Conversation
This configures the [release-please action][1] for `generator-eslint`.
As we merge changes using [Conventional Commits formatting][2],
release-please will create and update a pending release PR. That PR will
contain a changelog of any commits merged since the prior release. When
we're ready to do the release, we'll merge that PR, and the workflow in
this PR will update the changelog and publish the release to GitHub and
npm.
Separate from the code in this PR, I had to take a few manual steps:
1. Create a new [npm granular access token][3].
1. Name it `release-please $package-name`.
1. Choose a reasonable expiration. I went with 365 days.
1. Under Packages and Scopes > select "Read and write" access >
select "Only select packages and scopes" > select the package that
we're setting up.
1. The token should not have Organization access.
1. Generate the token.
1. Copy the generated token as a [new repository secret][4] named
`NPM_TOKEN`.
1. In the [repository's Actions settings][5], under "Workflow
permissions", ensure "Allow GitHub Actions to create and approve pull
requests" is checked.
[1]: https://github.com/google-github-actions/release-please-action
[2]: https://www.conventionalcommits.org/en/v1.0.0/
[3]: https://www.npmjs.com/settings/eslintbot/tokens/granular-access-tokens/new
[4]: https://github.com/eslint/generator-eslint/settings/secrets/actions/new
[5]: https://github.com/eslint/generator-eslint/settings/actions
btmills
left a comment
btmills
left a comment
There was a problem hiding this comment.
GitHub Actions workflows are notoriously difficult to develop and debug, so I got all of this working in https://github.com/btmills/release-please-test first. Feel free to reference that to see what the workflow is like. For example, btmills/release-please-test#15 is a release PR. I noted any manual configuration steps along the way and included them in the commit message and PR body for reference for future repositories. While I can't promise that this'll work on the first try, I'm hopeful that I ironed out all the kinks over in that test repository.
| if: ${{ steps.release.outputs.release_created }} | ||
| - run: npm test | ||
| if: ${{ steps.release.outputs.release_created }} | ||
| - run: npm publish |
There was a problem hiding this comment.
I didn't clean up the existing eslint-release dependency and package.json scripts in this PR. I'm happy to include that if you'd like, but I figured we'd like to try release-please first while retaining the option of releasing in Jenkins until we're sure we're ready to drop the Jenkins flow.
| jobs: | ||
| release-please: | ||
| runs-on: ubuntu-latest | ||
| permissions: |
There was a problem hiding this comment.
This repository is currently configured to give workflows write access by default. Specifying only the precise $GITHUB_TOKEN permissions that release-please needs for this job reduces surface area and makes this workflow copy-pasteable to repositories that only grant read access by default.
nzakas
left a comment
nzakas
left a comment
There was a problem hiding this comment.
It might be better to create the npm token secret at the organization level so it can be reused by all repos.
You can set the secret to only be available to this repo to start.
I just foresee a time where we need to update 20 tokens otherwise.
|
By the way, we could also tweet out the release, as I do in my repos: We already have our Twitter credentials as secrets to tweet out RFC updates, and at least so far, these automated tweets are still going out. |
btmills
force-pushed
the
btmills-release-please
branch
from
3a0e349 to
7882f37
Compare
|
3 participants
This configures the release-please action for
generator-eslint. As we merge changes using Conventional Commits formatting, release-please will create and update a pending release PR. That PR will contain a changelog of any commits merged since the prior release. When we're ready to do the release, we'll merge that PR, and the workflow in this PR will update the changelog and publish the release to GitHub and npm.Separate from the code in this PR, I had to take a few manual steps:
release-please $package-namerelease-please."Only select packages and scopes" > select the package that we're setting up."All packages".new repository secretnew organization secret namedNPM_TOKEN, and give access to the desired repository. If the token already exists, edit it to include access for the desired repository.