mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-01-27 16:28:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
a080a4ba0a4ff1ec80cede2e71d3cc2ee92bccf4
pnpm/.github/workflows/release.yml
neilnaveen 6bbb7b1d26 chore: Set permissions for GitHub actions (#4607) 
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
2022-04-22 03:04:45 +03:00

52 lines
1.5 KiB
YAML
Raw Blame History

name: Release
on:
push:
tags:
- "v*.*.*"
permissions:
contents: read
jobs:
build:
permissions:
contents: write # for softprops/action-gh-release to create GitHub release
runs-on: ubuntu-latest
environment: release
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install ldid
run: |
sudo apt-get update
sudo apt-get install git build-essential libplist-dev libssl-dev openssl qemu-user-binfmt
cd /tmp
git clone git://git.saurik.com/ldid.git
cd ldid
git submodule update --init
gcc -I. -c -o lookup2.o lookup2.c
g++ -std=c++11 -o ldid lookup2.o ldid.cpp -I. -lcrypto -lplist -lxml2
sudo mv ldid /usr/local/bin
- name: install pnpm and npm
run: |
curl -L https://get.pnpm.io/v6.16.js | node - add --global pnpm@next-7 npm@7
- name: pnpm install
run: pnpm install
- name: Publish Packages
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
pnpm config set "//registry.npmjs.org/:_authToken" "${NPM_TOKEN}"
pnpm release
- name: Copy Artifacts
run: pnpm run copy-artifacts
- name: Generate release description
run: pnpm run make-release-description
- name: Release
uses: softprops/action-gh-release@v1
with:
draft: true
files: dist/*
body_path: RELEASE.md
Reference in New Issue View Git Blame Copy Permalink