feat(release): CI/CD publish pipeline for mcp (npm) + leadclaw (npm + ClawHub)#7
Merged
feat(release): CI/CD publish pipeline for mcp (npm) + leadclaw (npm + ClawHub)#7
Conversation
…dbay/leadclaw (npm + ClawHub)
Tag-driven publishing with prefix-scoped tags, so each package ships
independently and never on accident:
- mcp-v*.*.* → publishes @leadbay/mcp to npm
- leadclaw-v*.*.* → publishes @leadbay/leadclaw to npm, then ClawHub
- v*.*.* → legacy alias for mcp-v* (kept for back-compat)
New preflight-npm job calls `npm whoami` + `npm access list packages @leadbay`
so auth issues fail fast with a clear error, before either publish job starts.
leadclaw release chains npm → ClawHub. npm must go first because
`openclaw.plugin.json#install.npmSpec` resolves installs via npm — ClawHub
pointing at a missing npm version would break installs. ClawHub CLI
(clawhub@^0.9) is pinned and auth'd via `clawhub login --token` (no
CLAWHUB_TOKEN env-var shortcut exists).
Repo hygiene:
- packages/mcp/src/bin.ts: VERSION now injected at build time by tsup
`define` from package.json, so `--version` output and the tarball
version can't drift. vitest.config.ts mirrors the define for tests.
- Pre-existing typecheck error on bin.ts:170 (stdin data handler typed
as string | Buffer) fixed so `prepublishOnly` can gate on typecheck.
- packages/mcp/package.json: `prepublishOnly` now gates build +
typecheck + test; adds repository/bugs/homepage/author + CHANGELOG
to files.
- packages/leadclaw/package.json: adds publishConfig.access=public,
prepublishOnly with full gate, metadata + keywords, CHANGELOG in files.
- packages/leadclaw/README.md: created (was missing; listed in files
array would have broken npm pack).
- CHANGELOGs seeded for both packages at 0.2.0.
- RELEASE.md at repo root: tag-driven release runbook + failure-mode
debugging.
- ci.yml: now runs typecheck and packs both tarballs on every PR.
Workflow requires NPM_TOKEN and CLAWHUB_TOKEN repo secrets.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Tag-driven publishing for both public packages, with auth preflight and version-drift guards so a failed release always fails loud.
Tag scheme
mcp-v*.*.*→ publishes@leadbay/mcpto npmleadclaw-v*.*.*→ publishes@leadbay/leadclawto npm, then ClawHubv*.*.*→ legacy alias formcp-v*(kept for back-compat with the workflow that shipped in feat(mcp): install/login subcommands + npm publish prep + LLM-hallucination-proof docs #6)Why it's this way
npm whoami+npm access list packages @leadbaybefore either publish, so auth/scope issues surface in a clear step instead of mid-publish.openclaw.plugin.json#install.npmSpecresolves installs via npm — ClawHub pointing at a missing npm version would break installs.clawhub@^0.9. Auth viaclawhub login --tokenbecause noCLAWHUB_TOKENenv-var shortcut exists (verified against CLI source).package.json#version, andopenclaw.plugin.json#versionall agree.Repo hygiene
packages/mcp/src/bin.ts: VERSION now injected at build time by tsupdefinefrompackage.json, so--versionand the tarball version can't drift. vitest mirrors the define.bin.ts:170(stdindatahandler) fixed soprepublishOnlycan gate on typecheck.prepublishOnlynow runs build + typecheck + test on both packages (previously justtsupon mcp, absent on leadclaw).packages/leadclaw/README.mdcreated (was missing but listed infiles— would have brokennpm pack).RELEASE.mdat repo root — tag-driven release runbook with failure-mode debugging.ci.ymlnow runs typecheck and packs both tarballs on every PR, so the same "README.md missing" class of bug can't sneak back in.One-time setup (done)
NPM_TOKENrepo secret — npm automation token with publish rights on@leadbay.CLAWHUB_TOKENrepo secret — ClawHub publish token with rights on@leadbay.@leadbaynpm org (not yet verified owned; preflight will fail loud if the token can't reach it).Test plan
pnpm -r buildgreenpnpm -r typecheckgreenpnpm -r testgreen (19/19 mcp, 12/12 leadclaw)npm pack --dry-runin both packages — tarballs include expected files, no stale referencesnode packages/mcp/dist/bin.js --version→0.2.0(proves the VERSION injection works end-to-end)git tag mcp-v0.2.0 && git push origin mcp-v0.2.0→ workflow publishes@leadbay/mcp@0.2.0git tag leadclaw-v0.2.0 && git push origin leadclaw-v0.2.0→ workflow publishes@leadbay/leadclaw@0.2.0to npm then ClawHub🤖 Generated with Claude Code