Skip to content

ci: auto-publish + tag + GH release workflow#11

Merged
leefanv merged 1 commit into
mainfrom
ci/release-workflow
May 11, 2026
Merged

ci: auto-publish + tag + GH release workflow#11
leefanv merged 1 commit into
mainfrom
ci/release-workflow

Conversation

@leefanv
Copy link
Copy Markdown
Owner

@leefanv leefanv commented May 11, 2026

Summary

Adds .github/workflows/release.yml. Triggers on every push to main (after PR merge) and on manual workflow_dispatch. For each packages/<name>/package.json, compares declared version against the <name>@<version> git tag:

State Action
Tag exists locally Skip
Tag missing, but <scoped>@<version> exists on npm Backfill — push tag + create GitHub release (no publish)
Tag missing, version not on npm npm publish + push tag + create GitHub release

Release notes auto-extracted from the top section of CHANGELOG.md. Manual dispatch supports dry_run=true to preview without publishing.

The workflow only pushes tags, not commits to main, so it doesn't loop on itself.

Required setup (one-time, after merge)

Add a repository secret NPM_TOKEN:

  1. https://www.npmjs.com → your avatar → Access TokensGenerate New Token → "Automation" type (no 2FA prompt)
  2. GitHub repo → SettingsSecrets and variablesActionsNew repository secret
    • Name: NPM_TOKEN
    • Value: paste the npm token

GITHUB_TOKEN is auto-injected and is used to push tags + create releases (workflow declares permissions: contents: write).

Permissions / safety

  • permissions: contents: write — needed to git push tags + gh release create
  • id-token: write — kept for future npm provenance via OIDC; not used yet
  • Tag pushes only. If a workflow run fires when there's nothing new (all versions already tagged), it exits clean with 0 published.

Backfilled tags (already pushed in this session, not part of this PR)

15 historical tags pushed directly to origin covering 0.3.x and 0.4.x for all packages. So when this workflow first runs after merge, it will skip everything (all already tagged). It only kicks in on the next version bump.

Test plan

  • bun run build passes locally
  • After merge: manually dispatch with dry_run=true to verify "skip everything, nothing to publish" output
  • Next real version bump (any PR that bumps a packages/*/package.json version): merge it and watch the workflow auto-publish + tag

🤖 Generated with Claude Code

@leefanv @claude
ci: add release.yml — auto-publish + tag + GH release per package
8decdec 
Triggers on push to main (after every PR merge) and on manual
workflow_dispatch (with optional dry_run). For each
packages/<name>/package.json, compares the declared version against
the `<name>@<version>` git tag:

- already tagged → skip
- tag missing but the version exists on npm → backfill tag + GH
  release only (no publish)
- tag and npm both missing → npm publish + git tag + GH release

Release notes are extracted from the top section of CHANGELOG.md.
GitHub release target is the workflow's HEAD commit.

Required secret: NPM_TOKEN (Settings → Secrets and variables →
Actions). GITHUB_TOKEN is provided by default and is used to push
tags + create releases (permissions: contents: write).

Doesn't loop: workflow pushes tags only, not commits to main.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@leefanv leefanv merged commit 196ebe5 into main May 11, 2026
1 check passed
@leefanv leefanv mentioned this pull request May 11, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@leefanv