687b04a963
Keep GitHub releases and npm publishing aligned with package.json while making deploy.sh the single source of truth for release validation.
1.5 KiB
1.5 KiB
Releasing
package.json is the release source of truth for denchclaw.
Main flow
- Bump the root package version in
package.json. - Push or merge that commit to
main. - GitHub Actions runs
.github/workflows/release.yml. - If that version is not already on npm, the workflow runs the same
deploy.shtest and build checks in validation mode. - Only after those checks pass does the workflow publish
denchclawto npm. - The workflow creates a matching GitHub release named
v<version>.
If the npm package already exists, the workflow skips publishing. If the GitHub release already exists, the workflow skips creating it. This makes reruns safe.
Local commands
pnpm run deploypnpm run deploy:checkpnpm run deploy:patchpnpm run deploy:minorpnpm run deploy:majorpnpm run github:sync-secrets
The deploy commands load .env automatically when it exists.
Examples:
pnpm run deploy:check
pnpm run deploy
pnpm run deploy -- --dry-run --version 2.3.15
pnpm run deploy:patch
GitHub Actions secrets
The release workflow expects:
POSTHOG_KEYNPM_TOKEN
To sync the current local .env values into GitHub repository secrets:
pnpm run github:sync-secrets
Better long-term option
The workflow supports NPM_TOKEN today because that matches the current local deploy process. For better security, configure npm trusted publishing for .github/workflows/release.yml and then remove NPM_TOKEN. The deploy script already supports GitHub Actions OIDC when no NPM_TOKEN is present.