feat(release): add npm distribution wrapper#15
Conversation
|
Caution Review failedPull request was closed or merged during review 📝 WalkthroughWalkthroughThis PR adds complete npm package distribution for the tapd Go CLI. It introduces npm package metadata and a postinstall installer that downloads and verifies prebuilt binaries from GitHub Releases, integrates npm publishing into the release workflow with credential validation, and documents the mechanism and maintenance procedures for users and contributors. Changesnpm Distribution Infrastructure
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces an npm distribution wrapper for the tapd CLI, allowing users to install the tool via Node.js package managers. The changes include a new npm package structure with a post-install script that downloads and verifies platform-specific binaries from GitHub Releases. Additionally, documentation has been updated across README.md and AGENTS.md, and a new CONTRIBUTING.md file has been added to guide maintainers through the release process and secret management. Feedback was provided to generalize the npm token configuration instructions by removing a hardcoded username from a URL.
|
|
||
| Create this token from npm: | ||
|
|
||
| 1. Open `https://www.npmjs.com/settings/flc1125/tokens`. |
There was a problem hiding this comment.
The URL for creating an npm token is specific to the user flc1125. To make this documentation more general and useful for any contributor, please replace the hardcoded username with a placeholder like <your_username>.
| 1. Open `https://www.npmjs.com/settings/flc1125/tokens`. | |
| 1. Open `https://www.npmjs.com/settings/<your_username>/tokens`. |
There was a problem hiding this comment.
Pull request overview
Adds an npm distribution wrapper for the TAPD CLI so users can install tapd through Node.js tooling while continuing to use GitHub Release binaries as the source of truth.
Changes:
- Adds an
npm/package with install, wrapper, versioning, README, and license files. - Extends the release workflow to publish the npm package after GoReleaser.
- Updates installation, release-token, and agent guidance documentation.
Reviewed changes
Copilot reviewed 9 out of 11 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| README.md | Adds npm installation guidance and refreshes section headings. |
| npm/scripts/set-version.js | Sets npm package version from release/tag metadata. |
| npm/scripts/install.js | Downloads, verifies, extracts, and installs the matching release binary. |
| npm/README.md | Documents npm package usage and binary verification behavior. |
| npm/package.json | Defines the scoped npm wrapper package metadata and lifecycle script. |
| npm/LICENSE | Adds license text for the npm package. |
| npm/bin/tapd.js | Adds the npm-exposed wrapper that executes the vendored binary. |
| CONTRIBUTING.md | Adds release secret setup, verification, and rotation guidance. |
| AGENTS.md | Updates project guidance for docs, release workflow, and npm wrapper. |
| .gitignore | Ignores the generated npm vendored binary directory. |
| .github/workflows/release.yml | Adds npm token checks, Node setup, and npm publish step. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| Create this token from npm: | ||
|
|
||
| 1. Open `https://www.npmjs.com/settings/flc1125/tokens`. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c13cf04086
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (result.signal) { | ||
| console.error(`tapd exited because of signal ${result.signal}`); | ||
| process.exit(1); |
There was a problem hiding this comment.
When the wrapped tapd process is terminated by a signal (for example, Ctrl+C/SIGINT), this wrapper always exits with code 1 instead of propagating the signal-derived status. That changes observable CLI behavior versus running the binary directly (e.g., shell scripts expecting interruption semantics like 130 on Unix will mis-handle cancellations as generic failures). The wrapper should forward signal termination semantics rather than rewriting them to 1.
Useful? React with 👍 / 👎.
Summary
Add npm distribution for the TAPD CLI by publishing a lightweight wrapper package that installs verified binaries from GitHub Releases.
Changes
npm/package for@go-tapd/tapd, including install, wrapper, and version scriptsAGENTS.mdwith stable project guidance for release and npm distributionMotivation
tapdthrough npm while keeping GitHub Release binaries as the source of truthTesting
npm_config_cache=/tmp/npm-cache npm pack --dry-run --jsonTAPD_VERSION=0.1.3 node scripts/install.jsnode bin/tapd.js --helpgit diff --check main...HEADmake testSummary by CodeRabbit
New Features
@go-tapd/tapd) with automatic binary installation and multi-platform support.Documentation
Chores