-
Notifications
You must be signed in to change notification settings - Fork 554
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci(release): defined a github workflow to release with semantic-release #923
Conversation
@jimthedev @AndersDJohnson @kentcdodds Hi, could you validate this PR so a new release of the cli can be generated? Thx |
this PR will close the Issue #914 as the fix is merged already but not released yet |
if adding me as a maintainer could help with details like this, i'd be willing to help out with basic maintenance tasks like this. i wouldnt be able to dedicate a lot of time due to other OSS project responsibilities (hopefully, my reputation on those projects helps build trust to consider me as a maintainer here), but would like to help unblock vulnerability issues like this. |
Adding another vote of support; @jimthedev, please consider @travi's offer! I'm sure plenty of repos (like mine) have got a Critical dependabot security alert because there hasn't been a release for commitizen despite the updates being merged in already. |
Just got back home. Wife has covid but will take a look and see if I can help. |
Secret added, going to merge this. |
🎉 This PR is included in version 4.2.5 🎉 The release is available on: Your semantic-release bot 📦🚀 |
@jimthedev Thx |
@daiyam thank all of you for your patience. |
Thank you and @travi for resolving this! |
thanks for the merge @jimthedev! feel free to let me know if you need more help. commitizen is super valuable in combination with semantic-release, so i'd be happy to pitch in a bit if i can help keep things going. |
re-enables the release automation that was lost with the cleanup of the
.travis.yml
in #880. theGITHUB_TOKEN
is provided automatically by the action and should have access to perform all necessary actions needed for the release. theNPM_PUBLISH_TOKEN
would need to be made available as a secret to this action by a project maintainer.this does not replace the verification that happens on Azure Pipelines and only runs on the
master
branch. it is assumed that changes are only ever merged after passing verification in a PR, so this workflow should be safe to implement independently from the existing verification pipelines.this should unblock #914 and #897 (possibly more)