feat(ci): automate npm releases with semantic-release#18
Conversation
Replace manual version management with semantic-release which reads conventional commit messages to determine version bumps automatically. Includes CHANGELOG generation, GitHub Releases, and npm provenance. Update CONTRIBUTING.md and docs/releasing.md with the new versioning workflow and commit message conventions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 80bf0c6ec6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| @@ -40,19 +42,10 @@ jobs: | |||
| registry-url: https://registry.npmjs.org | |||
There was a problem hiding this comment.
registry-url from the semantic-release setup step
This setup-node configuration is likely to break releases. The semantic-release GitHub Actions recipe explicitly warns not to set registry-url when publishing with @semantic-release/npm, because the generated .npmrc can cause EINVALIDNPMTOKEN even when the token is valid. In this release job, any merge that should publish can fail during npm verification/publish purely because of that extra auth file.
Useful? React with 👍 / 👎.
| - name: Semantic Release | ||
| run: npx semantic-release | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
GITHUB_TOKEN for release pushes
If this repo keeps the protected-main ruleset defined in scripts/setup-branch-protection.sh:29-58, this workflow cannot complete a release. .releaserc.json:23-25 enables @semantic-release/git, so semantic-release must push a version/changelog commit and tag back to main, but the GitHub Actions recipe notes that the automatically populated GITHUB_TOKEN cannot be used when branch protection is enabled. In that setup, the first releasable merge will fail as soon as semantic-release tries to write back the release commit.
Useful? React with 👍 / 👎.
1 participant
Summary
mainCONTRIBUTING.mdwith commit message conventions and versioning workflowdocs/releasing.mdwith full release documentationHow versioning works after this PR
fix:fix: handle empty plugin listfeat:feat: add Gemini adapterfeat!:/BREAKING CHANGE:feat!: drop Node 18 supportchore:,docs:,ci:docs: update READMETest plan
NPM_TOKENsecret is set in repo settings before merge🤖 Generated with Claude Code