github-release

Sanitize and release projects to GitHub. Two-phase workflow: safety checks first, then tag and publish.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "github-release" with this command: npx skills add jezweb/claude-skills/jezweb-claude-skills-github-release

GitHub Release

Sanitize and release projects to GitHub. Two-phase workflow: safety checks first, then tag and publish.

Prerequisites

  • gh CLI installed and authenticated (gh auth status )

  • gitleaks installed for secrets scanning (brew install gitleaks or download from GitHub)

  • Git repository with a remote configured

Workflow

Phase 1: Sanitize

Run these checks before any public release. Stop on blockers.

  1. Scan for Secrets (BLOCKER)

gitleaks detect --no-git --source=. --verbose

If secrets found: STOP. Remove secrets, move to environment variables. Check git history with git log -S "secret_value" — if in history, use BFG Repo-Cleaner.

If gitleaks not installed, do manual checks:

Check for .env files

find . -name ".env*" -not -path "/node_modules/"

Check config files for hardcoded secrets

grep -ri "api_key|token|secret|password" wrangler.toml wrangler.jsonc .dev.vars 2>/dev/null

  1. Remove Personal Artifacts

Check for and remove session/planning files that shouldn't be published:

  • SESSION.md — session state

  • planning/ , screenshots/ — working directories

  • test-.ts , test-.js — local test files

Either delete them or add to .gitignore .

  1. Validate LICENSE

ls LICENSE LICENSE.md LICENSE.txt 2>/dev/null

If missing: create one. Check the repo visibility (gh repo view --json visibility -q '.visibility' ). Use MIT for public repos. For private repos, consider a proprietary license instead.

  1. Validate README

Check README exists and has basic sections:

grep -i "## Install|## Usage|## License" README.md

If missing sections, add them before release.

  1. Check .gitignore

Verify essential patterns are present:

grep -E "node_modules|.env|dist/|.dev.vars" .gitignore

  1. Build Test (non-blocking)

npm run build 2>&1

  1. Dependency Audit (non-blocking)

npm audit --audit-level=high

  1. Create Sanitization Commit

If any changes were made during sanitization:

git add -A git commit -m "chore: prepare for release"

Phase 2: Release

  1. Determine Version

Check package.json for current version, or ask the user. Ensure version starts with v prefix.

  1. Check Tag Doesn't Exist

git tag -l "v[version]"

If it exists, ask user whether to delete and recreate or use a different version.

  1. Show What's Being Released

LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "") if [ -z "$LAST_TAG" ]; then git log --oneline --no-merges HEAD | head -20 else git log --oneline --no-merges ${LAST_TAG}..HEAD fi

  1. Create Tag and Push

git tag -a v[version] -m "Release v[version]" git push origin $(git branch --show-current) git push origin --tags

  1. Create GitHub Release

gh release create v[version]
--title "Release v[version]"
--notes "[auto-generated from commits]"

For pre-releases add --prerelease . For drafts add --draft .

  1. Report

Show the user:

  • Release URL

  • Next steps (npm publish if applicable, announcements)

Reference Files

When Read

Detailed safety checks references/safety-checklist.md

Release mechanics references/release-workflow.md

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

agent-development

No summary provided by upstream source.

Repository SourceNeeds Review
-361
jezweb
Coding

developer-toolbox

No summary provided by upstream source.

Repository SourceNeeds Review
-359
jezweb
Coding

typescript-mcp

No summary provided by upstream source.

Repository SourceNeeds Review
-339
jezweb