Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automate npm publishing with GitHub Actions #51

Closed
wants to merge 3 commits into from
Closed

Automate npm publishing with GitHub Actions #51

wants to merge 3 commits into from

Conversation

glensc
Copy link
Contributor

@glensc glensc commented Mar 22, 2022
edited
Loading

Inspired by changes from glensc/node-cached_property#4

Package contents 
npm notice 📦  [email protected]
npm notice === Tarball Contents === 
npm notice 3.2kB  CODE_OF_CONDUCT.md
npm notice 512B   CONTRIBUTING.md   
npm notice 1.1kB  LICENSE.md        
npm notice 5.6kB  README.md         
npm notice 2.9kB  dist/index.d.ts   
npm notice 14.8kB dist/index.js     
npm notice 2.5kB  package.json      
npm notice === Tarball Details === 
npm notice name:          danger-plugin-yarn                      
npm notice version:       0.0.0                                   
npm notice filename:      danger-plugin-yarn-0.0.0.tgz            
npm notice package size:  9.8 kB                                  
npm notice unpacked size: 30.6 kB

See #49 (comment)

Fixes #49

Example run:

To finish this up:

Project owner/maintainer: you need to fill NPM_TOKEN Secret in project settings having access to danger-plugin-yarn package upload in npm registry.

Release process:

  • Create git tag and push it to GitHub
  • Editing of package.json is no longer needed. Version is picked from pushed tag

cc @orta

@glensc glensc force-pushed the gha-publishing branch 3 times, most recently from 4f2c5d0 to 09d85bd Compare March 22, 2022 07:56
@glensc
Copy link
Contributor Author

glensc commented Mar 22, 2022

Test run (needs auth to finish):

@glensc glensc force-pushed the gha-publishing branch 2 times, most recently from 04625d3 to 062931e Compare March 22, 2022 08:08
@glensc glensc marked this pull request as ready for review March 22, 2022 08:10
This was referenced Mar 22, 2022
Open
Merged
@glensc
Copy link
Contributor Author

glensc commented Mar 22, 2022

Rebased after #52 merge

@glensc glensc mentioned this pull request Mar 22, 2022
Closed
@glensc
Copy link
Contributor Author

glensc commented Mar 29, 2022

Rebased after 7e94a78 commit.

@orta
Copy link
Owner

orta commented Mar 29, 2022

As I mentioned in #49 (comment) I'm not down for this on such a small sub-project, so there's no need to keep rebasing

@orta orta closed this Mar 29, 2022
@glensc
Copy link
Contributor Author

glensc commented Mar 29, 2022

And I also said that doing it in CI enables transparency for end-users, what is really contained in the package. as if you upload manually there's a chance that the upload is not what is in the git repository. and real-life proof of that existed in 1.5.1, there could be also malicious content uploaded (intentionally or unintentionally).

If you need help bringing your other small projects to the same level, I can send there PRs as well.

@glensc glensc mentioned this pull request Jun 11, 2022
Closed
@glensc glensc mentioned this pull request Oct 27, 2022
Open
@glensc glensc mentioned this pull request Dec 11, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

All git tags missing
2 participants
@glensc @orta