search

vimeo / vimeo.js

Official Node.js library for the Vimeo API.
https://developer.vimeo.com
Apache License 2.0
267 stars 78 forks source link

Automate package publishing on tag push #178

Closed cmxiang closed 1 year ago

cmxiang commented 1 year ago

What this PR does

Publishing packages on npm currently requires manual access to be given to the vimeo org in npm. This is problematic from security perspective, because there is no way to automatically remove individuals once they leave Vimeo. There are also issues with maintenance, and legacy knowledge of the process.

This PR adds a GitHub workflow that automates publishing the package to the npm registry through a Vimeo/Devex-maintained npm account. The workflow is triggered when a new tag in the format *.*.* is pushed on main.

A tag protection rule would also be created to restrict creating/editing tags in the *.*.* format to admins and maintainers of the repo, thus restricting who can publish the package as well.

Testing

Test workflow: https://github.com/vimeo/vimeo.js/pull/179/files Test run: https://github.com/vimeo/vimeo.js/actions/runs/4451857999

CLAassistant commented 1 year ago

CLA assistant check
All committers have signed the CLA.