From 13ffe4e92e254e47d9c271c965c1cb9a66eaffb1 Mon Sep 17 00:00:00 2001 From: Sebastian Pekarek Date: Sat, 21 Oct 2023 18:05:53 +0200 Subject: [PATCH 1/2] build: Enable npm provenance https://docs.npmjs.com/generating-provenance-statements#about-npm-provenance --- .github/workflows/test-release.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/test-release.yml b/.github/workflows/test-release.yml index 4a239c446..dfb10b2ed 100644 --- a/.github/workflows/test-release.yml +++ b/.github/workflows/test-release.yml @@ -67,6 +67,11 @@ jobs: name: Release runs-on: ubuntu-latest concurrency: release + permissions: + contents: write + issues: write + pull-requests: write + id-token: write needs: - coverage - tests @@ -91,6 +96,7 @@ jobs: GH_TOKEN: ${{ secrets.GH_TOKEN }} GH_OWNER: ${{ github.repository_owner }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_CONFIG_PROVENANCE: true - name: 🔃 Merge main back into develop if: ${{ github.ref == 'refs/heads/main' }} uses: everlytic/branch-merge@1.1.5 From c09342d2dc3cea1a0e52e066ea88d3747de85599 Mon Sep 17 00:00:00 2001 From: Sebastian Pekarek Date: Sun, 22 Oct 2023 12:24:52 +0200 Subject: [PATCH 2/2] build: Remove develop builds from changelog The changelog became very full and confusing with all the development builds. Therefore I decided not to include builds from the `develop` branch in the changelog anymore. --- release.config.cjs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/release.config.cjs b/release.config.cjs index 17cad4a05..e3a96b530 100644 --- a/release.config.cjs +++ b/release.config.cjs @@ -21,7 +21,9 @@ configuration.plugins.push(['@semantic-release/commit-analyzer', { configuration.plugins.push('@semantic-release/release-notes-generator'); -configuration.plugins.push('@semantic-release/changelog'); +if (process.env.BRANCH === 'main') { + configuration.plugins.push('@semantic-release/changelog'); +} configuration.plugins.push('semantic-release-license');