| name | release |
| description | Cut a release of genlayer-js. Bumps version, updates CHANGELOG, tags, pushes — CI then publishes to npm and creates the GitHub Release. Use when a human asks "release v1.x.y" or "ship a new version". |
Release skill — genlayer-js
This repo follows a branch-per-major release model. There is no auto-bump on push. A release happens when a human (or you on their behalf) runs scripts/release.sh on the target stable branch.
When to use this skill
User asks anything like:
- "release v1.2.0"
- "ship a patch"
- "cut a new minor"
- "tag the latest fix as a release"
If they ask "publish to npm directly" — refuse and point at this flow. The repo doesn't have an unprotected npm push path; the tag is the only release entry point.
What this repo's release model expects
- Branches are named after the major they ship:
v1 (current stable), v2-dev / v2 (next major when it exists).
- Tags live within those branches:
v1.1.9, v1.2.0, ...
- A major bump means cutting a new branch, not tagging on the current one. The release script refuses major bumps unless
--allow-major is passed.
CHANGELOG.md is updated in the release commit (release-it via @release-it/conventional-changelog).
publish.yml fires on the tag push and does the npm publish + GitHub Release.
Steps
-
Confirm intent with the user.
- Which version? If unspecified, ask whether it's patch / minor / explicit.
- Which branch? Default
v1. If they're shipping a back-port to an older major, the branch is v<old>.
-
Switch to the target branch + sync.
git checkout v1
git pull --ff-only origin v1
If the working tree isn't clean, stop and surface what's there — never stash and ship.
-
Verify the head is shippable.
-
Run the release script.
scripts/release.sh <X.Y.Z>
It will: bump package.json, prepend CHANGELOG.md, commit Release v<X.Y.Z> [skip ci], tag v<X.Y.Z>, and push both the branch commit and the tag. It will NOT publish to npm — CI handles that.
-
Watch the publish workflow.
gh run watch
or
gh run list --workflow=publish.yml --limit 1
If publish.yml fails (typical causes: tag/package.json mismatch — caused by hand-editing package.json outside the script; NPM_TOKEN rotated; npm provenance check), report the failure verbatim and stop. Do not retry blindly.
-
Confirm on npm.
npm view genlayer-js dist-tags
The latest tag should show the new version. Report back to the user with the version and the GitHub Release URL.
Things to refuse
- Major bump on the current branch without
--allow-major. The right move for a major is a new branch + new track in the runner matrix (separate workflow).
- Releasing from
main — main is retired. If somehow main exists locally, the script will refuse; explain why.
- Hand-editing
package.json to bump the version instead of running the script. The script keeps package.json, the CHANGELOG entry, the commit message, and the tag in lockstep; doing it by hand drifts them.
- Publishing a tag where
publish.yml failed — fix the underlying issue, re-cut the release (delete the bad tag both locally and on origin, re-run the script). Don't manually npm publish.
Roll-back
If a release shipped but is broken:
- Don't unpublish from npm unless someone with elevated permissions has assessed the impact — npm unpublish has a 72-hour window and a deprecation path that consumers prefer.
- Deprecate the bad version:
npm deprecate "genlayer-js@<X.Y.Z>" "broken release; install <X.Y.Z+1> or later"
- Ship a follow-up patch via the same flow (
scripts/release.sh patch).
Why no auto-bump?
The previous flow auto-bumped on every push to main, which:
- Twice landed accidental major bumps (
0.28.7 → 1.0.0, v1-prerelease → v2-yanked in testing-suite) because conventional-commit BREAKING CHANGE notes are too easy to drop into a PR.
- Tied "shipping a release" to "merging a PR", which conflated two decisions.
- Left no human checkpoint between "code lands" and "users get it".
Manual + scripted is the trade we made: small overhead per release in exchange for never shipping a surprise.