ยซ Changelog History


Hex v0.18.0 Release Notes

Release Date: 2018-07-05 // almost 6 years ago

  • API keys

    When authenticating with mix hex.user auth two API keys are generated instead of single one. One key is unencrypted with read access and the other is encrypted with your local password and has full read/write access to the API. Now commands that don't make any changes will not require a password.

    โž• Additionally, we generate a single key that gives access to all your organization repositories, instead of one key for each repository. It also has the added benefit that you don't have to reauthenticate if you are added to a new organization.

    ๐Ÿ‘ท We have also added support for keys owned directly by an organization instead of a specific user, these keys can be accessed through mix hex.organization. This is useful when generating keys for a CI environment, previously when personal keys were used, a person leaving an organization or revoking the key could negatively affect CI workflow.

    ๐Ÿ‘Œ Improvements to continuous integration workflows

    The HEX_API_KEY environment variable has been introduced to be able run commands that require an authentication without having to authenticate manually with mix hex.user auth which has user input prompts. The key set with HEX_API_KEY can be generated with mix hex.user key generate or mix hex.organization key ORGANIZATION generate. It also makes it possible to run commands such as mix hex.publish without being prompted for a password.

    By passing the --yes flag to mix hex.publish you can publish your package (together with HEX_API_KEY) without any confirmation prompts. This allows you to publish your package as part of your CI build process.

    Ignoring :maintainers field

    ๐Ÿ“‡ In previous Hex versions we required :maintainers key to be present when publishing package. At the same time, on hex.pm we are also showing package owners (controlled by the mix hex.owner task). It was confusing to show both maintainers and owners and figure out which really control the package, so we've dropped showing maintainers on hex.pm and the field will no longer be added to package's metadata.

    If maintainers field was used to give credit to current and/or past contributors we encourage to mention that in project's README instead.

    โœจ Enhancements

    • โž• Add --yes flag to hex.publish for publishing without any confirmation prompts
    • Add HEX_API_KEY environment variable for setting and overriding the key used when authenticating against the API
    • Generate a single key for all organization repositories when authenticating a new user
    • Return a non-zero exit code from hex.outdated when dependencies are outdated
    • Generate two API keys when authenticating, one encrypted with write access, and one unencrypted with only read access
    • โž• Add ownership levels to hex.owner task
    • When resolving, try all possible backtrack branches and select the best solution
    • ๐Ÿ‘Œ Improve formatting of multi-line validation errors
    • ๐Ÿ”ง Do not use :maintainers package configuration field
    • ๐Ÿ”„ Change hex.organization to generate keys owned by organization instead of the user generating them
    • โž• Add options to hex.organization key for revoking and listing keys owned by organization
    • ๐Ÿ‘Œ Improve interface for hex.user key and hex.organization key, the following commands have changed:
      • hex.user key --generate => hex.user key generate
      • hex.user key --list => hex.user key list
      • hex.user key --revoke KEY_NAME => hex.user key revoke KEY_NAME
      • hex.user key --revoke-all => hex.user key revoke --all
      • hex.organization key ORGANIZATION => hex.organization key ORGANIZATION generate