@gerdloos/npm-trusts-github-skill 1.0.0 → 1.0.3

package/.github/workflows/publish.yml

@@ -1,22 +1,66 @@
-name: Publish to npm
+name: Publish to npm and create release
 
 on:
-  push:
-    tags:
-      - 'v*'
+  workflow_dispatch:
 
 permissions:
   id-token: write
-  contents: read
+  contents: write
 
 jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+
       - uses: actions/setup-node@v4
         with:
           node-version: '22'
           registry-url: 'https://registry.npmjs.org'
+
       - run: npm install -g npm@latest
-      - run: npm publish --access public
+
+      - name: Read package info
+        id: pkg
+        run: |
+          NAME=$(node -p "require('./package.json').name")
+          VERSION=$(node -p "require('./package.json').version")
+          echo "name=${NAME}" >> $GITHUB_OUTPUT
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+
+      - name: Validate version is new on npm
+        run: |
+          if npm view "${{ steps.pkg.outputs.name }}@${{ steps.pkg.outputs.version }}" version >/dev/null 2>&1; then
+            echo "::error::Version ${{ steps.pkg.outputs.version }} already exists on npm"
+            exit 1
+          fi
+
+      - name: Check tag does not exist
+        run: |
+          TAG="v${{ steps.pkg.outputs.version }}"
+          git fetch --tags
+          if git rev-parse "${TAG}" >/dev/null 2>&1; then
+            echo "::error::Tag ${TAG} already exists"
+            exit 1
+          fi
+
+      - name: Pack
+        id: pack
+        run: |
+          npm pack --pack-destination /tmp
+          echo "tarball=/tmp/$(ls /tmp/*.tgz | xargs -n1 basename)" >> $GITHUB_OUTPUT
+
+      - name: Publish to npm
+        run: npm publish --access public
+
+      - name: Create git tag
+        run: |
+          git tag "v${{ steps.pkg.outputs.version }}"
+          git push origin "v${{ steps.pkg.outputs.version }}"
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: v${{ steps.pkg.outputs.version }}
+          name: v${{ steps.pkg.outputs.version }}
+          files: ${{ steps.pack.outputs.tarball }}

package/README.md

@@ -1,7 +1,18 @@
-# setup-npm-trusts-github-skill
+# Sets up the npm-trusts-github skill
+
+> ⚠️ **ALPHA SOFTWARE** — This package is under active development.
+> APIs, skill structure, and behavior may change without notice.
 
 A skill that teaches an LLM how to set up npm trusted publishing (OIDC) with GitHub Actions.
 
+Provide knowledge to the llm to setup npm, github and auth so a new version triggers publication on npm.
+
+I myself for now prefer github private, and the npm instance is the public one.
+
+At the moment in alpha, it's more about setting up from fresh, first time use focused.
+
+Not yet atm : LLM should create a "publish to npm"-guideline folder or doc per project, with in it project specifics, then reference the guideline per project. 
+
 ## Install on Pi
 
 ```bash

package/package.json

@@ -1,10 +1,25 @@
 {
   "name": "@gerdloos/npm-trusts-github-skill",
-  "version": "1.0.0",
+  "version": "1.0.3",
   "description": "A skill that teaches an LLM how to set up npm trusted publishing with GitHub Actions",
-  "keywords": ["pi-package", "npm", "publish", "workflow"],
+  "keywords": [
+    "pi-package",
+    "npm",
+    "publish",
+    "workflow"
+  ],
   "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/get-loose/npm-trusts-github-skill.git"
+  },
+  "homepage": "https://github.com/get-loose/npm-trusts-github-skill#readme",
+  "bugs": {
+    "url": "https://github.com/get-loose/npm-trusts-github-skill/issues"
+  },
   "pi": {
-    "skills": ["./skills"]
+    "skills": [
+      "./skills"
+    ]
   }
 }