Releasing
How the @infinitibit_gmbh suite is versioned and published — Changesets, the Version-PR flow, channels, and NPM_TOKEN.
Releasing
The publishable suite — @infinitibit_gmbh/ui, @infinitibit_gmbh/theme-default,
@infinitibit_gmbh/theme-docs — is version-locked: all three always move together
(Changesets fixed group), including prereleases. Releases are public on npmjs.
Use it — add a changeset per change
Every PR that changes a publishable package ships a changeset:
pnpm changeset # pick bump (patch/minor/major) + write a summary
One bump moves the whole suite. Commit the generated .changeset/*.md alongside your change.
Bumps follow semver: fix → patch, compatible feature → minor, breaking → major.
How it works — the Version-PR flow
.github/workflows/release.yml runs on push to dev:
- Pending changeset →
changesets/actionopens/updates a "Version Packages" PR (applies the bump, writesCHANGELOG.md, consumes the changesets). Nothing publishes. - Merge that PR → the publish step runs. Publishing only happens on a deliberate human merge — there is no accidental direct publish.
Channels
| Line | Branch | dist-tag | Versions |
|---|---|---|---|
| Prerelease | dev | alpha → beta → rc | 0.1.0-alpha.0, … |
| Stable | main | latest | 1.0.0, … (v1+) |
dev is the rolling prerelease line; the stage is whichever Changesets pre mode it is in:
pnpm changeset pre enter beta # advance alpha -> beta
pnpm changeset pre exit # leave pre mode for a stable line
latest only ever moves via main — the stable line where major/breaking versions are
cut. The main → latest wiring lands at v1; today the suite is on the dev / alpha line.
Phase 0 — dry-run only
The publish step currently runs release:dry (pnpm -r publish --dry-run --tag alpha): it
resolves the locked version + tag and validates the tarball, but uploads nothing. Go live by
swapping the workflow's publish: from pnpm release:dry to pnpm release (changeset publish). NPM_TOKEN is already wired.
Maintain it — NPM_TOKEN
Real publishing needs an npmjs automation token, stored as the GitHub Actions secret
NPM_TOKEN (already configured):
- npmjs.com → avatar → Access Tokens → Generate → Granular: read + write on the
@infinitibit_gmbhscope, with an expiry. - Repo → Settings → Secrets and variables → Actions → secret name
NPM_TOKEN. - CI auth comes from
setup-node'sregistry-url+NODE_AUTH_TOKEN; the token is never written into the repo. Rotate before expiry and re-paste the secret.
Troubleshooting
- "Some packages have been changed but no changesets were found" — add one
(
pnpm changeset), orpnpm changeset add --emptyif the change truly needs no release. - Unexpected version jump — check
.changeset/pre.json(mode/tag), and that no package carries a straymajorbump: an out-of-range peer dependency cascades a major through thefixedgroup.
See ADR 0011 for the rationale behind these decisions.