Conversation
| ``` | ||
| ${{ steps.canary.outputs.changesetsPublishedPackages}} | ||
| ``` | ||
| bot-token: ${{ secrets.GH_API_TOKEN }} |
There was a problem hiding this comment.
you can use ${{ secrets.GITHUB_TOKEN }} here, check the setup in graphiql repo
| ${{ steps.canary.outputs.changesetsPublishedPackages}} | ||
| ``` | ||
| bot-token: ${{ secrets.GH_API_TOKEN }} | ||
| bot: 'theguild-bot' |
There was a problem hiding this comment.
i think you can use github-actions
| @@ -0,0 +1,64 @@ | |||
| name: Canary Release | |||
There was a problem hiding this comment.
I guess we need the 2nd workflow for release? this way we can release using changeset as well. What do you think @IvanGoncharov ?
(Changesets collects all changeset files and keep an updated Release PR, so when it's merged, you get the actual version bump and NPM release)
There was a problem hiding this comment.
We discuss canary release so let's address that and see how it goes.
| @@ -0,0 +1,99 @@ | |||
| /* eslint-disable */ | |||
There was a problem hiding this comment.
This is optional, we are using that to do custom pre-release and not use the default way of doing that with changesets...
|
|
||
| - name: Publish a message | ||
| if: steps.canary.outputs.released | ||
| uses: 'kamilkisiela/pr-comment@master' |
There was a problem hiding this comment.
This custom guild stuff, right?
I think idea was that we use some popular tool for doing canary releases?
Those look like there are guild internal scripts?
I'm ok with automation but it should be something popular and widespread.
There was a problem hiding this comment.
I can make it facebook/pr-comment, does it change anything?
There was a problem hiding this comment.
how it's different from https://github.com/graphql/graphql-js/blob/main/resources/build-deno.js vs esbuild / tsc whatever tool?
| run: npm ci --ignore-scripts | ||
|
|
||
| - name: Setup NPM credentials | ||
| run: echo "//registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN" >> ~/.npmrc |
There was a problem hiding this comment.
I'm not ok with putting NPM token on FS, it means all subsequent scripts have access to it.
Also, I'm not ok passing NPM token to anything that is not official NPM or GitHub tool/lib/etc.
Need to setup GitHub secret for NPM token
NODE_AUTH_TOKENand Bot token to commentGH_API_TOKENcloses #3383