Add --repo flag for repo-scoped CI secrets and variables#446
Open
Add --repo flag for repo-scoped CI secrets and variables#446
Conversation
Switch secret and variable commands to the deployed depot.ci.v2 API, which separates org-wide and repo-scoped methods. All subcommands (add, list, remove) now accept --repo owner/name to target a specific repository. Without --repo, behavior is unchanged (org-wide). Made-with: Cursor
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Stale v1 client constructors are now unused dead code
- Removed the unused v1 client constructors newCISecretServiceClient and newCIVariableServiceClient as all API functions now use v2 clients.
Or push these changes by commenting:
@cursor push a9b7073dcb
Preview (a9b7073dcb)
diff --git a/pkg/api/ci.go b/pkg/api/ci.go
--- a/pkg/api/ci.go
+++ b/pkg/api/ci.go
@@ -103,11 +103,6 @@
return allRuns, nil
}
-func newCISecretServiceClient() civ1connect.SecretServiceClient {
- baseURL := baseURLFunc()
- return civ1connect.NewSecretServiceClient(getHTTPClient(baseURL), baseURL, WithUserAgent())
-}
-
func newCISecretServiceV2Client() civ2connect.SecretServiceClient {
baseURL := baseURLFunc()
return civ2connect.NewSecretServiceClient(getHTTPClient(baseURL), baseURL, WithUserAgent())
@@ -195,11 +190,6 @@
return err
}
-func newCIVariableServiceClient() civ1connect.VariableServiceClient {
- baseURL := baseURLFunc()
- return civ1connect.NewVariableServiceClient(getHTTPClient(baseURL), baseURL, WithUserAgent())
-}
-
func newCIVariableServiceV2Client() civ2connect.VariableServiceClient {
baseURL := baseURLFunc()
return civ2connect.NewVariableServiceClient(getHTTPClient(baseURL), baseURL, WithUserAgent())| return civ1connect.NewSecretServiceClient(getHTTPClient(baseURL), baseURL, WithUserAgent()) | ||
| } | ||
|
|
||
| // CIAddSecret adds a single CI secret to an organization |
There was a problem hiding this comment.
Stale v1 client constructors are now unused dead code
Low Severity
newCISecretServiceClient and newCIVariableServiceClient still construct v1 clients, but every secret/variable API function in this file was migrated to use the new v2 client constructors (newCISecretServiceV2Client / newCIVariableServiceV2Client). Since these are unexported functions, they can only be called within the api package — and no remaining callers appear to reference them. These are dead code left over from the v1→v2 migration.
Additional Locations (1)
…tRepoVariableValues) Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--repo owner/nameflag todepot ci secretsanddepot ci varssubcommands (add, list, remove).depot.ci.v1to the deployeddepot.ci.v2org/repo RPCs for secret and variable management.--repois omitted, behavior is unchanged (org-wide).What was happening
The CLI could only manage org-wide secrets and variables. Repo-specific overrides had to be managed through the web UI.
What happens now
depot ci secrets add DB_URL --repo owner/repo --value "..."creates a repo-scoped secret that overrides the org-wide value at runtime.depot ci secrets list --repo owner/reposhows both org-wide and repo-specific entries with a scope column. Same pattern for variables.Companion PRs:
Made with Cursor
Note
Medium Risk
Moderate risk: switches secret/variable management from
depot.ci.v1to newv2RPCs and changes API function signatures, which could break callers or alter listing semantics when--repois used.Overview
Adds
--repo owner/reposupport todepot ci secretsanddepot ci varsso users can add/list/remove repo-scoped entries alongside existing org-wide ones.Updates the client API in
pkg/api/ci.goto usedepot.ci.v2Secret/Variable services, routing calls to org vs repo RPCs based on the optional repo argument and returning combined org+repo results (with a newScopefield) for list operations.Introduces generated
v2protobuf + Connect stubs for secrets and variables, and updates command output to show a scope column when listing with--repo.Written by Cursor Bugbot for commit c403534. This will update automatically on new commits. Configure here.