@semantic-release/github

v10.0.3

semantic-release plugin to publish a GitHub release and comment on released Pull Requests/Issues For more information about how to use this package see README

Latest version published 21 days ago

License: MIT

NPM

GitHub

Package Health Score

86 / 100

security
No known security issues
popularity
Popular
maintenance
Healthy
community
Sustainable

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
10.0.3	\|	04/2024		0 C 0 H 0 M 0 L	0 H 0 M 0 L
9.2.6	\|	12/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L
8.1.0	\|	05/2023	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
7.2.3	\|	05/2021		0 C 0 H 0 M 0 L	0 H 0 M 0 L
7.1.2	\|	11/2020		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Popular

Weekly Downloads (977,194)

GitHub Stars: 377
Forks: 113
Contributors: 40

Direct Usage Popularity

The npm package @semantic-release/github receives a total of 977,194 downloads a week. As such, we scored @semantic-release/github popularity level to be Popular.

Based on project statistics from the GitHub repository for the npm package @semantic-release/github, we found that it has been starred 377 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Sustainable

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 40
Funding: No

With more than 10 contributors for the @semantic-release/github repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like @semantic-release/github is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 52
Open PR: 12
Last Release: 21 days ago
Last Commit: 2 days ago

Further analysis of the maintenance status of @semantic-release/github based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that @semantic-release/github demonstrates a positive version release cadence with at least one new version released in the past 3 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >=20.8.1

Age: 6 years
Dependencies: 16 Direct
Versions: 154
Install Size: 75.5 kB
Dist-tags: 3
# of Files: 24
Maintainers: 4
TS Typings: No

@semantic-release/github has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

@semantic-release/github

semantic-release plugin to publish a GitHub release and comment on released Pull Requests/Issues.

Step	Description
`verifyConditions`	Verify the presence and the validity of the authentication (set via environment variables) and the assets option configuration.
`publish`	Publish a GitHub release, optionally uploading file assets.
`addChannel`	Update a GitHub release's `pre-release` field.
`success`	Add a comment to each GitHub Issue or Pull Request resolved by the release and close issues previously open by the `fail` step.
`fail`	Open or update a GitHub Issue with information about the errors that caused the release to fail.

Install

$ npm install @semantic-release/github -D

Usage

The plugin can be configured in the semantic-release configuration file:

{
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
    [
      "@semantic-release/github",
      {
        "assets": [
          { "path": "dist/asset.min.css", "label": "CSS distribution" },
          { "path": "dist/asset.min.js", "label": "JS distribution" }
        ]
      }
    ]
  ]
}

With this example GitHub releases will be published with the file dist/asset.min.css and dist/asset.min.js.

Configuration

GitHub authentication

The GitHub authentication configuration is required and can be set via environment variables.

Follow the Creating a personal access token for the command line documentation to obtain an authentication token. The token has to be made available in your CI environment via the GH_TOKEN environment variable. The user associated with the token must have push permission to the repository.

When creating the token, the minimum required scopes are:

repo for a private repository
public_repo for a public repository

Note on GitHub Actions: You can use the default token which is provided in the secret GITHUB_TOKEN. However releases done with this token will NOT trigger release events to start other workflows. If you have actions that trigger on newly created releases, please use a generated token for that and store it in your repository's secrets (any other name than GITHUB_TOKEN is fine).

When using the GITHUB_TOKEN, the minimum required permissions are:

contents: write to be able to publish a GitHub release
issues: write to be able to comment on released issues
pull-requests: write to be able to comment on released pull requests

Environment variables

Variable	Description
`GH_TOKEN` or `GITHUB_TOKEN`	Required. The token used to authenticate with GitHub.
`GITHUB_API_URL` or `GH_URL` or `GITHUB_URL`	The GitHub Enterprise endpoint.
`GH_PREFIX` or `GITHUB_PREFIX`	The GitHub Enterprise API prefix.

Options

Option	Description	Default
`githubUrl`	The GitHub Enterprise endpoint.	`GH_URL` or `GITHUB_URL` environment variable.
`githubApiPathPrefix`	The GitHub Enterprise API prefix.	`GH_PREFIX` or `GITHUB_PREFIX` environment variable.
`proxy`	The proxy to use to access the GitHub API. Set to `false` to disable usage of proxy. See proxy.	`HTTP_PROXY` environment variable.
`assets`	An array of files to upload to the release. See assets.	-
`successComment`	The comment to add to each issue and pull request resolved by the release. Set to `false` to disable commenting on issues and pull requests. See successComment.	`:tada: This issue has been resolved in version ${nextRelease.version} :tada:\n\nThe release is available on [GitHub release]()`
`failComment`	The content of the issue created when a release fails. Set to `false` to disable opening an issue when a release fails. See failComment.	Friendly message with links to semantic-release documentation and support, with the list of errors that caused the release to fail.
`failTitle`	The title of the issue created when a release fails. Set to `false` to disable opening an issue when a release fails.	`The automated release is failing 🚨`
`labels`	The labels to add to the issue created when a release fails. Set to `false` to not add any label.	`['semantic-release']`
`assignees`	The assignees to add to the issue created when a release fails.	-
`releasedLabels`	The labels to add to each issue and pull request resolved by the release. Set to `false` to not add any label. See releasedLabels.	`['released<%= nextRelease.channel ? \` on @${nextRelease.channel}` : "" %>']-
`addReleases`	Will add release links to the GitHub Release. Can be `false`, `"bottom"` or `"top"`. See addReleases.	`false`
`draftRelease`	A boolean indicating if a GitHub Draft Release should be created instead of publishing an actual GitHub Release.	`false`
`releaseNameTemplate`	A Lodash template to customize the github release's name	`<%= nextverison.name %>`
`releaseBodyTemplate`	A Lodash template to customize the github release's body	`<%= nextverison.notes %>`
`discussionCategoryName`	The category name in which to create a linked discussion to the release. Set to `false` to disable creating discussion for a release.	`false`

proxy

Can be false, a proxy URL or an Object with the following properties:

Property	Description	Default
`host`	Required. Proxy host to connect to.	-
`port`	Required. Proxy port to connect to.	File name extracted from the `path`.
`secureProxy`	If `true`, then use TLS to connect to the proxy.	`false`
`headers`	Additional HTTP headers to be sent on the HTTP CONNECT method.	-

See node-https-proxy-agent and node-http-proxy-agent for additional details.

proxy examples

'https://168.63.76.32:3128': use the proxy running on host 168.63.76.32 and port 3128 for each GitHub API request. {host: '168.63.76.32', port: 3128, headers: {Foo: 'bar'}}: use the proxy running on host 168.63.76.32 and port 3128 for each GitHub API request, setting the Foo header value to bar.

assets

Can be a glob or and Array of globs and Objects with the following properties:

Property	Description	Default
`path`	Required. A glob to identify the files to upload.	-
`name`	The name of the downloadable file on the GitHub release.	File name extracted from the `path`.
`label`	Short description of the file displayed on the GitHub release.	-

Each entry in the assets Array is globbed individually. A glob can be a String ("dist/**/*.js" or "dist/mylib.js") or an Array of Strings that will be globbed together (["dist/**", "!**/*.css"]).

If a directory is configured, all the files under this directory and its children will be included.

The name and label for each assets are generated with Lodash template. The following variables are available:

Parameter	Description
`branch`	The branch from which the release is done.
`lastRelease`	`Object` with `version`, `gitTag` and `gitHead` of the last release.
`nextRelease`	`Object` with `version`, `gitTag`, `gitHead` and `notes` of the release being done.
`commits`	`Array` of commit `Object`s with `hash`, `subject`, `body` `message` and `author`.

Note: If a file has a match in assets it will be included even if it also has a match in .gitignore.

assets examples

'dist/*.js': include all the js files in the dist directory, but not in its sub-directories.

[['dist', '!**/*.css']]: include all the files in the dist directory and its sub-directories excluding the css files.

[{path: 'dist/MyLibrary.js', label: 'MyLibrary JS distribution'}, {path: 'dist/MyLibrary.css', label: 'MyLibrary CSS distribution'}]: include the dist/MyLibrary.js and dist/MyLibrary.css files, and label them MyLibrary JS distribution and MyLibrary CSS distribution in the GitHub release.

[['dist/**/*.{js,css}', '!**/*.min.*'], {path: 'build/MyLibrary.zip', label: 'MyLibrary'}]: include all the js and css files in the dist directory and its sub-directories excluding the minified version, plus the build/MyLibrary.zip file and label it MyLibrary in the GitHub release.

[{path: 'dist/MyLibrary.js', name: 'MyLibrary-${nextRelease.gitTag}.js', label: 'MyLibrary JS (${nextRelease.gitTag}) distribution'}]: include the file dist/MyLibrary.js and upload it to the GitHub release with name MyLibrary-v1.0.0.js and label MyLibrary JS (v1.0.0) distribution which will generate the link:

> [MyLibrary JS (v1.0.0) distribution](MyLibrary-v1.0.0.js)

successComment

The message for the issue comments is generated with Lodash template. The following variables are available:

Parameter	Description
`branch`	`Object` with `name`, `type`, `channel`, `range` and `prerelease` properties of the branch from which the release is done.
`lastRelease`	`Object` with `version`, `channel`, `gitTag` and `gitHead` of the last release.
`nextRelease`	`Object` with `version`, `channel`, `gitTag`, `gitHead` and `notes` of the release being done.
`commits`	`Array` of commit `Object`s with `hash`, `subject`, `body` `message` and `author`.
`releases`	`Array` with a release `Object`s for each release published, with optional release data such as `name` and `url`.
`issue`	A GitHub API pull request object for pull requests related to a commit, or an `Object` with the `number` property for issues resolved via keywords

successComment example

The successComment This ${issue.pull_request ? 'pull request' : 'issue'} is included in version ${nextRelease.version} will generate the comment:

> This pull request is included in version 1.0.0

failComment

The message for the issue content is generated with Lodash template. The following variables are available:

Parameter	Description
`branch`	The branch from which the release had failed.
`errors`	An `Array` of SemanticReleaseError. Each error has the `message`, `code`, `pluginName` and `details` properties. `pluginName` contains the package name of the plugin that threw the error. `details` contains a information about the error formatted in markdown.

failComment example

The failComment This release from branch ${branch.name} had failed due to the following errors:\n- ${errors.map(err => err.message).join('\\n- ')} will generate the comment:

> This release from branch master had failed due to the following errors: > > - Error message 1 > - Error message 2

releasedLabels

Each label name is generated with Lodash template. The following variables are available:

Parameter	Description
`branch`	`Object` with `name`, `type`, `channel`, `range` and `prerelease` properties of the branch from which the release is done.
`lastRelease`	`Object` with `version`, `channel`, `gitTag` and `gitHead` of the last release.
`nextRelease`	`Object` with `version`, `channel`, `gitTag`, `gitHead` and `notes` of the release being done.
`commits`	`Array` of commit `Object`s with `hash`, `subject`, `body` `message` and `author`.
`releases`	`Array` with a release `Object`s for each release published, with optional release data such as `name` and `url`.
`issue`	A GitHub API pull request object for pull requests related to a commit, or an `Object` with the `number` property for issues resolved via keywords

releasedLabels example

The releasedLabels ['released<%= nextRelease.channel ? ` on @\${nextRelease.channel}` : "" %> from <%= branch.name %>'] will generate the label:

> released on @next from branch next

addReleases

Add links to other releases to the GitHub release body.

Valid values for this option are false, "top" or "bottom".

addReleases example

See The introducing PR for an example on how it will look.

@semantic-release/github dependencies

@octokit/core @octokit/plugin-paginate-rest @octokit/plugin-retry @octokit/plugin-throttling @semantic-release/error aggregate-error debug dir-glob globby http-proxy-agent https-proxy-agent issue-parser lodash-es mime p-filter url-join

@semantic-release/github development dependencies

ava c8 cpy cz-conventional-changelog fetch-mock lockfile-lint ls-engines npm-run-all2 prettier publint semantic-release sinon tempy

FAQs

What is @semantic-release/github?

semantic-release plugin to publish a GitHub release and comment on released Pull Requests/Issues. Visit Snyk Advisor to see a full health score report for @semantic-release/github, including popularity, security, maintenance & community analysis.

Is @semantic-release/github popular?

The npm package @semantic-release/github receives a total of 977,194 weekly downloads. As such, @semantic-release/github popularity was classified as a popular. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is @semantic-release/github well maintained?

We found that @semantic-release/github demonstrated a healthy version release cadence and project activity. It has a community of 40 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is @semantic-release/github safe to use?

The npm package @semantic-release/github was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 27 April-2024, at 03:57 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP

Package Health Score

Explore Similar Packages

Security and license risk for significant versions

Is your project affected by vulnerabilities?

Weekly Downloads (977,194)

Direct Usage Popularity

Embed Package Health Score Badge

Commit Frequency

Keep your project healthy

Check your package.json

Snyk Vulnerability Scanner

Readme

@semantic-release/github

Install

Usage

Configuration

GitHub authentication

Environment variables

Options

proxy

proxy examples

assets

assets examples

successComment

successComment example

failComment

failComment example

releasedLabels

releasedLabels example

addReleases

addReleases example

@semantic-release/github dependencies

@semantic-release/github development dependencies

FAQs

What is @semantic-release/github?

Is @semantic-release/github popular?

Is @semantic-release/github well maintained?

Is @semantic-release/github safe to use?

Build a secure application checklist

Select a recommended open source package

Scan your app for vulnerabilities

Source Code

Open Source

Container

Config

Fix identified vulnerabilities

Monitor for new issues