Releases are published to npm automatically via GitHub Actions when a version tag is pushed to main.
The following secret must be set in the GitHub repo (Settings → Secrets and variables → Actions):
| Secret | Description |
|---|---|
NPM_TOKEN |
npm Automation token with publish access to @authorizerdev |
REPOCHANGELOG_TOKEN |
GitHub token used to create the release changelog |
To generate an NPM_TOKEN: npmjs.com → Account → Access Tokens → Generate New Token → Automation.
-
Ensure
mainis clean and up to dategit checkout main git pull origin main git status # should be clean -
Bump the version in
package.jsonFollow semver:
patch(e.g.3.2.0→3.2.1) — bug fixes, CI/tooling changesminor(e.g.3.2.0→3.3.0) — new backwards-compatible featuresmajor(e.g.3.2.0→4.0.0) — breaking changes
# Edit package.json manually, or use bumpp interactively: pnpm bumppIf using
bumpp, it will prompt for the version, then commit, tag, and push automatically — skip steps 3–5. -
Commit the version bump
git add package.json git commit -m "chore: release v<version>" -
Create the tag
git tag v<version>
-
Push the commit and tag
git push origin main --tags
Pushing the tag triggers the .github/workflows/release.yml workflow which:
- Installs dependencies with pnpm
- Builds the package (
pnpm build) - Publishes to npm (
pnpm publish) - Creates a GitHub Release with an auto-generated changelog
Monitor the run in the Actions tab of the repository.
For pre-releases, use a pre-release tag:
# beta
npm version 3.3.0-beta.1
git push origin main --tags
# Then publish manually with the right tag:
pnpm publish --tag betaPre-release versions are not published automatically by the CI workflow — only
v*tags without a pre-release suffix trigger the full pipeline.