Skip to content

chore: add release-please for automated releases#34

Merged
nicknisi merged 3 commits into
mainfrom
chore/release-please
May 18, 2026
Merged

chore: add release-please for automated releases#34
nicknisi merged 3 commits into
mainfrom
chore/release-please

Conversation

@nicknisi
Copy link
Copy Markdown
Member

@nicknisi nicknisi commented May 15, 2026
edited
Loading

Summary

  • Adds release-please config and GitHub Actions workflow, matching the authkit-tanstack-start setup
  • Updates release.yml to trigger via workflow_call (from release-please) instead of release: published (manual GitHub releases)
  • Adds PR title linting via action-semantic-pull-request, matching authkit-nextjs
  • Manifest seeded at current version 0.5.1

What changes

File Change
release-please-config.json New — node release type, bump-minor-pre-major
.release-please-manifest.json New — seeded at 0.5.1
.github/workflows/release-please.yml New — runs on push to main, uses SDK bot token, chains into release.yml on release
.github/workflows/release.yml Trigger changed from release: publishedworkflow_call + workflow_dispatch
.github/workflows/lint-pr-title.yml New — enforces conventional commit PR titles via action-semantic-pull-request v6

Pinned action versions

Action Version SHA
googleapis/release-please-action v5.0.0 45996ed1...
actions/create-github-app-token v3.2.0 bcd2ba49...
amannn/action-semantic-pull-request v6.1.1 48f25628...

Prerequisites

  • SDK_BOT_APP_ID var and SDK_BOT_PRIVATE_KEY secret must be configured in the repo settings (same as authkit-tanstack-start)

Test plan

  • Verify SDK_BOT_APP_ID and SDK_BOT_PRIVATE_KEY are set in repo settings
  • Merge this PR → release-please should create its first release PR on the next conventional commit
  • Merging a release PR should trigger the publish workflow
  • PR title linting should reject non-conventional titles

@nicknisi
chore: add release-please for automated releases
6a28926 
Replaces the manual release flow with release-please, matching the
authkit-tanstack-start configuration. Modifies release.yml to be
callable via workflow_call from the new release-please workflow.
devin-ai-integration[bot]
devin-ai-integration Bot reviewed May 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

Open in Devin Review

@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented May 15, 2026
edited
Loading

Greptile Summary

This PR wires up automated releases via release-please, replacing the old manual release.yml (triggered by GitHub Releases) with a push-to-main workflow that creates release PRs and publishes to npm on merge. PR title linting is also added via action-semantic-pull-request.

  • release-please.yml: Orchestrates release PR creation using the SDK bot token and inlines the publish job; pre-release versions (containing -) are published with --tag next, stable with --tag latest. All action versions are SHA-pinned.
  • release-please-config.json / .release-please-manifest.json: Correctly configured for a node package, with bump-minor-pre-major for pre-1.0 semantics and the manifest seeded at the current 0.5.1 version.
  • lint-pr-title.yml: Uses pull_request_target (appropriate since it only reads PR metadata, not code) with minimal pull-requests: read permissions.

Confidence Score: 5/5

Safe to merge — the changes are additive CI/CD config with no impact on library code or the published API.

All five changed files are GitHub Actions workflows or release-please config. The manifest is correctly seeded at the current package version, pre-release detection logic is sound, and action versions are SHA-pinned. The only gap is the absence of a manual re-trigger path for a failed publish, but this does not affect correctness under the normal release flow.

.github/workflows/release-please.yml — the inlined publish job has no workflow_dispatch fallback for recovery scenarios.

Important Files Changed

Filename Overview
release-please-config.json New release-please config; correctly sets node release type, disables component-in-tag, and enables bump-minor-pre-major for pre-1.0 versioning.
.release-please-manifest.json Seed manifest correctly set to 0.5.1, matching the current package.json version.
.github/workflows/release-please.yml New workflow with release-please + inlined publish job; correctly detects pre-release versions via hyphen check, but the workflow has no workflow_dispatch trigger, removing the ability to manually re-run a failed publish.
.github/workflows/release.yml Old release.yml deleted; publish logic migrated inline into release-please.yml.
.github/workflows/lint-pr-title.yml New PR title linting workflow; pull_request_target is appropriate here (action only reads PR metadata, not code), and permissions are correctly scoped to pull-requests: read.

Sequence Diagram

 
sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub (main branch)
    participant RP as release-please-action
    participant Bot as SDK Bot (App Token)
    participant Pub as publish job
    participant NPM as npm registry

    Dev->>GH: push conventional commit to main
    GH->>RP: trigger release-please.yml
    RP->>Bot: create-github-app-token
    Bot-->>RP: token
    RP->>GH: open/update Release PR
    note over RP: release_created = false

    Dev->>GH: merge Release PR
    GH->>RP: trigger release-please.yml (push)
    RP->>Bot: create-github-app-token
    Bot-->>RP: token
    RP->>GH: create GitHub Release + tag
    note over RP: release_created = true

    GH->>Pub: trigger publish job
    Pub->>GH: checkout release commit
    Pub->>Pub: pnpm install + build
    Pub->>Pub: detect version (hyphen → next tag)
    Pub->>NPM: pnpm publish --provenance (OIDC)
Loading

Reviews (3): Last reviewed commit: "chore: combine release workflows and add..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 15, 2026
View reviewed changes
Comment thread .github/workflows/release-please.yml Outdated
Comment thread .github/workflows/release.yml Outdated
nicknisi added 2 commits May 15, 2026 13:35
@nicknisi
chore: bump action SHAs to latest and add PR title linting
f67ce8c 
- release-please-action v4 → v5 (node24 upgrade)
- create-github-app-token v2 → v3
- action-semantic-pull-request v6 (new workflow, matches authkit-nextjs)
@nicknisi
chore: combine release workflows and add pre-release detection
dd6bffd 
Inlines the publish job into release-please.yml, eliminating the
separate release.yml and the secrets: inherit concern. Adds version
check to tag pre-releases as `next` instead of `latest`.
@nicknisi nicknisi requested a review from gjtorikian May 18, 2026 14:28
@nicknisi nicknisi merged commit fe3b986 into main May 18, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@gjtorikian gjtorikian gjtorikian approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nicknisi @gjtorikian