zx -based release script as semantic-release alternative (PoC)
Sometimes bloody enterprise enforces you not to use any third-party solutions for sensitive operations (like release, deploy, so on). Old good script copy-paste hurries to the rescue!
Btw, here's an adaptation for monorepos: zx-bulk-release
- macOS / linux
- Node.js >= 14.13.1
- git >= 2.0
- zx >= 1.6.0
- Zero dependencies
- Zero configuration
- Pretty fast
- Tiny, less than 140 lines with comments
- Reliability, safety, simplicity and maintainability (sarcasm)
- Poor conventional commits analysis
CHANGELOG.mdgenerationpackage.jsonversion bumping- Git release commit creation
- GitHub Release
- Package publishing to both npmjs and gh registries
- Copy
- Tweak up, inject tokens, etc
- Run
curl https://raw.githubusercontent.com/semrel-extra/zx-semrel/master/release.mjs > ./release.mjs
zx ./release.mjsor this like if zx is not installed:
# Just replace GIT* env values with your own
GIT_COMMITTER_NAME=antongolub [email protected] GITHUB_TOKEN=token npx zx ./release.mjsor just run it without any edits though npx:
# Cross your fingers for luck
GIT_COMMITTER_NAME=antongolub [email protected] GITHUB_TOKEN=token npx zx-semrelSee also gh-actions usage example
- Actually you don’t need 'semantic-release' for semantic release
- stackoverflow.com/github-oauth2-token-how-to-restrict-access-to-read-a-single-private-repo
- npmjs.com/using-private-packages-in-a-ci-cd-workflow
- cli/cli#1425
- https://gist.github.com/Kovrinic/ea5e7123ab5c97d451804ea222ecd78a
- https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token
- https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
- Not invented here