@pob/version
Advanced tools
versionning using conventional commits
yarn add --dev @pob/version conventional-changelog-conventionalcommits
yarn @pob/version version --help
--bump-dependents-highest-as is for updates in dependent packages. In a monorepo, when a package B has a peer dependency on package A, if A is updated with a breaking change (major), but B has no changes, B will be updated with this option. Sometimes, a major in A should update B with patch or minor. Sometimes, it should also be a major as it also breaks things for B. The default is major. If A is minor and the value is major, B will be updated as minor.
name: Release
on:
workflow_dispatch:
inputs:
dry-run:
description: "Dry run"
required: true
type: boolean
default: false
permissions:
id-token: write # Required for OIDC
contents: write # Required to create release
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Enable Corepack
run: corepack enable
- uses: actions/setup-node@v6
with:
node-version: 24
- name: Install Dependencies
run: yarn install --immutable --immutable-cache
- name: New version (dry run)
if: github.ref == 'refs/heads/main' && inputs.dry-run
run: yarn pob-version --dry-run
- name: Configure Git user
if: github.ref == 'refs/heads/main' && !inputs.dry-run
run: |
git config --global user.name 'github-actions[bot]'
git config --global user.email 'github-actions[bot]@users.noreply.github.com'
- name: New version
if: github.ref == 'refs/heads/main' && !inputs.dry-run
run: |
yarn pob-version --create-release=github -m 'chore: release %v [skip ci]'
env:
HUSKY: 0
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
YARN_ENABLE_IMMUTABLE_INSTALLS: false
- name: Publish to npm
run: |
if [ -z "$NODE_AUTH_TOKEN" ]; then
echo "Missing env variable NODE_AUTH_TOKEN"
exit 1
fi
echo >> ./.yarnrc.yml
echo "npmAuthToken: $NODE_AUTH_TOKEN" >> ./.yarnrc.yml
yarn npm publish
if: github.ref == 'refs/heads/main' && !inputs.dry-run
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
name: Release
on:
workflow_dispatch:
inputs:
dry-run:
description: "Dry run"
required: true
type: boolean
default: false
bump-dependents-highest-as:
description: "Bump dependents highest as"
required: false
type: choice
options:
- major
- minor
- patch
default: "major"
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Enable Corepack
run: corepack enable
- uses: actions/setup-node@v3
with:
node-version: 24
- name: Install Dependencies
run: yarn install --immutable --immutable-cache
- name: New version (dry run)
if: github.ref == 'refs/heads/main' && inputs.dry-run
run: yarn pob-version --dry-run --bump-dependents-highest-as=${{ inputs.bump-dependents-highest-as }}
- name: Configure Git user
if: github.ref == 'refs/heads/main' && !inputs.dry-run
run: |
git config --global user.name 'github-actions[bot]'
git config --global user.email 'github-actions[bot]@users.noreply.github.com'
- name: New version
if: github.ref == 'refs/heads/main' && !inputs.dry-run
run: |
yarn pob-version --create-release=github --bump-dependents-highest-as=${{ inputs.bump-dependents-highest-as }} -m 'chore: release [skip ci]\n\n%t'
env:
HUSKY: 0
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
YARN_ENABLE_IMMUTABLE_INSTALLS: false
- name: Publish to npm
run: |
if [ -z "$NODE_AUTH_TOKEN" ]; then
echo "Missing env variable NODE_AUTH_TOKEN"
exit 1
fi
echo >> ./.yarnrc.yml
echo "npmAuthToken: $NODE_AUTH_TOKEN" >> ./.yarnrc.yml
yarn workspaces foreach --parallel --no-private npm publish --tolerate-republish
if: github.ref == 'refs/heads/main' && !inputs.dry-run
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
FAQs
simple versioning using conventional commits
We found that @pob/version demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.
Security News
Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.
Security News
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.