From 532128f5075cd118e8b0ae81de7324899e97272c Mon Sep 17 00:00:00 2001
From: Mikkel Albrechtsen <mikkel.alb@gmail.com>
Date: Thu, 5 Feb 2026 23:45:06 +0100
Subject: [PATCH 1/4] feat: add support for custom plugins in semantic-release
 workflow (#22)

---
 .github/workflows/release.yml | 97 ++++++++++++++++++-----------------
 README.md                     |  1 +
 2 files changed, 52 insertions(+), 46 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 43381af..3939de4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,6 +11,11 @@ on:
         description: "Allowed repository for workflow to run in. Example `ctfpilot/hello-world`."
         required: true
         type: string
+      plugins:
+        description: "Additional plugins to install. Example `@semantic-release/changelog @semantic-release/git`."
+        required: false
+        type: string
+        default: ""
       ENVIRONMENT:
         description: "The environment to deploy to."
         required: false
@@ -71,7 +76,7 @@ jobs:
         with:
           node-version: "lts/*"
       - name: Install dependencies
-        run: npm install semantic-release @semantic-release/exec @semantic-release/commit-analyzer @semantic-release/git @semantic-release/github @semantic-release/release-notes-generator conventional-changelog-conventionalcommits -D
+        run: npm install semantic-release @semantic-release/exec @semantic-release/commit-analyzer @semantic-release/git @semantic-release/github @semantic-release/release-notes-generator conventional-changelog-conventionalcommits ${{ inputs.plugins }} -D
       - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
         run: npm audit signatures
       - name: Detect if configuration file is available for semantic-release
@@ -85,51 +90,51 @@ jobs:
       - name: Set default configuration file for semantic-release
         if: steps.check-config.outputs.config_exists == 'false'
         run: |
-            cat << 'EOF' > .releaserc.json
-            {
-                "branches": [
-                    "main",
-                    {
-                        "name": "develop",
-                        "prerelease": "r"
-                    }
-                ],
-                "plugins": [
-                    [
-                        "@semantic-release/commit-analyzer",
-                        {
-                            "preset": "conventionalcommits"
-                        }
-                    ],
-                    [
-                        "@semantic-release/release-notes-generator",
-                        {
-                            "preset": "conventionalcommits"
-                        }
-                    ],
-                    [
-                        "@semantic-release/github",
-                        {
-                            "successComment": false
-                        }
-                    ],
-                    [
-                        "@semantic-release/exec",
-                        {
-                            "prepareCmd": "echo ${nextRelease.version} > version.txt",
-                            "publishCmd": "echo 'Published version ${nextRelease.version}'"
-                        }
-                    ],
-                    [
-                        "@semantic-release/git",
-                        {
-                            "assets": [],
-                            "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
-                        }
-                    ]
-                ]
-            }
-            EOF
+          cat << 'EOF' > .releaserc.json
+          {
+              "branches": [
+                  "main",
+                  {
+                      "name": "develop",
+                      "prerelease": "r"
+                  }
+              ],
+              "plugins": [
+                  [
+                      "@semantic-release/commit-analyzer",
+                      {
+                          "preset": "conventionalcommits"
+                      }
+                  ],
+                  [
+                      "@semantic-release/release-notes-generator",
+                      {
+                          "preset": "conventionalcommits"
+                      }
+                  ],
+                  [
+                      "@semantic-release/github",
+                      {
+                          "successComment": false
+                      }
+                  ],
+                  [
+                      "@semantic-release/exec",
+                      {
+                          "prepareCmd": "echo ${nextRelease.version} > version.txt",
+                          "publishCmd": "echo 'Published version ${nextRelease.version}'"
+                      }
+                  ],
+                  [
+                      "@semantic-release/git",
+                      {
+                          "assets": [],
+                          "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+                      }
+                  ]
+              ]
+          }
+          EOF
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.RELEASE_GH_TOKEN || secrets.GITHUB_TOKEN }}
diff --git a/README.md b/README.md
index d06c770..775867c 100644
--- a/README.md
+++ b/README.md
@@ -86,6 +86,7 @@ When the workflow runs on a push to `develop`, it will fail if `main` is ahead o
 #### Inputs
 
 - `repository`: Allowed repository for workflow to run in. Example `ctfpilot/hello-world`.
+- `plugins`: Additional plugins to install. Example `@semantic-release/changelog @semantic-release/git`
 - `ENVIRONMENT`: The environment to deploy to.
 
 #### Secrets

From f7a16fd85fbdda0b663142095e8327089c6ba54f Mon Sep 17 00:00:00 2001
From: The0Mikkel <mikkel.alb@gmail.com>
Date: Thu, 5 Feb 2026 23:52:58 +0100
Subject: [PATCH 2/4] feat: add PYPI_TOKEN to release workflow environment if
 present in secrets

---
 .github/workflows/release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3939de4..5d32854 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -139,6 +139,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.RELEASE_GH_TOKEN || secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.RELEASE_GH_TOKEN || secrets.GITHUB_TOKEN }}
+          PYPI_TOKEN: ${{ secrets.PYPI_TOKEN || '' }}
         run: |
           npx semantic-release 2>&1 | tee semantic-release.log
           status=${PIPESTATUS[0]}

From ecbb1d36cf5181f73fd8ba79902beee253d4008b Mon Sep 17 00:00:00 2001
From: The0Mikkel <mikkel.alb@gmail.com>
Date: Thu, 5 Feb 2026 23:59:42 +0100
Subject: [PATCH 3/4] refactor: add description for PYPI_TOKEN in release
 workflow and README

---
 .github/workflows/release.yml | 4 ++++
 README.md                     | 1 +
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5d32854..803dc97 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,6 +26,10 @@ on:
         required: false
       BUILD_GH_TOKEN:
         description: "GitHub Token. Used to authenticate with GitHub at build step. This will overwrite the use of the default GitHub token."
+        required: false
+      PYPI_TOKEN:
+        description: "PyPI Token. Used to authenticate with PyPI at release step if present."
+        required: false
     outputs:
       version:
         description: "The version of the release. Will be empty if no release was made."
diff --git a/README.md b/README.md
index 775867c..b531029 100644
--- a/README.md
+++ b/README.md
@@ -93,6 +93,7 @@ When the workflow runs on a push to `develop`, it will fail if `main` is ahead o
 
 - `RELEASE_GH_TOKEN`: GitHub Token. Used to authenticate with GitHub at release step. This will overwrite the use of the default GitHub token.
 - `BUILD_GH_TOKEN`: GitHub Token. Used to authenticate with GitHub at build step. This will overwrite the use of the default GitHub token.
+- `PYPI_TOKEN`: PyPI Token. Used to authenticate with PyPI at release step if present.
 
 #### Outputs
 

From 0c7145bdce9eba3337d778a6b2d1b50fe02110a6 Mon Sep 17 00:00:00 2001
From: The0Mikkel <mikkel.alb@gmail.com>
Date: Fri, 6 Feb 2026 00:15:01 +0100
Subject: [PATCH 4/4] fix: reorder @semantic-release/github configuration in
 release workflow

---
 .github/workflows/release.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 803dc97..743bfd6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -116,12 +116,6 @@ jobs:
                           "preset": "conventionalcommits"
                       }
                   ],
-                  [
-                      "@semantic-release/github",
-                      {
-                          "successComment": false
-                      }
-                  ],
                   [
                       "@semantic-release/exec",
                       {
@@ -135,6 +129,12 @@ jobs:
                           "assets": [],
                           "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
                       }
+                  ],
+                  [
+                      "@semantic-release/github",
+                      {
+                          "successComment": false
+                      }
                   ]
               ]
           }