nlm

A tool for automating the release of libraries in the spirit of semantic-release. For a list of supported commit types and their affect on the version, see CONTRIBUTING.md.

Highlights

• Automatically tags pull requests with semver-{patch,minor,major,none} based on the commit history
• All information is also part of the git history
• Smart CHANGELOG.md generator that incorporates pull request data
• Adds license headers for JavaScript and CoffeeScript files

Getting Started

Prerequisites

1. A GitHub access token with repo scope. This is required for creating version commits, releases, and tagging issues. GitHub has instructions for creating an access token.
2. A valid repository field in your package.json. E.g. https://github.mycorp.net/myorg/repo.git or https://github.com/myorg/repo.git.
3. The repository field should point to an existing project on GitHub.

Install nlm

1. Run npm install --save-dev nlm.
2. Set publishConfig.registry in your package.json if you haven't already.
3. Set your posttest script in package.json to nlm verify.

Setting up CI

nlm will automatically look for well-known environment variables during CI builds like CI=true, BRANCH=branch-name, etc. It should work out-of-the-box for Travis, DotCI, and CircleCI.

For GitHub and npm interactions to work, it requires the following additional environment variables:

• GH_TOKEN: The access token from above.
• NPM_TOKEN: An npm access token. You can find this in ~/.npmrc as _authToken.

For registries that don't support _authToken, it's possible to configure NPM_USERNAME, NPM_EMAIL, and NPM_PASSWORD_BASE64 instead. Those values can be found in your ~/.npmrc as username, email, and _password.

All tokens and passwords should be set up as encrypted environment variables.

Travis

For Travis, you can follow the official Travis docs:

travis encrypt GH_TOKEN=your_github_token --add env

If you want to publish from CI, you can either use the official Travis feature or nlm itself. The latter gives you support for managing different dist-tags based on branches.

If you want to use nlm to publish, you'll have to add NPM_TOKEN:

travis encrypt NPM_TOKEN=your_npm_token --add env

CircleCI

You may reference the official circleci docs on setting up environment variables using the admin console.

nlm will look for CIRCLE_BRANCH and CIRCLE_PULL_REQUEST environment variables to operate correctly.

To enable publishing, you may add a check in your run steps for a branch and build you want to release on:

- run: |
    if [ "$CIRCLE_BRANCH" == "master" ] && [ "$CIRCLE_STAGE" == "test-3" ]; then
          echo "Running nlm release";
          npx nlm release;
    else
          echo "Not running nlm release!";
    fi

GitHub Actions

Running nlm with GitHub Actions requires small modifications to the default GH actions templates, as well as setting up the NPM_TOKEN secret.

Workflow: Run CI

The template below is almost the same as the default one. The only difference is that on.push: is left empty, so the action will trigger on every push on every branch.

# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions

name: Node.js CI

on:
  push: # leave events empty so they triggers in every branch

jobs:
  build:
    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [10.x, 12.x, 14.x]

    steps:
    - uses: actions/checkout@v2
    - name: Use Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v2
      with:
        node-version: ${{ matrix.node-version }}
    - run: npm ci
    - run: npm run build --if-present
    - run: npm test

NOTE: With the setup above, If you are using nlm verify in the package posttest script, verify will state that the changes are none. You can either ignore this, or set fetch-depth: 0 in the checkout step to fetch the full git history.

- uses: actions/checkout@v2
    with:
      fetch-depth: 0

Workflow: Tagging PRs

Tagging the PR with nlm requires

• the pull_request event, so a PR id can be determined
• GH_TOKEN to be passed to the environment

  env:
    GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

• the entire git history. Set fetch-depth: 0 to overwrite the default in actions/checkout@v2

  # see https://github.com/actions/checkout#fetch-all-history-for-all-tags-and-branches
  - uses: actions/checkout@v2
    with:
      fetch-depth: 0

name: NLM

on:
  pull_request:

jobs:
  tag:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0  # necessary to get full commit history
      - name: Use Node.js
        uses: actions/setup-node@v2
        with:
          node-version: 14
      - run: npm ci
      - run: npx nlm verify
        env:
          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

Workflow: Releasing with nlm

To have nlm release on merge to the default branch or other branches, you need to

• set the trigger to the push event

  push:
    branches: [ main, v10.x ] # branches to release from

• pass the GH_TOKEN and NPM_TOKEN to the env

  - run: npx nlm release  # nlm release command
    env:
    GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
    NPM_TOKEN: ${{secrets.NPM_TOKEN}}

• the entire git history. Set fetch-depth: 0 to overwrite the default in actions/checkout@v2

  # see https://github.com/actions/checkout#fetch-all-history-for-all-tags-and-branches
  - uses: actions/checkout@v2
    with:
      fetch-depth: 0

name: Publish to NPM

on:
  push:
    branches: [ main ] # default branch

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 14
      - run: npm ci
      - run: npm test

  publish-npm:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0 # necessary to get full commit history
      - uses: actions/setup-node@v2
        with:
          node-version: 14

      - run: npm ci
      - run: npx nlm release  # nlm release command
        env:
          GH_TOKEN: ${{secrets.GITHUB_TOKEN}} # pass GH_TOKEN
          NPM_TOKEN: ${{secrets.NPM_TOKEN}}   # pass NPM_TOKEN.

Creating Secrets

The above templates show two secrets passed to the env environment. By default, the GITHUB_TOKEN secret exists in every repo and doesn't need to be set to the repository or org secrets. The NPM_TOKEN on the contrary, needs to set to the org or repository secrets. It becomes available to the workflow on the secrets object

See Official GitHub Documentation on how to set a secret.

Configuration

Most nlm configuration happens via native npm options in package.json:

• repository: This field is parsed to detect GitHub API baseUrl and repository name. nlm supports both public GitHub and GitHub Enterprise instances. For GitHub Enterprise, it assumes the API to be at https://<hostname>/api/v3.
• files: By default nlm will add license headers to everything listed here.

In most cases these settings are enough to make nlm do the right thing. For more customization, you can use .nlmrc or an nlm section in package.json:

• channels: A map of branch name to npmdist-tag. When publishing, this will determine what will be published and how it's tagged. By default, there's two entries in this map:{ master: 'latest', main: 'latest' }. Which means that publishing frommasterormainupdates thelatest` tag and publishing from any other branch does nothing.
• hooks: A map of hook names to shell commands. When executing any of the commands listed below some of these hooks will get triggered. The available hooks are:

• license:
  • files: List of files and/or directories to add license headers to.
  • exclude: List of files to exclude that would otherwise be included. nlm will always exclude anything in node_modules.
• acceptInvalidCommits: Accept commit messages even if they can't be parsed. It's highly discouraged to use this option. In this mode any commit with an invalid commit message will be treated as "semver-major".
• deprecated: String (may be empty) describing reason this package has been deprecated. To deprecate a package, set it to a descriptive reason. To "un-deprecate" a package, set it to an empty string (can then be later deleted).
• changelog:
  • omit: Array of types, which will be omitted from the changelog.
  • verbose: Display PR's commits. Default: false
• emoji: Configure changelog emoji setting logic
  • skip: deactivates emoji in changelog. Default: null
  • set: Custom emojis map, which will overwrite the default one

Example for emoji

{
  "nlm": {
    "emoji": { 
      "set": {
        "refactor": "🔥" // will overwrite the existing setting for "refactor" type
      }
    }
  } 
}   

The default emojis for the commit types are:

{

  "breaking": "💥",
  "feat": "🚀",
  "fix": "🐛",
  "perf": "⚡",
  "refactor": "📦️",
  "revert": "↩️",
  "docs": "📝",
  "style": "💅",

  // internal types
  "dep": "🔼",     // will be set when dependencies are found in PR commit subject
  "internal": "🏡", // will be set for types: "chore", "build", "test", "ci" or commits without type

}

badges

Sets shield.io badges to the README.md

{
  "nlm": {
    "badges": {
      "enable": true,
      "npm": {
        "enable": false,
        "color": "yellow"
      },
      "coverage": {
        "enable": true,
        "thresholds": [[75, "blue"], [50, "yellow"]]
      },
      "meta": {
        "enable": true,
        "url": false,
        "color": "CCC"
      }
    }
  } 
}   

• badges.enable: enables setting badges to the README. Default: true

section: badges.npm

set package version and engine information

• badges.npm.enable: enables setting npm related badges. Default: true
• badges.npm.color: custom color set as HEX value (without #) or color literals listed on shields.io. Default: blue

section: badges.coverage

set coverage information badge given coverage/coverage-summary.json exists

• badges.coverageenable: enables coverage badge. Default: true
• badges.coveragethresholds: List of threshold/color ranges. Default: [95, 'success'], [90, 'green'], [75, 'yellow'], [50, 'critical']

section: badges.meta

adds badges for entries in bugs section. Can detect JIRA and Slack urls.

• badges.metaenable: enables meta badges. Default: true
• badges.metaurl: makes meta badges clickable. Default: true
• badges.metacolor: custom color set as HEX value (without #) or color literals listed on shields.io. Default: F4D03F

If there's no file named LICENSE in the repository, nlm won't attempt to add the headers.

Commands

nlm verify

Intended use: posttest script for matrix builds.

Verify that the current state is valid and could be released. Will also add license headers where they are missing.

1. Add missing license headers.
2. Verify that the checkout is clean.
3. Collect change log items and determine what kind of change it is.

nlm release

Intended use: deploy script, or posttest script if not running matrix builds.

Verify that the current state is valid and could be released. Will also add license headers where they are missing.

1. Everything nlm verify does.
2. If hooks#prepare is present in the nlm section of the package.json, the shell command defined by the hook will be executed.
3. If there are unreleased changes:
   1. Create a new CHANGELOG entry and update package.json#version.
   2. Commit and tag the release.
   3. Push the tag, and the release branch (e.g. master).
   4. Create a GitHub release.
4. Publish the package to npm or update dist-tag if required.

By default nlm release will not do anything unless it's running on CI. You can force a release by running nlm release --commit.

Note: If your current version is below 1.0.0, nlm will always release 1.0.0. The semantics of versions below 1.0.0 can be tricky and nlm tries to not make any assumptions about how people might interpret those version ranges.

nlm changelog

Preview the changelog that would be generated by the commits between the last version tag and the current HEAD. If there are no unreleased commits, the output will be empty.

v5.8.0 (2021-10-29)

🏡 Internal

• #96 Support .ts .mjs .tsx .jsx extensions for license headers (@dbushong)

v5.7.0 (2021-10-20)

🏡 Internal

• #95 Use the current year in (new) license headers (@dbushong)

v5.6.1 (2021-10-05)

🏡 Internal

• #94 bump default github timeouts (@dbushong)

v5.6.0 (2021-09-16)

🏡 Internal

• #92 package-lock.json v2 version bumping (@dbushong)
• #93 Undo commit listing changes from #90 (@dbushong)

v5.5.2 (2021-07-12)

🐛 Bug Fixes

• #90 fix(tagging): only consider local / PR commits (@aaarichter)

🏡 Internal

• baf8816 chore: dummy commit

v5.5.1 (2021-06-08)

🔼 Dependencies

• #89 chore(deps): bump trim-newlines from 3.0.0 to 3.0.1 (@dependabot[bot])

📝 Documentation

• #88 docs: Add link to CONTRIBUTING, and remove dotCI mention from README (@daniel-beard)

v5.5.0 (2021-06-03)

🚀 New Features

• #84 feat: support GitHub actions (@aaarichter)

🏡 Internal

• #87 ci(actions): set default branch (@aaarichter)
• cae5d35 ci: fix publish to default branch (#86) - see: #86

v5.4.2 (2021-06-01)

🐛 Bug Fixes

• #81 fix(changelog): breaking changes display (@aaarichter)

🔼 Dependencies

• #80 chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9 (@dependabot[bot])

v5.4.1 (2021-03-26)

📦️ Code Refactoring

• #58 refactor: client syntax to match modern Gofer (@aaarichter)

v5.4.0 (2021-03-15)

🚀 New Features

• #79 feat: support main branch for release (@islesser)

v5.3.3 (2021-03-05)

🐛 Bug Fixes

• #78 fix: issue with detecting query params in badge urls (@aaarichter)

v5.3.2 (2021-02-27)

📦️ Code Refactoring

• #77 refactor: add brand logos to badges & detect Github links (@aaarichter)

v5.3.1 (2021-02-23)

🐛 Bug Fixes

• #76 fix:set percentage badge only present & add debug statements (@aaarichter)

v5.3.0 (2021-02-23)

🚀 New Features

• #75 feat: add badges to README.md on release (@aaarichter)

v5.2.3 (2021-01-22)

🔼 Dependencies

• #74 chore(deps): bump ini from 1.3.5 to 1.3.8 (@dependabot[bot])

v5.2.2 (2021-01-21)

🏡 Internal

• #73 ignore commits labeled with pr for changelog (@aotarola)

v5.2.1 (2020-11-10)

🏡 Internal

• #69 fix(changelog): type(scope) detection (@aaarichter)
• 417063a ci: add .deepsource.toml

5.2.0 - 2020-11-07

• feat: changelog improvements - @aaarichter #68
  • 69ba93e 📦️ refactor: change version headline
  • 63bcf4e ✨ feat: categorize changelog
  • ea69985 ✨ feat: categorize & group PRs & commits
  • 0bc5730 📝 docs: add JSDOC typings
  • 2173cf8 ✨ feat: add changelog.omit option to omit commit types
  • b3b4dab ✨ feat: highlight dependency updates in commit subject
  • 21b17e3 📦️ refactor: change default emoji map & update documentation
  • d1e7889 ↩️ revert: unnecessary changes
  • d188cbd 🐛 fix: remove () from message

5.1.1 - 2020-11-04

• chore(deps): update dependencies & set node >= 10.13 - @aaarichter #67
  • 952459a ♻️ chore: update dependencies & set node >= 10.13
  • aeb32f8 ✅ test: rewrite with node assert

5.1.0 - 2020-10-15

• feat: support circleci PRs and releases - @markowsiak #66
  • c85ce5c ✨ feat: support circleci PRs and releases
  • 3a4e3f4 🐛 fix: a typo in the new docs around circleci setup

5.0.0 - 2020-07-31

Breaking Changes

nlm will no longer create a patch tag for docs, style and test commits. If your PR only contains these type of commits, it will no longer release a new version.

See: 11665ca

The undocumented doc commit type is no longer supported. Use docs instead.

See: 0d866fb

Commits

• feat: release less & various other changes - @aaarichter #64
  • bcceefb chore: update packages & move nyc to devDependencies
  • 1f114c0 style: update travis syntax
  • 11665ca feat: don't release for types docs, style, test
  • e32cffe feat: handle Github Revert commits
  • 0d866fb fix: remove undocumented doc commit type
  • 3c86512 style: test
  • 96bd23a feat: add ci & build commit types
  • 79aef6f style: use node assert
  • 9ce6d8e feat: set emoji to changelog commits. Fixes #39 - see: #39
  • 1aae5bb feat: mention version increment. Fixes #31 - see: #31
  • 7ab83cb chore: update dependencies

4.2.1 - 2020-07-20

• chore(deps): bump lodash from 4.17.15 to 4.17.19 - @dependabot[bot] #65
  • b73c5a2 chore: bump lodash from 4.17.15 to 4.17.19 - see: [4](- Commits

4.2.0 - 2020-03-27

• feat: allow plural and colon for BREAKING CHANGE commit message tag - @aaarichter #63
  • 4698bf8 chore: upgrade packages
  • 9cc13e2 chore: add nyc
  • fa49799 feat: allow plural and colon for BREAKING CHANGE commit message tag

4.1.1 - 2020-03-14

• chore(deps): bump minimist from 1.2.0 to 1.2.2 - @dependabot[bot] #62
  • a41c5fd chore: bump minimist from 1.2.0 to 1.2.2 - see: [1](- Commits

4.1.0

• feat: add date to CHANGELOG - @aotarola #61
  • 4d56023 feat: add date to CHANGELOG
  • 06a18ed chore: npm audit fix

4.0.0

Breaking Changes

• drop Node 6 support

See: 02d73e2

• drop Node 8 support

See: eafbbe6

Commits

• refactor: drop Node 6/8 support & upgrade dependencies - @aaarichter #57
  • 005c83d chore: upgrade dependencies
  • edc920b style: address lint errors & warnings
  • 02d73e2 refactor: drop Node 6 support & upgrade packages
  • eafbbe6 refactor: drop Node 8 support
  • 9791047 style: apply JS transform on lib & test
  • 5543c9b style: fix lint issues
  • 239ae9a fix: address feedback

3.6.3

• clean up broken links in README - @dbushong #56
  • 850b672 docs: clean up broken links in README

3.6.2

• npm audit fix - @dbushong #55
  • 3a44e11 chore: npm audit fix

3.6.1

• channels: configs have priority over defaults - @dbushong #52
  • 084d446 fix: channels: configs have priority over defaults

3.6.0

• feat: add support for hooks in release command - @saguinav #51
  • 1feb523 feat: add support for hooks in release command
  • c0a2b69 chore: address comments from David

3.5.0

• add support for deprecating a package - @dbushong #50
  • 806eb7d feat: add support for deprecating a package

3.4.3

• misc. cleanup - @dbushong #48
  • f271f11 chore: remove unused post-install script
  • b67f755 refactor: stop using bluebird for promises
  • 94bf4fd refactor: stop using lodash
• wrap risky co.wrap yields - @dbushong #49
  • 006d4a6 fix: wrap risky co.wrap yields

3.4.2

• docs: fix broken link in CONTRIBUTING - @dbushong #47
  • b1eebdc docs: fix broken link in CONTRIBUTING

3.4.1

• docs: Update angular link to point directly to commit guidelines - @daniel-beard #46
  • d4dee45 docs: Update angular link to point directly to commit guidelines

3.4.0

• update version field in package-lock.json - @dbushong #45
  • 4633bcc feat: update version field in package-lock.json

3.3.4

• Keep package-lock in sync - @jkrems #44
  • f40a4f7 chore: Keep package-lock in sync

3.3.3

• Protect merge commit fix by ref id - @jkrems #43
  • 0b5d1a6 fix: Protect merge commit fix by ref id

3.3.2

• fix: address npm audit security report - @markowsiak #42
  • 4fdd017 fix: address npm audit security report
  • 5bb4c5b refactor: update conventional-commits-parser and accomodate for change in behavior
  • 16b3816 chore: apply latest generator updates
  • f6aa03f fix: remove nlm recurssive dep, and fix references
  • 655b379 fix: generator added npm6 install for travis
  • 983e7f5 refactor: improve regex finding issuePrefixes by URL
  • 85bd9d1 fix: make regex more inclusive and future proof

3.3.1

• Apply latest nlm generator - @markowsiak #40
  • 45d4c15 chore: Apply latest nlm generator
• fix: failed nlm deploy - @markowsiak #41
  • bb9caa2 fix: failed nlm deploy

3.3.0

• acceptInvalidCommits formatter - @johan #38
  • 0ec2a0e test: check formatting of off-format commit messages
  • 5e39a6a feat: properly link even off-format commit messages - see: #16

3.2.0

• Add predictable git author - @jkrems #36
  • e941fda feat: Add predictable git author

3.1.5

• fix: properly parse repositories with dot in name - @dbushong #34
  • 4672e13 fix: properly parse repositories with dot in name

3.1.4

• Skip verify in non-git directories - @jkrems #33
  • e8bdf99 fix: Skip verify in non-git directories

3.1.3

• fix: properly accept perf commit prefix as patch - @dbushong #32
  • ab3dd21 fix: properly accept perf commit prefix as patch

3.1.2

• Mention forced 1.0.0 bump - @jkrems #30
  • db6e715 docs: Mention forced 1.0.0 bump

3.1.1

• Only scan for files if LICENSE is present - @jkrems #29
  • f78b9dc fix: Only scan for files if LICENSE is present

3.1.0

• feat: re-check publish status for releaseType none - @dbushong #27
  • 724d23e feat: re-check publish status for releaseType none

3.0.0

Breaking Changes

Since nobody uses it in practice and yeoman is a better fit anyhow, we're removing the init command from nlm.

See: f09b2eb

Commits

• Remove nlm init - @jkrems #23
  • f09b2eb refactor: Remove init command

2.2.3

• fix: correct spelling - @dbushong #26
  • 3027f2f fix: correct spelling

2.2.2

• Switch to gofer 3 - @jkrems #22
  • 488057e chore: Switch to gofer 3

2.2.1

• Apply latest nlm generator - @i-tier-bot #20
  • 05a2980 chore: Apply latest nlm generator
  • 6f07328 chore: nlm should not require nlm
  • 0201798 fix: Lodash 4 merged pluck into map
• Fix typo in travis config - @jkrems #21
  • 42c5b71 chore: Fix typo in travis config

2.2.0

• Link to issues and tickets in changelog - @jkrems #9
  • 2a834ba feat: Support parsing full issue urls
  • 73da2d3 feat: Link to issues and tickets in changelog - see: #8

2.1.1

• Handle missing and foreign PRs in changelog - @jkrems #15
  • b8ca6e0 fix: Handle missing and foreign PRs in changelog

2.1.0

• Opt-in acceptInvalidCommits option - @jkrems #12
  • e16eb35 feat: Opt-in acceptInvalidCommits option

2.0.2

• Never publish private packages - @jkrems #11
  • d727cb6 fix: Never publish private packages

2.0.1

• fix: Call publishToNpm as a task/step - @jkrems #7
  • b981991 fix: Call publishToNpm as a task/step

2.0.0

Breaking Changes

The publish command was removed and merged with the release command. To better support projects with multiple builds (e.g. against multiple versions of node) the release parts were split from the verification parts. nlm verify can be used as a posttest script in those cases. This ensures that multiple builds won't try to release the same version.

See: a8ce7e9

Commits

• Support matrix builds - @jkrems #4
  • 05d9171 fix: Read the commit sha from the right directory
  • a8ce7e9 feat: Officially support matrix builds
• Pass arguments to verify command - @jkrems #6
  • fd38f44 fix: Pass arguments to verify command

1.1.0

• Compatible with node v0.10 - @jkrems #3
  • 981c75c fix: Support latest git's error message
  • c843504 feat: Test suite passes on node 0.10
  • 321ce61 test: Set git user/email in fixtures

1.0.1

• fix: Reference local bin script for publish - @jkrems #2
  • 94b594b fix: Reference local bin script for publish

1.0.0

• e233526 chore: Initial import
• c8ea5cb chore: Add travis config
• ded085d feat: Run nlm build with DEBUG enabled
• 6d1b9e1 fix: Explicitly push version commit