To that point, we probably want to protect npm publish with an access token or (even better) implement a workflow in GH actions to publish automatically on merges to main when certain conditions are met, and gate npm publish behind a token so it can't be used outside of GH. Otherwise, anybody with access to the repo can just publish a new version whenever.
Context
_Originally posted by @joshuagraber in https://github.com/Police-Data-Accessibility-Project/design-system/pull/10#discussion_r1357277075_
Requirements
build
,lint
, andtest
scripts.lint-staged
library and configure to lint staged files on commit, usinghusky
library to perform actions on commit hooks.commitizen
library and configure to enforce semantic commit messages.semantic-release
library and add github action to publish automatically on merges tomain
.semantic-release
is configured to automatically updatepackage.json
,README.md
, andCHANGELOG.md
Docs
Consider