Secure ngx-launcher release process (and update) doc
ia3andy opened this issue · 5 comments
In order to make this repository release process automatic and secured:
- Only ngx-launcher admins and CI user must be allowed on the ngx-launch npm account
- npm release must be only done by CI
- Doc must be updated
@gastaldi it seems the job is using git tags to choose the next npm version but the process it is not tagging the repository at the end of the job https://ci.centos.org/view/Devtools/job/devtools-ngx-launcher-npm-publish-build-master/
Just for posterity, there are three problems with the current job approach
-
People are running npm publish locally. This is bad because they are not pushing changes to master and we have no idea what the version contains
-
There is no way to bump the minor version with the current approach
-
A version release could contain more commits but the current approach doesn't allow that
There is a open issue with this process which i had raised earlier openshiftio/openshift.io#3585
We could consider using prerelease tags for development releases. This could be performed automatically on each master push and then when a fixed version when a tag is created.
Also (in another topic) maybe we should consider renaming the package name to ngx-launcher?