GitHub Actions
Last updated
Was this helpful?
Last updated
Was this helpful?
The environment variables can be configured with .
In this example a publish type is required to publish a package to the npm registry. GitHub Actions a environment variable which can be used in Workflows.
support , allowing to run tests on multiple Node versions and publish a release only when all test pass.
Note: The publish pipeline must run on a .
.github/workflows/release.yml
configuration for Node projectsThe following is a minimal configuration for with a build running on the latest LTS version of Node when a new commit is pushed to a master
branch. See for additional configuration options.
package.json
changes to a master
branchIf you'd like to use a GitHub app to manage this instead of creating a personal access token, you could consider using a project like:
To keep package.json
updated in the master
branch, plugin can be used.
Note: Automatically populated GITHUB_TOKEN
cannot be used if branch protection is enabled for the target branch. It is not advised to mitigate this limitation by overriding an automatically populated GITHUB_TOKEN
variable with a , as it poses a security risk. Since Secret Variables are available for Workflows triggered by any branch, it becomes a potential vector of attack, where a Workflow triggered from a non-protected branch can expose and use a token with elevated permissions, yielding branch protection insignificant. One can use Personal Access Tokens in trusted environments, where all developers should have the ability to perform administrative actions in the given repository and branch protection is enabled solely for convenience purposes, to remind about required reviews or CI checks.
If the risk is acceptable, some extra configuration is needed. The option needs to be false
, otherwise the generated GITHUB_TOKEN
will interfere with the custom one. Example:
You can use for GitHub Actions.
Use event to have control on when to generate a release by making an HTTP request, e.g.:
To trigger a release, call (with a stored in GITHUB_TOKEN
environment variable):
- A declaratively configured way for triggering GitHub Actions
- A simple badge based mechanism for triggering GitHub Actions