github-release-skill

Claude Code skill plugin for safe, automated GitHub releases with supply chain security.

Problem

AI coding agents (Claude Code, Copilot, etc.) naturally reach for gh release create when asked to "create a release". This:

Creates lightweight unsigned tags instead of signed annotated tags
Creates immutable releases that permanently burn tag names (no recovery)
Bypasses CI pipelines that handle SBOMs, attestations, and signing

This skill prevents these mistakes structurally via hooks and provides the correct release orchestration.

Features

Guard hooks: Block gh release create/delete/edit and lightweight tag creation at the tool level
Ecosystem detection: Auto-detect project type (TYPO3, PHP, Node.js, Go, Python, Rust, skill repos)
Version management: Suggest next semver version from conventional commits, update all version files
Release orchestration: Version bump PR → merge → signed tag → CI handles the rest
Health checks: Validate release workflow, tag integrity, supply chain security
CI templates: Release workflow templates with SBOM, cosign, attestation support

Commands

Command	Description
`/release`	Full release: detect, bump, PR, tag, CI
`/release-prepare`	Version bump PR only (tag manually)
`/release-status`	Release health check

Installation

Claude Code Marketplace (recommended)

Installed automatically via the Netresearch marketplace.

Composer

composer require --dev netresearch/github-release-skill

Manual

Download the latest release and extract to ~/.claude/plugins/.

How It Works

Hooks intercept dangerous commands before execution
Ecosystem detection finds all version files in the project
Version bump updates all files and promotes CHANGELOG
PR workflow ensures changes go through review and CI
Signed tag (git tag -s) triggers the release workflow
CI pipeline creates the GitHub release with SBOMs, signatures, and attestations

Supported Ecosystems

Ecosystem	Version Files
TYPO3	ext_emconf.php, composer.json, Documentation/guides.xml
PHP/Composer	composer.json
Node.js	package.json, package-lock.json
Go	Tags only (no version files)
Python	pyproject.toml, setup.py
Rust	Cargo.toml
Skill repos	plugin.json, SKILL.md metadata

License

Code: MIT
Content (skill instructions, documentation): CC BY-SA 4.0

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
.claude-plugin		.claude-plugin
.github/workflows		.github/workflows
commands		commands
hooks		hooks
skills/github-release		skills/github-release
.gitignore		.gitignore
AGENTS.md		AGENTS.md
LICENSE-CC-BY-SA-4.0		LICENSE-CC-BY-SA-4.0
LICENSE-MIT		LICENSE-MIT
README.md		README.md
composer.json		composer.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

github-release-skill

Problem

Features

Commands

Installation

Claude Code Marketplace (recommended)

Composer

Manual

How It Works

Supported Ecosystems

License

About

Uh oh!

Releases 1

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

github-release-skill

Problem

Features

Commands

Installation

Claude Code Marketplace (recommended)

Composer

Manual

How It Works

Supported Ecosystems

License

About

Resources

License

Code of conduct

Contributing

Security policy

Uh oh!

Stars

Watchers

Forks

Releases 1

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages