Adopt the newly GA npm provenance feature #1812
Labels
enhancement
New feature or request
priority-medium
Not functioning - next quarter if capacity permits
Comments
adam-wolfe
added
enhancement
|
Thank you for raising this enhancement request. |
|
Currently, the CLI and Plugins pipelines deploy all of the components to Zowe's Artifactory server, and any updated packages are deployed to NPM from there all at once by a different nightly job. For this feature to be implemented, the pipelines will need to be changed across the repositories to deploy to both Zowe's Artifactory and NPM directly, and the nightly NPM deployment pipeline can be disabled. |
zFernand0
added
priority-medium
github-project-automation
bot
moved this from Medium Priority
to Closed
in Zowe CLI Squad
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature or enhancement request related to a problem or limitation? Please describe
Our zowe.org releases are signed as part of the release process, but our npm releases are not.
Describe your enhancement idea
See https://github.blog/changelog/2023-09-26-npm-provenance-general-availability/. Is this something that we can use for Zowe CLI, the Node.js Client SDKs, and some of the plug-ins?
Describe alternatives you've considered
This may provide greater assurance of the provenance of our packages on npm.
The text was updated successfully, but these errors were encountered: