Is your technical request related to a problem? Please describe.

Currently, initializing a release (updating version numbers in files and performing Git operations) is a manual process. This increases the risk of errors and requires repository administrator rights, which limits the number of maintainers who can handle it.

Describe the solution you'd like

The goal is to automate this step to reduce errors and allow more maintainers to manage releases. This has been an objective since the first release: #141 (comment).

Ideally, a maintainer would manually trigger the release using a GitHub Actions workflow via workflow_dispatch, entering the version number as currently done. The workflow would then:

• Update the version numbers in the relevant files
• Commit the changes
• Create the tag
• Push everything to the repository

Since version 0.15.0, we have a script to update the version in files: #650, which will help with this process.

Describe alternatives you've considered

• The changelog preparation will likely remain manual, which is fine with the current setup.
• We do not plan to change the entire release mechanism, only to automate the part that is still manual.
• While there are tools available to handle the whole release process, we prefer not to use them for now.

Additional context

• The main branch is protected by a ruleset, and we'll need to bypass these restrictions.
• The creation of the Git tag triggers the subsequent automation workflows (GitHub Actions). The tag push must be done by an account, not with the GH_TOKEN, as this prevents other workflows from triggering (see the GitHub documentation for more details).
• A service account (bot) could be used to perform these actions.
• Ideally, the bot should sign both the commits and tags.

Note (not directly related to this topic, but for release in general): for the npm publish, we could now use a token less procedure, see https://docs.npmjs.com/trusted-publishers

Tasks

Setup trusted publishers

• configure the npm package
• update the npm publish workflow: id-token permission, npm v11, remove usage of the npm token, ...: chore: build with node 24 #971, ci: publish npm package with trusted publisher #972
• remove the npm token from secrets as it is no longer used
• decide if we protect the npm publish with a GitHub environment (npm-publish environment for example): https://docs.github.com/en/actions/how-tos/deploy/configure-and-manage-deployments/manage-environments

Create the bot account

• ensure it has all permissions to write in the repository, especially on the main branch

Code, configuration and documentation changes

• create a new workflow to initialize the release
• update the release procedure to
• update the changelog prior starting the release.
• Remove the need to manually run the script and perform the git operations