Skip to content

Maintenance: update lerna and implement npm provenance #1436

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 of 2 tasks
dreamorosi opened this issue May 4, 2023 · 2 comments · Fixed by #1541
Closed
1 of 2 tasks

Maintenance: update lerna and implement npm provenance #1436

dreamorosi opened this issue May 4, 2023 · 2 comments · Fixed by #1541
Assignees
@dreamorosi
Labels
completed This item is complete and has been merged/shipped internal PRs that introduce changes in governance, tech debt and chores (linting setup, baseline, etc.)

Comments

@dreamorosi
Copy link
Contributor

Summary

A couple of weeks ago GitHub announced a new feature called npm provenance.

npm packages built on a cloud CI/CD system (like GitHub Actions) can now publish with provenance, meaning the package has verifiable links back to its source code and build instructions.

At the time lerna, the package we use to publish our utilities to npm didn't support the feature, but version 6.6.2, which has just been released does.

We should go ahead and:

  • update lerna to 6.6.2 or newer
  • modify the workflow that makes the release to use this new feature

Why is this needed?

This way our customers can publicly establish where the Powertools for TypeScript package was built and who published, which can increase overall supply-chain confidence.

Which area does this relate to?

Governance

Solution

No response

Acknowledgment

Future readers

Please react with 👍 and your use case to help us understand customer demand.
@dreamorosi dreamorosi added triage This item has not been triaged by a maintainer, please wait internal PRs that introduce changes in governance, tech debt and chores (linting setup, baseline, etc.) labels May 4, 2023
@dreamorosi dreamorosi added confirmed The scope is clear, ready for implementation and removed triage This item has not been triaged by a maintainer, please wait labels May 4, 2023
@dreamorosi dreamorosi self-assigned this May 4, 2023
@dreamorosi dreamorosi changed the title Maintenance: update lerna and implement nom provenance Maintenance: update lerna and implement npm provenance May 8, 2023
@dreamorosi dreamorosi moved this from Backlog to Working on it in Powertools for AWS Lambda (TypeScript) Jun 22, 2023
@dreamorosi dreamorosi mentioned this issue Jun 22, 2023
Merged
9 tasks
@dreamorosi dreamorosi linked a pull request Jun 22, 2023 that will close this issue
chore(ci): bump lerna & add provenance config #1541
Merged
9 tasks
@github-project-automation github-project-automation bot moved this from Working on it to Coming soon in Powertools for AWS Lambda (TypeScript) Jun 22, 2023
@github-project-automation github-project-automation bot moved this from Backlog to Coming soon in AWS Lambda Powertools for TypeScript Jun 22, 2023
@github-actions
Copy link
Contributor

⚠️ COMMENT VISIBILITY WARNING ⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot added pending-release This item has been merged and will be released soon and removed confirmed The scope is clear, ready for implementation labels Jun 22, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Jun 23, 2023
edited by dreamorosi
Loading

This is now released under version 1.10.0!

@github-actions github-actions bot added completed This item is complete and has been merged/shipped and removed pending-release This item has been merged and will be released soon labels Jun 23, 2023
@dreamorosi dreamorosi moved this from Coming soon to Shipped in Powertools for AWS Lambda (TypeScript) Jun 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dreamorosi dreamorosi

Labels
completed This item is complete and has been merged/shipped internal PRs that introduce changes in governance, tech debt and chores (linting setup, baseline, etc.)
Projects
Powertools for AWS Lambda (TypeScript)
Status: Shipped
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(ci): bump lerna & add provenance config aws-powertools/powertools-lambda-typescript
2 participants
@dreamorosi and others