Release/8.3.2 (#32)

* Version bumped to v8.3.2; See CHANGELOG for details
somnusjs · May 29, 2022 · 69255bd · 69255bd
1 parent 07aa694
commit 69255bd
Show file tree

Hide file tree

Showing 5 changed files with 314 additions and 556 deletions.
diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
@@ -1,11 +1,12 @@
-# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
+# This workflow will run tests using node and then publish a package to GitHub Packages & npm when a release is created
 # For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
 
 name: Publish to both npm & GitHub Packages registries
 
 on:
   release:
     types: [created]
+  workflow_dispatch:
 
 jobs:
   build:
@@ -29,13 +30,12 @@ jobs:
           node-version: lts/*
           registry-url: https://registry.npmjs.org/
       - run: npm ci
-      - name: 'publishing to npm'
-        run: npm publish
+      - name: 'Publishing to npm'
+        run: npm publish --access public
         env:
-          NODE_AUTH_TOKEN: ${{secrets.npm_token}}
+          NODE_AUTH_TOKEN: ${{ secrets.npm_token }}
 
   publish-gpr:
-    if: ${{ always() }}  # no need for any dependency between github publishing and npm publishing
     needs: build
     runs-on: ubuntu-latest
     steps:
@@ -44,8 +44,18 @@ jobs:
         with:
           node-version: lts/*
           registry-url: https://npm.pkg.github.com/
-          always-auth: true  # attempt to force re-auth now that we're interacting with another registry
-      - name: 'publishing to GitHub Packages'
+          scope: '@somnusjs'
+
+      # see https://github.com/actions/setup-node/issues/130 for why we need to auth explicitly here
+      # @TODO consider removing this step once the issue above is resolved
+      - name: 'Authenticate with the GitHub Packages registry'
+        run:
+          echo "//npm.pkg.github.com:_authToken=${{ secrets.GITHUB_TOKEN }}" > ~/.npmrc
+
+      - name: 'Scope the package to satisfy GitHub Packages scoping requirements'
+        run: './scripts/publish-gpr.mjs unsafe-rescope'
+
+      - name: 'Publishing to GitHub Packages'
         run: npm publish
         env:
-          NODE_AUTH_TOKEN: ${{secrets.github_token}}
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## [8.3.2] - 2022-05-30
+### Changed
+- GitHub Action config now supports both registries: npm (stable usage) and GitHub Packages (experimental usage)
+- upgraded several devDependencies, clearing out security issues reported by `npm audit`
+
 ## [8.3.1] - 2022-05-25
 ### Changed
 - upgraded `restify` to v8.6.1