Configure the following secrets in your GitHub repository settings:
Required for: Publishing to npm registry How to get:
- Go to https://www.npmjs.com/
- Login to your account
- Go to Settings → Access Tokens
- Generate a new token with "Automation" type (or "Classic" with publish permissions)
- Copy the token and add it as
NPM_TOKENin GitHub repository secrets
Required for: Pushing version bumps and tags back to repository How to get:
- Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
- Generate a new token with
reposcope - Copy the token and add it as
CICD_TOKENin GitHub repository secrets
Alternative: If not set, GitHub's default GITHUB_TOKEN will be used, but it won't trigger subsequent workflows.
Runs on:
- Push to
mainbranch - Manual trigger via workflow_dispatch
Features:
- ✅ Multi-version Node.js testing (18, 20, 22)
- ✅ Security audit
- ✅ Test coverage reporting
- ✅ CHANGELOG validation
- ✅ Automated versioning
- ✅ GitHub releases with CHANGELOG notes
- ✅ npm publishing with provenance
Runs on:
- Pull requests to
mainbranch
Features:
- ✅ Multi-version Node.js testing (18, 20, 22)
- ✅ Lint and formatting checks
- ✅ Security audit
- ✅ Dependency freshness check
- ✅ Test coverage threshold
- ✅ Semantic PR title validation
- ✅ CHANGELOG update reminder
- Go to Actions → CI/CD Pipeline → Run workflow
- Select release type (patch/minor/major)
- Workflow will:
- Run all tests
- Validate CHANGELOG
- Bump version
- Create git tag
- Create GitHub release
- Publish to npm
- Merge PR to
main - Workflow automatically:
- Bumps patch version
- Creates release
- Publishes to npm
- Always update CHANGELOG.md before merging to main
- Use semantic commit messages for PRs (feat:, fix:, chore:, etc.)
- Version format in CHANGELOG:
## [X.Y.Z] - YYYY-MM-DD - Test locally before pushing:
npm run lint && npm test && npm run build - Review coverage reports in PR checks