Upload release with the API token

[littlewall]

Hello, If I get it right, to upload the release through the API endpoint POST /api/v1/sites/:siteId:/releases, I have to provide a site token instead of an API token (even with the enabled release.upload scope). Is that a purpose?

Why I'm asking - in custom Github Action, if I want to handle both uploading and removing releases, I have to set both tokens (site token and API token). It would be more convenient to use only the API token for both operations.

Thanks for the consideration, Milan Zítka

[gempain]

Hi Mikan, and thanks for asking ! This is correct, uploading a site happens with the API and deleting a release requires an API token. This has been discussed in #167. What we're thinking about is to add a delete command to the CLI and allow using the delete endpoint with a site token, while preventing the deletion of the main branch. This should solve your problem.

[littlewall]

Thank you for your quick reply :)

Well, yes and no. Yes, it would somehow resolve my problem with different tokens for upload/delete release.

But in my specific case, a more versatile solution would be to enable release upload with API token (so this endpoint would accept both API and site token)

More specifically, a site token would not be required if a valid API token with enabled release.upload scope is present). I'm doing all the work inside the nodejs script, so it's much easier to use API calls than to run bash commands with Meli CLI.

I think those who want to be safer would use CLI with a site token. Who knows exactly what he's doing will create an API token with needed scopes enabled.

If it can't be done this way (for any security or other reason), I'm ok with it, just asking :) But in that case, the option to enable this scope for API token is irrelevant and should be removed from UI as it is confusing at this time (you can enable release.upload scope, but you can't really call that endpoint with this token).

[gempain]

For sure ! We'll add a scope for this endpoint so you can use it with the API as well. What would be really cool if that you share your script with us when you're done with it. We (or you, if interested) could write a Github actions with this so people can just specify their token, siteId, url etc and it would handle both upload and delete for PRs while keeping the main branch active.

That said, for safety reasons, we would probably by default prevent someone from deleting the main branch of a site via the API, and you could disable this behavior from your site settings.

[littlewall]

Ok, that sounds good :) Thank you for your great work!

Yes, actually, I need it for our company's Github Action, so once the changes are done, and Action will be ready, I will be happy to share it with the community. Even if we need it primarily for branch previews (not only on PR but also for any branch create and push), I'll try to make this Action as universal as possible. Also, I'll prepare Github Action workflows examples for various scenarios.

[littlewall]

We made our first try of Github Action: https://github.com/digitalvisioncz/meli-deploy-github-action

[gempain]

@littlewall wow ! This is amazing ! I'll work on this issue early this week and release by the end of the week.

I've noticed that you rewrote some logic that we have in our CLI. We'll update our CLI to expose methods for using it inside JS. This might make it easier for you.

[meli-release-bot]

:tada: This issue has been resolved in version 1.0.0-beta.23 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: