github-release

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

GitHub Release

GitHub 版本发布

Sanitize and release projects to GitHub. Two-phase workflow: safety checks first, then tag and publish.

为GitHub项目完成代码清理与版本发布。分为两个阶段工作流：先进行安全检查，再创建标签并发布。

Prerequisites

前提条件

```
gh
```
CLI installed and authenticated (
```
gh auth status
```
)
```
gitleaks
```
installed for secrets scanning (
```
brew install gitleaks
```
or download from GitHub)
Git repository with a remote configured

已安装并认证gh CLI（执行
```
gh auth status
```
验证）
已安装gitleaks用于密钥扫描（可通过
```
brew install gitleaks
```
安装或从GitHub下载）
Git仓库已配置远程仓库

Workflow

工作流

Phase 1: Sanitize

第一阶段：代码清理

Run these checks before any public release. Stop on blockers.

在公开发布前执行以下检查，遇到阻塞项立即停止。

1. Scan for Secrets (BLOCKER)

1. 密钥扫描（阻塞项）

bash

gitleaks detect --no-git --source=. --verbose

If secrets found: STOP. Remove secrets, move to environment variables. Check git history with

git log -S "secret_value"

— if in history, use BFG Repo-Cleaner.

If gitleaks not installed, do manual checks:

bash

undefined

bash

gitleaks detect --no-git --source=. --verbose

如果发现密钥：立即停止。移除密钥，将其迁移至环境变量。使用

git log -S "secret_value"

检查Git历史记录——若密钥已存在于历史中，请使用BFG Repo-Cleaner工具清理。

若未安装gitleaks，可执行以下手动检查：

bash

undefined

Check for .env files

检查.env文件

find . -name ".env*" -not -path "/node_modules/"

Check config files for hardcoded secrets

检查配置文件中的硬编码密钥

grep -ri "api_key|token|secret|password" wrangler.toml wrangler.jsonc .dev.vars 2>/dev/null

undefined

grep -ri "api_key|token|secret|password" wrangler.toml wrangler.jsonc .dev.vars 2>/dev/null

undefined

2. Remove Personal Artifacts

2. 移除个人工件

Check for and remove session/planning files that shouldn't be published:

```
SESSION.md
```
— session state
```
planning/
```
,
```
screenshots/
```
— working directories
```
test-*.ts
```
,
```
test-*.js
```
— local test files

Either delete them or add to

.gitignore

检查并移除不应发布的会话/规划文件：

```
SESSION.md
```
— 会话状态文件
```
planning/
```
、
```
screenshots/
```
— 工作目录
```
test-*.ts
```
、
```
test-*.js
```
— 本地测试文件

可选择删除这些文件或将其添加至

.gitignore

。

3. Validate LICENSE

3. 验证LICENSE文件

bash

ls LICENSE LICENSE.md LICENSE.txt 2>/dev/null

If missing: create one. MIT is the default for Jez's projects. For private repos, use the proprietary license (see

~/.claude/rules/git-workflow.md

bash

ls LICENSE LICENSE.md LICENSE.txt 2>/dev/null

若缺失LICENSE文件：请创建一个。Jez的项目默认使用MIT协议。对于私有仓库，请使用专有协议（详见

~/.claude/rules/git-workflow.md

）。

4. Validate README

4. 验证README文件

Check README exists and has basic sections:

bash

grep -i "## Install\|## Usage\|## License" README.md

If missing sections, add them before release.

检查README文件是否存在且包含基础章节：

bash

grep -i "## Install\|## Usage\|## License" README.md

若缺失必要章节，请在发布前补充完整。

5. Check .gitignore

5. 检查.gitignore文件

Verify essential patterns are present:

bash

grep -E "node_modules|\.env|dist/|\.dev\.vars" .gitignore

验证是否包含必要的忽略规则：

bash

grep -E "node_modules|\.env|dist/|\.dev\.vars" .gitignore

6. Build Test (non-blocking)

6. 构建测试（非阻塞项）

bash

npm run build 2>&1

bash

npm run build 2>&1

7. Dependency Audit (non-blocking)

7. 依赖审计（非阻塞项）

bash

npm audit --audit-level=high

bash

npm audit --audit-level=high

8. Create Sanitization Commit

8. 创建代码清理提交

If any changes were made during sanitization:

bash

git add -A
git commit -m "chore: prepare for release"

若在代码清理过程中进行了任何修改：

bash

git add -A
git commit -m "chore: prepare for release"

Phase 2: Release

第二阶段：版本发布

1. Determine Version

1. 确定版本号

Check

package.json

for current version, or ask the user. Ensure version starts with

prefix.

检查

package.json

中的当前版本号，或询问用户确认。确保版本号以

前缀开头。

2. Check Tag Doesn't Exist

2. 检查标签是否已存在

bash

git tag -l "v[version]"

If it exists, ask user whether to delete and recreate or use a different version.

bash

git tag -l "v[version]"

若标签已存在，请询问用户是删除并重新创建，还是使用其他版本号。

3. Show What's Being Released

3. 展示待发布内容

bash

LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
if [ -z "$LAST_TAG" ]; then
  git log --oneline --no-merges HEAD | head -20
else
  git log --oneline --no-merges ${LAST_TAG}..HEAD
fi

bash

LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
if [ -z "$LAST_TAG" ]; then
  git log --oneline --no-merges HEAD | head -20
else
  git log --oneline --no-merges ${LAST_TAG}..HEAD
fi

4. Create Tag and Push

4. 创建标签并推送

bash

git tag -a v[version] -m "Release v[version]"
git push origin $(git branch --show-current)
git push origin --tags

bash

git tag -a v[version] -m "Release v[version]"
git push origin $(git branch --show-current)
git push origin --tags

5. Create GitHub Release

5. 创建GitHub版本

bash

gh release create v[version] \
  --title "Release v[version]" \
  --notes "[auto-generated from commits]"

For pre-releases add

--prerelease

. For drafts add

--draft

bash

gh release create v[version] \
  --title "Release v[version]" \
  --notes "[auto-generated from commits]"

若为预发布版本，添加

--prerelease

参数。若为草稿版本，添加

--draft

参数。

6. Report

6. 发布报告

Show the user:

Release URL
Next steps (npm publish if applicable, announcements)

向用户展示以下信息：

版本发布URL
后续步骤（如适用的npm发布、公告等）

Reference Files

参考文件

When	Read
Detailed safety checks	references/safety-checklist.md
Release mechanics	references/release-workflow.md

场景	参考文档
详细安全检查	references/safety-checklist.md
版本发布机制	references/release-workflow.md