Skip to content

nit(release) document release process and remove broken release script #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
indexzero merged 1 commit into from
Apr 14, 2026
Merged

nit(release) document release process and remove broken release script #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions doc/RELEASE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# Release Process

Releases are automated via [release-it](https://github.com/release-it/release-it) running in GitHub Actions. The workflow bumps `package.json`, updates `doc/CHANGELOG.md`, creates a bare semver git tag, and publishes to npm with OIDC provenance. The tag push triggers a separate workflow that builds ncc binaries for three platforms and creates the GitHub Release.

## Cutting a release

### From the CLI

```bash
gh workflow run release.yml --repo indexzero/flatlock -f increment=minor
```

Replace `minor` with `patch` or `major` as appropriate.

### From the GitHub UI

1. Go to **Actions > Release > Run workflow**
2. Select the increment type (patch, minor, or major)
3. Click **Run workflow**

## What happens

1. `release-it --ci --increment <type>` runs on `ubuntu-latest`
2. Determines the new version from the latest git tag + increment
3. Moves `[Unreleased]` content in `doc/CHANGELOG.md` into a versioned section
4. Bumps `version` in `package.json`
5. Commits `chore: release <version>`, tags with bare semver (e.g. `1.6.0`)
6. Publishes to npm (triggers `prepublishOnly` → `build:types` automatically)
7. Pushes commit and tag to `main`
8. Tag push triggers `ncc-release.yaml` which builds binaries (linux-x64, linux-arm64, darwin-arm64) and creates the GitHub Release with assets

## npm authentication

npm publishing uses [Trusted Publishers](https://docs.npmjs.com/trusted-publishers/) (OIDC) — the `Release` workflow in `indexzero/flatlock` is linked as a trusted publisher for the `flatlock` package. No `NPM_TOKEN` secret is needed.

## Changelog

The `@release-it/keep-a-changelog` plugin manages `doc/CHANGELOG.md`. When writing changes, add entries under the `## [Unreleased]` heading. The plugin converts this to a versioned heading at release time.

## Configuration

- `.release-it.json` — release-it config (tag format, changelog path, npm settings)
- `.github/workflows/release.yml` — release workflow (workflow_dispatch)
- `.github/workflows/ncc-release.yaml` — binary build workflow (tag-triggered)
3 changes: 1 addition & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,7 @@
"check": "biome check src test && pnpm run build:types",
"check:fix": "biome check --write src test",
"build:ncc": "./bin/ncc.sh",
"prepublishOnly": "pnpm run build:types",
"release": "gh workflow run release.yml --repo indexzero/flatlock -f increment="
"prepublishOnly": "pnpm run build:types"
},
"dependencies": {
"@yarnpkg/lockfile": "^1.1.0",
Expand Down
Loading