This directory contains automated release workflows for the SchemaPin dual-language project.

Handles automated publishing of the JavaScript package to npm registry.

Triggers:

• Git tags matching v* pattern
• Manual dispatch with options

Features:

• Version consistency validation
• Comprehensive testing (unit tests, linting)
• Package installation testing
• Duplicate version checking
• Dry run support
• GitHub release creation

Handles automated publishing of the Python package to PyPI.

Triggers:

• Git tags matching v* pattern
• Manual dispatch with options

Features:

• Version consistency validation
• Quality checks (pytest, ruff, bandit)
• Test PyPI publishing first
• Production PyPI publishing
• CLI tools validation
• Installation testing from both registries

Orchestrates release of both npm and PyPI packages simultaneously.

Triggers:

• Git tags matching v* pattern
• Manual dispatch with granular control options

Features:

• Coordinated dual-package release
• Individual package selection (npm-only, pypi-only)
• Comprehensive validation pipeline
• Unified GitHub release creation

Configure these secrets in your GitHub repository settings (Settings > Secrets and variables > Actions):

• NPM_TOKEN: npm authentication token
  • Generate at: https://www.npmjs.com/settings/tokens
  • Type: "Automation" token with "Publish" permission
  • Scope: Can be limited to specific packages

• PYPI_API_TOKEN: PyPI API token for production releases

  • Generate at: https://pypi.org/manage/account/token/
  • Scope: "Entire account" or specific to schemapin project

• TEST_PYPI_API_TOKEN: Test PyPI API token for testing

  • Generate at: https://test.pypi.org/manage/account/token/
  • Scope: "Entire account" or specific to schemapin project

1. Update version numbers in both javascript/package.json and python/pyproject.toml
2. Commit changes and push to main branch
3. Create and push a git tag:

   git tag v1.2.0
   git push origin v1.2.0

4. Workflows will automatically trigger and publish packages

1. Go to GitHub Actions tab
2. Select desired workflow
3. Click "Run workflow"
4. Configure options:
   • Tag: Version to release (e.g., v1.2.0)
   • Dry run: Test without publishing
   • Package selection: Choose npm-only, pypi-only, or both

1. Version Consistency: Ensures JavaScript and Python versions match
2. Code Quality: Runs tests, linting, and security checks
3. Build Validation: Verifies packages can be built successfully

1. Unit Tests: Runs comprehensive test suites
2. Package Installation: Tests actual package installation
3. Functionality: Validates basic package functionality
4. CLI Tools: Tests command-line tool availability (Python)

1. Test Registries: Publishes to Test PyPI first (Python)
2. Production Registries: Publishes to npm and PyPI
3. Verification: Tests installation from production registries
4. GitHub Release: Creates release with changelog and links

Template for npm configuration. Copy to .npmrc in your home directory or project root.

Template for PyPI configuration. Copy to ~/.pypirc and configure with your credentials.

• Keep versions synchronized between JavaScript and Python packages
• Use semantic versioning (e.g., 1.2.3)
• Update CHANGELOG.md before releases

• Always test with dry runs first
• Use Test PyPI for Python package validation
• Verify installation in clean environments

• Use API tokens instead of passwords
• Limit token scopes to minimum required permissions
• Rotate tokens regularly
• Never commit tokens to repository

1. Development: Make changes in feature branches
2. Testing: Ensure all tests pass locally
3. Version Bump: Update version numbers consistently
4. Documentation: Update CHANGELOG.md and README.md
5. Tagging: Create git tag for release
6. Monitoring: Watch workflow execution and verify published packages

Version Mismatch

• Ensure javascript/package.json and python/pyproject.toml have identical versions
• Check python/setup.py version if using legacy setup

Authentication Failures

• Verify API tokens are correctly configured in GitHub secrets
• Check token permissions and expiration dates
• Ensure token scopes include package publishing

Test Failures

• Run tests locally before pushing tags
• Check for environment-specific issues
• Verify all dependencies are properly declared

Package Already Exists

• Version numbers cannot be reused on npm/PyPI
• Increment version number and create new tag
• Use pre-release versions for testing (e.g., 1.2.3-beta.1)

If workflows fail, you can manually publish using existing scripts:

# npm package
cd javascript && npm publish

# Python package
cd python && python -m build && twine upload dist/*

• ✅ All workflow steps complete successfully
• ✅ Packages appear on npm and PyPI registries
• ✅ GitHub release is created with proper changelog
• ✅ Installation tests pass from production registries

• ❌ Test failures in validation phase
• ❌ Authentication errors during publishing
• ❌ Version conflicts or duplicate versions
• ❌ Package installation failures

Monitor workflow execution in the GitHub Actions tab and check package registry pages to confirm successful publication.