ci: auto-release on package.json version bump#19
Merged
Conversation
Watches package.json on main; when a merge bumps the version, cuts the matching v<X.Y.Z> GitHub release, builds, and publishes to npm inline. Eliminates the manual gh-release-create step that today's v3.3.0 ship required. Inline publish (not delegated to publish.yml on release:published) because gh release create from CI authenticates as GITHUB_TOKEN, and GitHub suppresses downstream workflow runs from GITHUB_TOKEN-attributed events — the same anti-loop rule that stranded askalf/dario's cc-drift PRs earlier today (fixed in askalf/dario#361). The existing publish.yml stays in place for the manual-maintainer path (gh release create run locally as a real user DOES fire release:published). Triggers: - pull_request:closed on main (fast path, fires within seconds of merge) - schedule hourly :15 (fallback for bot-merged PRs and hand-pushed version bumps; safe to over-fire thanks to the idempotency gate) - workflow_dispatch (manual rescue) Idempotency gate checks BOTH GitHub release tag presence AND npm publish presence — a half-shipped state (tag exists, npm failed) self- heals on the next trigger once the underlying issue (typically NPM_TOKEN rot, now monitored by npm-token-health.yml) is resolved. Pattern source: askalf/dario's cc-drift-auto-release.yml minus the cc- drift-specific bits and the ghcr docker publish step. Validated in dario production since 2026-04-23.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
auto-release.yml: watchespackage.jsononmain, and when a merge bumps the version, cuts the matchingv<X.Y.Z>GitHub release, builds, and publishes to npm — inline, in a single workflow run.Eliminates the manual
gh release createstep that today's v3.3.0 ship required. Future flow:package.jsonversion + addsCHANGELOG.mdentryauto-release.ymlfires onpull_request: closed, sees the version diff, cuts the release, ships to npmWhy inline publish (not delegated to
publish.yml)gh release createfrom CI authenticates asGITHUB_TOKEN. GitHub suppresses downstream workflow runs fromGITHUB_TOKEN-attributed events — the same anti-loop rule that stranded askalf/dario's cc-drift PRs earlier today (fixed in askalf/dario#361). If this workflow created a release and relied onpublish.yml'srelease: publishedtrigger, that event wouldn't fire and the package would silently never reach npm.The existing
publish.ymlstays in place for the manual-maintainer path: agh release createrun locally as a real user DOES firerelease: published.Triggers
pull_request: closedonmainmerged == trueguard rules out close-without-merge.schedulehourly :15workflow_dispatchIdempotency
Gate checks BOTH
gh release view v<X.Y.Z>succeeds ANDnpm view @askalf/agent@<X.Y.Z>returns the version. Skips downstream steps only when both are true. A half-shipped state (tag exists, npm publish failed becauseNPM_TOKENhad been revoked) self-heals on the next trigger once the underlying issue resolves — same model that fixed dario v4.8.2 + v4.8.3 last week.Pattern source
askalf/dario's
cc-drift-auto-release.ymlminus the cc-drift-bot-branch logic and the ghcr docker publish step (agent is a pure CLI, no docker image). Validated in dario production since 2026-04-23 across ~40 releases.Test plan
gh workflow run auto-release.yml -R askalf/agent→ idempotency gate sees v3.3.0 already fully shipped (GitHub release + npm), workflow short-circuits cleanly within ~10s with no side effects. This is the safest smoke test — proves the trigger + gate path works without an actual release.gh release create.