As the Organization owner of
github.com/hyper-expanse, and the registrant of the
hutson namespace in the Circle CI Orb registry, I have the ability to publish production Orbs under that namespace.
I do not manually publish Orbs, but instead, automate the process. That is because:
- Publishing is a tedious process that does not add value to the process.
- Changes to an Orb are vetted as part of the Pull Request review process. Once a change has been approved by the owner of an Orb, and subsequently merged into the repository’s default branch, the assumption by all those involved is that the change may be published to production.
Because only namespace owners may publish Orbs into production, my current workflow involves exposing a Circle CI Orb token through a Context to a CI job that does the publishing.
I would prefer not to use my personal token. Doing so has several drawbacks:
- All publishes occur as me, even if I am not the individual contributing a change, or approving it.
- If I were to leave the GitHub organization, the workflow would break until another GitHub organization owner updates the Context with a new personal token.