CI/CD
Stable publish (publish.yml)
Section titled “Stable publish (publish.yml)”Trigger: Push to main
on: push: branches: [main]Pipeline
Section titled “Pipeline”| Step | Command | Purpose |
|---|---|---|
| Checkout | actions/checkout@v4 | Clone the repo |
| pnpm setup | pnpm/action-setup@v4 | Install pnpm v9 |
| Node setup | actions/setup-node@v4 | Node 20, GPR registry, pnpm cache |
| Install | pnpm install --frozen-lockfile | Install deps (lockfile must be up to date) |
| Build | pnpm turbo run build --filter=@thulanek/semtest-runner | Build the main package only |
| Test | pnpm turbo run test --filter=@thulanek/semtest-runner | Run vitest |
| Publish | pnpm publish --no-git-checks | Publish to GitHub Packages |
Permissions
Section titled “Permissions”permissions: contents: read packages: writeAuthentication
Section titled “Authentication”The publish step uses GITHUB_TOKEN (automatically provided by GitHub Actions) as NODE_AUTH_TOKEN. No manual secret setup is needed — the token has packages:write scope from the permissions block.
Build filter
Section titled “Build filter”Only @thulanek/semtest-runner is built and tested. The docs sites are not part of the publish pipeline.
Release candidate (rc.yml)
Section titled “Release candidate (rc.yml)”Trigger: Push to release
on: push: branches: [release]Pipeline
Section titled “Pipeline”Same as stable, except the publish step:
- Reads the current version from
package.json - Appends
-rc.{run_number}(e.g.0.1.0-rc.5) - Publishes with the
rcdist-tag
VERSION=$(node -p "require('./package.json').version")npm version "${VERSION}-rc.${GITHUB_RUN_NUMBER}" --no-git-tag-versionpnpm publish --no-git-checks --tag rcThis means:
- RC versions auto-increment via the GitHub Actions run number
- Installing
@thulanek/semtest-runner@rcgets the latest RC - Installing without a tag always gets the latest stable
- The version bump is not committed — it only affects the published artifact