Skip to content

Commit c0f4c08

Browse files
cinderblockclaude
andcommitted
README: document npm install and the automated release process
Add an Install section split into "as a CLI (from npm)" and "for development (from source)", and a Releasing section covering the `npm version` + tag-push flow that drives the Trusted-Publishing GitHub Actions workflow. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
1 parent 4e85d5e commit c0f4c08

1 file changed

Lines changed: 44 additions & 0 deletions

File tree

README.md

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,20 @@ Multisim versions (e.g. `.ms9` or future `.ms20+`) need an explicit
113113

114114
## Install
115115

116+
### As a CLI (from npm)
117+
118+
```bash
119+
npm i -g electronics-workbench-decoder # puts `ewd` and `ewe` on your PATH
120+
# …or run without installing:
121+
npx -p electronics-workbench-decoder ewd MyDesign.ms14
122+
```
123+
124+
The published package is a self-contained bundle that runs on Node ≥ 18 —
125+
you don't need bun to use it. Installed this way, invoke the tools directly
126+
as `ewd` / `ewe` (the `bun run ewd` form below is for working from source).
127+
128+
### For development (from source)
129+
116130
Requires [bun](https://bun.sh) (≥ 1.0).
117131

118132
```bash
@@ -227,3 +241,33 @@ bun run typecheck # tsc --noEmit
227241
```
228242

229243
CI on push/PR runs `check`, `typecheck`, and `test` on Ubuntu and Windows.
244+
245+
## Releasing
246+
247+
Publishing to npm is automated by GitHub Actions
248+
(`.github/workflows/publish.yml`) using npm Trusted Publishing (OIDC):
249+
no stored `NPM_TOKEN`, and each release gets a signed provenance
250+
attestation.
251+
252+
To cut a release:
253+
254+
```bash
255+
npm version patch # or `minor` / `major`; bumps package.json, commits, tags vX.Y.Z
256+
git push --follow-tags # pushing the tag triggers the publish workflow
257+
```
258+
259+
The `vX.Y.Z` tag triggers the workflow, which verifies the tag matches
260+
`package.json`, runs the full gate (`check` + `typecheck` + `test` +
261+
license collection + `build`), then `npm publish --provenance`.
262+
263+
Notes for maintainers:
264+
265+
- The npm package has a **Trusted Publisher** configured for this repo and
266+
the `publish.yml` workflow. If you rename the workflow file or the repo,
267+
update that entry on npmjs.com to match — otherwise the OIDC identity
268+
won't match and publishing fails with a 404/permission error.
269+
- The published artifact is a self-contained bundle. `dist/` and
270+
`THIRD-PARTY-LICENSES.md` are generated at publish time (by the
271+
`prepublishOnly` script) and are not committed.
272+
- Runtime dependencies are bundled into `dist/`, so the published package
273+
declares none. `THIRD-PARTY-LICENSES.md` carries their license texts.

0 commit comments

Comments
 (0)