You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been using Lerna for a component library I'm building.
My set up is as follows:
developer makes a feature branch and creates a PR
build workflow is run on the PR, which runs lerna publish --canary (pushes a alpha package to our private GitHub registry for integration testing)
another developer approves the PR and it's merged into main branch
publish workflow is run on main branch, which runs lerna publish (pushes the production package to our private GH reg)
It's been running fine, until recently the organisation I work at has enforced security vulnerability checking on all repos.
The security vulnerability checking is a workflow which comes from the orgs security repo and is used as a rule, where all workflows are required to pass before merging.
It fails on the last step, I think because lerna is trying to push tags directly from main branch.
Is this strategy I'm doing incorrect? Running lerna from main branch?
Should I be getting the workflow to create a PR of the latest version of the package and approve & merge it?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi 👋🏼
I've been using Lerna for a component library I'm building.
My set up is as follows:
lerna publish --canary(pushes a alpha package to our private GitHub registry for integration testing)mainbranchmainbranch, which runslerna publish(pushes the production package to our private GH reg)It's been running fine, until recently the organisation I work at has enforced security vulnerability checking on all repos.
The security vulnerability checking is a workflow which comes from the orgs security repo and is used as a rule, where all workflows are required to pass before merging.
It fails on the last step, I think because lerna is trying to push tags directly from
mainbranch.Is this strategy I'm doing incorrect? Running lerna from
mainbranch?Should I be getting the workflow to create a PR of the latest version of the package and approve & merge it?
Beta Was this translation helpful? Give feedback.
All reactions