Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
semantic-release-cli
Advanced tools
Readme
npm install -g semantic-release-cli
cd your-module
semantic-release-cli setup
Usage:
semantic-release-cli setup [options]
Options:
-h --help Show this screen.
-v --version Show version.
--[no-]keychain Use keychain to get passwords [default: true].
--ask-for-passwords Ask for the passwords even if passwords are stored [default: false].
--tag=<String> npm tag to install [default: 'latest'].
--gh-token=<String> GitHub auth token
--npm-token=<String> npm auth token
--circle-token=<String> CircleCI auth token
--npm-username=<String> npm username
Aliases:
init setup
semantic-release-cli performs the following steps:
npm adduser
with the npm information provided to generate a .npmrc
.npmrc
for future userepo
, read:org
, repo:status
, repo_deployment
, user:email
, write:repo_hook
)
package.json
version
field to 0.0.0-development
(semantic-release
will set the version for you automatically)semantic-release
script: "semantic-release": "semantic-release"
semantic-release
as a devDependency
repository
fieldsemantic-release-cli
does not perform any additional Travis-specific steps, but the cli output will provide a link for assistance integrating Travis and semantic-release-cli
.
semantic-release-cli
performs the following additional steps:
.travis.yml
file
after_success
: npm install -g travis-deploy-once
and travis-deploy-once "npm run semantic-release"
: run semantic-release
exactly once after all builds passcache: directories: ~/.npm
, notifications: email: false
repository
field.
GH_TOKEN
and NPM_TOKEN
environment variables in the settingsFor CircleCI, semantic-release-cli
performs the following additional steps:
config.yml
file (if CircleCI was selected)version: 2
jobs:
build:
docker:
- image: 'circleci/node:latest'
steps:
- checkout
- run:
name: install
command: npm install
- run:
name: release
command: npm run semantic-release || true
GH_TOKEN
and NPM_TOKEN
environment variables in the settingsFor Github Actions, semantic-release-cli
performs the following additional step:
NPM_TOKEN
environment variables as a secret in the settingsFor now you will have to manually modify your existing workflow to add a release step. Here is an example of a small complete workflow .github/workflows/workflow.yml
:
name: CI
on: push
jobs:
test:
runs-on: ubuntu-16.04
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: '12'
- run: npm ci
- run: npm test
- name: Release
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npx semantic-release
By default, semantic-release-cli
supports the popular Travis CI and CircleCI servers. If you select Other
as your server during configuration, semantic-release-cli
will print out the environment variables you need to set on your CI server. You will be responsible for adding these environment variables as well as configuring your CI server to run npm run semantic-release
after all the builds pass.
Note that your CI server will also need to set the environment variable CI=true
so that semantic-release
will not perform a dry run. (Most CI services do this by default.) See the semantic-release
documentation for more details.
This package reads your npm username from your global .npmrc
. In order to autosuggest a username in the future, make sure to set your username there: npm config set username <username>
.
Please contribute! We welcome issues and pull requests.
When committing, please conform to the semantic-release commit standards.
MIT License 2015 © Christoph Witzko and contributors
FAQs
setup automated semver compliant package publishing
The npm package semantic-release-cli receives a total of 4,143 weekly downloads. As such, semantic-release-cli popularity was classified as popular.
We found that semantic-release-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.