New top story on Hacker News: Show HN: Publish from GitHub Actions using multi-factor authentication
Show HN: Publish from GitHub Actions using multi-factor authentication
15 by varunsharma07 | 3 comments on Hacker News.
The backstory about this GitHub Action: I discussed with an open-source maintainer why they publish npm packages from their local machine and do not use CI/CD pipelines. They said publishing should require human intervention and want to continue using multi-factor authentication to publish to the npm registry. This led to building the wait-for-secrets GitHub Action. It prints a URL in the build log and waits for secrets to be entered using a browser. Once entered, the workflow continues, and secrets can be used in future steps. The latest release of "eslint-plugin-react" to the npm registry used a one-time password (OTP) from a GitHub Actions workflow! https://ift.tt/DuUXf1T...
December 7, 2022 at 01:05AM varunsharma07 15 https://ift.tt/esp4OYd Show HN: Publish from GitHub Actions using multi-factor authentication 3 The backstory about this GitHub Action: I discussed with an open-source maintainer why they publish npm packages from their local machine and do not use CI/CD pipelines. They said publishing should require human intervention and want to continue using multi-factor authentication to publish to the npm registry. This led to building the wait-for-secrets GitHub Action. It prints a URL in the build log and waits for secrets to be entered using a browser. Once entered, the workflow continues, and secrets can be used in future steps. The latest release of "eslint-plugin-react" to the npm registry used a one-time password (OTP) from a GitHub Actions workflow! https://ift.tt/DuUXf1T... https://ift.tt/32WUr0S
15 by varunsharma07 | 3 comments on Hacker News.
The backstory about this GitHub Action: I discussed with an open-source maintainer why they publish npm packages from their local machine and do not use CI/CD pipelines. They said publishing should require human intervention and want to continue using multi-factor authentication to publish to the npm registry. This led to building the wait-for-secrets GitHub Action. It prints a URL in the build log and waits for secrets to be entered using a browser. Once entered, the workflow continues, and secrets can be used in future steps. The latest release of "eslint-plugin-react" to the npm registry used a one-time password (OTP) from a GitHub Actions workflow! https://ift.tt/DuUXf1T...
December 7, 2022 at 01:05AM varunsharma07 15 https://ift.tt/esp4OYd Show HN: Publish from GitHub Actions using multi-factor authentication 3 The backstory about this GitHub Action: I discussed with an open-source maintainer why they publish npm packages from their local machine and do not use CI/CD pipelines. They said publishing should require human intervention and want to continue using multi-factor authentication to publish to the npm registry. This led to building the wait-for-secrets GitHub Action. It prints a URL in the build log and waits for secrets to be entered using a browser. Once entered, the workflow continues, and secrets can be used in future steps. The latest release of "eslint-plugin-react" to the npm registry used a one-time password (OTP) from a GitHub Actions workflow! https://ift.tt/DuUXf1T... https://ift.tt/32WUr0S
Nhận xét
Đăng nhận xét