release: automate GitHub releases

[brianmhunt]

Summary

• add a post-publish release job that creates the matching GitHub Release and tag after a successful npm publish
• keep release automation idempotent by skipping creation when the GitHub Release already exists
• update release docs to reflect that the release workflow now creates the GitHub Release boundary automatically

Testing

• prettier check on .github/workflows/release.yml

Summary by CodeRabbit

• New Features
  • Automated GitHub Release creation after publish, auto-tagging and marking prereleases for alpha/beta/rc versions.
  • Manual “Backfill GitHub Release” action to create or retry a missing release/tag for a published commit.
• Behavior
  • Enforces a single repo-wide public release version; release will fail if conflicting public versions are detected.
  • Release creation verifies existing tags target the current commit and skips or errors accordingly.
• Documentation
  • Release docs updated to describe automated and manual release workflows.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b1d1acec-35c2-4111-8f3c-76da70c8aef3

📥 Commits

Reviewing files that changed from the base of the PR and between d85b273 and e9a09ed.

📒 Files selected for processing (3)

• .github/workflows/github-release.yml
• .github/workflows/release.yml
• tools/release-version.cjs

---

📝 Walkthrough

Walkthrough

Adds automated GitHub Release creation and a manual backfill workflow. The release workflow determines a single repo-wide release version from public package.json files, exposes it as release_version, and conditionally creates a v{VERSION} GitHub Release (with prerelease detection). A new manual github-release.yml mirrors this logic for backfills.

Changes

Cohort / File(s)	Summary
Release workflow changes /.github/workflows/release.yml	Set actions/checkout to persist-credentials: false, run tools/release-version.cjs to determine a single repo-wide release_version, expose it as a job output on publish, and add a github-release job to create or validate v{VERSION} releases/tags with prerelease detection and tag/commit checks via gh.
Manual backfill workflow /.github/workflows/github-release.yml	New Backfill GitHub Release workflow (workflow_dispatch with required target_sha): checks out target_sha, ensures it's reachable from origin/main, resolves version via tools/release-version.cjs, verifies an npm package version exists, and creates or validates v{VERSION} GitHub Release (handles prerelease suffixes).
Release version helper tools/release-version.cjs	New Node script that scans builds/*/package.json and packages/*/package.json, collects non-private package versions, enforces exactly one distinct public version, and prints it (exits non-zero if mismatch).
Changesets configuration .changeset/config.json	Populate fixed with an explicit array containing all @tko/* public packages to enforce a repo-wide fixed release group.
Documentation updates AGENTS.md, README.md, plans/build-and-release-certainty.md	Document that the release workflow now creates GitHub Releases/tags post-publish, describe the manual backfill workflow, and clarify repo-wide fixed versioning for @tko/* packages.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Maintainer
  participant Actions as "GitHub Actions"
  participant Registry as "npm Registry"
  participant GitHub as "GitHub API (gh)"

  Maintainer->>Actions: Push merge to main / trigger workflow
  Actions->>Actions: Checkout (persist-credentials:false)
  Actions->>Actions: Run tools/release-version.cjs -> determine VERSION
  Actions->>Registry: (backfill) npm view `@tko/build.reference`@VERSION
  Registry-->>Actions: responds (exists / not found)
  Actions->>GitHub: gh release view vVERSION (check tag)
  alt tag absent
    Actions->>GitHub: gh release create vVERSION --generate-notes [--prerelease if alpha/beta/rc]
    GitHub-->>Actions: release created
  else tag exists & points to same SHA
    Actions-->>Maintainer: No-op success
  else tag exists & points elsewhere
    Actions-->>Maintainer: Fail workflow
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• release: adopt npm trusted publishing #270: Modifies prepare-release and publish jobs in .github/workflows/release.yml that this change builds upon.
• release: automate GitHub releases #278: Adds or adjusts automated GitHub Release creation and related workflow steps similar to this PR.
• Add build and release certainty automation #238: Earlier changes to release tooling and .changeset/config.json that are extended by the repo-wide fixed group and workflow additions.

Poem

🐰
I sniffed the package.jsons, found one true line,
I hop and tag vVERSION when publish aligns,
If npm nods and SHAs agree, I cheer,
Else I wait for humans to call me near,
Carrot-toast: a release, tidy and fine!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'release: automate GitHub releases' directly describes the main change: automating the creation of GitHub releases as part of the release workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bmh/sc-automate-github-release

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

116-118: Consider adding error handling for version extraction.

If lerna.json is missing or malformed, the Node.js command will fail with an error. While this is acceptable in CI (the job would fail visibly), you could add a validation step for clearer error messages.

💡 Optional: Add version validation

      - name: Determine release version
        id: version
-       run: echo "version=$(node -p 'require(\"./lerna.json\").version')" >> "$GITHUB_OUTPUT"
+       run: |
+         version=$(node -p 'require("./lerna.json").version')
+         if [ -z "$version" ]; then
+           echo "::error::Could not determine version from lerna.json"
+           exit 1
+         fi
+         echo "version=$version" >> "$GITHUB_OUTPUT"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 116 - 118, The "Determine release
version" step currently runs a raw node command to read lerna.json which can
throw if the file is missing or malformed; update the step (id: version) to run
a small Node script that catches errors, validates the parsed object has a
string version, and prints a clear error to stderr and exits non‑zero if
validation fails, otherwise echo "version=<version>" to GITHUB_OUTPUT; include
contextual messages like "Failed to read lerna.json" or "Invalid version field
in lerna.json" to make CI failures easy to understand.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/release.yml:
- Around line 116-118: The "Determine release version" step currently runs a raw
node command to read lerna.json which can throw if the file is missing or
malformed; update the step (id: version) to run a small Node script that catches
errors, validates the parsed object has a string version, and prints a clear
error to stderr and exits non‑zero if validation fails, otherwise echo
"version=<version>" to GITHUB_OUTPUT; include contextual messages like "Failed
to read lerna.json" or "Invalid version field in lerna.json" to make CI failures
easy to understand.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ced91c27-31c9-4408-84e3-aa148fddf0d3

📥 Commits

Reviewing files that changed from the base of the PR and between 01e2272 and 35a8ab9.

📒 Files selected for processing (4)

• .github/workflows/release.yml
• AGENTS.md
• README.md
• plans/build-and-release-certainty.md

[Copilot]

Pull request overview

Adds a post-publish GitHub Release/tag creation step to the existing Changesets-based release workflow, and updates documentation to reflect the new automated GitHub Release boundary.

Changes:

• Add a github-release job that creates a GitHub Release (idempotently) after a successful npm publish.
• Update contributor/release documentation to mention GitHub Releases are created by CI.
• Extend the release plan doc to include the new GitHub Release/tag step.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
README.md	Updates the release workflow description to include GitHub Release creation.
plans/build-and-release-certainty.md	Documents the additional post-publish GitHub Release/tag step.
AGENTS.md	Updates workflow table and release process steps to mention GitHub Release/tag creation.
.github/workflows/release.yml	Adds a post-publish job to create a GitHub Release/tag if missing.

[Copilot]

The Determine release version step is over-escaped. As written, the shell runs node -p 'require(\"./lerna.json\").version', which includes literal backslashes inside the JavaScript expression (because it’s inside single quotes) and will cause a syntax error. Remove the unnecessary escaping so the Node expression is valid (e.g., require("./lerna.json") should not have backslashes when wrapped in single quotes).

Suggested change

	run: echo "version=$(node -p 'require(\"./lerna.json\").version')" >> "$GITHUB_OUTPUT"
	run: echo "version=$(node -p 'require("./lerna.json").version')" >> "$GITHUB_OUTPUT"

[Copilot]

The release tag/version is derived from lerna.json, but the workflow’s versioning/publishing is driven by Changesets (npx changeset version / npx changeset publish). Changesets does not inherently guarantee lerna.json stays in sync with the published package versions, so this can create a GitHub Release tag that doesn’t match what was just published. Consider sourcing the version from a package that is definitely versioned by Changesets (e.g., a canonical published package.json), or adjust the versioning step so lerna.json is updated as part of the version PR.

Suggested change

	run: echo "version=$(node -p 'require(\"./lerna.json\").version')" >> "$GITHUB_OUTPUT"
	run: echo "version=$(node -p 'require(\"./package.json\").version')" >> "$GITHUB_OUTPUT"