From 3d25e0b34f40f7ed38cbd66e1b0be20d28694e02 Mon Sep 17 00:00:00 2001 From: Kailas Mahavarkar <66670953+KailasMahavarkar@users.noreply.github.com> Date: Fri, 10 Apr 2026 17:02:20 +0530 Subject: [PATCH 1/3] chore: auto-release on package.json version bump + bump to v1.1.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds a release job to the CI workflow. On every push to main, after verify passes, it reads the version from package.json and checks if the tag already exists. If not, gh release create runs with --generate-notes, which triggers the existing Docker build job and produces versioned tags (:v1.1.0, :latest). No manual release steps needed — bump the version in a PR, merge, done. Also bumps package.json to 1.1.0 to exercise the new path. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/publish.yml | 32 ++++++++++++++++++++++++++++++++ package.json | 2 +- tests/workflow-behaviour.test.ts | 1 + 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 94a85ae..b25b43e 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -39,6 +39,38 @@ jobs: - name: Type-check run: bun run build + release: + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + needs: verify + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check if version tag exists + id: check + run: | + VERSION=$(jq -r .version package.json) + echo "version=$VERSION" >> $GITHUB_OUTPUT + if git ls-remote --tags origin | grep -q "refs/tags/v${VERSION}$"; then + echo "exists=true" >> $GITHUB_OUTPUT + else + echo "exists=false" >> $GITHUB_OUTPUT + fi + + - name: Create release + if: steps.check.outputs.exists == 'false' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release create "v${{ steps.check.outputs.version }}" \ + --title "v${{ steps.check.outputs.version }}" \ + --generate-notes + build-and-push-image: if: github.event_name != 'pull_request' needs: verify diff --git a/package.json b/package.json index dd1e010..1b41b90 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@orkait-ai/hyperstack", - "version": "1.0.0", + "version": "1.1.0", "description": "Disciplined MCP server + skill system. 11 plugins, 79 tools, 21 skills with adversarial enforcement. Designer/DESIGN.md pipeline, shadcn/ui, React Flow, Motion, Lenis, React 19, Echo, Go, Rust, design tokens, UI/UX.", "bin": { "hyperstack": "bin/hyperstack.mjs" diff --git a/tests/workflow-behaviour.test.ts b/tests/workflow-behaviour.test.ts index b64a210..d335a47 100644 --- a/tests/workflow-behaviour.test.ts +++ b/tests/workflow-behaviour.test.ts @@ -20,4 +20,5 @@ test("publish workflow verifies the package across the supported OS and Bun matr /if:\s*github\.event_name\s*!=\s*'pull_request'/, "publish job should not push images from pull request runs", ); + assert.match(workflow, /gh release create/, "workflow should auto-create a release on version bump"); }); From afd57b55fb9b7c59ee22787a4beab75c24d87784 Mon Sep 17 00:00:00 2001 From: Kailas Mahavarkar <66670953+KailasMahavarkar@users.noreply.github.com> Date: Fri, 10 Apr 2026 17:03:07 +0530 Subject: [PATCH 2/3] =?UTF-8?q?fix(docker):=20bun.lockb=20=E2=86=92=20bun.?= =?UTF-8?q?lock=20(bun=201.3+=20uses=20text=20lockfile)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Sonnet 4.6 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1262e54..12dc5af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM oven/bun:alpine WORKDIR /app -COPY package.json bun.lockb ./ +COPY package.json bun.lock ./ RUN bun install --frozen-lockfile COPY src/ src/ USER bun From c9280514d7e72ebdb930f162ad375c2f78cce90e Mon Sep 17 00:00:00 2001 From: Kailas Mahavarkar <66670953+KailasMahavarkar@users.noreply.github.com> Date: Fri, 10 Apr 2026 17:06:29 +0530 Subject: [PATCH 3/3] fix: revert to ghcr.io and make package public after each push - Restore ghcr.io as registry (Docker Hub changes reverted) - Add 'Make package public' step that patches /orgs/orkait/packages/container/hyperstack with visibility=public after every image push Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/publish.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index b25b43e..7f3ed39 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -83,7 +83,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Log in to the Container registry + - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} @@ -103,3 +103,11 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + + - name: Make package public on ghcr.io + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh api --method PATCH \ + /orgs/orkait/packages/container/hyperstack \ + -f visibility=public