Skip to content

ci: add manual patch release workflow#12

Merged
lan17 merged 1 commit into
mainfrom
codex/manual-release
Jul 13, 2026
Merged

ci: add manual patch release workflow#12
lan17 merged 1 commit into
mainfrom
codex/manual-release

Conversation

@lan17

@lan17 lan17 commented Jul 13, 2026

Copy link
Copy Markdown
Owner

Summary

Replace the release-event-only npm workflow with an explicit, manual release operation. Running the Release workflow from current main now computes the next patch version, validates and packages that artifact, publishes it to npm, and only then publishes the corresponding GitHub release.

The first run uses package.json's 0.1.0 as the seed and releases 0.1.1. Later runs increment the highest stable vX.Y.Z tag.

Design

Manual and guarded execution

  • Use workflow_dispatch so maintainers get GitHub's Run workflow button.
  • Reject runs from any ref other than main.
  • Fetch and compare against origin/main so a stale dispatch cannot release an older commit.
  • Serialize releases with a non-cancelling release concurrency group.
  • Disable persisted checkout credentials; release mutations receive the GitHub token only in their dedicated steps.

Patch-only version policy

  • Add a small, dependency-free version helper that finds the highest stable release tag and increments only PATCH.
  • If no stable release tag exists, increment the manifest seed version.
  • Ignore unrelated and prerelease tags.
  • Keep semantic PR-title prefixes in generated release notes without allowing them to change version magnitude.

Publication ordering

  1. Install, typecheck, run release-version and package tests, and build.
  2. Stamp the computed version into the runner's release artifact.
  3. Create the GitHub release as a draft.
  4. Publish the public npm package with provenance.
  5. Publish the GitHub release only after npm succeeds.

If npm publication fails, the GitHub release remains a draft rather than advertising an unavailable package.

Operational notes

The bootstrap publish still requires repository secret NPM_TOKEN. After the package exists, configure npm trusted publishing for lan17/DialCache and release.yaml, then remove the long-lived token and its workflow environment mapping.

No application API, Redis protocol, runtime behavior, or package exports change.

Validation

Validated on Node v22.22.0:

  • corepack pnpm install --frozen-lockfile
  • corepack pnpm check
    • 5 release-version tests
    • 106 library tests with coverage thresholds
    • ESM/CJS/declaration build
    • packed ESM/CJS/types consumer checks
  • corepack pnpm audit --prod — no known vulnerabilities
  • go run github.com/rhysd/actionlint/cmd/actionlint@latest .github/workflows/ci.yaml .github/workflows/release.yaml .github/workflows/validate-pr-title.yaml
  • stamped dialcache@0.1.1 npm publish --dry-run --provenance=false --access public — 24-file package
  • git diff --check

@lan17 lan17 marked this pull request as ready for review July 13, 2026 19:29
@lan17 lan17 merged commit 2bda04d into main Jul 13, 2026
3 checks passed
@lan17 lan17 deleted the codex/manual-release branch July 13, 2026 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant