Closed sheerlox closed 10 months ago
rebased branch against main
to resolve conflicts
@intcreator since I have no access to the repository settings, could you please go through the TODO to configure the new branch protection settings before we can merge this? :smile:
done!
:tada: This PR is included in version 3.1.7 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
Description
in order to reduce the noise Renovate generates, this PR introduces the following changes:
npm audit signatures
to "Test" & "Release" workflowsnpm run release
script and use directlynpx semantic-release
in the "Release" workflowMotivation and Context
Renovate raises a lot of PRs, but most of them can be auto-merged if the tests are passing. this is already the current setup, but this PR pushes this further by configuring Renovate to not raise PRs if the update is configured for automerge.
I've been setting this up for the @insurgent-lab organization, and this PR is a reflection of the changes made there (see https://github.com/insurgent-lab/.github/commit/a1dac39ca49d89caf055f6ac808e03b191d292fd and https://github.com/insurgent-lab/conventional-changelog-preset/commit/e08b793c795520c98aebf2dd0c0be22fb18a0893).
TODO before merging
this new setup requires a different branch protection approach (to allow the Renovate bot to merge branches without going through the PR process), which is based on the new GitHub "Rulesets" feature:
test / required_check
checkmain
.since repository administrators are allowed to update the default branch (
main
) in the "(bypass)" ruleset,semantic-release
will still be able to do its job since it's using a GitHub PAT from Nick.side note: this TODO also prepares us to restrict the rights we give to
semantic-release
in the future. it currently isn't possible to runsemantic-release
as a GitHub app, but I know from exchanging with one of the organization's maintainers that fixing the security concerns introduced by the need for a GitHub PAT is very important to them.