esbuild-node-externals icon indicating copy to clipboard operation
esbuild-node-externals copied to clipboard
verified publisher icon pradel

ci: provide npm publish from PR pipeline

Open antongolub opened this issue 1 year ago • 8 comments

@pradel , This might be useful for proposals testing

antongolub avatar Oct 29 '24 09:10 antongolub

@pradel , What's your vision here?

antongolub avatar Nov 12 '24 19:11 antongolub

@antongolub sounds good, I will review the prs once I have a bit of time, these days are quite busy (in about 1/2 weeks)

pradel avatar Nov 22 '24 09:11 pradel

Should be rebased after #77

antongolub avatar Nov 10 '25 20:11 antongolub

@antongolub is this ready to be merged?

pradel avatar Nov 11 '25 14:11 pradel

@pradel I want to believe. The only way to verify the pipeline is to run.

antongolub avatar Nov 11 '25 15:11 antongolub

@antongolub can we move the pipeline logic to the release-please.yml file? The repo is now publishing to npm using OIDC instead of an NPM_TOKEN for improved security and npm only allows 1 file per repo to access the OIDC credentials, so all the logic to publish needs to be in the same file unfortunately

pradel avatar Nov 15 '25 14:11 pradel

@pradel,

There are several options:

  1. Create additional trusted publisher entry for release-from-pr.yml
  2. Trigger subflows from root release.yml and pass down the token to release-please and release-from-pr.
  3. Create a single complex godlike publish file

antongolub avatar Nov 15 '25 16:11 antongolub

Create additional trusted publisher entry for release-from-pr.yml

Not an option on npm unfortunately, there can be only 1 file for this

Trigger subflows from root release.yml and pass down the token to release-please and release-from-pr.

I don't think this would work as they check on which action the token is used

Create a single complex godlike publish file

I don't like this approach but it looks like it's the only option..

pradel avatar Nov 15 '25 16:11 pradel