On your local machine, you must configure the GITHUB_TOKEN
environment variable.
It will be used by release-it to push to and create the release page on GitHub (cfr release:prepare section below).
On GitHub Actions, the following should be configured:
- NPM_TOKEN environment variable
- if 2FA is enabled for the account the only auth-only level can be used: https://docs.npmjs.com/getting-started/using-two-factor-authentication#levels-of-authentication
- that variable MUST NEVER be logged/exposed. If exposed then the token MUST be revoked and the account password changed ASAP
First of all: Never edit CHANGELOG.md manually!
The changelog will be updated automatically as part of the release process and based on the commit log using conventional-changelog (https://github.com/conventional-changelog) We use the Angular format for our changelog and for it to work properly, please make sure to respect our commit conventions (see CONTRIBUTING guide).
Make sure that:
- all changes have merged into master
- everything is up to date locally
- everything is clean locally
- execute
npm run release
Enjoy the show.
Once you have pushed the tag, GitHub Actions will handle things from there.
Once done, you must make sure that the tags are adapted so that the "latest" tag still points to what we consider the latest (i.e., next major/minor)! Refer to the "Adapting tags of published packages" section below.
- first we make sure that there are no local changes (if there are we stop right there)
- then we execute release-it: https://github.com/webpro/release-it which
- bumps the version in the root package.json automatically (determines the bump type to use depending on the commit message logs)
- that version number will be used as basis in the build to adapt all other package.json files
- generates/updates the CHANGELOG.md file using: conventional-changelog: https://github.com/conventional-changelog
- commits both package.json and CHANGELOG.md
- creates a new git tag and pushes it
- creates a github release page and makes it final
- bumps the version in the root package.json automatically (determines the bump type to use depending on the commit message logs)
After this, the release is tagged and visible on github
Finally, GitHub Actions executes npm run release:publish
.
That script makes some checks then, if all succeed it publishes the different packages on npm. Checks that are performed:
- node version: should be "14"
- NPM_TOKEN environment variable should be defined
- GITHUB_REPOSITORY should be "NationalBankBelgium/eslint-config"
- GH_ACTIONS_TAG should be defined and not empty (this is the case when GitHub Actions builds for a tag)
If a published version doesn't have all necessary tags, or if we want to adapt those for some reason (e.g., latest pointing to a patch release rather than the latest major/minor), then we can use the npm dist-tag
command.
Reference: https://docs.npmjs.com/cli/dist-tag