[feature][nodejs] Support sha1 or tag for building #2138
Comments
laurentsimon
added
type:feature
|
This example doesn't look to me to be anything unique to me. Was there something specific you meant? This could be done via a run script. npm i --prefer-online --no-fund --no-audit -g npm@latestI'm not sure why they do this. IIUC is exactly what npm config set '//registry.npmjs.org/:_authToken'=\${PUBLISH_TOKEN}They do a checkout a While I don't really want to require that folks change their workflows, I feel like the proper thing to do is actually trigger a separate workflow run based on that commit. This is like what |
|
Ah I see, as far as the install goes, it kind of looks like they were installing the latest |
|
Sorry, I should have been clearer. The line to look at is https://github.com/npm/node-semver/blob/main/.github/workflows/release.yml#L330. It's using a tag that seems to be created in an earlier job https://github.com/npm/node-semver/blob/main/.github/workflows/release.yml#LL60C28-L60C28 (I've not verified the end-to-end call, though), instead of using the tag / sha from the GitHub event. (Note: the event is workflow_dispatch, so there is not tag by default) |
|
Yeah, I noticed some workflows do this. I was kind of hoping we could get folks to adopt a model where they don't create new commits and build from them in the same workflow run. Rather, they could create a PR for the release and/or trigger a new workflow run for the new commit. This is what the |
|
Agreed no pushing directly to the repo is better. I suspect it's more work for users to change their setup, and it will be an adoption problem. But we'll see. |
Yeah, I suppose we will need to support it at some point but I'd like folks to not do it if possible. |
See an example at https://github.com/npm/node-semver/blob/main/.github/workflows/release.yml#L315-L342
The text was updated successfully, but these errors were encountered: