automated semver compliant package publishing
fully automated package publishing
Trust us, this will change your workflow for the better.
Out of the box this is just about commit-messages, but you can do so much more.
||You manually decide what the next version is. You have to remember what major, minor and patch means. You have to remember to push both commits and tags. You have to wait for the CI to pass.|
||You describe the changes you’ve made. A new version is automatically published with the correct version number.|
This removes the immediate connection between human emotions and version numbers, so strictly following the SemVer spec is not a problem anymore – and that’s ultimately
|A free egghead.io tutorial series on how to write an open source library featuring semantic-release.|
|“We fail to follow SemVer – and why it needn’t matter”||“semantic-release Q&A with Kent C. Dodds”|
|This talk gives you a complete introduction to the underlying concepts of this module. 38:30||A “Hangouts on Air” conversation with hands on questions and answers about how to use semantic-release. 53:52|
Instead of writing meaningless commit messages, we can take our time to think about the changes in the codebase and write them down. Following formalized conventions it is then possible to generate a helpful changelog and to derive the next semantic version number from them.
semantic-release is setup it will do that after every successful continuous integration build of your master branch (or any other branch you specify) and publish the new version for you. This way no human is directly involved in the release process and your releases are guaranteed to be unromantic and unsentimental.
If you fear the loss of control over timing and marketing implications of software releases you should know that
semantic-release supports release channels using
npm’s dist-tags. This way you can keep control over what your users end up using by default, you can decide when to promote an automatically released version to the stable channel, and you can choose which versions to write blogposts and tweets about. You can use the same mechanism to support older versions of your software, for example with important security fixes.
This is what happens in series:
|New code is pushed and triggers a CI build.||Based on all commits that happened since the last release, the new version number gets written to the
||The new version gets published to
||A changelog gets generated and a release (including a git tag) on GitHub gets created.|
Note: The current release/tag implementation is tied to GitHub, but could be opened up to Bitbucket, GitLab, et al. Feel free to send PRs for these services.
Each commit message consists of a header, a body and a footer. The header has a special format that includes a type, a scope and a subject (full explanation):
<type>(<scope>): <subject><BLANK LINE><body><BLANK LINE><footer>
fix(pencil): stop graphite breaking when too much pressure applied
feat(pencil): add 'graphiteWidth' option
perf(pencil): remove graphiteWidth optionBREAKING CHANGE: The graphiteWidth option has been removed. The default graphite width of 10mm is always used for performance reason.
npm install -g semantic-release-clicd your-modulesemantic-release-cli setup
These options are currently available:
branch: The branch on which releases should happen. Default:
debug: If true doesn’t actually publish to npm or write things to file. Default:
githubToken: The token used to authenticate with GitHub. Default:
githubUrl: Optional. Pass your GitHub Enterprise endpoint.
githubApiPathPrefix: Optional. The path prefix for your GitHub Enterprise API.
A few notes on
npm token can only be defined in the environment as
NPM_TOKEN, because that’s where
npm itself is going to read it from.
In order to publish to a different
npm registry you can specify that inside the
If you want to use another dist-tag for your publishes than
'latest' you can specify that inside the
semantic-release generally tries to orientate itself towards
npm – it inherits the loglevel for example.
There are numerous steps where you can customize
semantic-release’s behaviour using plugins. A plugin is a regular option, but passed inside the
release block of
semantic-release pre --analyze-commits="npm-module-name"
A plugin itself is an async function that always receives three arguments.
pluginConfig: If the user of your plugin specifies additional plugin config in the
verifyConditionsexample above) then it’s this object.
config: A config object containing a lot of information to act upon.
env: All environment variables
npm: Select npm configuration bits like
configobject contains even more information. See below.
callback: If an error occurs pass it as first argument. Otherwise pass your result as second argument.
This plugin is responsible for determining the type of the next release. It additionally receives a
commits array inside
config. One commit is an object with a
hash property. Call the callback with
null if nothing changed. Have a look at the default implementation.
This plugin is responsible for generating release notes. Call the callback with the notes as a string. Have a look at the default implementation.
This plugins is responsible for verifying that a release should happen in the first place. For example, the default implementation verifies that the publish is happening on Travis, that it’s the right branch, and that all other build jobs succeeded. There are more use cases for this, e.g. verifying that test coverage is above a certain threshold or that there are no vulnerabilities in your dependencies. Be creative.
Passing an array of plugins will run them in series.
This plugin is responsible for verifying a release that was determined before and is about to be published. There is no default implementation. It additionally receives
commits is the same as with analyzeCommits,
nextRelease contains a
'major') and the new version (e.g.
lastRelease contains the old
gitHead at the time of the release and the npm dist-
'latest'). Using this information you could detect breaking changes or hold back certain types of releases. Again: Be creative.
Passing an array of plugins will run them in series.
This plugin is responsible for determining a package’s last release version. The default implementation uses the last published version on a npm registry.
I think you might frequently ask questions like these
npm docs even state:
The most important things in your package.json are the name and version fields. Those are actually required, and your package won’t install without them. – npm docs
While this entirely true the version number doesn’t have to be checked into source control.
semantic-release takes care of the version field right before
npm publish uses it – and this is the only point where it really is required.
If you run
npm run semantic-release locally a dry run gets performed, which logs the version that would currently get published.
Of course you can, but this doesn’t necessarily mean you should. Running your tests on an independent machine before releasing software is a crucial part of this workflow. Also it is a pain to set this up locally, with tokens lying around and everything. That said, you can run the scripts with
--debug=false explicitly. You have to export
You can trigger a release by pushing to your GitHub repository. You deliberately cannot trigger a specific version release, because this is the whole point of
semantic-release. Start your packages with
1.0.0 and semver on.
It is indeed a great idea because it forces you to follow best practices. If you don’t feel comfortable making every passing feature or fix on your master branch addressable via
npm you might not treat your master right. Have a look at branch workflows. If you still think you should have control over the exact point in time of your release, e.g. because you are following a release schedule, you can release only on the
release branch and push your code there in certain intervals, or better yet use dist-tags.
semantic-release has a full unit- and integration-test-suite that tests actual
npm publishes against the npm-registry-couchapp on all major node.js versions from
^0.10 on. A new version won’t get published if it doesn’t pass on all these engines.
Use this in one of your projects? Include one of these badges in your README.md to let people know that your package is published using
MIT License 2015 © Stephan Bönnemann and contributors