adobe / .github Goto Github PK

View Code? Open in Web Editor NEW

3.0 3.0 15.0 16 KB

License: Apache License 2.0

.github's People

Contributors

Stargazers

Watchers

Forkers

shazron emdobrin rhystmills ohjoycelau zdk isabella232 skundapur garinichsan indigostar-kr hamidkoca ghas-results jdumas midebell ryoung786 ahajji87

.github's Issues

Security Policy

Reporting a Vulnerability

Use this section to tell people how to report a vulnerability.

Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.

Add new workflow npm publish on github release created

Similar to https://github.com/adobe/reactor-token-scripts-edge/blob/main/.github/workflows/npm-publish.yml, npm publish is handled by the github action but everything before which is only github related (version bump, update CHANGELOG, create github tag / release etc.) is handled by the committer.

version-bump-publish.yml - does not work with Protected Branches with status checks

Expected Behaviour

Works with branches with status checks.

Actual Behaviour

Does not work with branches with status checks.

Possible Workarounds

Enable force push, and update the workflow to force push (see Protected Branch settings screenshot below)
There's also skip-checks: true in a commit message (perhaps we can do a git commit --amend after the npm version command?) https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-status-checks

Reproduce Scenario (including but not limited to)

Sample repo workflow error: https://github.com/adobe/generator-aio-app/runs/1763090447?check_suite_focus=true

Protected Branch Settings

forks should not run publishing actions

Pushing to my own fork of and adobe repo modifies package.json, which in turn triggers the publish action. I of course do not have the npm credentials in my repo's secrets, so the publish fails, but it would be better if it did not run at all.

This will require some research into how repo-forks might be created without also forking the workflows, or having the workflows somehow aware that they are fork .. or check for existence of required secrets before running install/test actions which are resource hogs.

on-push-publish-to-npm.yml: 403 error

When I publish I get a 403 error:

npm ERR! code E403
130
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/@adobe%2fgenerator-aio-app - This package requires that publishers enable TFA and provide an OTP to publish. For more info, visit: https://go.npm.me/2fa-guide
131
npm ERR! 403 In most cases, you or one of your dependencies are requesting
132
npm ERR! 403 a package version that is forbidden by your security policy.

See:
https://github.com/adobe/generator-aio-app/runs/1763294230?check_suite_focus=true

I have ADOBE_BOT_NPM_TOKEN as an Org secret.