-
Notifications
You must be signed in to change notification settings - Fork 0
Package Tag Release Process
Canonical runbook for production releases of OpenCapTable and the @fairmint/open-captable-protocol-daml-js npm package.
OpenCapTable-v34-v0.0.2
- Prefix: configured package from
scripts/packages.ts(ocp→OpenCapTable-v34today). - Suffix
-v<semver>must matchOpenCapTable-v34/daml.yaml. - Root
package.jsonversion must be bumped before tagging when a new npm publication is expected.
-
Push tag matching
OpenCapTable-v*-v*→ runs.github/workflows/release.yml. -
Manual: GitHub Actions → Package Tag Release → Run workflow → set
release_tag(e.g.OpenCapTable-v34-v0.0.2).
Concurrency is per tag; overlapping runs for the same tag are serialized.
Matches release.yml:
- Node 20, npm 11.10.0
- Java 23 (Temurin)
- DAML SDK via dpm (version from package
daml.yaml) -
Git LFS (checkout +
git lfs pull)
-
Checkout tag (or
workflow_dispatchinput), with LFS and submodules. -
Parse tag —
scripts/parse-release-tag.ts→ package key, source dir, version. -
Validate release secrets (Canton OAuth +
NPM_TOKENfor npm publish). -
Validate npm version — root
package.jsonversion must not already exist on npm. -
Validate tag at
origin/main— release tag commit must equal currentorigin/main(refuses stale tags). -
Build and validate:
npm run buildnpm run backup-dar -- --package <key> --version <version>npm run lintnpm run formatnpm run lint:damlnpm run check-upgrade-compatnpm run codegennpm run verify-packagenpm run test
-
Upload DAR — devnet, then mainnet (
npm run upload-dar). -
Detect factory state —
scripts/detect-factory-need.ts(readsgenerated/ocp-factory-contract-id.json). -
Create missing factories —
scripts/create-ocp-factory.tsper network that lacks a factory for the current DAR package ID. -
Verify DAR backups —
npm run verify-dars. -
Prepare npm artifacts —
npm run package:manifest. -
Publish npm —
npm publish. -
Commit artifacts to
main—[skip ci]commit whenorigin/mainis still the tag commit.
When changed, the workflow commits:
-
dars/(anddars.lockvia backup step) -
generated/ocp-factory-contract-id.json(+.d.ts) generated/npm-manifest.txtpackage.jsonCHANGELOG.md
Commit message: chore: record release artifacts for ${RELEASE_TAG} [skip ci].
| Workflow | Auth | Notes |
|---|---|---|
release.yml (canonical) |
NPM_TOKEN secret + id-token: write
|
Validates NODE_AUTH_TOKEN from NPM_TOKEN before publish |
publish.yml (legacy) |
npm trusted publishing via GitHub Actions OIDC | No NPM_TOKEN; requires id-token: write and a trusted publisher configured on npmjs.com for this repo |
Applies to release.yml only (Canton upload + npm publish). publish.yml does not use these npm/Canton release secrets.
CANTON_DEVNET_INTELLECT_LEDGER_JSON_API_CLIENT_SECRET
CANTON_DEVNET_5N_LEDGER_JSON_API_CLIENT_SECRET
CANTON_MAINNET_INTELLECT_LEDGER_JSON_API_CLIENT_SECRET
CANTON_MAINNET_5N_LEDGER_JSON_API_CLIENT_SECRET
NPM_TOKEN
Topology is committed in scripts/config/cantonPublic.ts; secrets supply OAuth client secrets only. Generic DEVNET_AUTH_TOKEN / MAINNET_AUTH_TOKEN are not sufficient (upload targets both Intellect and 5n).
Use Node 20 when running locally:
node --version
npx tsx scripts/parse-release-tag.ts OpenCapTable-v34-v0.0.2
npm run build && npm run testAfter the workflow: confirm dars/dars.lock, any new dars/ rows, and generated/ocp-factory-contract-id.json were committed when expected.
release.yml |
publish.yml |
|
|---|---|---|
| Status | Canonical production path | Legacy |
| Trigger | Package-scoped tag or manual dispatch | Every main push |
| npm auth |
NPM_TOKEN + OIDC (id-token: write) |
Trusted publishing (OIDC only; no NPM_TOKEN) |
| DAR upload | Yes (devnet + mainnet) | No |
| Factory creation | Yes | No |
| npm publish | Yes | Yes (prepare-release + publish) |
| Git tag | You push the package-scoped tag | Creates v$VERSION on main merge |
Artifacts to main |
Commits DARs, factory JSON, manifest, etc. | No |
New releases should use package-scoped tags and release.yml only. publish.yml remains for backward compatibility but does not deploy on-chain.
Develop
Decisions
Releases
- Releases (index)
- Package tag release process
- 2026-06-22 — OCP v35 conversion mechanism validation
- 2026-06-22 — OCP v35 SDK scaffold
- 2026-05-04 — OCP v34 major upgrade
- 2026-05-04 — DAML extraction / fairmint-daml
- 2026-03-05 — OCP v32 PPS-based conversion rename
- 2026-02-17 — OCP v31 ArchiveCapTable
- 2026-02-12 — OCP v31 vesting zero portion
Other Fairmint DAML
Documentation for CantonPayments, NFT, Reports, CouponMinter, equity certificate, proof-of-ownership, and related deployment playbooks lives with fairmint/daml and @fairmint/daml-js — not in this wiki.