feat: add semantic-release for automated npm publishing#190
Conversation
Replace standard-version with semantic-release for fully automated versioning and npm publishing on push to main. Includes provenance. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR introduces automated npm publishing by switching the repository’s release process from a manual/version-bump flow to semantic-release driven by conventional commits, with a GitHub Actions workflow to run tests and publish on pushes to main.
Changes:
- Replace the
releasescript to runsemantic-release. - Add semantic-release configuration (
.releaserc.json) including changelog + git commit + GitHub release + npm publish plugins. - Add a
ReleaseGitHub Actions workflow that runs checks/tests, then runs semantic-release with npm provenance enabled.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
package.json |
Switches release command and adds semantic-release + plugins as devDependencies. |
bun.lock |
Updates lockfile to include semantic-release and its transitive dependency graph. |
.releaserc.json |
Defines semantic-release branches/plugins, changelog generation, npm publish, and git asset commits. |
.github/workflows/release.yml |
Adds CI workflow to test on push to main and then run semantic-release publishing (with provenance). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "db:setup-indexes": "bun scripts/setup-performance-indexes.ts", | ||
| "prerelease": "bun run build && bun run test && vercel --prod", | ||
| "release": "bunx standard-version && npm publish", | ||
| "release": "npx semantic-release", |
There was a problem hiding this comment.
The release script invokes npx semantic-release, which can fall back to downloading and running a different semantic-release version if node_modules isn’t present/complete. To ensure the pinned dependency version is used (and avoid network installs during release), run the local binary instead (e.g., semantic-release / bunx semantic-release / npx --no-install semantic-release).
| "release": "npx semantic-release", | |
| "release": "semantic-release", |
| - uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.13" | ||
| - run: pip install comfy-cli setuptools |
There was a problem hiding this comment.
This workflow installs Python dependencies globally via pip install comfy-cli setuptools without the venv + pip-upgrade pattern used in other workflows (e.g. .github/workflows/test.yaml). Using a venv here would keep the runner environment consistent and reduce the chance of dependency resolution / permission issues on ubuntu-latest.
| - run: pip install comfy-cli setuptools | |
| - run: | | |
| python -m venv .venv | |
| . .venv/bin/activate | |
| python -m pip install --upgrade pip | |
| pip install comfy-cli setuptools |
| node-version: 22 | ||
| registry-url: https://registry.npmjs.org | ||
| - run: bun i | ||
| - run: npx semantic-release |
There was a problem hiding this comment.
npx semantic-release may download and execute a non-pinned semantic-release version if node_modules isn’t present/complete. Prefer invoking the locally installed binary (or use npx --no-install semantic-release) to guarantee the workflow runs the version locked in package.json/bun.lock.
| - run: npx semantic-release | |
| - run: ./node_modules/.bin/semantic-release |
| issues: write | ||
| pull-requests: write | ||
| id-token: write | ||
|
|
There was a problem hiding this comment.
Consider adding a concurrency group to the Release workflow to prevent overlapping push runs on main. Without concurrency, two near-simultaneous pushes can start two semantic-release executions that race to create the same tag/publish, leading to flaky failures or duplicate attempts.
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false |
Summary
standard-versionwithsemantic-releasefor fully automated versioning.github/workflows/release.ymlthat runs tests then publishes on push to mainNPM_CONFIG_PROVENANCE=trueTest plan
🤖 Generated with Claude Code