You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
chore(release): make just set-version bump Cargo + npm + all lockfiles
just set-version now updates every workspace crate and the root Cargo.lock, the excluded extended_runtime fixture Cargo.lock, and the npm main package, 3 platform packages, optionalDependencies and package-lock.json in one atomic step, so a version bump cannot leave a stale lockfile that breaks CI (cargo --locked and npm ci --omit=optional).
Add a check-fixture-lock recipe wired into test-native-modules to fail fast on fixture-lock drift instead of a cryptic poisoned-LazyLock panic.
Rewrite docs/release.md to match the real flow: pushing a vX.Y.Z tag triggers CreateRelease.yml, which creates the release branch and publishes to crates.io and npm via OIDC trusted publishing; use just set-version for bumps.
Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>
Copy file name to clipboardExpand all lines: docs/release.md
+23-24Lines changed: 23 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,29 +1,36 @@
1
1
# Create a new hyperlight-js release
2
2
3
-
This document details the process of releasing a new version of hyperlight-js to [crates.io](https://crates.io/). It's intended to be used as a checklist for the developer doing the release. The checklist is represented in the below sections.
3
+
This document details the process of releasing a new version of hyperlight-js to [crates.io](https://crates.io/) and [npmjs.com](https://www.npmjs.com/). It's intended to be used as a checklist for the developer doing the release.
4
4
5
-
## Update cargo.toml Versions
5
+
## Update versions
6
6
7
-
The first step in the release process is to update the version numbers of the crates you are releasing.
7
+
The first step in the release process is to bump the version numbers — the Rust crates **and** the npm packages — keeping them all in sync.
8
8
9
-
Update the `version`field in the `[workspace.package]` section of the root `Cargo.toml`, as well as the `hyperlight-js-runtime` entry in `[workspace.dependencies]`.
9
+
Do this with the `just set-version`recipe. **Always use this instead of bumping by hand** (`cargo set-version`, `npm version`, editing `package.json`): piecemeal bumps are exactly what leaves a lockfile stale and breaks CI mid-release. In one step it updates:
10
10
11
-
The easiest way to do this is with the `cargo-edit` crate, which provides a `cargo set-version` command. Install it with:
11
+
- every workspace crate's `version` and the root `Cargo.lock`,
12
+
- the excluded `extended_runtime` fixture's own `Cargo.lock` (a bare `cargo set-version` can't reach it, and a stale one fails the `native_modules --locked` build),
13
+
- the npm main package, the three platform packages, and their `optionalDependencies`,
14
+
-`src/js-host-api/package-lock.json` (a stale one fails `npm ci` in the publish job).
15
+
16
+
It uses `cargo set-version` from the `cargo-edit` crate under the hood, so install that first:
12
17
13
18
```console
14
19
cargo install cargo-edit
15
20
```
16
21
17
-
Then update the version number:
22
+
Then bump everything:
18
23
19
24
```console
20
-
cargo set-version 0.18.0
25
+
just set-version 0.18.0
21
26
```
22
27
23
-
For simplicity, we keep the version number consistent across all crates in the repository.
28
+
We keep the version number consistent across all crates and npm packages in the repository.
24
29
25
30
Create a PR with these changes and merge it into the `main` branch.
26
31
32
+
> **Note:** The `CreateRelease` workflow *also* sets the npm packages to the tag's version at publish time (via `npm version`), so the published artifacts always match the tag regardless. Bumping them in the repo with `just set-version` is what keeps `npm ci` from failing *during* the release — don't skip it.
33
+
27
34
## Create a tag
28
35
29
36
When the `main` branch has reached a state in which you want to release a new Cargo version, you should create a tag. Although you can do this from the GitHub releases page, we currently recommend doing the tag from the command line. Do so with the following commands:
@@ -36,26 +43,18 @@ git push origin v0.18.0 # if you've named your git remote for the hyperlight-dev
36
43
>Note: we'll use `v0.18.0` as the version for the above and all subsequent instructions. You should replace this with the version you're releasing. Make sure your version follows [SemVer](https://semver.org) conventions as closely as possible, and is prefixed with a `v` character. *In particular do not use a patch version unless you are patching an issue in a release branch, releases from main should always be minor or major versions*.
37
44
If you are creating a patch release see the instructions [here](#patching-a-release).
38
45
39
-
## Create a release branch (no manual steps)
40
-
41
-
After you push your new tag in the previous section, the ["Create a Release Branch"](https://github.com/hyperlight-dev/hyperlight-js/blob/main/.github/workflows/CreateReleaseBranch.yml) CI job will automatically run. When this job completes, a new `release/v0.18.0` branch will be automatically created for you.
42
-
43
-
## Create a new GitHub release and publish the crates
44
-
45
-
After the previous CI job runs to create the new release branch, go to the ["Create a Release"](https://github.com/hyperlight-dev/hyperlight-js/actions/workflows/CreateRelease.yml) Github actions workflow and do the following:
46
-
1. Click the "Run workflow" button near the top right
47
-
1. In the Use workflow from dropdown, select the `release/v0.18.0` branch
48
-
1. Click the green **Run workflow** button
49
-
50
-
When this job is done, a new [GitHub release](https://github.com/hyperlight-dev/hyperlight-js/releases) will be created for you.
46
+
## What happens when you push the tag
51
47
52
-
This release contains the benchmark results and the source code for the release along with automatically generated release notes.
48
+
Pushing a `vX.Y.Z` tag is the **only** manual trigger you need — you do **not** run any workflow by hand. The tag push starts the ["Create a Release"](https://github.com/hyperlight-dev/hyperlight-js/actions/workflows/CreateRelease.yml) workflow ([`CreateRelease.yml`](https://github.com/hyperlight-dev/hyperlight-js/blob/main/.github/workflows/CreateRelease.yml)), which reads the version from the tag and then does everything else automatically:
53
49
54
-
In addition, the hyperlight-js crates will be published to crates.io in dependency order (`hyperlight-js-common` → `hyperlight-js-runtime` → `hyperlight-js`). You can verify this by going to the [hyperlight-js page on crates.io](https://crates.io/crates/hyperlight-js) and checking that the new version is listed.
50
+
1.**Creates the release branch** — a `release/v0.18.0` branch is created and pushed for you.
51
+
2.**Creates the GitHub release** — a new [GitHub release](https://github.com/hyperlight-dev/hyperlight-js/releases) is published with automatically generated release notes and the benchmark results attached.
52
+
3.**Publishes the crates to crates.io** — in dependency order (`hyperlight-js-common` → `hyperlight-js-runtime` → `hyperlight-js`). Verify on the [hyperlight-js page on crates.io](https://crates.io/crates/hyperlight-js).
53
+
4.**Publishes the npm packages to npmjs.com** — `@hyperlight-dev/js-host-api` and its platform-specific binary packages, with their versions set from the tag. Verify on the [npmjs.com package page](https://www.npmjs.com/package/@hyperlight-dev/js-host-api).
55
54
56
-
The npm packages (`@hyperlight-dev/js-host-api`and platform-specific binaries) are also published automatically as part of this workflow. Publishing uses [npm trusted publishing (OIDC)](https://docs.npmjs.com/trusted-publishers) — no `NPM_TOKEN` secret is needed for the `CreateRelease` workflow. Provenance attestations are generated automatically.
55
+
Both crates.io and npm publishing use trusted publishing (OIDC), so no `NPM_TOKEN`or crates.io token secret is needed for the `CreateRelease` workflow. Provenance attestations are generated automatically for the npm packages.
57
56
58
-
You can verify the npm publish by checking the [npmjs.com package page](https://www.npmjs.com/package/@hyperlight-dev/js-host-api).
57
+
> **Note:** Only a `vX.Y.Z`**tag** push triggers a real release. Pushing to `main`, or running the workflow manually with **Run workflow**, performs a **dry run** — it builds and validates everything but publishes nothing.
0 commit comments