This document covers the release process for claudelint. Releases use release-it for versioning, changelog, git tagging, and GitHub releases. npm publishing happens automatically via CI using OIDC trusted publishing.
- Authenticated with GitHub CLI (
gh auth status) - Push access to
pdugan20/claudelint - Clean working directory (
git statusshows no changes)
All npm run release* scripts automatically set GITHUB_TOKEN from gh auth token so release-it can create GitHub releases. If GITHUB_TOKEN is already set (e.g. in CI), that value is used instead.
-
Verify constants are current (manual, not automated):
npm run check:constants
-
Run full validation:
npm run validate:all
-
Run a dry run to preview:
npm run release:dry
npm run release:patch # 0.2.0 -> 0.2.1Use for: bug fixes, typo corrections, dependency patches that don't change behavior.
npm run release:minor # 0.2.0 -> 0.3.0Use for: new rules, new validators, new CLI commands, non-breaking API additions.
npm run release:major # 0.2.0 -> 1.0.0Use for: removed rules, changed rule IDs, config format changes, dropped Node.js versions.
npm run release:beta # 0.2.0 -> 0.3.0-beta.0
npm run release:alpha # 0.2.0 -> 0.3.0-alpha.0
npm run release:rc # 0.2.0 -> 0.3.0-rc.0npm run release # Prompts for versionnpm run release executes this pipeline (configured in .release-it.json):
- before:init — Runs
npm run lint,npm run test,npm run build - Version bump — Updates
package.jsonversion - after:bump — Runs
npm run sync:versions(syncs plugin.json, marketplace.json, examples) - Changelog — Auto-generates CHANGELOG.md section from conventional commits
- Git — Commits changes, creates
v{version}tag, pushes to origin - GitHub — Creates GitHub release with release notes
- npm — CI publishes automatically when the
v*tag is pushed (see below)
npm publishing is handled by the .github/workflows/publish.yml workflow, not by release-it. When release-it pushes a v* tag, the CI workflow:
- Checks out the tagged commit
- Builds the package
- Publishes to npm using OIDC trusted publishing (no tokens needed)
- Attaches provenance attestation to the package
The trusted publisher is configured on npmjs.com to accept publishes from the pdugan20/claudelint repository's publish.yml workflow. This eliminates the need for npm tokens or secrets.
All version numbers must stay in sync across:
package.json(primary source).claude-plugin/plugin.json.claude-plugin/marketplace.json(top-level version andplugins[0].version)
This is handled automatically by the after:bump hook. To verify manually:
npm run sync:versions:checkTo fix drift manually:
npm run sync:versions- Create fix on
main(we don't use release branches) - Run
npm run release:patch - Verify on npm:
npm view claude-code-lint version
git status # Check what's uncommitted
git stash # Or commit/discard changesnpm run sync:versions # Fix drift
npm run sync:versions:check # VerifyIf the git tag and npm publish succeeded but no GitHub release was created:
# Check if gh CLI is authenticated
gh auth status
# Create the release manually from the existing tag
gh release create v0.x.x --title "v0.x.x" --notes-from-tagIf release-it succeeded (tag pushed, GitHub release created) but the CI publish workflow failed:
# Check the workflow run
gh run list --workflow=publish.yml --limit 3
# View the failure
gh run view <run-id> --log-failed
# Re-run the failed workflow
gh run rerun <run-id>If the issue is with OIDC or trusted publishing configuration, verify the setup at https://www.npmjs.com/package/claude-code-lint/access.
If release fails after the git tag but before CI publish completes:
# Check what was created
git tag -l | tail -5
gh release list | head -5
# Re-trigger the CI publish by re-pushing the tag
git push origin v0.x.x
# Or delete the tag and re-run the full release
git tag -d v0.x.x
git push origin :refs/tags/v0.x.x
npm run release