Skip to content

chore(CI): migrate from standard-version to release-please#1567

Merged
TheLastCicada merged 1 commit into
v2-rc2from
chore/migrate-release-please
Apr 6, 2026
Merged

chore(CI): migrate from standard-version to release-please#1567
TheLastCicada merged 1 commit into
v2-rc2from
chore/migrate-release-please

Conversation

@TheLastCicada

@TheLastCicada TheLastCicada commented Apr 6, 2026
edited by cursor Bot
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Replace commit-and-tag-version / conventional-changelog-cli with release-please for automated version bumps, changelog generation, and GitHub Release creation
  • Add release-please-config.json, .release-please-manifest.json, and .github/workflows/release-please.yml (triggers on push to main, opens a Release PR, creates tag + GitHub Release on merge)
  • Strip auto-release.yml to only the dev-dependency auto-update job (tag/changelog creation is now handled by release-please)
  • Remove commit-and-tag-version devDependency, release script, and commit-and-tag-version config block from package.json
  • Keep auto-release-rc.yml unchanged for RC releases on develop
  • Net removal of ~2,300 lines from package-lock.json (69 fewer packages), and resolves the handlebars vulnerability chain that prompted #1562

How it works

PR merged to main
  → release-please opens/updates a Release PR (version bump + changelog)
  → Developer merges Release PR
  → Tag + GitHub Release created automatically
  → build.yaml triggers on tag, builds binaries, attaches to existing release

Configuration

  • include-v-in-tag: false to match existing bare-version tag format (e.g., 1.7.25 not v1.7.25)
  • bump-minor-pre-major: true so feat: commits bump minor, not major
  • Major version bumps only happen via explicit BREAKING CHANGE footer (aligns with the datamodel version policy)

Test plan

  • CI passes (no runtime code changes)
  • Verify release-please action runs on push to main (will open a Release PR)
  • Verify build.yaml still triggers on tags and attaches binaries to the release
  • Verify auto-release-rc.yml still works for RC releases on develop
  • Verify dev-dependency auto-update still runs on push to main

Note

Medium Risk
Medium risk because it replaces the project’s tagging/changelog/release automation and could change release cadence or artifact publishing triggers if misconfigured.

Overview
Switches release automation from the custom tag/changelog workflow to release-please, adding release-please-config.json, .release-please-manifest.json, and a new Release Please GitHub Action that runs on pushes to main to manage version bumps, changelogs, tags, and GitHub releases.

Simplifies auto-release.yml by removing the tag/changelog creation logic and keeping only the post-release job that checks out develop and auto-updates devDependencies (updating package.json/package-lock.json and pushing a signed commit). Removes commit-and-tag-version usage/config from package.json and updates package-lock.json accordingly.

Reviewed by Cursor Bugbot for commit 8ef011c. Bugbot is set up for automated code reviews on this repo. Configure here.

@TheLastCicada
chore(CI): migrate from standard-version to release-please
8ef011c 
Replace commit-and-tag-version/conventional-changelog-cli with
release-please for automated version bumps, changelog generation,
and GitHub Release creation via a Release PR workflow on main.

- Add release-please-config.json and .release-please-manifest.json
- Add .github/workflows/release-please.yml (triggers on push to main)
- Strip auto-release.yml to dev-dependency auto-update only
- Remove commit-and-tag-version devDep, release script, and config
- Keep auto-release-rc.yml unchanged for RC releases on develop
@TheLastCicada TheLastCicada merged commit e1fae4b into v2-rc2 Apr 6, 2026
25 checks passed
@TheLastCicada TheLastCicada deleted the chore/migrate-release-please branch April 6, 2026 20:52
TheLastCicada added a commit that referenced this pull request Apr 6, 2026
@TheLastCicada
revert(CI): restore auto-release tag creation, remove release-please
010c734 
The auto-release workflow's primary purpose is to compare the version
in package.json to existing tags and create a tag + changelog when the
version is new. PR #1567 removed this core functionality in favor of
release-please-action, which adds an unnecessary external dependency.

The original approach using npx conventional-changelog-cli works fine
and doesn't require any project devDependencies (npx downloads it
on-the-fly in CI). The commit-and-tag-version devDep removal from
#1567 is intentionally kept since the auto-release workflow never
used it — it only resolves the handlebars vulnerability from #1562.

Reverts: auto-release.yml changes from #1567
Removes: release-please.yml, release-please-config.json,
         .release-please-manifest.json
@TheLastCicada TheLastCicada mentioned this pull request Apr 6, 2026
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TheLastCicada