fj secret/variable --org scope for shared CI credentials #137

New issue

Closed

opened 2026-06-11 00:57:41 +00:00 by stephen · 0 comments

stephen commented 2026-06-11 00:57:41 +00:00

Owner

Copy link

Task

Add an org (and optionally user) scope to fj secret and fj variable:

• Add a mutually-exclusive scope selector --org <name> (consider --user for user-level secrets, which Forgejo also supports). Default remains repo scope inferred from the remote.
• Route the four verbs (list/set/delete, for both secrets and variables) to /orgs/{org}/actions/secrets and /orgs/{org}/actions/variables when --org is set; request/response shapes match the repo endpoints already implemented in src/api/workflow_secrets.rs.

Source: rasterstate/fj#127.

Priority

p3. Org-level secrets are how teams avoid copy-pasting the same REGISTRY_TOKEN/DEPLOY_KEY into many repos, so this is real provisioning value, but the audience is narrower (org admins, one-time setup) than the per-run scripting primitives, and the fj api -X PUT /orgs/.../actions/secrets/... escape hatch works today.

Reason

Every secret/variable call is hard-wired to the repo path: list_secrets/set_secret/list_variables/set_variable/delete_variable all build crate::api::repo_path(owner, name) + /actions/... (src/api/workflow_secrets.rs). The CLI args carry only RepoFlag with no scope selector (src/cli/workflow_secret.rs:29-61), and var/secret share those args via workflow_variable.rs. Forgejo exposes the org surface at the mirror paths, so the gap is purely on the fj side; no new verbs, no new auth, rendering unchanged.

Acceptance

• fj secret list/set/delete --org <name> and fj variable list/set/delete --org <name> target /orgs/{org}/actions/....
• --org is mutually exclusive with repo scope; default stays repo scope inferred from the remote.
• (Optional) --user scope for user-level secrets/variables.
• Table and JSON rendering unchanged across scopes.
• Wiremock coverage in src/client/integration_tests.rs for the org-scoped paths.
• cargo fmt --check, cargo clippy --all-targets --all-features -- -D warnings, and cargo test --all pass.

Dependencies

None. The hand-rolled fj api workaround for this also re-exposes the stdin gap in rasterstate/fj#126.

Size

M

## Task Add an org (and optionally user) scope to `fj secret` and `fj variable`: - Add a mutually-exclusive scope selector `--org <name>` (consider `--user` for user-level secrets, which Forgejo also supports). Default remains repo scope inferred from the remote. - Route the four verbs (list/set/delete, for both secrets and variables) to `/orgs/{org}/actions/secrets` and `/orgs/{org}/actions/variables` when `--org` is set; request/response shapes match the repo endpoints already implemented in `src/api/workflow_secrets.rs`. Source: rasterstate/fj#127. ## Priority p3. Org-level secrets are how teams avoid copy-pasting the same `REGISTRY_TOKEN`/`DEPLOY_KEY` into many repos, so this is real provisioning value, but the audience is narrower (org admins, one-time setup) than the per-run scripting primitives, and the `fj api -X PUT /orgs/.../actions/secrets/...` escape hatch works today. ## Reason Every secret/variable call is hard-wired to the repo path: `list_secrets`/`set_secret`/`list_variables`/`set_variable`/`delete_variable` all build `crate::api::repo_path(owner, name)` + `/actions/...` (`src/api/workflow_secrets.rs`). The CLI args carry only `RepoFlag` with no scope selector (`src/cli/workflow_secret.rs:29-61`), and `var`/`secret` share those args via `workflow_variable.rs`. Forgejo exposes the org surface at the mirror paths, so the gap is purely on the fj side; no new verbs, no new auth, rendering unchanged. ## Acceptance - [ ] `fj secret list/set/delete --org <name>` and `fj variable list/set/delete --org <name>` target `/orgs/{org}/actions/...`. - [ ] `--org` is mutually exclusive with repo scope; default stays repo scope inferred from the remote. - [ ] (Optional) `--user` scope for user-level secrets/variables. - [ ] Table and JSON rendering unchanged across scopes. - [ ] Wiremock coverage in `src/client/integration_tests.rs` for the org-scoped paths. - [ ] `cargo fmt --check`, `cargo clippy --all-targets --all-features -- -D warnings`, and `cargo test --all` pass. ## Dependencies None. The hand-rolled `fj api` workaround for this also re-exposes the stdin gap in rasterstate/fj#126. ## Size M

stephen added the

backlog

p3

labels 2026-06-11 00:58:25 +00:00

stephen referenced this issue 2026-06-11 00:58:38 +00:00

fj secret / fj variable are repo-only: no --org scope for shared CI credentials #127

stephen referenced this issue from a pull request that will close it, 2026-06-11 02:14:43 +00:00

fj secret/variable: add --org scope for shared CI credentials #148

stephen closed this issue 2026-06-11 02:28:27 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

wip/claude-1/rasterstate-fj

feat/166-lock-unlock

wip/codex-4/rasterstate-fj

feat/168-rerun-failed

feat/169-repo-collaborator

feat/172-create-template

feat/164-pr-merge-auto

wip/claude-2/rasterstate-fj

feat/170-list-filters

feat/171-color-control

feat/165-pr-create-fill

feat/165-pr-create-fill-codex

wip/claude-3/rasterstate-fj

wip/codex-2/rasterstate-fj

fix/123-extend-friendly-errors-409-422

fix/159-merge-reason

wip/claude-4/rasterstate-fj

fix/158-issue-add-assignee-endpoint

fix/147b-keychain-noentry-fallback

feat/147-file-token-store

feat/133-release-scripting

feat/139-workflow-run-handle

feat/140-body-file

fix/pr-comment-test-green

wip/codex-3/rasterstate-fj

feat/137-org-secrets-vars

feat/132-tag-branch-refs

feat/138-run-list-filters

feat/131-pr-comment-edit

feat/134-error-ux-exit-codes

feat/136-api-body-input

feat/135-run-exit-status

feat/113-pr-list-filters

fix/111-list-paginate

fix/112-json-readonly

feat/114-pr-labels

fix/115-version-pipe

fix/91-runlog-auth-error

feat/98-issue-edit-labels

fix/96-keychain-fallback

feat/97-issue-create-labels

fix/99-readme-json-global

fix/alias-quoted-args

fix/remote-scp-colon-owner

harden/hostname-validation

fix/json-path-numeric-object-keys

fix/debug-body-preview-utf8-panic

wip/codex-1/rasterstate-fj

readme-drop-github

feat/stack-review-enriched

feat/stack-sync

feat/stack-new-real

feat/work-context-enriched

feat/agent-review-impl

feat/agent-explain-impl

feat/agent-provider

feat/stack-review

feat/stack-new

feat/work-continue

feat/work-resume-session

feat/work-context-impl

feat/work-stack-agent-commands

adopt-fjord-actions

ci/coverage-strict-gate

refactor/coverage-region-exclude

refactor/converge-json-path

refactor/split-client-resolve

test/api-coverage-round4

test/api-coverage-round3

test/cov-ignore-drift-guard

test/e2e-smoke-coverage

test/command-tree-guard

refactor/split-workflow-artifacts

chore/coverage-intent-config

test/api-label-milestone-hook

test/output-and-repo-core

refactor/split-issue-comments

refactor/split-repo-social

refactor/split-pr-module

test/api-wiremock

test/backfill-pure-helpers

cleanup/hoist-truncate-human-size

feat/run-download-and-workflow-list

feat/parity-followups

feat/actions-logs-and-gh-parity

sso-pat-guidance

test/observability-smoke

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

backlog

Accepted but not scheduled

  

blocked

Blocked or stalled waiting on external progress

  

converted

Converted into tracked work

  

opportunity

Potential product or business opportunity

  

p1

Priority 1

  

p2

Priority 2

  

p3

Priority 3

  

parked

Paused intentionally until later

No labels

backlog

blocked

converted

opportunity

p1

p2

p3

parked

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

rasterstate/fj#137

No description provided.