Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
semantic-release-monorepo
Advanced tools
Plugins for `semantic-release` allowing it to be used with a monorepo.
Apply semantic-release
's automatic publishing to a monorepo.
The default configuration of semantic-release
assumes a one-to-one relationship between a Github repository and an npm
package.
This set of plugins allows using semantic-release
with a single Github repository containing many npm
packages.
Instead of attributing all commits to a single package, commits are assigned to packages based on the files that a commit touched.
If a commit touched a file in or below a package's root, it will be considered for that package's next release. A single commit can belong to multiple packages.
A push may release multiple package versions. In order to avoid version collisions, git tags are namespaced using the given package's name: <package-name>-<version>
.
npm install -D semantic-release semantic-release-monorepo
Run semantic-release-monorepo
for the package in the current working directory:
npx semantic-release -e -semantic-release-monorepo
It helps to think about semantic-releaase-monorepo
as a variation on semantic-release
's default behavior, using the latter's plugin system to adapt it to work with a monorepo.
Run semantic-release-monorepo
for each package in a monorepo managed by lerna
:
lerna exec --concurrency 1 -- npx semantic-release -e -semantic-release-monorepo
The set of plugins in this package wrap other semantic-release
plugins to modify their behavior. By default, the same plugin configuration as semantic-release
is used, but any plugin configuration should be compatible.
Plugins can be configured in the release config, with one important caveat:
Due to limitations in how plugins may be composed (discussion), semantic-release-monorepo
must unfortunately "hard-code" the set of plugins it wraps: analyze-commits
, generateNotes
, getLastRelease
and publish
.
Users may still want to define a custom versions of the plugin set, or want to pass options to the default versions. To work around this problem, set the desired plugin configuration under the monorepo
property instead.
package.json
{
"release": {
"verifyConditions": ["@semantic-release/git"],
"monorepo": {
"analyzeCommits": {
"format": "atom"
},
"generateNotes": "myNotesGenerator",
"getLastRelease": "@semantic-release/git",
"publish": ["@semantic-release/npm", "@semantic-release/git"]
}
}
}
The set of semantic-release-monorepo
plugins wrap the default semantic-release
workflow, augmenting it to work with a monorepo.
Filters the repo commits to only include those that touched files in the given monorepo package.
Maps the gitTag
fields of lastRelease
and nextRelease
to use the monorepo git tag format.
Maps the version
field of nextRelease
to use the monorepo git tag format. The wrapped (default) generateNotes
implementation uses version
as the header for the release notes. Since all release notes end up in the same Github repository, using just the version as a header introduces ambiguity.
Addresses multiple problems identifying the last release for a monorepo package:
The wrapped (default) getLastRelease
plugin uses gitHead
from the npm
package metadata to identify the last release. However, npm
doesn't publish gitHead
as part of a package's metadata unless its package.json
and the repo's .git
are in the same folder (never true for a monorepo).
https://github.com/npm/read-package-json/issues/66#issuecomment-222036879
We can use semantic-release
's fallback strategy, searching for a git tag matching the latest npm
version, but we must map the git tag to the monorepo git tag format.
gitTag
field of nextRelease
to use the monorepo git tag format.FAQs
Plugins for `semantic-release` allowing it to be used with a monorepo.
The npm package semantic-release-monorepo receives a total of 27,338 weekly downloads. As such, semantic-release-monorepo popularity was classified as popular.
We found that semantic-release-monorepo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.