Migrate latest-tagged web-features releases to trusted publishing#3917
Migrate latest-tagged web-features releases to trusted publishing#3917ddbeck wants to merge 9 commits into
latest-tagged web-features releases to trusted publishing#3917Conversation
github-actions
Bot
added
the
tools and infrastructure
ddbeck
changed the title
latest-tagged releases to trusted publishinglatest-tagged web-features releases to trusted publishing
ddbeck
force-pushed
the
trusted-publishing
branch
from
7e1c5ee to
4b8492e
Compare
|
You can only bless one workflow file to do trusted publishing. Until this PR, we had separate workflows. Now they have to be together. This is why the workflow is more complex than it used to be. It's consolidation. |
| paths: | ||
| - features/** | ||
| - groups/** | ||
| - packages/web-features/** | ||
| - snapshots/** | ||
| - index.ts | ||
| - scripts/build.ts |
There was a problem hiding this comment.
Why don't we need this filter anymore in the new version?
captainbrosset
left a comment
captainbrosset
left a comment
There was a problem hiding this comment.
Leaving a few comments first. I'm fine with the change, but first want to make sure I understand all the pieces.
|
|
||
| publish_latest: | ||
| name: Publish release | ||
| if: ${{ github.repository == 'web-platform-dx/web-features' && case(startsWith(github.ref, 'refs/tags/'), 'latest', 'next') == 'latest' }} |
There was a problem hiding this comment.
Maybe add a comment saying how the workflow runs on each push (because 'next' needs it) but this line filters only tags, for official releasing.
Also, can you explain why we need to filter on github.repository?
|
|
||
| publish_next: | ||
| name: Publish prerelease | ||
| if: ${{ github.repository == 'web-platform-dx/web-features' && case(startsWith(github.ref, 'refs/tags/'), 'latest', 'next') == 'next' }} |
There was a problem hiding this comment.
A comment here explaining the filtering logic would be good here too.
| - name: Update the tag | ||
| run: | | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" |
There was a problem hiding this comment.
For my own knowledge, where does this bot user email address come from? The magic number part, I mean.
2 participants
This is the sequel to #3582.
Unfortunately, npm allows nominating only a single workflow per package as the "trusted publishing" workflow, so this consolidates the next and latest workflows into a single file.
Upon merging, the packages need configuration in npmjs.com (see this section of the npm docs and this area in the npm UI, if you have access). If you're not ready to do this yourself, then please approve and leave unmerged. Thank you!