Skip to content
/ semantic-release-npm Public

🚢 semantic-release plugin to publish a npm package with latest version that was published for other package in previous step. This plugin is useful for multiple packages in mono-repo

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

juice-js/semantic-release-npm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

531 Commits

.github/workflows

.github/workflows

 
 

bin

bin

 
 

lib

lib

 
 

test

test

 
 

.git-blame-ignore-revs

.git-blame-ignore-revs

 
 

.gitignore

.gitignore

 
 

.releaserc

.releaserc

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

cli.js

cli.js

 
 

index.js

index.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

Repository files navigation

@juice-js/semantic-release-npm

Use this step with semantic-release together to publish multiple npm packages in the same repo (mono-repo).

Release npm latest version npm next version npm beta version

Step Description
verifyConditions Verify the presence of the NPM_TOKEN environment variable, or an .npmrc file, and verify the authentication method is valid.
getLastRelease Read last tagged release to use the same version
prepare Update the package.json version and create the npm package tarball.
addChannel Add a release to a dist-tag.
publish Publish the npm package to the registry.

Install

$ npm install @juice-js/semantic-release-npm -D

Usage

Add more steps to publish your next packages after run semantic-release for your first package in the same repo.

    steps:
      - uses: actions/checkout@v3
      # Setup .npmrc file to publish to GitHub Packages
      - uses: actions/setup-node@v3
        with:
          node-version: '18.x'
      - run: npm ci
      - run: npm run build @juice-js/dict-builder --if-present
      - run: npm run build @juice-js/tenants --if-present
      - run: npm test -- --watch=false --browsers=ChromeHeadless
      # Use semantic-release to publish dist package to npmjs
      # After this step, new tag will be created on github repo.
      - run: npx semantic-release --plugins=@semantic-release/commit-analyzer,@semantic-release/release-notes-generator,@semantic-release/npm --pkgRoot=./dist/juice-js/dict-builder
      # Use github tag on the last step to change dependencies version
      # and publish package with the same version to npmjs
      - run: npx @juice-js/semantic-release-npm --pkgRoot=./dist/juice-js/tenants --localPackages=@juice-js/dict-builder --debug

Configuration

npm registry authentication

The npm token authentication configuration is required and can be set via environment variables.

Automation tokens are recommended since they can be used for an automated workflow, even when your account is configured to use the auth-and-writes level of 2FA.

npm provenance

If you are publishing to the official registry and your pipeline is on a provider that is supported by npm for provenance, npm can be configured to publish with provenance.

Since semantic-release wraps the npm publish command, configuring provenance is not exposed directly. Instead, provenance can be configured through the other configuration options exposed by npm. Provenance applies specifically to publishing, so our recommendation is to configure under publishConfig within the package.json.

npm provenance on GitHub Actions

For package provenance to be signed on the GitHub Actions CI the following permission is required to be enabled on the job:

permissions:
  id-token: write # to enable use of OIDC for npm provenance

It's worth noting that if you are using semantic-release to its fullest with a GitHub release, GitHub comments, and other features, then more permissions are required to be enabled on this job:

permissions:
  contents: write # to be able to publish a GitHub release
  issues: write # to be able to comment on released issues
  pull-requests: write # to be able to comment on released pull requests
  id-token: write # to enable use of OIDC for npm provenance

Refer to the GitHub Actions recipe for npm package provenance for the full CI job's YAML code example.

Environment variables

Variable Description
NPM_TOKEN Npm token created via npm token create

Options

Options Description Default
npmPublish Whether to publish the npm package to the registry. If false the package.json version will still be updated. false if the package.json private property is true, true otherwise.
pkgRoot Directory path to publish. .
localPackages Specify your referenced packages in the same repo to replace its version in package.json []

Note: The pkgRoot directory must contain a package.json. The version will be updated only in the package.json and npm-shrinkwrap.json within the pkgRoot directory.

Note: If you use a shareable configuration that defines one of these options you can set it to false in your semantic-release configuration in order to use the default value.

npm configuration

The plugin uses the npm CLI which will read the configuration from .npmrc. See npm config for the option list.

The registry can be configured via the npm environment variable NPM_CONFIG_REGISTRY and will take precedence over the configuration in .npmrc.

Notes:

  • The presence of an .npmrc file will override any specified environment variables.
  • The presence of registry or dist-tag under publishConfig in the package.json will take precedence over the configuration in .npmrc and NPM_CONFIG_REGISTRY

About

🚢 semantic-release plugin to publish a npm package with latest version that was published for other package in previous step. This plugin is useful for multiple packages in mono-repo

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 34

v2.0.2 Latest
Jan 4, 2024
+ 33 releases

Packages

No packages published

Contributors 32

+ 18 contributors

Languages