• Stars
    star
    100
  • Rank 340,703 (Top 7 %)
  • Language
    Go
  • License
    MIT License
  • Created over 3 years ago
  • Updated 12 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Spacelift client and CLI

spacectl, the Spacelift CLI

spacectl is a utility wrapping Spacelift's GraphQL API for easy programmatic access in command-line contexts - either in manual interactive mode (in your local shell), or in a predefined CI pipeline (GitHub actions, CircleCI, Jenkins etc).

Its primary purpose is to help you explore and execute actions inside Spacelift. It provides limited functionality for creating or editing resources. To do that programatically, you can use the Spacelift Terraform Provider.

Installation

Officially supported packages

Officially supported packages are maintained by Spacelift and are the preferred ways to install spacectl

Homebrew

You can install spacectl using Homebrew on MacOS or Linux:

brew install spacelift-io/spacelift/spacectl

Windows

You can install spacectl using winget:

winget install spacectl

or

winget install --id spacelift-io.spacectl

Docker image

spacectl is distributed as a Docker image, which can be used as follows:

docker run -it --rm ghcr.io/spacelift-io/spacectl stack deploy --id my-infra-stack

Don't forget to add the required environment variables in order to authenticate.

asdf

asdf plugin add spacectl
asdf install spacectl latest
asdf global spacectl latest

GitHub Release

Alternatively, spacectl is distributed through GitHub Releases as a zip file containing a self-contained statically linked executable built from the source in this repository. Binaries can be download directly from the Releases page.

Usage on GitHub Actions

We have setup-spacectl GitHub Action that can be used to install spacectl:

steps:
  - name: Install spacectl
    uses: spacelift-io/setup-spacectl@main
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  - name: Deploy infrastructure
    env:
      SPACELIFT_API_KEY_ENDPOINT: https://mycorp.app.spacelift.io
      SPACELIFT_API_KEY_ID: ${{ secrets.SPACELIFT_API_KEY_ID }}
      SPACELIFT_API_KEY_SECRET: ${{ secrets.SPACELIFT_API_KEY_SECRET }}
    run: spacectl stack deploy --id my-infra-stack

Community supported packages

Disclaimer: These packages are community-maintained, please verify the package integrity yourself before using them to install or update spacectl.

Arch linux

Install spacectl-bin from the Arch User Repository (AUR):

yay -S spacectl-bin

Please make sure to verify the PKGBUILD before installing/updating.

Alpine linux

Install spacectl from the Alpine Repository (alpine packages):

apk add spacectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing

Please make sure to verify the APKBUILD before installing/updating.

Quick Start

Authenticate using spacectl profile login:

> spacectl profile login my-account
Enter Spacelift endpoint (eg. https://unicorn.app.spacelift.io/): http://my-account.app.spacelift.tf
Select authentication flow:
  1) for API key,
  2) for GitHub access token,
  3) for login with a web browser
Option: 3

Use spacectl 🚀:

> spacectl stack list
Name                          | Commit   | Author        | State     | Worker Pool | Locked By
stack-1                       | 1aa0ef62 | Adam Connelly | NONE      |             |
stack-2                       | 1aa0ef62 | Adam Connelly | DISCARDED |             |

Getting Help

To list all the commands available, use spacectl help:

> spacectl help
NAME:
   spacectl - Programmatic access to Spacelift GraphQL API.

USAGE:
   spacectl [global options] command [command options] [arguments...]

VERSION:
   0.26.0

COMMANDS:
   module                   Manage a Spacelift module
   profile                  Manage Spacelift profiles
   provider                 Manage a Terraform provider
   run-external-dependency  Manage Spacelift Run external dependencies
   stack                    Manage a Spacelift stack
   whoami                   Print out logged-in users information
   version                  Print out CLI version
   workerpool               Manages workerpools and their workers
   help, h                  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help
   --version, -v  print the version

To get help about a particular command or subcommand, use the -h flag:

> spacectl profile -h
NAME:
   spacectl profile - Manage Spacelift profiles

USAGE:
   spacectl profile command [command options] [arguments...]

COMMANDS:
     current       Outputs your currently selected profile
     export-token  Prints the current token to stdout. In order not to leak, we suggest piping it to your OS pastebin
     list          List all your Spacelift account profiles
     login         Create a profile for a Spacelift account
     logout        Remove Spacelift credentials for an existing profile
     select        Select one of your Spacelift account profiles
     help, h       Shows a list of commands or help for one command

OPTIONS:
   --help, -h  show help (default: false)

Example

The following screencast shows an example of using spacectl to run a one-off task in Spacelift:

asciicast

Authentication

spacectl is designed to work in two different contexts - a non-interactive scripting mode (eg. external CI/CD pipeline) and a local interactive mode, where you type commands into your shell. Because of this, it supports two types of credentials - environment variables and user profiles.

We refer to each method of providing credentials as "credential providers" (like AWS), and details of each method are documented in the following sections.

Authenticating using environment variables

The CLI supports the following authentication methods via the environment:

spacectl looks for authentication configurations in the order specified above, and will stop as soon as it finds a valid configuration. For example, if a Spacelift API token is specified, GitHub tokens and Spacelift API keys will be ignored, even if their environment variables are specified.

Spacelift API tokens

Spacelift API tokens can be specified using the SPACELIFT_API_TOKEN environment variable. When this variable is found, the CLI ignores all the other authentication environment variables because the token contains all the information needed to authenticate.

NOTE: API tokens are generally short-lived and will need to be re-created often.

GitHub tokens

GitHub tokens are only available to accounts that use GitHub as their identity provider, but are very convenient for use in GitHub actions. To use a GitHub token, set the following environment variables:

  • SPACELIFT_API_KEY_ENDPOINT - the URL to your Spacelift account, for example https://mycorp.app.spacelift.io.
  • SPACELIFT_API_GITHUB_TOKEN - a GitHub personal access token.

Spacelift API keys

To use a Spacelift API key, set the following environment variables:

  • SPACELIFT_API_KEY_ENDPOINT - the URL to your Spacelift account, for example https://mycorp.app.spacelift.io.
  • SPACELIFT_API_KEY_ID - the ID of your Spacelift API key. Available via the Spacelift application.
  • SPACELIFT_API_KEY_SECRET - the secret for your API key. Only available when the secret is created.

More information about API authentication can be found at https://docs.spacelift.io/integrations/api#authenticating-with-the-api.

Authenticating using account profiles

In order to make working with multiple Spacelift accounts easy in interactive scenarios, Spacelift supports account management through the profile family of commands:

❯ spacectl profile
NAME:
   spacectl profile - Manage Spacelift profiles

USAGE:
   spacectl profile command [command options] [arguments...]

COMMANDS:
     current       Outputs your currently selected profile
     export-token  Prints the current token to stdout. In order not to leak, we suggest piping it to your OS pastebin
     list          List all your Spacelift account profiles
     login         Create a profile for a Spacelift account
     logout        Remove Spacelift credentials for an existing profile
     select        Select one of your Spacelift account profiles
     help, h       Shows a list of commands or help for one command

OPTIONS:
   --help, -h  show help (default: false)

Each of the subcommands requires an account alias, which is a short, user-friendly name for each set of credentials (account profiles). Profiles don't need to be unique - you can have multiple sets of credentials for a single account too.

Account profiles support three authentication methods:

  • GitHub access tokens
  • API keys
  • Login with a browser (API token).

In order to authenticate to your first profile, type in the following (make sure to replace ${MY_ALIAS} with the actual profile alias):

❯ spacectl profile login ${MY_ALIAS}
Enter Spacelift endpoint (eg. https://unicorn.app.spacelift.io/):

In the next step, you will be asked to choose which authentication method you are going to use. Note that if your account is using SAML-based SSO authentication, then API keys and login with a browser are your only options. After you're done entering credentials, the CLI will validate them against the server, and assuming that they're valid, will persist them in a credentials file in .spacelift/${MY_ALIAS}. It will also create a symlink in ${HOME}/.spacelift/current pointing to the current profile.

By default the login process is interactive, however, if that does not fit your workflow, the steps can be predefined using flags, for example:

❯ spacectl profile login --method browser --endpoint https://unicorn.app.spacelift.io local-test

You can switch between account profiles by using spacectl profile select ${MY_ALIAS}. What this does behind the scenes is point ${HOME}/.spacelift/current to the new location. You can also delete stored credetials for a given profile by using the spacectl profile logout ${MY_ALIAS} command.

Releasing

To release a new version of spacectl, tag the repo and then push that tag. For example:

git tag -a v0.24.2 -m"Releasing v0.24.2"
git push origin v0.24.2

After the tag is pushed, the release workflow will trigger and will automatically publish a new GitHub release.

Once the release workflow is done, go to the winget-pkgs repository and submit a pull request for the release version.

More Repositories

1

terraform-provider-spacelift

Terraform provider to interact with Spacelift
Go
44
star
2

spacelift-policies-example-library

A library of example Spacelift policies
Open Policy Agent
42
star
3

spacelift-migration-kit

Helper to move from various tools to Spacelift
HCL
29
star
4

terraform-starter

Starter repository to play with Spacelift
HCL
26
star
5

spacelift-helm-charts

Smarty
13
star
6

terragrunt-starter

Starter repository to play with Spacelift + Terragrunt
HCL
13
star
7

terraform-provider-smtp

Trivial provider to send emails using the SMTP protocol
Go
11
star
8

spacelift-worker-image

Building Spacelift-friendly image for private workers
HCL
11
star
9

user-documentation

Spacelift User Documentation
HTML
7
star
10

terraform-aws-spacelift-workerpool-on-ec2

Terraform module deploying a Spacelift worker pool on AWS EC2 using an autoscaling group
HCL
7
star
11

onboarding

HCL
5
star
12

runner-terraform

Spacelift runner image for Terraform
Dockerfile
5
star
13

terraform-spacelift-stack

Creates a Spacelift stack and supporting resources.
HCL
5
star
14

prometheus-exporter

A Prometheus exporter for scraping Spacelift metrics.
Go
4
star
15

aws-cli-alpine

AWS CLI v2 Docker image built on Alpine 🐳
Dockerfile
4
star
16

terraform-spacelift-msteams

Policy-based integration between Spacelift and Microsoft Teams
Open Policy Agent
4
star
17

terraform-azure-spacelift-workerpool

HCL
3
star
18

vcs-agent

Go
3
star
19

github.packages.tf

Bridge between GitHub Releases and Terraform
TypeScript
3
star
20

setup-spacectl

A GitHub Action to install spacectl 🚀
TypeScript
3
star
21

spcontext

Go
2
star
22

demo-preview-environments-manager

HCL
2
star
23

spacelift-operator

A Kubernetes operator to manage Spacelift resources
Go
2
star
24

kmsjwt

KMS implementation of `jwt.SigningMethod`
Go
1
star
25

signed-run-reference-implementation

Reference implementation for Spacelift signed runs
Open Policy Agent
1
star
26

homework-object-storage

Dockerfile
1
star
27

local-worker-pool

Run a worker pool locally with Docker Compose
1
star
28

runner-serverless

Spacelift image for serverless.
Dockerfile
1
star
29

runner-ansible

Dockerfile
1
star
30

homebrew-spacelift

Spacelift Homebrew Tap
Ruby
1
star
31

runner-pulumi

Spacelift runner image for Pulumi
Dockerfile
1
star
32

ec2-workerpool-autoscaler

"Manual" autoscaler for the AWS EC2-based Spacelift worker pool
Go
1
star
33

demo-preview-environments-service

JavaScript
1
star
34

homework-object-storage-ws

Dockerfile
1
star
35

terraform-spacelift-example

Example Module which creates a bit of Spacelift infrastructure.
HCL
1
star
36

update-file-action

Create/Update/Delete a file in a repository other than the current one.
JavaScript
1
star
37

pulumi-spacelift

Pulumi provider to interact with Spacelift
Python
1
star