sjsjsj1246 · sjsjsj1246 · Mar 25, 2026 · Mar 25, 2026
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -7,7 +7,7 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write
       id-token: write
 
     steps:
@@ -39,3 +39,27 @@ jobs:
 
       - name: Publish current main release
         run: pnpm release
+
+      - name: Read package version
+        id: package_version
+        run: echo "version=$(node -p \"require('./package.json').version\")" >> "$GITHUB_OUTPUT"
+
+      - name: Create Git tag if missing
+        run: |
+          TAG="v${{ steps.package_version.outputs.version }}"
+          if git rev-parse "$TAG" >/dev/null 2>&1; then
+            echo "Tag $TAG already exists"
+            exit 0
+          fi
+          git tag "$TAG"
+          git push origin "$TAG"
+
+      - name: Create GitHub Release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          TAG="v${{ steps.package_version.outputs.version }}"
+          gh release create "$TAG" \
+            --title "$TAG" \
+            --generate-notes \
+            --verify-tag
diff --git a/docs/releasing.md b/docs/releasing.md
@@ -80,6 +80,7 @@ Run `.github/workflows/publish.yml` manually when you want to ship the current v
 
 - `pnpm release` verifies tests, docs lint/build, size limits, and then runs `changeset publish`.
 - Publishing uses GitHub Actions OIDC via npm Trusted Publishing instead of an `NPM_TOKEN` secret.
+- After npm publish succeeds, the workflow creates a `v<version>` Git tag and a GitHub Release with generated release notes.
 
 ## Notes for this repo