Skip to content

Commit 1088783

Browse files
committed
docs(releasing): NPM_TOKEN은 기존 시크릿 재사용 — 스코프 권한만 확인
새 release 잡이 기존 secrets.NPM_TOKEN을 그대로 사용. 추가 불필요. 다만 옛 흐름은 scrolloop 단일 패키지만 발행했으므로, 새 @scrolloop 스코프 발행 권한이 토큰에 포함되는지 확인 필요(granular면 스코프 추가).
1 parent 1c007cd commit 1088783

1 file changed

Lines changed: 7 additions & 3 deletions

File tree

RELEASING.md

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,13 @@ On push to `master`, the `release` job runs `changesets/action`:
2626

2727
### One-time setup
2828

29-
- Add an `NPM_TOKEN` repo secret (granular automation token with publish rights
30-
to the `scrolloop` package and the `@scrolloop` scope), or configure npm
31-
**Trusted Publishing** (OIDC) per package — `release` already has `id-token: write`.
29+
- The `NPM_TOKEN` repo secret already exists (the previous publish flow used it).
30+
Before the first scoped release, **verify it can publish the new `@scrolloop`
31+
scope** — the old flow only published the single `scrolloop` package, so a
32+
package-scoped/granular token may need the `@scrolloop` scope (and its org)
33+
granted. A classic automation token covers everything you own.
34+
(Alternatively, configure npm **Trusted Publishing** (OIDC) per package —
35+
`release` already has `id-token: write`.)
3236
- First release: package versions are set directly to `1.0.0` (no changeset),
3337
so `changesets/action` publishes them on the first master push. `scrolloop`
3438
goes `0.5.2 → 1.0.0`; the `@scrolloop/*` adapters are published fresh at

0 commit comments

Comments
 (0)