bulk-release 2.17.0 → 2.18.1

package/CHANGELOG.md

@@ -1,3 +1,13 @@
+## [2.18.1](https://github.com/semrel-extra/zx-bulk-release/compare/v2.18.0...v2.18.1) (2026-04-05)
+
+### Fixes & improvements
+* fix: enhance rollback ([3338298](https://github.com/semrel-extra/zx-bulk-release/commit/3338298a0f7685b809e7ac1daae43c6d02a19557))
+
+## [2.18.0](https://github.com/semrel-extra/zx-bulk-release/compare/v2.17.0...v2.18.0) (2026-04-05)
+
+### Features
+* feat: introduce recovery mode ([2f15fd8](https://github.com/semrel-extra/zx-bulk-release/commit/2f15fd83cfb41a4a55a4ab12d880c00e24c5c717))
+
 ## [2.17.0](https://github.com/semrel-extra/zx-bulk-release/compare/v2.16.2...v2.17.0) (2026-04-05)
 
 ### Features

package/README.md

@@ -50,6 +50,7 @@ GH_TOKEN=ghtoken GH_USER=username NPM_TOKEN=npmtoken npx zx-bulk-release [opts]
 | `--dry-run` / `--no-publish` | Disable any publish logic                                                                                                 |                  |
 | `--report`                   | Persist release state to file                                                                                             |                  |
 | `--snapshot`                 | Disable any publishing steps except of `npm` and `publishCmd` (if defined), then  push packages to the `snapshot` channel |                  |  
+| `--recover`                  | Remove orphan git tags (tag exists but npm publish failed) and exit. Re-run without this flag to release.                  |                  |
 | `--debug`                    | Enable [zx](https://github.com/google/zx#verbose) verbose mode                                                            |                  |
 | `--version` / `-v`           | Print own version                                                                                                         |                  |
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "bulk-release",
   "alias": "bulk-release",
-  "version": "2.17.0",
+  "version": "2.18.1",
   "description": "zx-based alternative for multi-semantic-release",
   "type": "module",
   "exports": {

package/src/main/js/processor/release.js

@@ -5,7 +5,7 @@ import {queuefy} from 'queuefy'
 import {topo, traverseQueue} from './deps.js'
 import {createReport} from '../log.js'
 import {exec} from './exec.js'
-import {contextify} from '../steps/contextify.js'
+import {contextify, recover} from '../steps/contextify.js'
 import {analyze} from '../steps/analyze.js'
 import {build} from '../steps/build.js'
 import {publish} from '../steps/publish.js'
@@ -28,6 +28,19 @@ export const run = async ({cwd = process.cwd(), env, flags = {}} = {}) => within
     .log()('queue:', queue)
     .log()('graphs', graphs)
 
+  // --recover: standalone mode — clean orphan tags and exit.
+  // Run the full pipeline again after this to rebuild and publish affected packages.
+  if (flags.recover) {
+    let recovered = 0
+    for (const name of queue) {
+      const pkg = packages[name]
+      await contextify(pkg, context)
+      if (await recover(pkg)) recovered++
+    }
+    report.log()(`recover: cleaned ${recovered} orphan tag(s)`)
+    return
+  }
+
   try {
     await traverseQueue({queue, prev, async cb(name) {
       report.setStatus('analyzing', name)

package/src/main/js/steps/contextify.js

@@ -1,7 +1,9 @@
 import {getPkgConfig} from '../config.js'
-import {getLatest} from '../processor/meta.js'
-import {getRoot, getSha} from '../api/git.js'
-import {$} from 'zx-extra'
+import {getLatest, getArtifactPath} from '../processor/meta.js'
+import {getRoot, getSha, getRepo, deleteRemoteTag, fetchRepo, pushCommit} from '../api/git.js'
+import {fetchManifest} from '../api/npm.js'
+import {log} from '../log.js'
+import {$, fs, path, fetch} from 'zx-extra'
 
 // Inspired by https://docs.github.com/en/actions/learn-github-actions/contexts
 export const contextify = async (pkg, {packages, root, flags, env}) => {
@@ -17,3 +19,134 @@ export const contextify = async (pkg, {packages, root, flags, env}) => {
     packages
   }
 }
+
+// Rollback a release that failed mid-publish (called inline from publish.js).
+// Unlike `recover`, this uses the current release tag (pkg.context.git.tag)
+// and skips the npm existence check — we already know the release failed.
+export const rollbackRelease = async (pkg) => {
+  const tag = pkg.context.git.tag
+  if (!tag) return
+
+  const cwd = pkg.context.git.root
+  const {ghBasicAuth: basicAuth, ghToken, gitCommitterName, gitCommitterEmail} = pkg.config
+  const {repoName} = await getRepo(cwd, {basicAuth})
+
+  log({pkg})(`rollback: cleaning up failed release for tag '${tag}'`)
+
+  // 1. Delete GitHub release
+  if (ghToken) {
+    try {
+      const res = await fetch(`https://api.github.com/repos/${repoName}/releases/tags/${tag}`, {
+        headers: {Authorization: `token ${ghToken}`, 'X-GitHub-Api-Version': '2022-11-28'}
+      })
+      if (res.ok) {
+        const {id} = await res.json()
+        await fetch(`https://api.github.com/repos/${repoName}/releases/${id}`, {
+          method: 'DELETE',
+          headers: {Authorization: `token ${ghToken}`, 'X-GitHub-Api-Version': '2022-11-28'}
+        })
+        log({pkg})(`rollback: deleted gh release for '${tag}'`)
+      }
+    } catch (e) {
+      log({pkg, level: 'warn'})('rollback: failed to delete gh release', e)
+    }
+  }
+
+  // 2. Remove meta entry from meta branch
+  try {
+    const metaBranch = 'meta'
+    const metaCwd = await fetchRepo({cwd, branch: metaBranch, basicAuth})
+    const artifactPath = getArtifactPath(tag)
+    const candidates = [
+      path.resolve(metaCwd, `${artifactPath}.json`),
+      path.resolve(metaCwd, artifactPath)
+    ]
+    let removed = false
+    for (const p of candidates) {
+      if (fs.existsSync(p)) {
+        await fs.remove(p)
+        removed = true
+      }
+    }
+    if (removed) {
+      await pushCommit({cwd, branch: metaBranch, msg: `chore: rollback ${pkg.name} ${pkg.version}`, gitCommitterName, gitCommitterEmail, basicAuth})
+      log({pkg})(`rollback: removed meta for '${tag}'`)
+    }
+  } catch (e) {
+    log({pkg, level: 'warn'})('rollback: failed to clean meta branch', e)
+  }
+
+  // 3. Delete git tag
+  await deleteRemoteTag({cwd, tag})
+}
+
+// Rollback a partially failed release: delete orphan tag, meta, changelog, gh release.
+export const recover = async (pkg) => {
+  const needsNpm = !pkg.manifest.private && pkg.config.npmPublish !== false
+  if (!needsNpm) return false
+
+  const {tag} = pkg.latest
+  if (!tag) return false
+
+  const manifest = await fetchManifest({
+    name: pkg.name,
+    version: tag.version,
+    config: pkg.config,
+  }, {nothrow: true})
+
+  if (manifest) return false
+
+  const cwd = await getRoot(pkg.absPath)
+  const {ghBasicAuth: basicAuth, ghToken, gitCommitterName, gitCommitterEmail} = pkg.config
+  const {repoName} = await getRepo(cwd, {basicAuth})
+
+  log({pkg})(`recover: tag '${tag.ref}' exists but ${pkg.name}@${tag.version} not found on npm, rolling back failed release`)
+
+  // 1. Delete GitHub release (also removes attached meta assets)
+  if (ghToken) {
+    try {
+      const res = await fetch(`https://api.github.com/repos/${repoName}/releases/tags/${tag.ref}`, {
+        headers: {Authorization: `token ${ghToken}`, 'X-GitHub-Api-Version': '2022-11-28'}
+      })
+      if (res.ok) {
+        const {id} = await res.json()
+        await fetch(`https://api.github.com/repos/${repoName}/releases/${id}`, {
+          method: 'DELETE',
+          headers: {Authorization: `token ${ghToken}`, 'X-GitHub-Api-Version': '2022-11-28'}
+        })
+        log({pkg})(`recover: deleted gh release for '${tag.ref}'`)
+      }
+    } catch (e) {
+      log({pkg, level: 'warn'})('recover: failed to delete gh release', e)
+    }
+  }
+
+  // 2. Remove meta entry from meta branch
+  try {
+    const metaBranch = 'meta'
+    const metaCwd = await fetchRepo({cwd, branch: metaBranch, basicAuth})
+    const artifactPath = getArtifactPath(tag.ref)
+    const candidates = [
+      path.resolve(metaCwd, `${artifactPath}.json`),
+      path.resolve(metaCwd, artifactPath)
+    ]
+    let removed = false
+    for (const p of candidates) {
+      if (fs.existsSync(p)) {
+        await fs.remove(p)
+        removed = true
+      }
+    }
+    if (removed) {
+      await pushCommit({cwd, branch: metaBranch, msg: `chore: recover ${pkg.name} ${tag.version}`, gitCommitterName, gitCommitterEmail, basicAuth})
+      log({pkg})(`recover: removed meta for '${tag.ref}'`)
+    }
+  } catch (e) {
+    log({pkg, level: 'warn'})('recover: failed to clean meta branch', e)
+  }
+
+  // 3. Delete orphan git tag
+  await deleteRemoteTag({cwd, tag: tag.ref})
+
+  return true
+}

package/src/main/js/steps/publish.js

@@ -5,7 +5,7 @@ import {npmPersist, npmPublish} from '../api/npm.js'
 import {prepareMeta, pushMeta, pushReleaseTag} from '../processor/meta.js'
 import {pushChangelog} from '../api/changelog.js'
 import {ghPages, ghRelease} from '../api/gh.js'
-import {deleteRemoteTag} from '../api/git.js'
+import {rollbackRelease} from './contextify.js'
 
 export const publish = memoizeBy(async (pkg, run = exec) => within(async () => {
   $.scope = pkg.name
@@ -34,13 +34,11 @@ export const publish = memoizeBy(async (pkg, run = exec) => within(async () => {
         run(pkg, 'publishCmd')
       ])
     } catch (e) {
-      // Rollback the tag only for npm-published packages so the next run can retry.
+      // Rollback the entire failed release for npm-published packages.
       // Git-tag-only packages (private or npmPublish: false) keep their tag — it IS the release.
       const needsNpm = !pkg.manifest.private && pkg.config.npmPublish !== false
-      const cwd = pkg.context.git.root
-      const tag = pkg.context.git.tag
-      if (tag && needsNpm) {
-        await deleteRemoteTag({cwd, tag})
+      if (needsNpm) {
+        await rollbackRelease(pkg)
       }
       throw e
     }