feat(trusted publishing): initial commit to add release github action to support OIDC trusted publish [DX-505] #2584
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
ethan-ozelius-contentful
force-pushed
the
testing-oidc-trusted-publishing
branch
from
f9b4976 to
e7d38fc
Compare
ethan-ozelius-contentful
force-pushed
the
testing-oidc-trusted-publishing
branch
11 times, most recently
from
d14f853 to
f6d5201
Compare
ethan-ozelius-contentful
force-pushed
the
testing-oidc-trusted-publishing
branch
4 times, most recently
from
03d2557 to
574d7b1
Compare
ethan-ozelius-contentful
force-pushed
the
testing-oidc-trusted-publishing
branch
6 times, most recently
from
9896d20 to
d4f9a14
Compare
|
update the PR commit when you merge to be a fix or a chore as this doesn't actually add any new functionality to the SDK |
|
Remove the circle config as well so that the CI doesn't run on circle as well |
elylucasctfl
left a comment
elylucasctfl
left a comment
There was a problem hiding this comment.
A few cleanup items and some updates based on some of the findings I've found going over it the past few days
ethan-ozelius-contentful
force-pushed
the
testing-oidc-trusted-publishing
branch
5 times, most recently
from
0aaa361 to
2481753
Compare
Good catch, changed to |
ethan-ozelius-contentful
force-pushed
the
testing-oidc-trusted-publishing
branch
3 times, most recently
from
5b58cb8 to
a0ad37d
Compare
…pport OIDC trusted publishing. 1. Added github actions: main, check, build, notify-failure and release 2. Added a new channel testing-oidc-trusted-publishing for testing npmjs package deployments
ethan-ozelius-contentful
force-pushed
the
testing-oidc-trusted-publishing
branch
from
a0ad37d to
d72f880
Compare
| actions: read | ||
| uses: ./.github/workflows/release.yaml | ||
|
|
||
| notify-failure: |
There was a problem hiding this comment.
im willing to give this a shot but kinda on the fence. Reason being is our pipelines are so flakey we could get a bunch of issues (especially when dependabot drops like 10 prs at once). We'll have to monitor closely.
There was a problem hiding this comment.
We basically do already with the circleCI bot.
https://contentful.slack.com/archives/C08GL0B2QT0/p1762447509895889
Summary
Migrate from CircleCI to github action.
release.ymlgithub action that includes lint, build, unit (test), integration (test) and release.GITHUB_PACKAGES_WRITE_TOKENsecret injection, in favor of OIDC trusted publishing, read more, in favor ofid-token: writepermissiontesting-oidc-trusted-publishingto test out publishing to npmjs with trusted publishing, without polluting the main branch.contents: readfor the whole github action, if any individual jobs need more access, like release, they can specify.Todos