The backstory about this GitHub Action:
I discussed with an open-source maintainer why they publish npm packages from their local machine and do not use CI/CD pipelines.
They said publishing should require human intervention and want to continue using multi-factor authentication to publish to the npm registry.
This led to building the wait-for-secrets GitHub Action. It prints a URL in the build log and waits for secrets to be entered using a browser. Once entered, the workflow continues, and secrets can be used in future steps.
The latest release of "eslint-plugin-react" to the npm registry used a one-time password (OTP) from a GitHub Actions workflow! https://github.com/jsx-eslint/eslint-plugin-react/actions/ru...
Comments URL: https://news.ycombinator.com/item?id=33884424
Points: 10
# Comments: 1
Continue reading...
I discussed with an open-source maintainer why they publish npm packages from their local machine and do not use CI/CD pipelines.
They said publishing should require human intervention and want to continue using multi-factor authentication to publish to the npm registry.
This led to building the wait-for-secrets GitHub Action. It prints a URL in the build log and waits for secrets to be entered using a browser. Once entered, the workflow continues, and secrets can be used in future steps.
The latest release of "eslint-plugin-react" to the npm registry used a one-time password (OTP) from a GitHub Actions workflow! https://github.com/jsx-eslint/eslint-plugin-react/actions/ru...
Comments URL: https://news.ycombinator.com/item?id=33884424
Points: 10
# Comments: 1
Continue reading...