Skip to content

[actions]: Add npm publish workflow#3460

Merged
ljharb merged 1 commit intojsx-eslint:masterfrom
varunsh-coder:npm-publish
Oct 22, 2022
Merged

[actions]: Add npm publish workflow#3460
ljharb merged 1 commit intojsx-eslint:masterfrom
varunsh-coder:npm-publish

Conversation

@varunsh-coder
Copy link
Copy Markdown
Contributor

@varunsh-coder varunsh-coder commented Oct 12, 2022

This PR adds a GitHub Actions workflow to publish to npm registry using one-time password (OTP).

  • Runs on workflow dispatch and expects a tag
  • It checks that the tag follows semver pattern and version has not been published before to npm registry
  • Checks that required checks have run and passed when the tag was pushed
  • Uses step-security/wait-for-secrets so OTP can be sent to the workflow

It requires setting two secrets:

  1. NODE_AUTH_TOKEN - this should be a Publish token for npm registry. The package should have require two-factor authentication to publish checked in the package settings.
  2. SLACK_WEBHOOK_URL - this is to get notification on Slack when OTP needs to be entered. If this notification is not needed, I can remove this part from the workflow.

I have also added harden-runner to the publish job.

Examples:

  1. Publish to npm registry: https://github.com/harden-runner-canary/eslint-plugin-react/actions/runs/3237008675/jobs/5303545348#step:8:1
  2. Tag not in semver pattern (failed as expected): https://github.com/harden-runner-canary/eslint-plugin-react/actions/runs/3235307416/jobs/5299550718#step:5:22
  3. Version already published (failed as expected): https://github.com/harden-runner-canary/eslint-plugin-react/actions/runs/3236736891/jobs/5302945983#step:5:22

@ljharb, please let me know if you have any feedback.

Signed-off-by: Varun Sharma [email protected]

@codecov
Copy link
Copy Markdown

codecov Bot commented Oct 12, 2022
edited
Loading

Codecov Report

Merging #3460 (f17395e) into master (f17395e) will not change coverage.
The diff coverage is n/a.

❗ Current head f17395e differs from pull request most recent head 2d24640. Consider uploading reports for the commit 2d24640 to get more accurate results

@@           Coverage Diff           @@
##           master    #3460   +/-   ##
=======================================
  Coverage   97.57%   97.57%           
=======================================
  Files         129      129           
  Lines        9192     9192           
  Branches     3331     3331           
=======================================
  Hits         8969     8969           
  Misses        223      223

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

ljharb
ljharb reviewed Oct 14, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@ljharb ljharb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems great! Just a few comments before we merge it and give it a shot.

Comment thread .github/workflows/npm-publish.yml Outdated
Comment thread .github/workflows/npm-publish.yml Outdated
Comment thread .github/workflows/npm-publish.yml Outdated
Comment thread .github/workflows/npm-publish.yml Outdated
Comment thread .github/workflows/npm-publish.yml Outdated
Comment thread .github/workflows/npm-publish.yml Outdated
@varunsh-coder
Copy link
Copy Markdown
Contributor Author

varunsh-coder commented Oct 14, 2022

Thanks @ljharb for the review! Updated the workflow.

Here is the latest run:
https://github.com/harden-runner-canary/eslint-plugin-react/actions/runs/3251993055/jobs/5337708215#step:9:156

Example of when version did not match semver pattern using semver module:
https://github.com/harden-runner-canary/eslint-plugin-react/actions/runs/3251600036

ljharb
ljharb reviewed Oct 14, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@ljharb ljharb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this seems pretty good :-)

Comment thread .github/workflows/npm-publish.yml Outdated
Comment thread .github/workflows/npm-publish.yml Outdated
Comment thread .github/workflows/npm-publish.yml Outdated
ljharb
ljharb approved these changes Oct 22, 2022
View reviewed changes
Comment thread .github/workflows/npm-publish.yml
Comment thread .github/workflows/npm-publish.yml Outdated
@ljharb ljharb merged commit 88cbcde into jsx-eslint:master Oct 22, 2022
ljharb pushed a commit to ljharb/eslint-plugin-react that referenced this pull request Nov 18, 2022
@varunsh-coder @ljharb
[actions] Add npm publish workflow (jsx-eslint#3460)
a8d2942 
Signed-off-by: Varun Sharma <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ljharb ljharb ljharb approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@varunsh-coder @ljharb