miel.truyen/nx
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

docs(nx-cloud): add new documentation for PATs and emphasise Access Tokens are for CI (#27227)

Browse Source 
- adds a new Personal Access Tokens page
- updates the existing Access Tokens page to emphasise they're more for
CI
- adds `nx-cloud login` reference
- adds `nx-cloud configure` reference

---------

Co-authored-by: lourw <56288712+lourw@users.noreply.github.com>
This commit is contained in:
Johanna Pearce 2024-09-05 22:38:55 +01:00 committed by GitHub
parent 3d8c3ed4b5
commit a3c2db8b85
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 301 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/generated/cli/login.md
View File

@ -1,11 +1,11 @@
---
title: 'login - CLI command'
description: 'Login to Nx Cloud.'
description: 'Login to Nx Cloud. This command is an alias for [`nx-cloud login`](/ci/reference/nx-cloud-cli#npx-nxcloud-login).'
---
# login
Login to Nx Cloud.
Login to Nx Cloud. This command is an alias for [`nx-cloud login`](/ci/reference/nx-cloud-cli#npx-nxcloud-login).
## Usage

4
docs/generated/cli/logout.md
View File

@ -1,11 +1,11 @@
---
title: 'logout - CLI command'
description: 'Logout from Nx Cloud.'
description: 'Logout from Nx Cloud. This command is an alias for [`nx-cloud logout`](/ci/reference/nx-cloud-cli#npx-nxcloud-logout).'
---
# logout
Logout from Nx Cloud.
Logout from Nx Cloud. This command is an alias for [`nx-cloud logout`](/ci/reference/nx-cloud-cli#npx-nxcloud-logout).
## Usage

39
docs/generated/manifests/ci.json
View File

@ -560,7 +560,7 @@
},
{
"id": "access-tokens",
"name": "Access Tokens",
"name": "CI Access Tokens",
"description": "",
"mediaImage": "",
"file": "nx-cloud/recipes/access-tokens",
@ -569,6 +569,17 @@
"path": "/ci/recipes/security/access-tokens",
"tags": []
},
{
"id": "personal-access-tokens",
"name": "Personal Access Tokens",
"description": "",
"mediaImage": "",
"file": "nx-cloud/recipes/personal-access-tokens",
"itemList": [],
"isExternal": false,
"path": "/ci/recipes/security/personal-access-tokens",
"tags": []
},
{
"id": "encryption",
"name": "Enable End to End Encryption",
@ -1056,7 +1067,7 @@
},
{
"id": "access-tokens",
"name": "Access Tokens",
"name": "CI Access Tokens",
"description": "",
"mediaImage": "",
"file": "nx-cloud/recipes/access-tokens",
@ -1065,6 +1076,17 @@
"path": "/ci/recipes/security/access-tokens",
"tags": []
},
{
"id": "personal-access-tokens",
"name": "Personal Access Tokens",
"description": "",
"mediaImage": "",
"file": "nx-cloud/recipes/personal-access-tokens",
"itemList": [],
"isExternal": false,
"path": "/ci/recipes/security/personal-access-tokens",
"tags": []
},
{
"id": "encryption",
"name": "Enable End to End Encryption",
@ -1094,7 +1116,7 @@
},
"/ci/recipes/security/access-tokens": {
"id": "access-tokens",
"name": "Access Tokens",
"name": "CI Access Tokens",
"description": "",
"mediaImage": "",
"file": "nx-cloud/recipes/access-tokens",
@ -1103,6 +1125,17 @@
"path": "/ci/recipes/security/access-tokens",
"tags": []
},
"/ci/recipes/security/personal-access-tokens": {
"id": "personal-access-tokens",
"name": "Personal Access Tokens",
"description": "",
"mediaImage": "",
"file": "nx-cloud/recipes/personal-access-tokens",
"itemList": [],
"isExternal": false,
"path": "/ci/recipes/security/personal-access-tokens",
"tags": []
},
"/ci/recipes/security/encryption": {
"id": "encryption",
"name": "Enable End to End Encryption",

30
docs/generated/manifests/menus.json
View File

@ -5694,13 +5694,21 @@
"disableCollapsible": false
},
{
"name": "Access Tokens",
"name": "CI Access Tokens",
"path": "/ci/recipes/security/access-tokens",
"id": "access-tokens",
"isExternal": false,
"children": [],
"disableCollapsible": false
},
{
"name": "Personal Access Tokens",
"path": "/ci/recipes/security/personal-access-tokens",
"id": "personal-access-tokens",
"isExternal": false,
"children": [],
"disableCollapsible": false
},
{
"name": "Enable End to End Encryption",
"path": "/ci/recipes/security/encryption",
@ -6056,13 +6064,21 @@
"disableCollapsible": false
},
{
"name": "Access Tokens",
"name": "CI Access Tokens",
"path": "/ci/recipes/security/access-tokens",
"id": "access-tokens",
"isExternal": false,
"children": [],
"disableCollapsible": false
},
{
"name": "Personal Access Tokens",
"path": "/ci/recipes/security/personal-access-tokens",
"id": "personal-access-tokens",
"isExternal": false,
"children": [],
"disableCollapsible": false
},
{
"name": "Enable End to End Encryption",
"path": "/ci/recipes/security/encryption",
@ -6083,13 +6099,21 @@
"disableCollapsible": false
},
{
"name": "Access Tokens",
"name": "CI Access Tokens",
"path": "/ci/recipes/security/access-tokens",
"id": "access-tokens",
"isExternal": false,
"children": [],
"disableCollapsible": false
},
{
"name": "Personal Access Tokens",
"path": "/ci/recipes/security/personal-access-tokens",
"id": "personal-access-tokens",
"isExternal": false,
"children": [],
"disableCollapsible": false
},
{
"name": "Enable End to End Encryption",
"path": "/ci/recipes/security/encryption",

4
docs/generated/packages/nx/documents/login.md
View File

@ -1,11 +1,11 @@
---
title: 'login - CLI command'
description: 'Login to Nx Cloud.'
description: 'Login to Nx Cloud. This command is an alias for [`nx-cloud login`](/ci/reference/nx-cloud-cli#npx-nxcloud-login).'
---
# login
Login to Nx Cloud.
Login to Nx Cloud. This command is an alias for [`nx-cloud login`](/ci/reference/nx-cloud-cli#npx-nxcloud-login).
## Usage

4
docs/generated/packages/nx/documents/logout.md
View File

@ -1,11 +1,11 @@
---
title: 'logout - CLI command'
description: 'Logout from Nx Cloud.'
description: 'Logout from Nx Cloud. This command is an alias for [`nx-cloud logout`](/ci/reference/nx-cloud-cli#npx-nxcloud-logout).'
---
# logout
Logout from Nx Cloud.
Logout from Nx Cloud. This command is an alias for [`nx-cloud logout`](/ci/reference/nx-cloud-cli#npx-nxcloud-logout).
## Usage

7
docs/map.json
View File

@ -1766,10 +1766,15 @@
"file": "nx-cloud/recipes/google-auth"
},
{
"name": "Access Tokens",
"name": "CI Access Tokens",
"id": "access-tokens",
"file": "nx-cloud/recipes/access-tokens"
},
{
"name": "Personal Access Tokens",
"id": "personal-access-tokens",
"file": "nx-cloud/recipes/personal-access-tokens"
},
{
"name": "Enable End to End Encryption",
"id": "encryption",

10
docs/nx-cloud/concepts/cache-security.md
View File

@ -22,9 +22,15 @@ If a malicious actor were able to modify the cache and those output files were t
In order to keep your cache secure, there are a few steps we recommend you take:
### Specify a Read-Only Token in `nx.json`
### Use Personal Access Tokens to Provide Fine-Grained Access Control for Local Development
The [token you specify](/ci/recipes/security/access-tokens) for the `nxCloudAccessToken` property in `nx.json` is visible to anyone who can view your codebase. If this token was a read-write token someone who doesn't even have permission to create a PR could still add entries to the remote cache, which would then be used on other developer's machines and in CI.
When you use a [personal access token](/ci/recipes/security/personal-access-tokens) to connect to Nx Cloud, you can control the level of access that your developers have to the cache after they authenticate by logging in. By default, all personal access tokens have read-only access to the cache. If you need to give a developer write access to the cache, you can do so in the workspace settings of the Nx Cloud UI.
You can strengthen your workspace security further by revoking all access to the cache for unauthenticated users. This is done by changing the ID Access Level in your workspace settings. By default this is set to `read-only`, but you can change it to `none` to prevent all access.
### Avoid using CI Access Tokens in `nx.json`
While you can [specify a token](/ci/recipes/security/access-tokens) with the `nxCloudAccessToken` property in `nx.json`, this is visible to anyone who can view your codebase. A read-write token would give someone who may not even have permission to create a PR the access to add entries to the remote cache, which would then be used on other developer's machines and in CI. We recommend you restrict CI Access Tokens to CI use only and rely on [personal access tokens](/ci/recipes/security/personal-access-tokens) for local development instead.
### Use a Read-Write Token in CI

36
docs/nx-cloud/recipes/access-tokens.md
View File

@ -1,31 +1,31 @@
# Nx CLI and Access Tokens
# Nx CLI and CI Access Tokens
The permissions and membership define what developers can access on [Nx Cloud](https://nx.app). They don't affect what happens when you run Nx commands locally or on CI. To manage that, you need to provision access tokens. To do that, go to Workspace Options / Manage Access Tokens.
The permissions and membership define what developers can access on nx.app but they don't affect what happens when you run Nx commands in CI. To manage that, you need to provision CI access tokens in Workspace settings / Manage CI access tokens.
## Types of Access Tokens
## Access Types
{% callout type="warning" title="Use Caution With Read-Write Tokens" %}
Read-write tokens allow full write access to your remote cache. They should only be used in trusted environments. For instance, open source projects should only use read-write tokens as secrets configured for protected branches (e.g, main). Read-only tokens should be used in all other cases.
Read-write tokens allow full write access to your remote cache. They should only be used in trusted environments.
{% /callout %}
There are currently two (2) types of Access Tokens for Nx Cloud's runner that you can use on your workspace. Both tokens support distributed task execution and allow Nx Cloud to store metadata about runs.
There are currently two (2) types of CI Access Token for Nx Cloud's runner that you can use with your workspace. Both support distributed task execution and allow Nx Cloud to store metadata about runs.
- `read-only`
- `read-write`
### Access Tokens: Read Only
### Read Only Access
The `read-only` access tokens will only read from the remote cache. Task results will not be stored in the remote cache for other developers to use.
The `read-only` access tokens will only read from the remote cache. Task results will not be stored in the remote cache for other machines or CI pipelines to use.
### Access Tokens: Read & Write
### Read & Write Access
The `read-write` access tokens allows task results to be stored in the remote cache for other developers to download and replay on their machines.
The `read-write` access tokens allows task results to be stored in the remote cache for other other machines or CI pipelines to download and replay.
## Setting Access Tokens
## Setting CI Access Tokens
Let's see how access tokens work.
You can configure an access token in CI by setting the `NX_CLOUD_ACCESS_TOKEN` environment variable. `NX_CLOUD_ACCESS_TOKEN` takes precedence over any value in your `nx.json`.
If you open your `nx.json`, you will see something like this:
We do not recommend that you commit an access token to your repository but older versions of Nx do support this and if you open your `nx.json`, you may see something like this:
{% tabs %}
{% tab label="Nx >= 17" %}
@ -40,7 +40,8 @@ If you open your `nx.json`, you will see something like this:
{% tab label="Nx < 17" %}
```json
"tasksRunnerOptions": {
{
"tasksRunnerOptions": {
"default": {
"runner": "nx-cloud",
"options": {
@ -48,16 +49,15 @@ If you open your `nx.json`, you will see something like this:
}
}
}
}
```
{% /tab %}
{% /tabs %}
If you remove the `nxCloudAccessToken` or `accessToken` property from the configuration, the runner will run all commands as if you were not connected to Nx Cloud. This essentially turns off Nx Cloud.
## Setting a Different Access Token in CI
You can also configure the access token by setting the `NX_CLOUD_ACCESS_TOKEN` environment variable. `NX_CLOUD_ACCESS_TOKEN` takes precedence over the `accessToken` property. It's common to have a read-only token stored in `nx.json` and a read-write token set via `NX_CLOUD_ACCESS_TOKEN` in CI.
{% callout type="warning" title="Nx Cloud authentication is changing" %}
From Nx 19.7 new workspaces are connected to Nx Cloud with a property called `nxCloudId` instead, and we recommend developers use [`nx-cloud login`](/ci/reference/nx-cloud-cli#npx-nxcloud-login) to provision their own local [personal access tokens](/ci/recipes/security/personal-access-tokens).
{% /callout %}
## Using `nx-cloud.env`

55
docs/nx-cloud/recipes/personal-access-tokens.md Normal file
View File

@ -0,0 +1,55 @@
# Nx Cloud and Personal Access Tokens
From Nx 19.7 repositories are connected to Nx Cloud via a property in `nx.json` called `nxCloudId`. By default this value allows anyone who clones the repository `read-only` access to Nx Cloud features for that workspace. These permissions can be updated in the workspace settings. To disallow access to anonymous users or allow `read-write` access to known users it is required that all users provision their own personal access token. To do that they need to use [`npx nx-cloud login`](/ci/reference/nx-cloud-cli#npx-nxcloud-login).
{% callout type="warning" title="Personal Access Tokens require the `nxCloudId` field in `nx.json`" %}
Ensure that you have the `nxCloudId` property in your `nx.json` file to connect to Nx Cloud with a Personal Access Token. If you have been using `nxCloudAccessToken`, you can convert it to `nxCloudId` by running [`npx nx-cloud convert-to-nx-cloud-id`](/ci/reference/nx-cloud-cli#npx-nxcloud-converttonxcloudid).
{% /callout %}
{% tabs %}
{% tab label="Nx >= 19.7" %}
```json {% fileName="nx.json" %}
{
"nxCloudId": "SOMEID"
}
```
{% /tab %}
{% tab label="Nx <= 19.6" %}
```json {% fileName="nx.json" %}"
"tasksRunnerOptions": {
"default": {
"runner": "nx-cloud",
"options": {
"nxCloudId": "SOMEID"
}
}
}
```
To utilize personal access tokens and Nx Cloud ID with Nx <= 19.6, the nx-cloud npm package is also required to be installed in your workspaces `package.json`.
```json {% fileName="package.json" %}"
{
"devDependencies": {
"nx-cloud": "latest"
}
}
```
{% /tab %}
{% /tabs %}
## Personal Access Tokens (PATs)
When you run [`npx nx-cloud login`](/ci/reference/nx-cloud-cli#npx-nxcloud-login) you will be directed to the Nx Cloud app where you will be required to create an account and login. A new personal access token will be provisioned and saved in a local configuration file in your home folder (the location of this will be displayed when login is complete and varies depending on OS).
## Permissions
By default all personal access tokens have `read-only` local access to Nx Cloud features for the workspace in which that user is a member. This can be updated to `read-write` in the workspace settings if required, although it is typical for local access to be restricted to `read-only`.
## Better Security
Without an access token committed to your `nx.json` file you gain more fine-grained control over who has access to your cache artifacts and who can utilise Nx Cloud features that you pay for. When you remove a member from your organization they will immediately lose access to all Nx Cloud features saving you the trouble of needing to cycle any tokens you were previously committing to the repository.

45
docs/nx-cloud/reference/config.md
View File

@ -2,6 +2,47 @@
The Nx Cloud runner is configured in `nx.json`.
{% tabs %}
{% tab label="Nx >= 19.7" %}
```json {% fileName="nx.json" %}
{
"nxCloudId": "SOMEID"
}
```
{% /tab %}
{% tab label="Nx <= 19.6" %}
```json {% fileName="nx.json" %}"
"tasksRunnerOptions": {
"default": {
"runner": "nx-cloud",
"options": {
"nxCloudId": "SOMEID"
}
}
}
```
To utilize personal access tokens and Nx Cloud ID with Nx <= 19.6, the nx-cloud npm package is also required to be installed in your workspaces `package.json`.
```json {% fileName="package.json" %}"
{
"devDependencies": {
"nx-cloud": "latest"
}
}
```
{% /tab %}
{% /tabs %}
## CI Access Tokens
CI Access Tokens are used in CI environments to provide read-write privileges for pipelines. They should not be committed to source control and should instead be exposed as CI environment secrets.
You can configure CI Access Tokens as environment variables (`NX_CLOUD_AUTH_TOKEN` and `NX_CLOUD_ACCESS_TOKEN` are aliases of each other) or define them in `nx.json` as follows:
{% tabs %}
{% tab label="Nx >= 17" %}
@ -50,10 +91,6 @@ This can be useful for debugging unexpected cache misses, and issues with on-pre
`NX_VERBOSE_LOGGING` is often enabled in CI globally while debugging your CI setups.
## Access Tokens
`NX_CLOUD_AUTH_TOKEN` and `NX_CLOUD_ACCESS_TOKEN` are aliases of each other. This configuration allows you to override the access token set in `nx.json`. It is often enabled in CI to provide read-write privileges where only a read token is committed to the workspace's `nx.json`.
## Enabling End-to-End Encryption
All communication with Nx Clouds API and cache is completed over HTTPS, but you can optionally enable e2e encryption by providing a secret key through `nx.json` or the `NX_CLOUD_ENCRYPTION_KEY` environment variable.

128
docs/nx-cloud/reference/nx-cloud-cli.md
View File

@ -1,15 +1,77 @@
# `nx-cloud` CLI
## npx nx-cloud login
To provision a local personal access token to access Nx Cloud features run `npx nx-cloud login`. This will open your browser to the Nx Cloud application and after signing in will generate a personal access token and save it in a configuration file locally called `nxcloud.ini`.
{% tabs %}
{% tab label="macOS & Linux" %}
We look for this file at the following locations:
- `$XDG_CONFIG_HOME/nxcloud/nxcloud.ini`
- `$HOME/config/nxcloud/nxcloud.ini`
- `$HOME/.nxcloud.ini`
If we don't find an existing config file, we create one at `$HOME/config/nxcloud/nxcloud.ini`
{% /tab %}
{% tab label="Windows" %}
We look for this file within the `%LOCALAPPDATA%/nxcloud` directory and if it does not exist, we will create a new `nxcloud.ini` file there.
{% /tab %}
{% /tabs %}
The format of this file is as follows:
```ini
[https://cloud\.nx\.app]
personalAccessToken=SOME_ACCESS_TOKEN
```
If you have access to multiple instances of the Nx Cloud application (e.g. self-hosted Enterprise and our managed instance), each instance will be saved to this file under its URL.
Our managed instance at [https://cloud.nx.app](https://cloud.nx.app) is the default. To provision a personal access token from an alternative instance of Nx Cloud pass the URL as a positional parameter, e.g.
```bash
npx nx-cloud login https://nx-cloud.my-domain.app
```
## npx nx-cloud logout
To revoke a personal access token from your local environment, run `npx nx-cloud logout`. This will remove the personal access token from the locally initialized configuration file and also invalidate the token from the Nx Cloud application. You will be prompted to remove a single token or all tokens from your local environment.
## npx nx-cloud configure
To provision more than one personal access token for multiple contexts (e.g. home and work machines) you can use the personal access tokens page under your Nx Cloud profile. To save a personal access token to your local `nxcloud.ini` file without needing to edit the file yourself call `nx-cloud configure` like this:
```bash
npx nx-cloud configure --personalAccessToken=SOME_ACCESS_TOKEN
```
To configure multiple tokens for different instances of the Nx Cloud app, you can pass the URL as follows:
```bash
npx nx-cloud configure --personalAccessToken=SOME_ACCESS_TOKEN --nx-cloud-url=https://nx-cloud.my-domain.app
```
## npx nx-cloud convert-to-nx-cloud-id
When logging into Nx Cloud with a [Personal Access Token](/ci/recipes/security/personal-access-tokens), your `nx.json` file needs to include the `nxCloudId` property, which acts as a unique identifier for your workspace. If you have been using the previous `nxCloudAccessToken` to connect, simply run `npx nx-cloud convert-to-nx-cloud-id` to automatically update your configuration to use `nxCloudId`.
If you are connecting to Nx Cloud with a workspace that is version 19.6 or lower, this command will also install the latest version of the Nx Cloud npm package and add it into your `package.json`. Only Nx versions 19.7 and higher natively support the `nxCloudId` property in the `nx.json` file; for versions 19.6 and lower, the Nx Cloud npm package will be needed to use that property.
## npx nx-cloud start-ci-run
At the beginning of your main job, invoke `npx nx-cloud start-ci-run`. This tells Nx Cloud that the following series of
command correspond to the same CI run.
{% callout type="warning" title="Do not run start-ci-run locally" %}
`nx-cloud start-ci-run` generates a temporary marker file that can cause a local Nx repo to behave as if it is a part of a CI run. This can cause strange behavior like Nx commands timing out or throwing unexpected errors.
To discourage this from happening, this command will run a check to see if it is running in a CI environment. You can bypass this check with `nx-cloud start-ci-run --force`.
`npx nx-cloud start-ci-run` generates a temporary marker file that can cause a local Nx repo to behave as if it is a part of a CI run. This can cause strange behavior like Nx commands timing out or throwing unexpected errors.
To discourage this from happening, this command will run a check to see if it is running in a CI environment. You can bypass this check with `npx nx-cloud start-ci-run --force`.
If you accidentally run this command locally, remove all generated marker files with `nx-cloud cleanup`.
If you accidentally run this command locally, remove all generated marker files with `npx nx-cloud cleanup`.
{% /callout %}
You can configure your CI run by passing the following flags:
@ -33,33 +95,11 @@ distribute-on:
large-changeset: 10 linux-medium-js
```
### --with-env-vars (Nx Agents Only)
### --require-explicit-completion
By default, invoking `npx nx-cloud start-ci-run` will take all environment variables prefixed with `NX_` and send them over to Nx Agents.
This means that your access token, verbose logging configuration and other Nx-related environment variables will be the same on your
main CI jobs and the Nx Agent machines.
If you want to pass other environment variables from the main job to Nx Agents, you can do it as follows: `--with-env-vars="VAR1,VAR2"`.
This will set `VAR1` and `VAR2` on Nx Agents to the same values set on the main job before any steps run.
You can also pass `--with-env-vars="auto"` which will filter out all OS-specific environment variables and pass the rest to Nx Agents.
{% callout type="warning" title="Use Caution With 'auto'" %}
Using `--with-env-vars="auto"` will override any existing environment variables on the Nx Agent, some of which might be critical to the
functionality of that machine. In case of unexpected issues on Nx Agents, try fallback to the explicit variable definition using `--with-env-vars="VAR1,VAR2,..."`.
{% /callout %}
Note: none of the values passed to Nx Agents are stored by Nx Cloud.
### --use-dte-by-default
By default, invoking `npx nx-cloud start-ci-run` will configure Nx to distribute all commands by default. You can
disable this as follows: `npx nx-cloud start-ci-run --use-dte-by-default=false`.
### --stop-agents-on-failure
By default, a failure in one of the commands is going to terminate the whole CI run and will stop all the
agents. You can disable this as follows: `npx nx-cloud start-ci-run --stop-agents-on-failure=false`.
By default, Nx Cloud will monitor the main CI job and once that completes it will complete the associated CIPE object on the
Nx Cloud side. You can disable this by passing `--require-explicit-completion`. In this case, you will have to add
`npx nx-cloud complete-ci-run`.
### --stop-agents-after
@ -92,11 +132,33 @@ Corrected example:
- run: nx affected -t build
```
### --require-explicit-completion
### --stop-agents-on-failure
By default, Nx Cloud will monitor the main CI job and once it completes it will complete the associated CIPE object on the
Nx Cloud side. You can disable this by passing `--require-explicit-completion`. In this case, you will have to add
`npx nx-cloud complete-ci-run`.
By default, a failure in one of the commands is going to terminate the whole CI run and will stop all the
agents. You can disable this as follows: `npx nx-cloud start-ci-run --stop-agents-on-failure=false`.
### --use-dte-by-default
By default, invoking `npx nx-cloud start-ci-run` will configure Nx to distribute all commands by default. You can
disable this as follows: `npx nx-cloud start-ci-run --use-dte-by-default=false`.
### --with-env-vars (Nx Agents Only)
By default, invoking `npx nx-cloud start-ci-run` will take all environment variables prefixed with `NX_` and send them over to Nx Agents.
This means that your access token, verbose logging configuration and other Nx-related environment variables will be the same on your
main CI jobs and the Nx Agent machines.
If you want to pass other environment variables from the main job to Nx Agents, you can do it as follows: `--with-env-vars="VAR1,VAR2"`.
This will set `VAR1` and `VAR2` on Nx Agents to the same values set on the main job before any steps run.
You can also pass `--with-env-vars="auto"` which will filter out all OS-specific environment variables and pass the rest to Nx Agents.
{% callout type="warning" title="Use Caution With 'auto'" %}
Using `--with-env-vars="auto"` will override any existing environment variables on the Nx Agent, some of which might be critical to the
functionality of that machine. In case of unexpected issues on Nx Agents, try fallback to the explicit variable definition using `--with-env-vars="VAR1,VAR2,..."`.
{% /callout %}
Note: none of the values passed to Nx Agents are stored by Nx Cloud.
## Enabling/Disabling Distribution

2
docs/shared/migration/from-turborepo.md
View File

@ -145,7 +145,7 @@ For each `turbo.json` configuration property, the equivalent Nx property is list
| `--parallel` | N/A |
| `--remote-only` | N/A. Can [ignore the remote cache](/ci/features/remote-cache#skipping-cloud-cache) with `--no-cloud`. |
| `--summarize` | N/A |
| `--token` | Set the [Nx Cloud token in `nx.json`](/ci/recipes/security/access-tokens#setting-access-tokens) or as an environment variable (`NX_CLOUD_ACCESS_TOKEN`) |
| `--token` | Set the [Nx Cloud CI Access Token](/ci/recipes/security/access-tokens#setting-ci-access-tokens) or as an environment variable (`NX_CLOUD_ACCESS_TOKEN`) |
| `--team` | See `--token` for choosing a different Nx Cloud workspace. You can [use `--runner`](/nx-api/nx/documents/run-many#runner) to choose a different runner defined in the `nx.json` file. |
| `--preflight` | N/A |
| `--trace` | N/A. [`--verbose`](/nx-api/nx/documents/run-many#verbose) for more logging. |

3
docs/shared/reference/sitemap.md
View File

@ -281,7 +281,8 @@
- [Setting up Bitbucket](/ci/recipes/set-up/monorepo-ci-bitbucket-pipelines)
- [Security](/ci/recipes/security)
- [Authenticate with Google Identity](/ci/recipes/security/google-auth)
- [Access Tokens](/ci/recipes/security/access-tokens)
- [CI Access Tokens](/ci/recipes/security/access-tokens)
- [Personal Access Tokens](/ci/recipes/security/personal-access-tokens)
- [Enable End to End Encryption](/ci/recipes/security/encryption)
- [Source Control Integration](/ci/recipes/source-control-integration)
- [Enable GitHub PR Integration](/ci/recipes/source-control-integration/github)

3
packages/nx/src/command-line/login/command-object.ts
View File

@ -3,7 +3,8 @@ import { withVerbose } from '../../command-line/yargs-utils/shared-options';
export const yargsLoginCommand: CommandModule = {
command: 'login [nxCloudUrl]',
describe: 'Login to Nx Cloud.',
describe:
'Login to Nx Cloud. This command is an alias for [`nx-cloud login`](/ci/reference/nx-cloud-cli#npx-nxcloud-login).',
builder: (yargs) =>
withVerbose(
yargs.positional('nxCloudUrl', {

3
packages/nx/src/command-line/logout/command-object.ts
View File

@ -3,7 +3,8 @@ import { withVerbose } from '../../command-line/yargs-utils/shared-options';
export const yargsLogoutCommand: CommandModule = {
command: 'logout',
describe: 'Logout from Nx Cloud.',
describe:
'Logout from Nx Cloud. This command is an alias for [`nx-cloud logout`](/ci/reference/nx-cloud-cli#npx-nxcloud-logout).',
builder: (yargs) => withVerbose(yargs),
handler: async (args: any) => {
process.exit(await (await import('./logout')).logoutHandler(args));