Leave package access scope to the package configuration

[joscha]

We just got badly burnt by the current behaviour of this plugin.

Scoped packages, e.g. @org/package are restricted by default, e.g. an npm publish publishes them privately whilst the default behaviour of npm for a unscoped package is to publish it publicly; e.g. package will be release public with a simple npm publish. This plugin diverts from the default npm behaviour in that it releases all packages, independent of their configuration or the sane npm default, publicly.

references #8

cc @joshua-leyshon-canva

[mikeal]

Approved, and I think this will be the final word on whether or not we do initial publishing (we won’t). https://github.com/mikeal/merge-release/issues/13

[joscha]

Thank you! Can we tag the new version so we can depend on the fix, please?

[mikeal]

hahaha, i rely so heavily on merge-release that i don’t even think about doing manual tags or releases of anything, including merge-release!

the actions were failing since they had some old syntax and action references, updated and it should do a full build and tag soon.

[joscha]

I don't think it worked:

Current runner version: '2.164.0'
Prepare workflow directory
Prepare all required actions
Download action repository 'actions/checkout@v1'
Download action repository 'actions/setup-node@v1'
Download action repository 'mikeal/merge-release@v4.0.9'
##[warning]Failed to download action 'https://api.github.com/repos/mikeal/merge-release/tarball/v4.0.9'. Error Response status code does not indicate success: 404 (Not Found).
##[warning]Back off 20.056 seconds before retry.
##[warning]Failed to download action 'https://api.github.com/repos/mikeal/merge-release/tarball/v4.0.9'. Error Response status code does not indicate success: 404 (Not Found).
##[warning]Back off 27.69 seconds before retry.
##[error]Response status code does not indicate success: 404 (Not Found).

as the tag is still missing.