New top story on Hacker News: Show HN: Publish from GitHub Actions using multi-factor authentication

Show HN: Publish from GitHub Actions using multi-factor authentication
15 by varunsharma07 | 3 comments on Hacker News.
The backstory about this GitHub Action: I discussed with an open-source maintainer why they publish npm packages from their local machine and do not use CI/CD pipelines. They said publishing should require human intervention and want to continue using multi-factor authentication to publish to the npm registry. This led to building the wait-for-secrets GitHub Action. It prints a URL in the build log and waits for secrets to be entered using a browser. Once entered, the workflow continues, and secrets can be used in future steps. The latest release of "eslint-plugin-react" to the npm registry used a one-time password (OTP) from a GitHub Actions workflow! https://ift.tt/2nZGmij...