ci: add release workflow that publishes on v* tag push#22
Conversation
Triggered by tags matching v*. Verifies tag matches package.json version, runs tests + build, then `npm publish --provenance --access public`. Requires NPM_TOKEN repo secret. Uses npm publish rather than pnpm so setup-node's registry-url can wire up NODE_AUTH_TOKEN automatically.
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 0/1 reviews remaining, refill in 33 minutes and 24 seconds.Comment |
Summary
Adds
.github/workflows/release.ymlso that pushing av*tag triggersnpm publish. Without this, tags don't go anywhere — npm doesn't watch git tags by itself.What it does
v*(e.g.v5.0.0,v5.1.0).package.json#version— catches divergence early.latest(trusted publishing requires npm ≥ 11.5.1; node 22 ships with npm 10).pnpm testandpnpm buildbefore publishing.npm publish --access public. No token. Auth is via npm trusted publishing (OIDC) — the workflow gets a short-lived token from npm scoped to this exact repo + workflow. Provenance is attached automatically.Required setup on npm side (one-time)
Visit the package settings on npmjs.com → Trusted publishers → Add a publisher:
phananfactoriarelease.ymlOnce that's saved, no secret is needed in this repo.
Test plan
v5.0.0frommaster[email protected]appears on npm with provenance attestation