remove token for oidc token publishing#934
Conversation
Package Changes Through 839a0dcThere are 2 changes which include create-tauri-app with patch, create-tauri-app-js with patch Planned Package VersionsThe following package releases are the planned based on the context of changes in this pull request.
Add another change file through the GitHub UI by following this link. Read about change files or the docs at github.com/jbolda/covector |
| - name: Publish | ||
| run: | | ||
| echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc | ||
| npm publish |
There was a problem hiding this comment.
@amrbashir I don't understand the reason that we were calling publish twice. Any recollection?
There was a problem hiding this comment.
we are releasing two packages here, create-tauri-app and create-tauri
this way users can do pnpm create tauri or pnpm create tauri-app but iirc the primary reason was to squat create-tauri and avoid having it fall in the hands of a malicious squatter.
|
@jbolda Hey, I would like to publish a new version soon, could we revert the removed |
3 participants
Motivation
We have enabled trusted publishing. With this, we need to give it perms to create the token and then remove setting it.