In an effort to make the developer experience better, I am floating the idea of having our packages deploy to npm automatically whenever they are merged into the master branch. Doing this would require some review for security. Currently, we enforce that all members of the @chameleon-ds organisation on npm have 2FA enabled for both login as well as deploying packages. In order for this to be automated in our CI/CD pipeline, we need to make sure that we can securely pass tokens to CircleCI to allow for OTP codes to be entered.
ryuhhnn
commented
4 years ago
In an effort to make the developer experience better, I am floating the idea of having our packages deploy to npm automatically whenever they are merged into the
masterbranch. Doing this would require some review for security. Currently, we enforce that all members of the@chameleon-dsorganisation on npm have 2FA enabled for both login as well as deploying packages. In order for this to be automated in our CI/CD pipeline, we need to make sure that we can securely pass tokens to CircleCI to allow for OTP codes to be entered.