Closed wSedlacek closed 3 years ago
Ready for review
Hi @wSedlacek,
I've bumped the most recent tag for master to v1.0.0
. (Should the conventional "v" be there - or is that problematic?)
I've also set added an NPM_TOKEN
secret, but am a bit puzzled about what is needed re: the GIT_TOKEN
.
According to GitHubs docs, there is a GITHUB_TOKEN, which is automatically created:
GitHub automatically creates a GITHUB_TOKEN secret to use in your workflow.
You can use the GITHUB_TOKEN to authenticate in a workflow run.
When you enable GitHub Actions, GitHub installs a GitHub App on your repository.
The GITHUB_TOKEN secret is a GitHub App installation access token.
You can use the installation access token to authenticate on behalf of
the GitHub App installed on your repository.
Local and 3rd-party actions are already enabled for this repo, so I suspect a GITHUB_TOKEN is already created (though it doesn't appear in the repo's "secrets" settings... Not sure why).
Is this GITHUB_TOKEN
what is necessary? Or is a separate GIT_TOKEN required (as you wrote)?
If a separate GIT_TOKEN
is required: What permissions are absolutely necessary to include? I'm guessing they are from this list?
Let me know,
-K
Ah - I see in the code it is GIT_TOKEN (as you specified). Can you let me know what permissions are necessary for this to work?
Ok, I've added a GIT_TOKEN
; if it turns out not to be permissive enough for the CI/CD tasks, let me know.
Is this
GITHUB_TOKEN
what is necessary? Or is a separate GIT_TOKEN required (as you wrote)?If a separate
GIT_TOKEN
is required: What permissions are absolutely necessary to include? I'm guessing they are from this list?
Yes it is a Personal Access token to GitHub with public_repo access. This is what allows the semantic release to push to GitHub (the GITHUB_TOKEN provided by the workflow does not have push access)
I won't know for sure if it is correct until this is merged and able to run.
Update: Here is the source for further information. Note: I have setup the Release workflow to ONLY run on the master branch so as long as that is protected we shouldn't need to worry too much about unauthorized usage of the token.
I've bumped the most recent tag for master to
v1.0.0
. (Should the conventional "v" be there - or is that problematic?)
That should work based on my previous testing
Yes it is a Personal Access token to GitHub with public_repo access. This is what allows the semantic release to push to GitHub (the GITHUB_TOKEN provided by the workflow does not have push access) Update: Here is the source for further information.
Thanks.
Ok; I've tagged to v1.0.0, set up the tokens, and protected the master branch. Going to merge, and we'll see what happens!
If there's anything that needs to be fiddled with on my end - let me know; curious to see this new level of sophistication/automation in action...
Whoa - its alive! (Or at least it is doing things automagically...)
Whoa - its alive! (Or at least it is doing things automagically...)
Looks good! Should be ready to merge and we will see if it releases.
Post merging, how does one monitor release progress?
Post merging, how does one monitor release progress?
In the Actions section. https://github.com/kleydon/prisma-session-store/runs/1107279105
Looks like it didn't like the protected rules. Let's remove Include administrators
then rerun the job.
Update: It also shows the result at the top of the files list
Removed Include administrators
and re-running...
Removed
Include administrators
and re-running...
Looks like we are getting closer.
Seems like our NPM Token needs to be updated now.
Before you rerun remove the v1.1.0
tag that it published to avoid conflicts.
'npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/@quixo3%2fprisma-session-store - You may not perform that action with these credentials.\n' + 591
'npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/@quixo3%2fprisma-session-store - You may not perform that action with these credentials.\n' + 591
The token needs read and publish writes.
Before you rerun remove the v1.1.0 tag that it published to avoid conflicts.
Done.
Tending to the NPM token now...
Before you rerun remove the v1.1.0 tag that it published to avoid conflicts.
Done.
Tending to the NPM token now...
Once we get this fixed up we will probably have duplicates in our CHANGELOG.md, I will make a quick PR to remove those duplicates once it is working.
Ok; NPM token fixed. Does a new version number need to be set to anything in particular?
The version should be fine to rerun as long as the tag was removed. I am slightly conserved that when we rerun we will be one commit behind but I think it will just stop the workflow if anything.
I would retry real quick and if it fails we can make a revert of the release commit.
Yep, looks like a Revert Commit is needed. https://github.com/kleydon/prisma-session-store/commit/239b192378944f37a4d082adb88e9fcffdb8ce04
Think you can take care of that?
Will try here...
If you run into any trouble I made a PR for you https://github.com/kleydon/prisma-session-store/pull/15
@kleydon Sorry about all the confusion. I know CI/CD can be pretty finicky when you are first getting it setup, once it is setup though it should be pretty solid.
:tada: This PR is included in version 1.1.0 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
Looks like something went right? ^
🎉 We did it!
Anyways, I think this library is pretty solid now. Gonna shift back to working on some of my other projects but feel free to @me if you need my help with anything.
It still LOOKED like the v1.0.0 tag didn't get removed (but perhaps I was looking at the recreated version...) At any rate - progress. Thanks for your patience (and great job on setting up the "machinery" itself...) Ok - enjoy!
It still LOOKED like the v1.0.0 tag didn't get removed (but perhaps I was looking at the recreated version...) At any rate - progress. Thanks for your patience (and great job on setting up the "machinery" itself...) Ok - enjoy!
Well the base tag before the release was v1.0.0
so the release was v1.1.0
which as far as I can tell went perfect.
Note: If we started at v0.9.0
we would be at v0.10.0
now. Didn't really know of a good way to get us to 1.0.0
so I figured v1.1.0
was the next best thing.
Hey @wSedlacek,
Just sent a contributor invite.
Also, wanted to mention that if you ever want to swap roles, such that you take ownership of the repo and I'm a contributor - just let me know. You've done all this great work, and I don't want you to feel like you aren't getting proper credit for it.
Thank you for the invite.
It's all good. In all honestly I prefer not to be the owner as I have a lot of projects I am responsible for already. My work on this project benefited me a lot as I am using it in a few other projects so I am just happy I was able to get this working the way I like and share my work with others so they can benefit from it as well.
Again thank you for the invite very happy to accept and help if any other issues need to be taken care of.
Ok! Just figured I'd check. -K
On Sep 19, 2020, at 12:08 PM, William Sedlacek notifications@github.com wrote:
 Thank you for the invite.
It's all good. In all honestly I prefer not to be the owner as I have a lot of projects I am responsible for already. My work on this project benefited me a lot as I am using it in a few other projects so I am just happy I was able to get this working the way I like and share my work with others so they can benefit from it as well.
Again thank you for the invite very happy to accept and help if any other issues need to be taken care of.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
fixes: #13
This PR automates much of the contribution process
1.0.0
(to reset the versioning for semantic release)Note: Semantic release wants to use the previous tagged version then bump from there, to ensure that it uses
1.0.0
to start then the most recent tag needs to be1.0.0
Example of Release https://github.com/wSedlacek/prisma-session-store/runs/1103231448?check_suite_focus=true
Example of Test/Lint https://github.com/wSedlacek/prisma-session-store/runs/1103231421?check_suite_focus=true https://github.com/wSedlacek/prisma-session-store/runs/1103231454?check_suite_focus=true
Example of PR checks![Screen Shot 2020-09-12 at 11 47 46](https://user-images.githubusercontent.com/8206108/93002732-dbc88700-f4ed-11ea-9504-d6759d14ec9a.png)