gitrole is shipped primarily through npm. This document keeps the release path short, repeatable, and easy to verify.
- Release tags use
vX.Y.Z. package.jsonstays semver-aligned with the release tag. Example: tagv0.4.1matches package version0.4.1.- Every release tag should have a corresponding GitHub Release.
- npm is the canonical shipped artifact. GitHub Releases document the version; npm is the package users install.
- Existing legacy tags may use older naming. New releases should use the
vX.Y.Zformat only.
- Merge conventional-commit changes to
main. - Let Release Please open or update the release PR.
- Review the release PR contents:
package.jsonandpackage-lock.jsonversion bump- generated changelog/release notes
- green CI
- Merge the release PR to
main. - Let Release Please create the
vX.Y.Ztag and corresponding GitHub Release from that mergedmaincommit. - Let
.github/workflows/publish.ymlpublish the package to npm from the published GitHub Release. - Verify the release externally:
npm view gitrole version- confirm the GitHub Release exists for
vX.Y.Z - confirm the docs site is live at
https://docs.gitrole.dev
Manual version bumps and hand-cut release tags should no longer be the default path. If Release Please is unavailable, follow the same invariants manually: cut the version on main, tag the merged main commit with vX.Y.Z, and publish only after the GitHub Release is created.
Use this as the starting point for each GitHub Release:
## Summary
- Short description of the release.
## Notable Changes
- Change 1
- Change 2
## Breaking Changes
- None
## Docs
- Docs site: https://docs.gitrole.dev
## Package
- npm: https://www.npmjs.com/package/gitroleKeep the notes focused on externally meaningful changes. Pull request bodies are good input, but they are not the release note by themselves.
- Use pull requests to merge into
main. - Keep
mainas the protected long-lived branch. - Delete merged topic branches once they are no longer needed.
- Keep branch names short, readable, and scoped, for example
feat/...,fix/...,docs/...,test/..., orci/.... - Reserve release tags for shipped versions only. Do not use ad hoc tags for temporary checkpoints.
- Branch protection or rulesets should prevent direct pushes to
main. - Required CI should stay green before merging.
- Tag protections, when configured, should reserve
v*.*.*tags for intentional releases.
- The repository includes
.github/workflows/release-please.ymlto manage the release PR, release tag, and GitHub Release for the root npm package. It should use a GitHub App token generated from theRELEASE_PLEASE_APP_IDActions variable and theRELEASE_PLEASE_APP_PRIVATE_KEYsecret; the defaultGITHUB_TOKENis not sufficient because tags and releases created with it will not trigger.github/workflows/publish.yml. - The repository includes a tag-validation workflow for release tags. It validates version alignment and runs the release-confidence checks, but it does not publish to npm or create a GitHub Release automatically.
- The repository also includes
.github/workflows/publish.ymlfor npm Trusted Publishing. When npm Trusted Publishing is configured for this repository and workflow filename, a published GitHub Release can publish the tagged version to npm without an npm token.