|
| 1 | +# Release Process |
| 2 | + |
| 3 | +Releases are automated via [release-it](https://github.com/release-it/release-it) running in GitHub Actions. The workflow bumps `package.json`, updates `doc/CHANGELOG.md`, creates a bare semver git tag, and publishes to npm with OIDC provenance. The tag push triggers a separate workflow that builds ncc binaries for three platforms and creates the GitHub Release. |
| 4 | + |
| 5 | +## Cutting a release |
| 6 | + |
| 7 | +### From the CLI |
| 8 | + |
| 9 | +```bash |
| 10 | +gh workflow run release.yml --repo indexzero/flatlock -f increment=minor |
| 11 | +``` |
| 12 | + |
| 13 | +Replace `minor` with `patch` or `major` as appropriate. |
| 14 | + |
| 15 | +### From the GitHub UI |
| 16 | + |
| 17 | +1. Go to **Actions > Release > Run workflow** |
| 18 | +2. Select the increment type (patch, minor, or major) |
| 19 | +3. Click **Run workflow** |
| 20 | + |
| 21 | +## What happens |
| 22 | + |
| 23 | +1. `release-it --ci --increment <type>` runs on `ubuntu-latest` |
| 24 | +2. Determines the new version from the latest git tag + increment |
| 25 | +3. Moves `[Unreleased]` content in `doc/CHANGELOG.md` into a versioned section |
| 26 | +4. Bumps `version` in `package.json` |
| 27 | +5. Commits `chore: release <version>`, tags with bare semver (e.g. `1.6.0`) |
| 28 | +6. Publishes to npm (triggers `prepublishOnly` → `build:types` automatically) |
| 29 | +7. Pushes commit and tag to `main` |
| 30 | +8. Tag push triggers `ncc-release.yaml` which builds binaries (linux-x64, linux-arm64, darwin-arm64) and creates the GitHub Release with assets |
| 31 | + |
| 32 | +## npm authentication |
| 33 | + |
| 34 | +npm publishing uses [Trusted Publishers](https://docs.npmjs.com/trusted-publishers/) (OIDC) — the `Release` workflow in `indexzero/flatlock` is linked as a trusted publisher for the `flatlock` package. No `NPM_TOKEN` secret is needed. |
| 35 | + |
| 36 | +## Changelog |
| 37 | + |
| 38 | +The `@release-it/keep-a-changelog` plugin manages `doc/CHANGELOG.md`. When writing changes, add entries under the `## [Unreleased]` heading. The plugin converts this to a versioned heading at release time. |
| 39 | + |
| 40 | +## Configuration |
| 41 | + |
| 42 | +- `.release-it.json` — release-it config (tag format, changelog path, npm settings) |
| 43 | +- `.github/workflows/release.yml` — release workflow (workflow_dispatch) |
| 44 | +- `.github/workflows/ncc-release.yaml` — binary build workflow (tag-triggered) |
0 commit comments