-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for release workflow #65
Comments
We shouldn’t use a single factor approach, but if we can get a two factor one that sounds great. |
As much as I agree, there is not one today which can do this. We have discussed this in a few different forums, but I don't see any solutions here other than author local machine, and that is just not what users want nor is it was is best for projects other than ones with authors like you who are deeply invested in the ecosystem. |
There is if you use an external service, like Step Security's "wait for secrets" mechanism. |
Got a link? Haven't seen that one yet. |
https://github.com/step-security/wait-for-secrets - i use it on eslint-plugin-react. There's also https://github.com/GoogleCloudPlatform/wombat-dressing-room, but that requires you to deploy something yourself. |
Yeah wombat dressing room was the one I knew about. I will check out wait-for-secrets. I am happy if we can get a good solution here, so if that is it I am onboard. |
This does not publish anything to npm - does 2FA even apply? |
My proposal was that it would also have a workflow which did release. I was thinking it could be separate, but since this is just called |
Sorry, not sure what you mean? |
I am proposing we add a new workflow for release/publish. |
Yeah, that's fine, but in the context of 2FA - do we need anything? This repo is not publishing anything on npm, and internal Github stuff can be handled by the token, or am I missing something? |
I think @ljharb was pointing out that providing a release workflow to other repos without 2FA was an issue. |
Oh, OK, yeah, that I agree on. I assumed this was about having a release workflow in here, but the request here is about providing a workflow for others to use, right? |
Yes, that was my understanding. |
Yep, that was my thought, a workflow for others to use. I was just trying to think of things that would get more folks setup without having to do it all on their own. |
I would love to see a managed release workflow here as well. I see two ways we could go:
version
andrelease
package.json
scriptsI personally like the first option a lot, but I know that is more opinionated. Maybe we could even have both?
The text was updated successfully, but these errors were encountered: