Non-interactive charm login for CI story needs to be improved
opened this issue · comments
Follow up to #61, originally requested by @ryan-beisner.
CI operators and dev teams are accustomed to systematically authenticating with the likes of Launchpad, Github and Gerrit, and we should have a similar experience with the Charm Store.
We have had to re-auth and re-distribute the tokens periodically, presumably the same as SSO periodically requires humans to re-auth. That should be improved IMO. The experience I would aim for is one that can be keyed up, then just works. Such as the experience with LP or GH + SSH keys.
The creation and reusing of OAuth tokens is not a great experience when trying to setup CI workflows with automated pushing to the Charm Store and needs a overhaul.
Here's another pain point for a very basic use case where I just want to push a charm to the edge channel in a CI pipeline.
Right now the following steps are:
- Run
charm push <charm-dir> cs:<name-space>/<charm-name>
which returns
url: cs:~<name-space>/<charm-name>-<rev>
channel: unpublished
- Somehow retrieve the url above,
cs:~<name-space>/<charm-name>-<rev>
, because we need the revision forcharm release
- Release the charm,
charm release cs:~<name-space>/<charm-name>-<rev> --channel edge
url: cs:~<name-space>/<charm-name>-<rev>
channel: edge
How about just letting folks push straight to the edge like so?
charm push <charm-dir> cs:<name-space>/<charm-name> --channel edge