This repository includes a comprehensive CI/CD pipeline that automatically:
- Builds and Tests the project on every push and pull request
- Publishes to NPM when version changes are detected on main/master branch
- Creates GitHub Releases automatically after successful NPM publication
- Provides detailed summaries and notifications
- β Runs on all pushes and pull requests
- π¨ Builds the TypeScript project
- π§ͺ Runs the complete test suite (
pnpm run test:ci) - π¦ Uploads build artifacts and coverage reports
- π Uses Ubuntu latest with Node.js 18
- β Runs only on master branch pushes
- π Checks if the current version already exists on NPM
- π Publishes to NPM only if version is new
- βοΈ Skips publication if version already exists
- π Requires NPM authentication token
- β Runs only after successful NPM publication
- π·οΈ Creates a GitHub release with the new version tag
- π Extracts changelog content automatically
- π¦ Attaches downloadable release assets:
- Package tarball (
.tgz) for offline installation - Pre-built archive with compiled TypeScript
- Source code archives (automatic)
- Package tarball (
- π Includes multiple installation methods and instructions
- π Provides a comprehensive summary of all pipeline steps
- β Shows status of build, test, publish, and release steps
- π Includes relevant links and information
This pipeline uses GitHub Environments for secure secret management:
- In your GitHub repo: Settings β Environments
- Create environment named
production(exact name required) - Configure deployment protection rules if desired (optional)
- Go to npmjs.com and log into your account
- Navigate to Account Settings β Access Tokens
- Click Generate New Token β Classic Token
- Select Automation token type (for CI/CD)
- Copy the generated token
- In your GitHub repo: Settings β Environments β production
- Under "Environment secrets", click Add secret
- Name:
NPM_TOKEN - Value: Your NPM token
- Click Add secret
- This is automatically provided by GitHub Actions
- No manual configuration needed
- Used for creating releases and accessing repository information
Using GitHub Environments provides:
- π Enhanced Security: Environment-specific secrets with access controls
- π¦ Deployment Protection: Optional approval workflows and branch restrictions
- π Deployment Tracking: Visibility into production deployments
- π Environment History: Track all deployments to production environment
Ensure your package.json is properly configured:
{
"name": "bds-jira-mcp",
"version": "1.1.2",
"type": "module",
"main": "build/index.js",
"files": [
"build",
"scripts"
],
"publishConfig": {
"access": "public"
}
}Make sure your NPM account:
- β Has permission to publish the package name
- β Is verified (email verification)
- β Has 2FA enabled (recommended)
- Push to master: Builds, tests, and publishes if version changed
- Pull Request: Builds and tests only (no publishing)
- Manual Release: Can be triggered via GitHub releases
You can manually trigger the pipeline by:
- Creating a new release in GitHub UI
- Pushing to master branch
- Creating a pull request
- Pipeline reads version from
package.json - Compares with existing versions on NPM
- Only publishes if version is new
-
Update version in
package.json:# Option 1: Manual # Edit package.json directly # Option 2: Using npm commands npm version patch # 1.1.2 β 1.1.3 npm version minor # 1.1.2 β 1.2.0 npm version major # 1.1.2 β 2.0.0 # Option 3: Using your existing scripts pnpm run bump:patch pnpm run bump:minor pnpm run bump:major
-
Commit and push to master:
git add package.json git commit -m "chore: bump version to 1.1.3" git push origin master -
Pipeline will automatically:
- Detect the version change
- Build and test
- Publish to NPM
- Create GitHub release with assets:
- NPM package tarball
- Pre-built TypeScript archive
- Source code archives
- Go to your GitHub repository
- Click Actions tab
- Select the workflow run to see detailed logs
Solution: Check that NPM_TOKEN is correctly configured in the production environment
Solution: This is expected behavior - the pipeline detected the version already exists
Solution: Check the test logs in the Actions tab. Tests run with mock JIRA credentials in CI
Solution: Delete the existing release/tag or bump the version number
To enable debug logging, add this to your workflow file:
env:
ACTIONS_STEP_DEBUG: true
ACTIONS_RUNNER_DEBUG: trueβ
Build & Test: Passed
π Publish: Successfully published v1.1.3 to NPM
π¦ NPM: https://www.npmjs.com/package/bds-jira-mcp/v/1.1.3
π·οΈ GitHub Release: Created v1.1.3 with assets
π₯ Assets: Package tarball, build archive, source code
β
Build & Test: Passed
βοΈ Publish: Skipped (version already exists)
βοΈ GitHub Release: Skipped
β Build & Test: Failed
βοΈ Publish: Skipped
βοΈ GitHub Release: Skipped
- NPM token is stored securely in GitHub Environment secrets
- Token is only accessible during workflow execution in the production environment
- Pipeline only publishes from master branch to production environment
- Environment-based access controls provide additional security layer
- All dependencies are installed with
--frozen-lockfilefor security - Build artifacts are automatically cleaned up after 7 days
If you encounter issues with the pipeline:
- Check the Actions tab for detailed error logs
- Verify environment configuration and secrets in the
productionenvironment - Ensure NPM account permissions are correct
- Check package.json configuration follows NPM standards
- Review this documentation for common solutions
For additional help, check the existing issues or create a new one in the repository.