Create security policy, publish script for lts

Resolves #1857
TypeStrong · Feb 7, 2022 · 710c724 · 710c724
1 parent adb53e4
commit 710c724
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 1 deletion.
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -114,7 +114,7 @@ Once you have finished working on an issue, you can submit a pull request to hav
 
 Before submitting a pull request, make sure that there are no linting problems (`npm run lint`), all tests pass (`npm test`), and your branch is up to date. Its also a good idea to join the TypeDoc [Gitter] room to discuss how best to implement changes.
 
-Please do not change the project version number in a pull request.
+Please do not change the project version number in a pull request unless submitting a patch to the `lts` branch.
 
 ## Updating Your Branch
 

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+The TypeDoc team supports the latest minor version. For one minor version prior to the latest,
+pull requests providing patches to fix security vulnerabilities will be accepted. Support for the
+previous minor version relies completely on community pull requests.
+
+| Version | Status             |
+| ------- | ------------------ |
+| 0.22.x  | :white_check_mark: |
+| 0.21.x  | :warning:          |
+| < 0.21  | :x:                |
+
+## Patching LTS Versions
+
+If you depend on the prior minor version of TypeDoc and want to submit a fix, submit a pull request
+to the `lts` branch. When merged, a new version will be automatically published with your patch.
+
+Be sure to include:
+
+-   A line in `CHANGELOG.md` that notes what changed.
+-   An update to the version field in `package.json`.
+
+Note: Only pull requests which fix security vulnerabilities will be accepted. Additional features and bug fixes are out of scope for old versions.
diff --git a/.github/workflows/publish-lts.yml b/.github/workflows/publish-lts.yml
@@ -0,0 +1,35 @@
+name: Publish LTS
+on:
+    push:
+        branches:
+            - lts
+jobs:
+    npm-publish:
+        name: npm-publish
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v2
+            - id: check
+              uses: EndBug/version-check@v1
+              with:
+                  diff-search: true
+            - name: Set up Node
+              if: steps.check.outputs.changed == 'true'
+              uses: actions/setup-node@v1
+              with:
+                  node-version: "16"
+            - name: Upgrade npm
+              if: steps.check.outputs.changed == 'true'
+              run: npm i -g npm@latest
+            - name: Install
+              if: steps.check.outputs.changed == 'true'
+              run: npm ci
+            - name: Setup publish token
+              if: steps.check.outputs.changed == 'true'
+              run: echo "//registry.npmjs.org/:_authToken=${NPM_AUTH_TOKEN}" > .npmrc
+              env:
+                  NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
+            - name: Publish
+              if: steps.check.outputs.changed == 'true'
+              run: npm publish --tag lts