toolcapsule 0.1.0-alpha.4 → 0.1.0-alpha.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/docs/releasing.md +8 -16
- package/package.json +1 -1
package/docs/releasing.md
CHANGED
|
@@ -24,27 +24,19 @@ git tag v0.1.0-alpha.1
|
|
|
24
24
|
git push origin v0.1.0-alpha.1
|
|
25
25
|
```
|
|
26
26
|
|
|
27
|
-
The
|
|
27
|
+
The `Release` workflow will:
|
|
28
28
|
|
|
29
29
|
1. install dependencies;
|
|
30
|
-
2.
|
|
31
|
-
3.
|
|
32
|
-
4.
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
```bash
|
|
37
|
-
npm publish --access public
|
|
38
|
-
```
|
|
39
|
-
|
|
40
|
-
Then verify with:
|
|
41
|
-
|
|
42
|
-
```bash
|
|
43
|
-
npm view toolcapsule version
|
|
44
|
-
```
|
|
30
|
+
2. verify the git tag matches `package.json`;
|
|
31
|
+
3. verify the npm version does not already exist;
|
|
32
|
+
4. run CI;
|
|
33
|
+
5. publish to npm with provenance through Trusted Publishing;
|
|
34
|
+
6. verify the npm package is available;
|
|
35
|
+
7. create a GitHub Release.
|
|
45
36
|
|
|
46
37
|
## Notes
|
|
47
38
|
|
|
39
|
+
- Do not use local `npm publish` for normal releases.
|
|
48
40
|
- Do not store `NPM_TOKEN` unless Trusted Publishing is unavailable.
|
|
49
41
|
- The workflow requires `permissions.id-token: write`.
|
|
50
42
|
- The GitHub Environment name must match npm Trusted Publishing exactly.
|