suggestion: a github action to keep modules up to date

luvit / lit

Toolkit for developing, sharing, and running luvit/lua programs and libraries.

http://lit.luvit.io/

Apache License 2.0

245 stars 58 forks source link

suggestion: a github action to keep modules up to date #328

Open Bilal2453 opened 2 months ago

Bilal2453 commented 2 months ago

What do you think about a Github action that on successful commits to main branch to any of the deps that has their own Lit package will auto-release that package to Lit. For example, when a package like secure-socket has its version bumped from 1.2.3 to 1.2.4 it would automatically run Lit publish.

If you would like that I could PR one, should make it easier to maintain, update and release the packages.

truemedian commented 2 months ago

Lit requires all package releases be signed by an RSA key assigned to the sole owner (or proven member of an organization owner) of the package. This process cannot be well automated.

Bilal2453 commented 2 months ago

It should be possible (?) to automate it by having an RSA key (of a possible member/bot?) with the password (if one is set) as a GitHub secret in the repo configs, this can be well hidden from everyone without the right access to see it.

Bilal2453 commented 2 months ago

I knew we already had something like this, finally found it, we can do something similar to this https://github.com/Lyrth/lit-test-package .