ci: prerelease バージョンの publish 時に --tag を自動付与するように修正#132
ci: prerelease バージョンの publish 時に --tag を自動付与するように修正#132KinjiKawaguchi merged 1 commit intodevelopfrom
Conversation
package.json のバージョンにハイフンが含まれる場合(rc, beta 等)、 npm publish に --tag を付与して prerelease タグで公開する。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
KinjiKawaguchi
changed the title
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| PRERELEASE_ID=$(echo "$VERSION" | sed 's/.*-\([a-zA-Z]*\).*/\1/') | ||
| echo "tag=--tag $PRERELEASE_ID" >> "$GITHUB_OUTPUT" |
There was a problem hiding this comment.
🟡 Numeric-only prerelease identifiers produce empty --tag argument, breaking npm publish
The sed pattern 's/.*-\([a-zA-Z]*\).*/\1/' only captures alphabetic characters ([a-zA-Z]*). For valid semver prerelease versions with numeric-only identifiers (e.g., 1.0.0-1 or 1.0.0-0.3.7), PRERELEASE_ID will be an empty string. Since the grep -q '-' check still passes (the version contains a hyphen), the output becomes tag=--tag (with an empty tag value). The resulting command npm publish --access public --tag will pass a bare --tag flag with no value, causing npm to error.
While the project currently uses alpha, beta, and rc prerelease IDs (see package.json:45-47), the workflow doesn't validate or restrict to these, so a numeric prerelease version would silently break the publish step.
| PRERELEASE_ID=$(echo "$VERSION" | sed 's/.*-\([a-zA-Z]*\).*/\1/') | |
| echo "tag=--tag $PRERELEASE_ID" >> "$GITHUB_OUTPUT" | |
| PRERELEASE_ID=$(echo "$VERSION" | sed 's/.*-\([a-zA-Z]*\).*/\1/') | |
| if [ -z "$PRERELEASE_ID" ]; then | |
| echo "tag=--tag prerelease" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "tag=--tag $PRERELEASE_ID" >> "$GITHUB_OUTPUT" | |
| fi |
Was this helpful? React with 👍 or 👎 to provide feedback.
| else | ||
| echo "tag=" >> "$GITHUB_OUTPUT" | ||
| fi | ||
| - run: npm publish --access public ${{ steps.tag.outputs.tag }} |
There was a problem hiding this comment.
📝 Info: Unquoted ${{ steps.tag.outputs.tag }} is intentional but worth noting
The expression ${{ steps.tag.outputs.tag }} at line 41 is deliberately unquoted so that --tag rc is word-split into two separate arguments (--tag and rc) by the shell. If it were quoted as "${{ steps.tag.outputs.tag }}", npm would receive a single argument --tag rc which would be incorrect. This is safe here because the sed pattern at line 36 restricts PRERELEASE_ID to [a-zA-Z]* only, preventing any shell metacharacter injection. However, this pattern (embedding both flag and value in a single output) is fragile — a future maintainer might quote it for "safety" and break the command. A more robust approach would be to output just the tag name and construct the --tag flag separately in the run step.
Was this helpful? React with 👍 or 👎 to provide feedback.
| run: | | ||
| VERSION=$(node -p "require('./package.json').version") | ||
| if echo "$VERSION" | grep -q '-'; then | ||
| PRERELEASE_ID=$(echo "$VERSION" | sed 's/.*-\([a-zA-Z]*\).*/\1/') |
There was a problem hiding this comment.
📝 Info: Greedy .*- in sed captures the last hyphen-delimited segment only
The sed pattern 's/.*-\([a-zA-Z]*\).*/\1/' uses greedy .*- which matches up to the last hyphen in the version string. For standard semver like 3.0.0-rc.0, there's only one hyphen so this is fine. But for hypothetical versions with multiple hyphens in the prerelease section (e.g., 1.0.0-alpha-beta.2), it would extract beta rather than alpha. This matches how this project uses prerelease IDs (single identifier like alpha, beta, rc as seen in package.json:45-47), so it works correctly in practice, but the behavior is worth documenting.
Was this helpful? React with 👍 or 👎 to provide feedback.
There was a problem hiding this comment.
Pull request overview
GitHub Actions の publish ワークフローで、prerelease バージョン(例: 3.0.0-rc.1)を npm publish する際に dist-tag を自動付与し、publish 失敗を防ぐための変更です。
Changes:
package.jsonのversionに-が含まれる場合、prerelease ID を抽出してnpm publish --tag <id>を付与- stable バージョンの場合は tag を付与せず従来どおり
latest扱いで publish
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if echo "$VERSION" | grep -q '-'; then | ||
| PRERELEASE_ID=$(echo "$VERSION" | sed 's/.*-\([a-zA-Z]*\).*/\1/') | ||
| echo "tag=--tag $PRERELEASE_ID" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "tag=" >> "$GITHUB_OUTPUT" |
There was a problem hiding this comment.
PRERELEASE_ID の抽出が sed 's/.*-\([a-zA-Z]*\).*/\1/' だと、SemVer 上は有効な 1.2.3-1 / 1.2.3-rc1 のような prerelease(先頭が数字 or 英数字混在)で空文字や途中までしか取れず、--tag の値が不正になって publish が失敗する可能性があります。ここは Bash/Node 側で -(?<id>[0-9A-Za-z-]+)(?:\.|$) のように最初の prerelease identifier を厳密に取り、マッチしない場合は tag を付与しない/明示的に失敗させる、のいずれかにした方が安全です。
| if echo "$VERSION" | grep -q '-'; then | |
| PRERELEASE_ID=$(echo "$VERSION" | sed 's/.*-\([a-zA-Z]*\).*/\1/') | |
| echo "tag=--tag $PRERELEASE_ID" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "tag=" >> "$GITHUB_OUTPUT" | |
| PRERELEASE_ID=$(node -p "(() => { const v = require('./package.json').version; const m = v.match(/-(?<id>[0-9A-Za-z-]+)(?:\\.|$)/); return m ? m.groups.id : ''; })()") | |
| if [ -n \"$PRERELEASE_ID\" ]; then | |
| echo \"tag=--tag $PRERELEASE_ID\" >> \"$GITHUB_OUTPUT\" | |
| else | |
| echo \"tag=\" >> \"$GITHUB_OUTPUT\" |
## Why prerelease バージョン(`3.0.0-rc.1` 等)を `npm publish` する際、`--tag` オプションが未指定のため publish が失敗する。 https://github.com/su-its/core/actions/runs/23796409089/job/69344776248 ## What package.json のバージョンにハイフンが含まれる場合、prerelease ID(`rc`, `beta` 等)を抽出して `--tag` に指定する。 - `3.0.0-rc.1` → `npm publish --access public --tag rc` - `3.0.0-beta.1` → `npm publish --access public --tag beta` - `3.0.0` → `npm publish --access public`(latest) 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- devin-review-badge-begin --> --- <a href="https://app.devin.ai/review/su-its/core/pull/132" target="_blank"> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1"> <img src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1" alt="Open with Devin"> </picture> </a> <!-- devin-review-badge-end -->
Why
prerelease バージョン(
3.0.0-rc.1等)をnpm publishする際、--tagオプションが未指定のため publish が失敗する。https://github.com/su-its/core/actions/runs/23796409089/job/69344776248
What
package.json のバージョンにハイフンが含まれる場合、prerelease ID(
rc,beta等)を抽出して--tagに指定する。3.0.0-rc.1→npm publish --access public --tag rc3.0.0-beta.1→npm publish --access public --tag beta3.0.0→npm publish --access public(latest)🤖 Generated with Claude Code