DRAFT: Release workflows #49
Conversation
jankapunkt
added
security ❗
|
This looks great @jankapunkt. I do like the idea of automatically publishing at the end of workflow B. |
|
Fantastic, so to be clear, creating a release basically means making a tag IN github, correct? |
|
Also, when/what do we merge to 'master', the |
|
@HappyZombies in it's current state it would mean to create a GitHub release (which also includes a Tag, yes) Merging into master should be always the latest stable release, which is what many other projects do as well. |
|
Got it, @jankapunkt this looks great, thanks a lot for doing it. Once this PR is merged I think we are good to move forward, setup the npm keys and what not, and do a release for 4.1.0. What do you think? |
|
Yes, exactly. However, I am not finished yet, since we need to manually test the new workflows. The good thing is, that the |
|
@jankapunkt i am going to go ahead and follow this pattern but do it manually, and release what we currently have in development. I'd just like to release something right now with a lot of updates and what not so we can update our personal modules already. Unless there's something they needs to be tested/ran instantly? |
|
@jankapunkt, @HappyZombies I'm curious how the tags are being created for each version. I don't see it in the workflow, are we doing this locally when pushing to
This is the way I tend to do it but I'm not super familiar with GitHub Actions. It would be nice if there was a way to automate these steps (I'd be happy to create a shell script to this effect). Also, I feel like we touched on this somewhere but what are the plans for all the branches we create. I feel we could safely delete old branches since there is not point to having both tags and branches—keep things tidy. |
|
@jwerre When creating a tag we will have to use the "GitHub release" component that will create our tags for us. This will then run the GitHub action and publish to npm. Basically, it'll be development-> release -> master. Then make a GitHub release, which will create a tag As for the deletion of branches, I'm for it 100% |
|
I will be releasing 4.1.0 manually this week until we have this release strategy straightened out. |
|
@HappyZombies @jwerre I changed the base branch to we can't test the new actions just by opening a PR (because if that would be possible, someone could just open a PR, start any actions on the CI and maybe steal credentials or anything else). In turn we need to pull this into the Once this is working we can pull it into |
|
@jwerre @HappyZombies just a short ping - can you please read the above comments and let me know if you understand the intended steps? If you confirm, I'll merge into |
up semver and update changelog for dev branch
release 4.1.1 -> master
…om FStefanni/issue_89_20_649 Supported state in case of denial
Merge pull request #93 from node-oauth/fix-vcharfail-allowemptystate
Co-authored-by: Daniel Reguero <daniel.reguero@hotmail.com> Co-authored-by: Francesco Stefanni <francesco.stefanni@gizeroenergie.it>
Bumps [eslint](https://github.com/eslint/eslint) from 8.2.0 to 8.4.1. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.2.0...v8.4.1) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Daniel Reguero <daniel.reguero@hotmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [sinon](https://github.com/sinonjs/sinon) from 11.1.2 to 12.0.1. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/master/docs/changelog.md) - [Commits](sinonjs/sinon@v11.1.2...v12.0.1) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [eslint](https://github.com/eslint/eslint) from 8.2.0 to 8.4.1. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.2.0...v8.4.1) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* test example * created db & model factories * added refresh_token grant type test * removed failing test, not implemented feature * add reference to issue * client authentication test * random client credentials in test * replace math.random by crypto.randomBytes
…ri via model #89 p.4 - support custom validateRedirectUri() - allow to implement model.validateRedirectUri - updated AuthorizeHandler - default conforms with RFC 6819 Section-5.2.3.5 - thanks to @FStefanni and @jorenvandeweyer
This PR implements a multi-stage testing and release workflow, as proposed on #36
The proposed workflow logic is therefore the following:
A. PR to development and master + pushing to them:
release-*branches, since they have their own extended workflowB. PR / Push to a
release-*branch:C. Create a (new release)[https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository]
The workflows A and B are triggered fully automated, while C still needs a release to be created by one of the maintainers. This is because a pull request to a
release-*does not necessarily mean to create a new release from the package.On the other hand - this could also be changed to, say, automatically create a new release at the end of workflow B when all checks have passed