Release stoic-plugin via workflow#191
Conversation
| - name: Build Stoic Plugin Distribution | ||
| run: ./gradlew :stoic-plugin:dist |
There was a problem hiding this comment.
We don't need any new secrets access for this? And if the maven publish step fails after this, do we end up in a weird state?
There was a problem hiding this comment.
I don't see why it would require any secrets. If ./gradlew assemble above works, then this should too. But I don't know a good way to test other than landing this and trying it out.
If Maven publish fails, then that's fine - everything is local up to that point. The somewhat weird state is if Maven publish succeeds, but then Github release fails.
There was a problem hiding this comment.
Wait, so does that mean anyone can just check out this repo, make changes, and publish the stoic plugin?
There was a problem hiding this comment.
Oh, I see what you're saying. You're asking if gh release requires secrets. Yes, it does - that's the GH_TOKEN, and that's why I had to add the
permissions:
# Required so GH_TOKEN can create the GitHub Release and upload the artifact.
contents: write
./gradlew :stoic-plugin:dist does not publish anything - it just builds stoic-plugin locally.
There was a problem hiding this comment.
Ah, so that's just a verification step?
There was a problem hiding this comment.
./gradlew :stoic-plugin:dist builds stoic-plugin/build/distributions/radiography-stoic-plugin-*.tar.gz, which then gets used by gh release
tcmulcahy
force-pushed
the
tomm/release-stoic-via-workflow
branch
from
f677014 to
880b943
Compare
2 participants
Instead of uploading a locally built version of stoic-plugin, this does the release fully within a Github Action, providing safety against supply-chain attacks.