Reusable action for publish and test #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

sheplu wants to merge 1 commit into main from release-reusable-action

Member

sheplu commented Nov 4, 2025 •

edited

Loading

Create two reusable actions mainly for release and testing purpose

testing implements the following steps: audit / test / lint
release allow secure publication with multiple validation required
- user should have the permission to create a tag / release
- an approved member (environment protection) need to approve the workflow
- the 2FA from NPM is asked everytimes - using the wait-for-secrets action
- npm publish rely on a classic token with mandatory 2FA
- the token is stored in an environment that is bound to a specific protected branch / tag

For this workflow to work best, as the token and 2FA should be from the same user you need

to have the right user (= repo captain?) doing the release
create a bot to publish - and we could share the 2FA (?)
replace the token on github each time we want to publish


          feat: reusable action for publish and test

fd6fcc1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet