Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish provenance for public packages #2664

Merged
merged 1 commit into from
Dec 13, 2024
Merged

Publish provenance for public packages #2664

merged 1 commit into from
Dec 13, 2024

Conversation

HiDeoo
Copy link
Member

@HiDeoo HiDeoo commented Dec 12, 2024

Description

While working in a workflow that involves strict security requirements, I noticed that Starlight public packages do not include any provenance. This PR fixes that by adding a publishConfig block to public packages.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Dec 12, 2024

🦋 Changeset detected

Latest commit: 08d5911

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages
Name Type
@astrojs/starlight-docsearch Patch
@astrojs/starlight Patch
@astrojs/starlight-tailwind Patch
@astrojs/starlight-markdoc Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions github-actions bot added 🚨 action Changes to GitHub Action workflows 🌟 core Changes to Starlight’s main package 🌟 tailwind Changes to Starlight’s Tailwind package 🌟 markdoc Changes to Starlight’s Markdoc package 🌟 docsearch Changes to Starlight’s DocSearch plugin labels Dec 12, 2024
@netlify Netlify
Copy link

netlify bot commented Dec 12, 2024
edited
Loading

Deploy Preview for astro-starlight ready!

Name Link
🔨 Latest commit 08d5911
🔍 Latest deploy log https://app.netlify.com/sites/astro-starlight/deploys/675b1c1a459cbe000835f4a0
😎 Deploy Preview https://deploy-preview-2664--astro-starlight.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 100 (no change from production)
Accessibility: 100 (no change from production)
Best Practices: 100 (no change from production)
SEO: 100 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify site configuration.

delucis
delucis approved these changes Dec 13, 2024
View reviewed changes
Copy link
Member

@delucis delucis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’ve had tabs open since the Astro PR meaning to do this and never did 😅

Thank you for taking care of it!

@delucis delucis merged commit 62ff007 into withastro:main Dec 13, 2024
16 checks passed
delucis
delucis reviewed Dec 13, 2024
View reviewed changes
.github/workflows/release.yml
Comment on lines +13 to +15
permissions:
contents: read
id-token: write
Copy link
Member

@delucis delucis Dec 13, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, looks like this still isn’t the right permissions combo in our case. The workflow failed after merging: https://github.com/withastro/starlight/actions/runs/12316634406/job/34377330918

Might need write access to create the release PR? Not sure why though — workflow looks the same as the Astro permission fix PR.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah there was withastro/astro#8752 which updated to contents: write. Not much additional context in there though 😁

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made a fix PR: #2665

@delucis delucis mentioned this pull request Dec 13, 2024
Merged
@astrobot-houston astrobot-houston mentioned this pull request Dec 13, 2024
Merged
HiDeoo added a commit to HiDeoo/starlight that referenced this pull request Dec 13, 2024
@HiDeoo
Merge branch 'main' into hd-astro-v5
39d6f3b 
* main:
  Fix release workflow permissions (withastro#2665)
  Publish provenance for public packages (withastro#2664)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@delucis delucis delucis approved these changes

Assignees
No one assigned
Labels
🚨 action Changes to GitHub Action workflows 🌟 core Changes to Starlight’s main package 🌟 docsearch Changes to Starlight’s DocSearch plugin 🌟 markdoc Changes to Starlight’s Markdoc package 🌟 tailwind Changes to Starlight’s Tailwind package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HiDeoo @delucis