Spike: automated release process

[bajtos]

At the moment, our process for releasing and publishing new versions is based on manual invocation of lerna CLI on a local developer machine, which comes with few issues:

• it requires admin permissions on GitHub because it pushes directly to master
• we are publishing from "dirty" git checkout that may contain extra files when compared to what is committed to git
• the releases are not peer-reviewed, only the person making the release can preview the changes

I would like us to improve this process and make it more automated. I am envisioning the following setup:

• The person initiating the release:
  • creates a new feature branch
  • runs lerna version --no-git-tag-version --no-push to bump up versions, update changelogs and create the release commit.
  • pushes the feature branch to GitHub and opens a new pull request.
• When the PR is approved, the release commit is merged to master in the usual way. No admin permissions are required.
• A build pipeline (powered e.g. by Azure Pipelines or GitHub Actions) detects a release commit and
  • Creates appropriate git tags (unfortunately, this is not supported by Lerna as of 2018-01-29)
  • Runs lerna publish from-git to publish packages to the npm registry

@strongloop/loopback-maintainers thoughts?

[raymondfeng]

We need to find out how to share npm credentials with travis - https://docs.travis-ci.com/user/encryption-keys/.

[bajtos]

I would like us to eventually enable 2FA for publishes, at which point we will need to find a way how to configure Travis to supply one-time-password token too.

[bajtos]

I changed this issue to be a spike, I don't think we have enough information to be able to estimate the effort required to implement this new process.

[stale[bot]]

This issue has been marked stale because it has not seen activity within six months. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository. This issue will be closed within 30 days of being stale.

[stale[bot]]

This issue has been marked stale because it has not seen activity within six months. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository. This issue will be closed within 30 days of being stale.