Skip to content

Commit

Permalink
Updated A Round Of Applause Semantic Release For The Clapper Component
Browse files Browse the repository at this point in the history
  • Loading branch information
chriswilty authored and Siteleaf committed Oct 16, 2024
1 parent e21f5d1 commit 4bf54e0
Showing 1 changed file with 3 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ Generates a tarball of the npm package.

Generates zip and tarball of source code for the GitHub release.

#### Notes
#### A note on bundling

There are important differences between the bundles generated by these two plugins.

Expand All @@ -93,11 +93,11 @@ Secondly, we have an npm script (`prepack`) which runs the build before preparin

### Publish

#### [GitHub plugin][github-plugin]
#### [npm plugin][npm-plugin]

Here's another thing to love about semantic-release: contributors have provided a set of [recipes for common release tasks](https://semantic-release.gitbook.io/semantic-release/recipes/ci-configurations), including a recipe for [releasing to npm via GitHub Actions](https://semantic-release.gitbook.io/semantic-release/recipes/ci-configurations/github-actions#node-project-configuration).

I also wanted to try out releasing with [npm provenance](https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/), a relatively new concept which is gaining traction: packages can gain a provenance badge by providing a verifiable link back to the source code _and_ to the build configuration, to give consumers full knowledge of how your package was built from sources. GitHub Actions are one of the current verifiable build systems, which is another good reason to use them instead of Travis.
I also wanted to try out releasing with [npm provenance](https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/), a relatively new concept which is gaining traction: packages can gain a provenance badge by providing a verifiable link back to the source code _and_ to the build configuration, to give consumers full knowledge of how a package was built from sources. GitHub Actions are one of the current verifiable build systems, which is another good reason to use them instead of Travis.

The workflow is simple to set up following the recipe linked above; the only extra config needed for provenance is this section inside `package.json`:

Expand Down

0 comments on commit 4bf54e0

Please sign in to comment.