Skip to content

Commit a0d7c18

Browse files
ejntaylorclaude
andauthored
Derive release version from the tag instead of pushing to main (#40)
The one-click Release workflow pushed the npm-version bump commit straight to main, which branch protection rejects (PRs + signed commits + status checks required). Drop that approach. Instead, make Publish read the version from the release tag (v0.3.3 -> 0.3.3), write it into package.json in CI only, then build and publish. Nothing is committed to main, so it works with branch protection and the tag can never disagree with the published version. Removes the old tag/version match guard (now unnecessary) and the release.yml workflow. Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
1 parent ecba65c commit a0d7c18

3 files changed

Lines changed: 30 additions & 113 deletions

File tree

.github/workflows/publish.yml

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,13 @@ jobs:
3939
- name: Install dependencies
4040
run: npm ci
4141

42+
- name: Set version from release tag
43+
if: github.event_name == 'release'
44+
run: |
45+
version="${GITHUB_REF_NAME#v}"
46+
echo "Publishing version $version (from tag $GITHUB_REF_NAME)"
47+
npm version "$version" --no-git-tag-version --allow-same-version
48+
4249
- name: Typecheck
4350
run: npm run typecheck
4451

@@ -51,10 +58,6 @@ jobs:
5158
- name: Verify package contents
5259
run: npm pack --dry-run
5360

54-
- name: Verify release tag matches package version
55-
if: github.event_name == 'release'
56-
run: node -e "const pkg = require('./package.json'); const expected = 'v' + pkg.version; if (process.env.GITHUB_REF_NAME !== expected) { console.error('Release tag ' + process.env.GITHUB_REF_NAME + ' does not match package version ' + expected); process.exit(1); }"
57-
5861
- name: Dry-run publish
5962
if: github.event_name == 'workflow_dispatch'
6063
run: npm publish --access public --provenance --dry-run

.github/workflows/release.yml

Lines changed: 0 additions & 90 deletions
This file was deleted.

RELEASING.md

Lines changed: 23 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,28 +1,32 @@
11
# Releasing
22

3-
The version in `package.json` is the single source of truth. The published npm
4-
version, the git tag, and the GitHub release must all match it — the `Publish`
5-
workflow enforces this and will fail the release if they drift.
3+
The **git tag is the single source of truth** for a release. The `Publish`
4+
workflow reads the version from the tag (`v0.3.3``0.3.3`), writes it into
5+
`package.json` in CI, then builds and publishes. Nothing is committed back to
6+
`main`, so this works with branch protection and the tag can never disagree
7+
with the published version.
68

7-
## Recommended: one-click release
9+
`package.json`'s committed `version` is just a placeholder — it does not need to
10+
be bumped before a release.
811

9-
Run the **Release** workflow (Actions → Release → Run workflow) on the branch you
10-
want to release from (normally `main`):
12+
## How to release
1113

12-
- **bump**: `patch` / `minor` / `major`, or
13-
- **version**: an explicit version like `0.3.3` (overrides `bump`).
14+
Create a GitHub release with a new tag:
1415

15-
The workflow bumps `package.json`, commits, tags, pushes, publishes to npm, and
16-
cuts the GitHub release — all from the same version, so the tag can never
17-
disagree with `package.json`.
16+
```bash
17+
gh release create v0.3.3 --generate-notes --title "v0.3.3"
18+
```
1819

19-
## Manual release (fallback)
20+
or use the GitHub UI (Releases → Draft a new release → new tag `v0.3.3`).
2021

21-
If you create a release/tag by hand in the GitHub UI, you **must** bump
22-
`package.json` to the matching version first and merge that commit into the
23-
branch you tag. Cutting `v0.3.3` while `package.json` still says `0.2.11` is
24-
exactly what the guard rejects.
22+
Publishing the release triggers the `Publish` workflow, which validates
23+
(typecheck, test, build, `npm pack`) and publishes to npm with provenance using
24+
the tag's version.
2525

26-
1. `npm version 0.3.3` on the release branch (bumps + commits + tags).
27-
2. `git push origin HEAD --follow-tags`.
28-
3. Create the GitHub release from tag `v0.3.3` → the `Publish` workflow runs.
26+
## Notes
27+
28+
- Tags must be `vX.Y.Z` (the leading `v` is stripped to get the npm version).
29+
- Pick a version higher than the current `latest` on npm (`npm view
30+
@patchstack/connect version`); npm rejects re-publishing an existing version.
31+
- Run the `Publish` workflow via **workflow_dispatch** for a dry-run publish
32+
without cutting a release.

0 commit comments

Comments
 (0)