🚨 Latest Research:Tanstack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack.Learn More →
github-release-cli
Advanced tools
github-release-cli - npm Package Compare versions
+2
-1
| { | ||
| "name": "github-release-cli", | ||
| "version": "0.2.1", | ||
| "version": "0.2.2", | ||
| "description": "A command-line tool for uploading release assets to a GitHub repository", | ||
@@ -31,2 +31,3 @@ "homepage": "https://github.com/cheton/github-release-cli", | ||
| "dependencies": { | ||
| "babel-runtime": "^6.22.0", | ||
| "commander": "^2.9.0", | ||
@@ -33,0 +34,0 @@ "github": "^8.1.1" |
+65
-1
| # github-release-cli [](https://travis-ci.org/cheton/github-release-cli) | ||
| [](https://www.npmjs.com/package/github-release-cli) | ||
| A command-line tool for uploading release assets to a GitHub repository. | ||
@@ -17,3 +19,3 @@ | ||
| ``` | ||
| Usage: github-release [options] | ||
| Usage: github-release [options] [file ...] | ||
@@ -32,4 +34,66 @@ Options: | ||
| ## Secure Setup | ||
| ### 1. Get an OAuth token from GitHub | ||
| First you will need to get an OAuth Token from GitHub using your own username and "note": | ||
| ``` | ||
| curl \ | ||
| -u 'username' \ | ||
| -d '{"scopes":["repo"], "note":"Publish to GitHub Releases"}' \ | ||
| https://api.github.com/authorizations | ||
| ``` | ||
| For users with two-factor authentication enabled, you must send the user's authentication code (i.e., one-time password) in the `X-GitHub-OTP` header: | ||
| ``` | ||
| curl \ | ||
| -u 'username' \ | ||
| -H 'X-GitHub-OTP: 000000' \ | ||
| -d '{"scopes":["repo"], "note":"Publish to GitHub Releases"}' \ | ||
| https://api.github.com/authorizations | ||
| ``` | ||
| ### 2. Storing the OAuth token in an environment variable | ||
| For reducing security risks, you can store your OAuth token in an environment variable. | ||
| Export the token using the one you got from above: | ||
| ``` | ||
| export GITHUB_TOKEN=your_token | ||
| ``` | ||
| ### 3. Set up a CI build | ||
| Now you're ready to upload assets to a GitHub repository from a CI server. For example: | ||
| ``` | ||
| COMMIT_LOG=`git log -1 --format='%ci %H %s'` | ||
| github-release \ | ||
| --owner=cheton \ | ||
| --repo=github-release-cli \ | ||
| --tag="${TRAVIS_BRANCH}" \ | ||
| --name="${TRAVIS_BRANCH}" \ | ||
| --body="${COMMIT_LOG}" \ | ||
| "releases/file.zip" \ | ||
| "releases/file.tar.gz" | ||
| ``` | ||
| If you're using Travis CI, you may want to encrypt environment variables: | ||
| ``` | ||
| travis encrypt GITHUB_TOKEN=your_token | ||
| ``` | ||
| Learn how to define encrypted variables in .travis.yml:<br> | ||
| https://docs.travis-ci.com/user/environment-variables/#Defining-encrypted-variables-in-.travis.yml | ||
| ## Examples | ||
| https://github.com/cncjs/cncjs/blob/master/.travis.yml | ||
| ## License | ||
| MIT |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
15892
12.33%- Number of lines in readme file
98
188.24%Worsened metrics
- Dependency count
3
50%Dependency changes
+ Added
babel-runtime@^6.22.0+ Added
babel-runtime@6.26.0(transitive)+ Added
core-js@2.6.12(transitive)+ Added
regenerator-runtime@0.11.1(transitive)