Fork me on GitHub

Hey Folks, Has anyone solved the problem of allowing project contributors the ability to publish a snapshot version of a project's jar (automatically in circleci/travis etc) in clojars without giving them the keys to the kingdom? We have a "deploy_snapshot" task in circleci that only works when members of our organization submit a PR. When those outside our org submit a PR, it fails at that step because circleci does not provide their build with the clojars credentials.


@cddr what doesn't work in the current situation? It sounds like what you've got is working?


So when members of funding circle submit a PR to jackdaw, circleci publishes a snapshot build to clojars. This is helpful because we can deploy an app that uses the snapshot build into our test environments to make sure that the change is good. But when folks who are not members of the org publish a PR (e.g. circleci does not expose the clojars credentials to that build so the publish fails. I was wondering if it would be possible (or even desirable -- maybe it's a huge security risk) to allow PRs to publish snapshot builds initiated by outside users without giving them permission to publish proper releases. I think the workaround suggested by @andrea.crotti is that they could update the project.clj in their fork to publish under their own clojars group.