Summary
Right now publishing to npm is a manual step. Any version bump should automatically trigger a release and publish to npmjs, no manual npm publish needed.
Proposed flow
- Dev bumps version locally:
npm version patch | minor | major
- That creates a git tag (e.g.
v1.1.0) and a commit
git push --follow-tags pushes both- GitHub Actions detects the new tag, runs CI, and publishes to npm
Implementation
Add a new workflow file .github/workflows/release.yml:
name: Release
on:
push:
tags:
- 'v*.*.*'
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20.x'
registry-url: 'https://registry.npmjs.org'
- run: npm ci
- run: npm run build
- run: npm test
- run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}Secret to add
In GitHub repo Settings → Secrets → Actions, add:
NPM_TOKEN — generate from npmjs.com under Access Tokens (choose Automation type)
Usage after setup
npm version patch # bumps 1.0.0 → 1.0.1, creates tag v1.0.1
git push --follow-tags
# GitHub Actions takes it from here
Acceptance criteria
Summary
Right now publishing to npm is a manual step. Any version bump should automatically trigger a release and publish to npmjs, no manual
npm publishneeded.Proposed flow
npm version patch | minor | majorv1.1.0) and a commitgit push --follow-tagspushes bothImplementation
Add a new workflow file
.github/workflows/release.yml:Secret to add
In GitHub repo Settings → Secrets → Actions, add:
NPM_TOKEN— generate from npmjs.com under Access Tokens (choose Automation type)Usage after setup
Acceptance criteria
.github/workflows/release.ymladdedNPM_TOKENsecret documented in CONTRIBUTING.mdpatch,minor, andmajorbumps