Two workflows have been created:
- ci.yml - Runs on every push and PR
- release.yml - Publishes to npm on release/tag
For release.yml to work, you need to add your npm token to GitHub:
-
Generate an npm token at https://www.npmjs.com/settings/[username]/tokens
- Choose "Automation" token type
- Copy the token
-
Add to GitHub repository:
- Go to repository Settings → Secrets and variables → Actions
- Click "New repository secret"
- Name:
NPM_TOKEN - Value: paste your npm token
- Click "Add secret"
Before pushing, update your package.json with the recommended scripts from PACKAGE_JSON_IMPROVEMENTS.md:
"scripts": {
"build": "tsc",
"start": "node dist/index.js",
"dev": "tsx src/index.ts",
"typecheck": "tsc --noEmit",
"lint": "tsc --noEmit",
"test": "echo \"No tests yet\" && exit 0",
"clean": "rm -rf dist",
"prepublishOnly": "npm run clean && npm run build"
}git add .github/
git commit -m "ci: add GitHub Actions workflows"
git push origin masterWhen ready to publish:
Option A: GitHub Release (Recommended)
git tag v1.0.0
git push origin v1.0.0Then create a release on GitHub:
- Go to repository → Releases → Draft a new release
- Choose the tag v1.0.0
- Add release notes
- Publish release
Option B: Direct Tag Push
git tag v1.0.0
git push origin v1.0.0The release.yml workflow will automatically:
- Run type checking
- Run linting
- Run tests
- Build the package
- Publish to npm with provenance
Triggers:
- Push to
mainordevelopbranches - Pull requests to
mainordevelop
Jobs:
-
lint-and-typecheck
- Runs TypeScript type checking
- Runs linting (currently same as typecheck)
-
build
- Builds the package
- Uploads build artifacts for 7 days
-
test (Matrix)
- Tests on Ubuntu, Windows, and macOS
- Tests with Node.js 20 and 22
- Rebuilds better-sqlite3 (native module)
- Runs tests
- Tests binary execution
-
build-check
- Ensures committed dist/ is up to date
- Fails if build output differs from committed files
Triggers:
- GitHub release published
- Tags matching
v*pattern
Steps:
- Type checking
- Linting
- Building
- Testing
- Verifying package contents
- Publishing to npm with provenance
- Creating GitHub release summary
Features:
- Uses npm provenance for supply chain security
- Automatically extracts version from package.json
- Creates detailed release summary
- Publishes as public scoped package
Before pushing, verify scripts work:
npm run typecheck # Should pass
npm run lint # Should pass
npm run build # Should create dist/
npm test # Should pass (currently just echoes)- Go to repository → Actions tab
- You should see the CI workflow running
- Click on the workflow run to see details
- All jobs should pass ✓
If the native module fails to build in CI:
- Check Node.js version compatibility
- Ensure build tools are available (the workflow uses standard runners which have build tools)
- The workflow includes
npm rebuild better-sqlite3step
Currently tests just echo success. When you add real tests:
- Update the
testscript in package.json - Tests will automatically run in CI
- Tests run on all platforms (Linux, Windows, macOS)
If npm publish fails:
- Verify NPM_TOKEN is set correctly in GitHub secrets
- Ensure token has "Automation" or "Publish" permissions
- Check package name is available on npm
- Verify you have permissions to publish under
@daichi-kudoscope
If build-check job fails:
- Run
npm run buildlocally - Commit the updated dist/ folder
- The workflow ensures committed build artifacts are always up to date
- ✅ Add npm token to GitHub secrets
- ✅ Update package.json scripts
- ✅ Commit and push workflows
- ⏳ Add real tests (see PACKAGE_JSON_IMPROVEMENTS.md for test setup)
- ⏳ Consider adding ESLint for better linting
- ⏳ Create your first release