InfinitiBit Design System

Releasing

How the @infinitibit_gmbh suite is versioned and published — Changesets, the Version-PR flow, channels, and NPM_TOKEN.

Releasing

The publishable suite — @infinitibit_gmbh/ui, @infinitibit_gmbh/theme-default, @infinitibit_gmbh/theme-docs — is version-locked: all three always move together (Changesets fixed group), including prereleases. Releases are public on npmjs.

Use it — add a changeset per change

Every PR that changes a publishable package ships a changeset:

pnpm changeset      # pick bump (patch/minor/major) + write a summary

One bump moves the whole suite. Commit the generated .changeset/*.md alongside your change. Bumps follow semver: fix → patch, compatible feature → minor, breaking → major.

How it works — the Version-PR flow

.github/workflows/release.yml runs on push to dev:

  1. Pending changesetchangesets/action opens/updates a "Version Packages" PR (applies the bump, writes CHANGELOG.md, consumes the changesets). Nothing publishes.
  2. Merge that PR → the publish step runs. Publishing only happens on a deliberate human merge — there is no accidental direct publish.

Channels

LineBranchdist-tagVersions
Prereleasedevalphabetarc0.1.0-alpha.0, …
Stablemainlatest1.0.0, … (v1+)

dev is the rolling prerelease line; the stage is whichever Changesets pre mode it is in:

pnpm changeset pre enter beta   # advance alpha -> beta
pnpm changeset pre exit         # leave pre mode for a stable line

latest only ever moves via main — the stable line where major/breaking versions are cut. The mainlatest wiring lands at v1; today the suite is on the dev / alpha line.

Phase 0 — dry-run only

The publish step currently runs release:dry (pnpm -r publish --dry-run --tag alpha): it resolves the locked version + tag and validates the tarball, but uploads nothing. Go live by swapping the workflow's publish: from pnpm release:dry to pnpm release (changeset publish). NPM_TOKEN is already wired.

Maintain it — NPM_TOKEN

Real publishing needs an npmjs automation token, stored as the GitHub Actions secret NPM_TOKEN (already configured):

  1. npmjs.com → avatar → Access TokensGenerateGranular: read + write on the @infinitibit_gmbh scope, with an expiry.
  2. Repo → Settings → Secrets and variables → Actions → secret name NPM_TOKEN.
  3. CI auth comes from setup-node's registry-url + NODE_AUTH_TOKEN; the token is never written into the repo. Rotate before expiry and re-paste the secret.

Troubleshooting

  • "Some packages have been changed but no changesets were found" — add one (pnpm changeset), or pnpm changeset add --empty if the change truly needs no release.
  • Unexpected version jump — check .changeset/pre.json (mode/tag), and that no package carries a stray major bump: an out-of-range peer dependency cascades a major through the fixed group.

See ADR 0011 for the rationale behind these decisions.

On this page