Conversation
|
|
| const inquirer = require('inquirer'); | ||
|
|
||
| const octokit = new Octokit({ | ||
| auth: '<GENERATE FROM HERE: https://github.com/settings/tokens>', |
There was a problem hiding this comment.
OK, so token goes here! Is there a security risk to putting a token here? Sorry, just to be sure!
There was a problem hiding this comment.
Ah @Sagarpreet - check it out - here it says to put the token in the "secrets" --- where it can be referenced from:
https://riggaroo.dev/using-github-actions-to-automate-our-release-process/
also here: https://github.com/actions/create-release#example-workflow---create-a-release
Let me see about that...
There was a problem hiding this comment.
aha yes https://github.com/publiclab/PublicLab.Editor/settings/secrets - doing this now!
There was a problem hiding this comment.
Would this work then?
| auth: '<GENERATE FROM HERE: https://github.com/settings/tokens>', | |
| auth: ${{ secrets.GITHUBTOKEN }}, |
There was a problem hiding this comment.
OK, strangely I couldn't make a secret called GITHUB_TOKEN as it said it was an invalid name. I instead made GITHUBTOKEN. I wonder... is there an organization secret with a colliding name? Not sure, but let's try GITHUBTOKEN
There was a problem hiding this comment.
Just noting that we have no org secrets so it wasn't a name collision...
oh! Aha - it's a reserved name -- it already exists with some permissions. Maybe best try it out? https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow#about-the-github_token-secret
i wasn't sure it had release creation permissions. but if it does, might as well use it instead of the one I created.
There was a problem hiding this comment.
So I think anyone can create a release in open source projects, right?
Similar to issues maybe, not sure.
So only read permissions for projects should be enough
|
This is cool! So this would be installed in each of our repositories? Amazing work, Sagarpreet! |
| const result = await octokit.repos.compareCommits({ | ||
| owner: 'publiclab', | ||
| repo: 'plots2', | ||
| base: latestTag, |
There was a problem hiding this comment.
oh is this a problem as we're currently in the Editor repo?
|
This could wait to a future revision - but I'm wondering - is there a way to link from PRs that are joining this release, so people know where they are being included? Somehow, the links from https://github.com/publiclab/plots2/releases/tag/v4.0 don't seem to show up as links on those PRs, like for example publiclab/plots2#7954 I could imagine automatically leaving a comment (which would create a lot of notifications, though) or using a tag... not sure! Just an idea. Probably for later! |
|
So if we add automerge probot app, that will make sure that when we do squash and merge, it will take PR title as commit message (instead of all commit messages that are shown in the current release) |
Co-authored-by: Jeffrey Warren <jeff@unterbahn.com>
|
@jywarren so this script is not related to github actions, we will run this script on our local host. So we need to add personal access token with read only permissions. |
|
Example release https://github.com/publiclab/PublicLab.Editor/releases/tag/v3.0 |
2 participants
Fixes: publiclab/plots2#8395
Created in plots2: https://github.com/publiclab/plots2/releases/tag/v4.0