feat!: implement complete CI/CD pipeline with automated npm publishing
BREAKING CHANGE: Complete production-ready CI/CD infrastructure implemented
- Add comprehensive GitHub Actions workflows for CI, release, and dependency management
- Implement automated npm publishing to public registry with semantic-release
- Add multi-version Node.js testing (18, 20, 22) with quality gates
- Configure security scanning and automated vulnerability management
- Add automated dependency updates with weekly scheduling
- Implement post-release validation and monitoring
- Fix documentation workflow artifact download with resilient error handling
- Add comprehensive documentation for npm publishing setup
- Create CI/CD status tracking and troubleshooting guides
- Update package version to 2.0.0 for production release
- Remove sensitive files from git tracking (profiles, auth guides, personal docs)
- Maintain files locally but exclude from repository distribution
- Configure proper .gitignore patterns for sensitive data
-
Continuous Integration (
.github/workflows/ci.yml)- Multi-version Node.js testing matrix
- Quality gates: ESLint, Prettier, TypeScript validation
- Security scanning with audit-ci integration
- Build artifact creation and validation
- Documentation generation and link testing
-
Release & Publish (
.github/workflows/release.yml)- Automated semantic release based on conventional commits
- NPM publishing to public registry
- GitHub release creation with compiled assets
- Post-release validation (npm availability, installation testing)
- Comprehensive notifications and status reporting
-
Dependency Management (
.github/workflows/dependency-update.yml)- Weekly automated security updates
- Patch-level dependency updates with testing
- Automated PR creation with detailed summaries
- Security monitoring and reporting
- Package name:
@dataproc/mcp-server - Public npm registry publishing
- Semantic versioning with conventional commits
- Automated changelog generation
- GitHub releases with compiled assets
This represents a complete transformation of the project's release process from manual to fully automated, enabling:
- Zero-touch releases after initial NPM token setup
- Community distribution via public npm registry
- Production-grade quality gates with comprehensive testing
- Security automation with vulnerability scanning and updates
- Professional documentation and setup guides
- Configure NPM_TOKEN secret in GitHub repository
- Merge to main branch to trigger first automated release
- Verify package publication to npm registry
- Monitor automated dependency updates and security scanning
This establishes the foundation for professional open-source distribution and community engagement.
graph TD
A[Push to main] --> B{Pre-flight Checks}
B --> C[Quality Gates]
C --> D[Security Scan]
D --> E[Build Artifacts]
E --> F[Release Validation]
F --> G{Semantic Release}
G -->|New Version| H[NPM Publish]
G -->|No Changes| I[Skip Release]
H --> J[GitHub Release]
J --> K[Post-Release Validation]
K --> L[Success Notification]
M[Weekly Schedule] --> N[Dependency Scan]
N --> O[Security Updates]
O --> P[Create PR]
style A fill:#e1f5fe
style H fill:#c8e6c9
style J fill:#c8e6c9
style L fill:#4caf50
style P fill:#fff3e0