Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish npm package with provenance #669

Merged
merged 1 commit into from
Oct 15, 2023
Merged

Publish npm package with provenance #669

merged 1 commit into from
Oct 15, 2023

Conversation

jongwooo
Copy link
Contributor

@jongwooo jongwooo commented Oct 15, 2023
edited by hackerwins
Loading

What this PR does / why we need it?

To increase supply chain security, we should publish npm package with provenance.

Provenance data gives consumers a verifiable way to link a package back to its source repository and the specific build instructions used to publish it (see example on npmjs.com).

See this page to learn more.

Any background context you want to provide?

What are the relevant tickets?

Fixes #664

Checklist

  • Added relevant tests or not required
  • Didn't break anything

@CLAassistant
Copy link

CLAassistant commented Oct 15, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@codecov
Copy link

codecov bot commented Oct 15, 2023

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (918b215) 67.89% compared to head (8d4a885) 67.89%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #669   +/-   ##
=======================================
  Coverage   67.89%   67.89%           
=======================================
  Files          58       58           
  Lines        8734     8734           
  Branches      784      784           
=======================================
  Hits         5930     5930           
  Misses       2546     2546           
  Partials      258      258

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@hackerwins hackerwins self-requested a review October 15, 2023 08:24
hackerwins
hackerwins approved these changes Oct 15, 2023
View reviewed changes
Copy link
Member

@hackerwins hackerwins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution.
I never knew about provenance before. We can check the effectiveness of provenance when the next version is released.

@hackerwins hackerwins merged commit d89d960 into yorkie-team:main Oct 15, 2023
1 check passed
@jongwooo jongwooo deleted the chore/publish-npm-package-with-provenance branch October 15, 2023 08:49
@hackerwins
Copy link
Member

hackerwins commented Nov 25, 2023
edited
Loading

https://github.com/yorkie-team/yorkie-js-sdk/actions/runs/6987496642/job/19014101294#step:6:1
https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions
e11047d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hackerwins hackerwins hackerwins approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Suggestion: Publish npm package with provenance
3 participants
@jongwooo @CLAassistant @hackerwins