feat: add release script (for managing npm publishing and GH releases)

grega · grega · commit 19a9f004fd52 · 2026-06-10T12:43:57.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,29 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build:all
+
+      - name: Test
+        run: npm test
diff --git a/README.md b/README.md
@@ -1,7 +1,6 @@
 # Python Friendly Error Messages
 
 Todo:
-- Set up automated testing and publishing through GitHub Actions
 - Accessibility of output HTML
 
 A small library that explains Python error messages in a friendlier way, inspired by [p5.js's Friendly Error System](https://p5js.org/contribute/friendly_error_system/).
@@ -116,9 +115,36 @@ You can now import, and use it, elsewhere (see Usage notes).
 
 The package is published to: https://www.npmjs.com/package/@raspberrypifoundation/python-friendly-error-messages
 
-## Publishing
+## Releasing
+
+Releases are (currently) generated and published to npm from your local machine, so it can use your npm auth and 2FA OTP rather than a long-lived CI token (CI publishing is a possible future enhancement). 
+
+One command does everything:
 
 ```bash
-npm login
-npm publish
+./scripts/release.sh patch   # 0.3.0 → 0.3.1
+./scripts/release.sh minor   # 0.3.0 → 0.4.0
+./scripts/release.sh major   # 0.3.0 → 1.0.0
+./scripts/release.sh 1.2.3   # explicit version
 ```
+
+The script:
+
+1. checks you're on a clean `main` in sync with `origin`, and logged in to npm,
+2. runs the tests and build,
+3. bumps the version (updating `package.json` / `package-lock.json`), commits, and tags `vX.Y.Z`,
+4. publishes to npm (prompting for your 2FA OTP if enabled),
+5. pushes the commit and tag, and
+6. creates a GitHub Release with notes generated from the commits/PRs since the previous tag.
+
+If `npm publish` fails, nothing is pushed — the script prints how to undo the local
+bump and retry.
+
+### Prerequisites (one-time)
+
+- `npm login` — publishing uses your local npm credentials (the package publishes
+  publicly via `publishConfig.access: "public"`).
+- `gh auth login` — the GitHub Release is created with the `gh` CLI.
+
+Tests still run automatically on every push to `main` and on pull requests via
+[`.github/workflows/ci.yml`](.github/workflows/ci.yml).
diff --git a/package.json b/package.json
@@ -15,6 +15,9 @@
     "dist",
     "copydecks"
   ],
+  "publishConfig": {
+    "access": "public"
+  },
   "scripts": {
     "clean": "rimraf dist",
     "prebuild": "npm run clean",
@@ -25,7 +28,8 @@
     "dev:build": "npm run build:assets && tsc -p tsconfig.json --watch & esbuild src/index.browser.ts --bundle --format=esm --outfile=dist/index.browser.js --loader:.json=json --watch",
     "test": "vitest run",
     "dev:test": "vitest",
-    "regen:traces": "node scripts/regenerate-demo-traces.mjs"
+    "regen:traces": "node scripts/regenerate-demo-traces.mjs",
+    "release": "scripts/release.sh"
   },
   "devDependencies": {
     "cpy-cli": "^6.0.0",
diff --git a/scripts/release.sh b/scripts/release.sh
@@ -0,0 +1,97 @@
+#!/usr/bin/env bash
+# release.sh — cut a release entirely from your machine: bump, build, test,
+# publish to npm, push, and create the GitHub Release.
+#
+# Usage:
+#   ./scripts/release.sh patch     # 0.3.0 → 0.3.1
+#   ./scripts/release.sh minor     # 0.3.0 → 0.4.0
+#   ./scripts/release.sh major     # 0.3.0 → 1.0.0
+#   ./scripts/release.sh 1.2.3     # explicit version
+#
+# Prerequisites (one-time): `npm login` (publishing uses your local npm auth,
+# including a 2FA OTP prompt if enabled) and `gh auth login` (for the release).
+
+set -euo pipefail
+
+ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$ROOT"
+
+current="$(node -p "require('./package.json').version")"
+
+# ── Resolve the bump ────────────────────────────────────────────────────────
+if [[ -z "${1:-}" ]]; then
+  echo "Usage: ./scripts/release.sh <patch|minor|major|x.y.z>" >&2
+  echo "Current version: $current" >&2
+  exit 1
+fi
+
+bump="$1"
+case "$bump" in
+  patch|minor|major) ;;
+  [0-9]*.[0-9]*.[0-9]*) ;;
+  *) echo "Error: '$bump' must be patch, minor, major, or an explicit x.y.z" >&2; exit 1 ;;
+esac
+
+# ── Safety checks ───────────────────────────────────────────────────────────
+branch="$(git rev-parse --abbrev-ref HEAD)"
+if [[ "$branch" != "main" ]]; then
+  echo "Error: releases must be cut from 'main' (currently on '$branch')." >&2
+  exit 1
+fi
+
+if [[ -n "$(git status --porcelain)" ]]; then
+  echo "Error: working tree is not clean — commit or stash changes first." >&2
+  exit 1
+fi
+
+echo "Syncing with origin/main…"
+git fetch --quiet origin main
+if [[ "$(git rev-parse HEAD)" != "$(git rev-parse origin/main)" ]]; then
+  echo "Error: local main is not in sync with origin/main — pull/push first." >&2
+  exit 1
+fi
+
+if ! npm whoami >/dev/null 2>&1; then
+  echo "Error: not logged in to npm — run 'npm login' first." >&2
+  exit 1
+fi
+
+# ── Validate (before bumping, so a failure leaves no dangling version) ───────
+echo "Running tests…"
+npm test
+echo "Building…"
+npm run build:all
+
+# ── Bump + tag (local only so far) ──────────────────────────────────────────
+# npm version updates package.json + package-lock.json, commits, and tags vX.Y.Z.
+newtag="$(npm version "$bump" -m "Release v%s")"   # prints e.g. "v0.4.0"
+echo "Bumped $current → $newtag"
+
+# ── Publish to npm ──────────────────────────────────────────────────────────
+echo "Publishing to npm (enter your 2FA OTP if prompted)…"
+if ! npm publish; then
+  echo "" >&2
+  echo "Error: npm publish failed. The version bump was committed and tagged locally," >&2
+  echo "but nothing was pushed. To undo and retry:" >&2
+  echo "  git tag -d $newtag && git reset --hard HEAD~1" >&2
+  exit 1
+fi
+
+# ── Push + GitHub Release ───────────────────────────────────────────────────
+git push --follow-tags origin main
+
+repo="RaspberryPiFoundation/python-friendly-error-messages"
+if command -v gh >/dev/null 2>&1; then
+  if ! gh release create "$newtag" --title "$newtag" --generate-notes; then
+    echo "Warning: GitHub Release creation failed (npm publish + push already succeeded)." >&2
+    echo "Create it manually: gh release create $newtag --title $newtag --generate-notes" >&2
+  fi
+else
+  echo "Warning: gh CLI not found — GitHub Release not created." >&2
+  echo "Install gh, then run: gh release create $newtag --title $newtag --generate-notes" >&2
+fi
+
+echo ""
+echo "✓ Released $newtag"
+echo "  npm:    https://www.npmjs.com/package/@raspberrypifoundation/python-friendly-error-messages/v/${newtag#v}"
+echo "  GitHub: https://github.com/$repo/releases/tag/$newtag"
