codechakorn/Master-skill
1
0
Fork 0
mirror of https://github.com/xr843/Master-skill.git synced 2026-05-10 05:16:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
30d2e133374d9a7261929a100d2e2d1132b78030
Master-skill/.github/workflows/npm-publish.yml
T
xianren 3dfaa6bb62 chore(community): add contributing infra, issue/PR templates, npm publish workflow 
Tier A infrastructure to convert 204★ momentum into durable community and
distribution. Pairs with PR #12 (ETHICS / CHANGELOG / fidelity smoke) — merge
PR #12 first, then this.

**Community docs**
- `CONTRIBUTING.md` — three-tier contribution flow (code vs docs vs master
  content), with a detailed §3 "how to contribute a new master" covering
  copyright tier self-check, `/create-master` vs manual path, SKILL.md
  frontmatter spec, voice.md Layer 0-3, fidelity.jsonl authoring.
- `CODE_OF_CONDUCT.md` — Contributor Covenant 2.1 + Buddhist-project-specific
  rules (no doctrinal supremacy, no using the repo as a dharma platform, no
  impersonating clergy, no apocryphal scripture citations).
- `SECURITY.md` — threat model (prompt injection, supply chain, secret leak,
  installer safety, religious-boundary adversarial input), SLA table, GH
  Security Advisory as primary channel.

**Issue / PR templates**
- `bug_report.yml` — area selector, master selector, repro template.
- `feature_request.yml` — non-master enhancement requests.
- `new_master.yml` — **MUST precede any new-master PR**; forces tier A/B/D
  self-judgment and citation planning before sunk cost.
- `boundary_violation.yml` — P0 template for ETHICS.md §3 violations.
- `config.yml` — directs users to Discussions for chatter, Security Advisory
  for vulnerabilities, email for urgent takedowns.
- `PULL_REQUEST_TEMPLATE.md` — change-type checkboxes, self-check list, new-
  master fields, local-test block.

**npm publish**
- `.github/workflows/npm-publish.yml` — release-tag + workflow_dispatch, with
  dry-run mode, tag-version match check, `npm publish --provenance`.
  First-time publish needs NPM_TOKEN secret (user action).
- `package.json` hardening:
  - `engines.node: >=18`
  - scripts: `validate`, `validate:fidelity`, `test`, `test:smoke`, `prepack`
  - `publishConfig` (public, npm registry)
  - `files` list expanded to include platform manifests + governance docs
  - richer `keywords`, `author`, `bugs`, `homepage` fields
  - expanded description mentions all 8 masters for search discoverability

**README**
- 贡献指南 section rewritten to point at CONTRIBUTING.md + Discussions +
  four issue templates, with "先开 New Master issue 征询" gate spelled out.

Discussions were enabled on the repo alongside this commit via `gh api`, so
the links in README/templates resolve immediately on merge.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 13:53:25 +08:00

71 lines
2.1 KiB
YAML
Raw Blame History

name: Publish to npm
# Triggered on release tags (v0.3.0, v0.3.1, v1.0.0, ...) or manually.
# First-time publish requires: Settings → Secrets → Actions → NPM_TOKEN
# Generate at https://www.npmjs.com/settings/~/tokens (type: Automation / Granular).
on:
release:
types: [published]
workflow_dispatch:
inputs:
dry-run:
description: "Run npm publish --dry-run only"
required: false
default: "true"
type: choice
options: ["true", "false"]
permissions:
contents: read
# id-token needed if we move to npm provenance / trusted publishing later
id-token: write
jobs:
publish:
runs-on: ubuntu-latest
environment:
name: npm
url: https://www.npmjs.com/package/master-skill
steps:
- uses: actions/checkout@v4
- name: Set up Node
uses: actions/setup-node@v4
with:
node-version: "20"
registry-url: "https://registry.npmjs.org"
- name: Verify CLI is executable
run: |
test -x bin/cli.mjs || chmod +x bin/cli.mjs
node bin/cli.mjs list
- name: Verify package contents (what will ship)
run: npm pack --dry-run
- name: Verify version matches tag
if: github.event_name == 'release'
run: |
PKG_VERSION=$(node -p "require('./package.json').version")
TAG="${GITHUB_REF_NAME#v}"
if [ "$PKG_VERSION" != "$TAG" ]; then
echo "::error::package.json version ($PKG_VERSION) != release tag ($TAG)"
exit 1
fi
- name: Publish (dry-run)
if: github.event_name == 'workflow_dispatch' && inputs.dry-run == 'true'
run: npm publish --dry-run --access public
- name: Publish
if: github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && inputs.dry-run == 'false')
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
if [ -z "${NODE_AUTH_TOKEN:-}" ]; then
echo "::error::NPM_TOKEN secret not configured. Add it at Settings → Secrets → Actions."
exit 1
fi
npm publish --access public --provenance
Reference in New Issue View Git Blame Copy Permalink