Skip to content

Derive release version from the tag (works with protected main)#40

Merged
ejntaylor merged 1 commit into
mainfrom
ci/tag-derived-release
Jul 13, 2026
Merged

Derive release version from the tag (works with protected main)#40
ejntaylor merged 1 commit into
mainfrom
ci/tag-derived-release

Conversation

@ejntaylor

Copy link
Copy Markdown
Contributor

Why

The one-click Release workflow from #39 pushed the npm version bump commit straight to main, which branch protection rejects:

remote: error: GH006: Protected branch update failed for refs/heads/main.
- Commits must have verified signatures.
- Changes must be made through a pull request.
- 4 of 4 required status checks are expected.

Pushing bump commits to main is fundamentally incompatible with those rules, so this drops that approach.

What

Make the version come from the release tag instead of package.json:

  • Publish now reads the tag (v0.3.30.3.3), writes it into package.json in CI only (npm version --no-git-tag-version), then builds and publishes. Nothing is committed back to main.
  • Removes the old tag/version match guard (no longer needed — they can't disagree now).
  • Deletes the release.yml workflow added in Add one-click release workflow to prevent tag/version drift #39.
  • RELEASING.md rewritten: to release, just gh release create vX.Y.Z --generate-notes.

Result: releasing is a single gh release create (or the UI), it works with branch protection, and tag/version drift is structurally impossible. The committed package.json version becomes a placeholder and no longer needs bumping.

Cleanup done

Deleted the dangling v0.3.3 tag the failed run left behind. npm is still at 0.3.2; no bad release was published.

Note

Still unresolved separately: main has diverged from the pulse-protect-node-waf branch that shipped 0.3.00.3.2, so confirm which branch/content 0.3.3 should ship from before cutting it.

🤖 Generated with Claude Code

The one-click Release workflow pushed the npm-version bump commit
straight to main, which branch protection rejects (PRs + signed commits
+ status checks required). Drop that approach.

Instead, make Publish read the version from the release tag (v0.3.3 ->
0.3.3), write it into package.json in CI only, then build and publish.
Nothing is committed to main, so it works with branch protection and the
tag can never disagree with the published version. Removes the old
tag/version match guard (now unnecessary) and the release.yml workflow.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@coderbuds

coderbuds Bot commented Jul 13, 2026

Copy link
Copy Markdown

Simplifies publishing by deriving npm version directly from the Git tag.

🎯 Quality: 90% Elite · 📦 Size: Medium

📈 This month: Your 216th PR — above team average · Averaging Excellent

See how your team is trending →

@ejntaylor ejntaylor merged commit a0d7c18 into main Jul 13, 2026
4 checks passed
@ejntaylor ejntaylor deleted the ci/tag-derived-release branch July 13, 2026 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant