How to Sign Up for Spacelift
Problem
You’ve been asked to signup for the Spacelift service and you’re not sure which plan to choose or where to go next. You have questions on pricing and want to better understand your options. You already use GitHub Actions, or some other CI/CD platform and want to understand why you need yet another platform.
Solution
Signup for any trial Spacelift account and it will automatically be enabled as an Enterprise Trial. We’ll request via our partern-channel that Spacelift bump it up to an extended Enterprise Trial, while you work with them to reach a fair price.
GitHub Organizations
https://spacelift.io/free-trial
After signing up using your GitHub account, you should be prompted to install the Spacelift GitHub App.
Or install it by going here:
https://github.com/apps/spacelift-io/installations/new
https://github.com/apps/spacelift-io
GitLab Organizations
For organizations running GitLab, register with your work email address instead.
https://spacelift.io/free-trial
Once you’ve signed up for the Spacelift trial, we’ll configure GitLab as source control integration. To learn more about setting up the GitLab integration, see the https://docs.spacelift.io/integrations/source-control/gitlab integration documentation.
Signup Process
Sign up for Spacelift after the cold start components and vpc
component have been provisioned in the automation account
-
Sign up https://spacelift.io/free-trial
-
Install Spacelift GitHub app into the customer GitHub organization
-
Once the app is installed into the customer GitHub organization, the GitHub organization admin will receive an email from Spacelift
-
Click on the link in the email from Spacelift
-
After the Spacelift app has been installed and enabled, only the integration creator (the admin of the customer GitHub org) gets administrative permissions by default, so all other users and administrators must be granted their access using a login policy.
-
Add the following login policy.
-
Click
Policies
at the top -
Click
Add Policies
-
Set a name like
Login Policy
-
Change the policy type to
Login policy
-
Copy and paste the policy below
-
Change the
user_collaborators
to the customer github org -
Add any additional
admin_collaborators
from the Cloud Posse team -
Add the names of the Cloud Posse
CLOUDPOSSE-CASE-SENSITIVE-TEAM-NAME
and non cloudposseYOUR-CASE-SENSITIVE-TEAM-NAME
team names. -
Finally, click
Create Policy
package spacelift
# See https://docs.spacelift.io/concepts/policy/login-policy for implementation details.
# Note: Login policies don't affect GitHub organization or SSO admins.
# Note 2: Enabling SSO requires that all users have an IdP (G Suite) account, so we'll just use
# GitHub authentication in the meantime while working with external collaborators.
# Map session input data to human friendly variables to use in policy evaluation
username := input.session.login
member_of := input.session.teams
github_org := input.session.member
# Define GitHub usernames of non-github_org org external collaborators with admin vs. user access
admin_collaborators := { "osterman", "aknysh", "Nuru", "nitrocode" } # case sensitive names of collaborators
user_collaborators := { "Customer Github Org" } # case sensitive name of the github org
# Grant admin access to github_org org members in the non cloud posse case-sensitive team
# Do not use the slug here, use the name shown in github.com/org/teams
admin {
github_org
member_of[_] == "YOUR-CASE-SENSITIVE-TEAM-NAME"
}
# Grant admin access to github_org org members in the Cloud Posse group
# Do not use the slug here, use the name shown in github.com/org/teams
admin {
github_org
member_of[_] == "CLOUDPOSSE-CASE-SENSITIVE-TEAM-NAME"
}
# Grant admin access to non-github_org org accounts in the admin_collaborators set
admin {
# not github_org
admin_collaborators[username]
}
# Grant user access to accounts in the user_collaborators set
allow {
# not github_org
user_collaborators[username]
}
# Deny access to any non-github_org org accounts who aren't defined in external collaborators sets
deny {
not github_org
not user_collaborators[username]
not admin_collaborators[username]
} -
Verify Cloud Posse users have administrative access
-
Create an administrative api key
-
Click the three horizontal bars on the top right hand corner
-
Click
Settings
-
Click
API KEYS
-
Click
Add new API Key
-
Give it a name like
Spacelift worker pool API admin key
-
Enable
Admin
-
Click
Add Key
-
A file will download. Save the contents to our shared 1Password vault. This will give us the
key_secret
and thetoken
. -
Also share the 16 character string next to the name of the key which gives us the
key_id
.
After signing up and following the above steps, let our team know what your Spacelift account slug is and we’ll get it upgraded to an Enterprise trial via our partner channels with Spacelift.