 1, 2026
BartoszBlizniak
added
documentation
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR brings our CircleCI orb to the same feature parity as GitHub Actions + Azure AD. This includes installing the Cloudsmith CLI directly onto the runner so all commands can be used instead of maintaining wrapper commands, and OIDC is now fully integrated as a command.
Testing
This orb was tested manually with each feature under my fork/personal CircleCi project
CI Pipeline
circleci-cli@0.1.5+orb-tools@8.27.3with a custompublish-orbjob toorb-tools@12.4.0with built-in lint, pack, review, and publish jobs.v-prefixed semver tags (e.g.v2.0.0).OIDC Authentication (
authenticate-with-oidc)oidc-auth-retry, default 3 attempts with 5 s delay).oidc-audienceparameter for custom audience values.curl,jq) andCIRCLE_OIDC_TOKEN_V2validation with actionable error messages.CLI Installation (
install-cli)dl.cloudsmith.io(previously tried pip first, then fell back to GitHub releases; this ensures consistency across GitHub Actions and Azure AD).cli-versionparameter to pin a specific CLI release.install-pathparameter for zipapp destination directory, defaulting to$HOME/bin.PATH, with asudofallback for non-writable locations.~/.cloudsmith/config.ini:api-host,api-proxy,api-ssl-verify,api-user-agent.Executor
circleci/python:3.7.4tocimg/python:3.10.Other Commands
publish: Marked as deprecated with migration guidance in the description.Examples
authenticate-with-oidcexample (auth-only, no CLI install).cli-with-oidcexample (recommended full workflow: OIDC + CLI + push).command-publishexample orb version from1.0.3to2.0.0.Documentation
Type of Change
Additional Notes
Breaking changes:
circleci/python:3.7.4tocimg/python:3.10— jobs relying on the old default may need to pin thetagparameter.v-prefixed semver tag (e.g.v2.0.0) instead of a bare version number (2.0.0).