Twitter
youtube
Discord
Contact us
Menu
Forums
New posts
Trending
Rules
Explore
Bioenergetic Wiki
Bioenergetic Life Search
Bioprovement Peat Search
Ray Peat Interviews by Danny Roddy
Master List: Ray Peat, PhD Interviews & Quotes by FPS
Traveling Resources
Google Flights
Wiki Voyage
DeepL Translator
Niche
Numbeo
Merch
Log in
Register
What's new
Search
Search
Search engine:
Threadloom Search
XenForo Search
Search titles only
By:
New posts
Trending
Menu
Log in
Register
Navigation
More options
Light/Dark Mode
Contact us
Close Menu
Forums
Information
World News
Show HN: Publish from GitHub Actions using multi-factor authentication
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Hacker News" data-source="post: 76665" data-attributes="member: 365"><p>The backstory about this GitHub Action:</p><p>I discussed with an open-source maintainer why they publish npm packages from their local machine and do not use CI/CD pipelines.</p><p>They said publishing should require human intervention and want to continue using multi-factor authentication to publish to the npm registry.</p><p>This led to building the wait-for-secrets GitHub Action. It prints a URL in the build log and waits for secrets to be entered using a browser. Once entered, the workflow continues, and secrets can be used in future steps.</p><p>The latest release of "eslint-plugin-react" to the npm registry used a one-time password (OTP) from a GitHub Actions workflow! <a href="https://github.com/jsx-eslint/eslint-plugin-react/actions/runs/3498968497/jobs/5860126389#step:9:1" target="_blank">https://github.com/jsx-eslint/eslint-plugin-react/actions/ru...</a></p><p></p><hr /><p></p><p>Comments URL: <a href="https://news.ycombinator.com/item?id=33884424" target="_blank">https://news.ycombinator.com/item?id=33884424</a></p><p></p><p>Points: 10</p><p></p><p># Comments: 1</p><p></p><p><a href="https://github.com/step-security/wait-for-secrets" target="_blank">Continue reading...</a></p></blockquote><p></p>
[QUOTE="Hacker News, post: 76665, member: 365"] The backstory about this GitHub Action: I discussed with an open-source maintainer why they publish npm packages from their local machine and do not use CI/CD pipelines. They said publishing should require human intervention and want to continue using multi-factor authentication to publish to the npm registry. This led to building the wait-for-secrets GitHub Action. It prints a URL in the build log and waits for secrets to be entered using a browser. Once entered, the workflow continues, and secrets can be used in future steps. The latest release of "eslint-plugin-react" to the npm registry used a one-time password (OTP) from a GitHub Actions workflow! [URL='https://github.com/jsx-eslint/eslint-plugin-react/actions/runs/3498968497/jobs/5860126389#step:9:1']https://github.com/jsx-eslint/eslint-plugin-react/actions/ru...[/URL] [HR][/HR] Comments URL: [URL]https://news.ycombinator.com/item?id=33884424[/URL] Points: 10 # Comments: 1 [url="https://github.com/step-security/wait-for-secrets"]Continue reading...[/url] [/QUOTE]
Loading…
Insert quotes…
Verification
Post reply
Forums
Information
World News
Show HN: Publish from GitHub Actions using multi-factor authentication
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top
