DX Heroes logo

Back to insights

#guide
#sdk
#tool

Release and publish a new JavaScript SDK version automatically: a step-by-step guide

Length: 

8 min

Published: 

July 27, 2023

Release and publish a new JavaScript SDK version automatically: a step-by-step guide

Keeping a tidy changelog, cutting a new version of an SDK, and then pushing it to a package repository: these are repetitive chores that eat developer time. You can automate all of them.

This tutorial shows you how. You will go through the following steps:

  1. Set up a GitHub Action to release a new SDK version.
  2. Publish a new SDK version:
    • Create an npm account.
    • Store an npm API token securely in GitHub.
    • Set up a GitHub Action that auto-publishes new SDK versions.

Prerequisites

This tutorial assumes you have already built a working SDK and pushed it to a GitHub repository.

Release a new version

Owner + Developer: Set up a GitHub Action to release new SDK versions

To skip the tedious work of updating the changelog and cutting releases by hand, we recommend the GitHub Action release-please. It tracks every code change since the last release and keeps a pull request open with the changelog and version bump, based on your commit messages. When you are ready to ship a new version, you just merge that pull request.

Follow these steps to set it up.

Owner:

  1. In your GitHub repository, go to Settings > Actions > General and make sure "Allow GitHub Actions to create and approve pull requests" is checked.

Developer:

  1. In the root of your project, create a directory .github/workflows/. GitHub Action configuration files always live here.
  2. In that directory, create a new YAML configuration file. Name it release-please.yml.
  3. Copy the following code into the file:
# This workflow opens and updates a pull request with a new package version
# based on code changes.

# The pull request updates the version in package.json, updates the changelog
# and creates release tags.

# https://github.com/marketplace/actions/release-please-action

on:
  push:
    branches:
      - master

permissions:
  contents: write
  pull-requests: write

name: release-please

jobs:
  release-please:
    runs-on: ubuntu-22.04
    steps:
      - uses: google-github-actions/release-please-action@v3.7.10
        with:
          release-type: node
          package-name: release-please-action
          pull-request-title-pattern: "chore(release): ${version}"
          pull-request-header: ":robot: Merge this PR to release a new version"

If your project's main branch has a different name than master (for example main), change it on line 13.

  1. If you have released your SDK before, make sure the commit of the latest release has a version tag attached (in the format "v2.1.1") and that the tag is pushed to GitHub. release-please reads this tag to work out the next version number. Without such a tag, release-please proposes "v1.0.0" as the next version.

  2. Commit all of these changes and push them to the GitHub repository. The workflow is now set up. The next time someone adds something releasable with a conventional commit message (a fix: or feat: prefix), release-please opens a pull request. As you add more code, it updates that pull request automatically. When you are ready to roll out a new SDK version, you simply merge it.

release-please follows the Semantic Versioning (SemVer) specification, so it generates version numbers based on how significant your changes are. Breaking changes bump the major version, new features bump the minor version, and bug fixes bump the patch version. This makes it easy for your users to see what each new SDK version means for them.

Your commit messages need to follow the Conventional Commits format so release-please can judge the significance of your changes and pick the right version number. That means a specific format: "feat: add new feature" for a feature, "fix: resolve bug" for a fix, and "chore: update dependencies" for a non-code change. Use it consistently and release-please generates correct version numbers and changelogs. You can still edit the changelog by hand in the open pull request before you release.

Publish the SDK

Owner: Create an npm account, get an API token, and store it in GitHub securely

  1. Before you publish your SDK for the first time, create an npm account at npmjs.com.
  2. Go to your Account > Access Tokens and generate a new Classic Token of type Automation. Here is more info about npm tokens.
  3. Copy the token.
  4. Open your project's GitHub page. Go to Settings > Security > Secrets and Variables > Actions and click "New repository secret".
  5. Enter NPM_TOKEN in the Name field.
  6. Paste the token from step 3 into the Secret field. Click "Add secret" to confirm.

Your npm token is now stored securely in your repository, and your GitHub Action can read it. When the Action runs, it uses the token to authenticate with the npm registry and publish your SDK.

Never share your npm token with anyone, and never commit it to your codebase. Secrets keep your token accessible only to authorized users and out of your code.

Developer: Automate SDK publishing with GitHub Actions

You can set up a GitHub Action that publishes your SDK to the npm repository automatically after you push a release commit to the GitHub origin repository:

  1. In your project, open the .github/workflows folder (or create it if it does not exist yet) and create a new YAML configuration file. Name it, for example, npm-publish.yml.
  2. Copy the following code into the file:
# This workflow will publish a package to npmjs.com when a release is created

# https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages

name: Node.js Package

on:
  push:
    branches:
      - master

jobs:
  publish-npm:
    if: contains(github.event.head_commit.message, 'chore(release)')
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3.5.3
      - uses: actions/setup-node@v3.7.0
        with:
          node-version: 18.16.1
          registry-url: https://registry.npmjs.org/
      - run: npm publish --access public
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

If your project's main branch has a different name than master (for example main), change the name on line 10.

  1. Commit this new file to your project's main branch and push the changes to the GitHub origin repository.

The GitHub Action is now ready. For it to work, you first need to add the NPM_TOKEN to GitHub secrets.

The Action triggers when you push a commit to your main project branch with a commit message containing the phrase chore(release). If you followed the steps in the "Release a new version" section above, the publish Action fires when you merge the pull request that release-please opened.

Conclusion

This guide walked you through setting up automatic tools to release a new JavaScript SDK version and publish it to the npm repository. Automating these steps frees up time and resources you can put back into writing code.

If you need help with SDK development or automation setup, our team is ready to help. We can streamline your SDK development process, tune your automation setup, and save you time and money along the way.

So get in touch today and let's see how we can take your SDK development further.

Need an automated release for another technology?

You might also be interested in:

Back to insights

Want to stay one step ahead?

Don't miss our best insights. No spam, just practical analyses, invitations to exclusive events, and podcast summaries delivered straight to your inbox.