perron icon indicating copy to clipboard operation
perron copied to clipboard

Automatic NPM publish

Open shuhei opened this issue 5 years ago • 3 comments

Automatically publish a new version when a new commit with a version bump in package.json is pushed to master branch.

  • Pros:
    • easier maintenance
  • Cons:
    • no good 2FA support https://github.com/nodejs/package-maintenance/issues/244

shuhei avatar Dec 25 '19 11:12 shuhei

npm rolled out Automation Tokens! https://dev.to/bnb/securely-automating-npm-publish-with-the-new-npm-automation-tokens-oei

shuhei avatar Oct 02 '20 19:10 shuhei

Options for publishing:

  • https://github.com/marketplace/actions/automated-releases-for-npm-packages A popular GitHub action. For each merge to master, version is automatically updated based on the commit message. A commit and a tag are created and pushed to GitHub. version doesn't need to be updated in PRs. The versioning rule may not work well with 0.x.x versions.
  • https://github.com/marketplace/actions/publish-to-npm version has to be explicitly updated in PRs. A tag is pushed to GitHub for each merge.
  • https://docs.github.com/en/free-pro-team@latest/actions/guides/publishing-nodejs-packages Manual configuration. version has to be explicitly updated in PRs. Tag push is missing and has to be implemented if necessary.

shuhei avatar Oct 04 '20 16:10 shuhei

https://snyk.io/blog/github-actions-to-securely-publish-npm-packages/

shuhei avatar Nov 12 '20 20:11 shuhei