Skip to content

SQLR-64: publish sqlrite-notes example to npm#144

Merged
joaoh82 merged 1 commit into
mainfrom
sqlr-64-publish-sqlrite-notes
May 25, 2026
Merged

SQLR-64: publish sqlrite-notes example to npm#144
joaoh82 merged 1 commit into
mainfrom
sqlr-64-publish-sqlrite-notes

Conversation

@joaoh82
Copy link
Copy Markdown
Owner

@joaoh82 joaoh82 commented May 25, 2026

Closes SQLR-64. Follow-up from SQLR-40 / #141 — gets the example to the original DoD of npx sqlrite-notes init <dir> on a fresh machine, no clone, no Rust toolchain.

Summary

  • Drops "private": true and adds files + publishConfig (OIDC provenance, public access) to examples/nodejs-notes/package.json; bumps to 0.10.1 + engine pin to ^0.10.1 so the package ships in lockstep with the engine.
  • Adds a publish-notes-example job to release.yml mirroring publish-nodejs (OIDC trusted publishing, sigstore provenance, --access public). Sequenced after publish-nodejs so the example resolves its @joaoh82/sqlrite pin against the version just put on npm.
  • Extends scripts/bump-version.sh with the example's package.json and a new @joaoh82/sqlrite caret-pin sweep + verification, symmetric to the existing inter-workspace Cargo path-dep sweep.
  • Switches the README to lead with npx sqlrite-notes init <dir>; keeps the clone path documented under Development.
  • Adds the bootstrap docs (docs/release-secrets.md §3c) for the one-time npm placeholder + trusted-publisher setup. Documents the @joaoh82/sqlrite-notes fallback if the unscoped name is rejected.

Package name

Going with unscoped sqlrite-notes per the ticket — notes isn't a confusable suffix of any existing popular package. If the npm publish of the bootstrap placeholder is rejected by the similarity check, fall back to @joaoh82/sqlrite-notes; the docs spell that out.

Out of scope

  • The one-time bootstrap publish + trusted-publisher wiring (§3c in docs/release-secrets.md).
  • Republishing @joaoh82/sqlrite itself — unchanged.
  • Publishing sqlrite-mcp to npm — stays a Rust binary on crates.io + GitHub Releases.

Test plan

  • bash -n scripts/bump-version.sh
  • yaml.safe_load on .github/workflows/release.yml
  • ./scripts/bump-version.sh 0.99.0 dry-run → all 13 manifests bump + @joaoh82/sqlrite pin moves to ^0.99.0; verification ✓; reverted.
  • npm test in examples/nodejs-notes/ → 40/40 pass.
  • npm pack --dry-run → 13 files, 23.1 kB packed (README.md + bin/ + src/ + package.json). No test fixtures, no node_modules.
  • node bin/sqlrite-notes.mjs help prints 0.10.1 (VERSION reads from package.json).
  • End-to-end: npm install ./sqlrite-notes-0.10.1.tgz into a scratch dir, ./node_modules/.bin/sqlrite-notes help runs.
  • npx sqlrite-notes@latest init <dir> end-to-end — needs the package on npm (post-merge smoke).
  • npm audit signatures against a published version — same.
  • CI workflow fires for real on the next release wave.

🤖 Generated with Claude Code

@joaoh82 @claude
feat(examples): SQLR-64 publish sqlrite-notes example to npm
4ec1fb8 
Lets users `npx sqlrite-notes init <dir>` on a fresh machine — the
parent ticket's (SQLR-40) DoD that the shipped example didn't meet
because it still required cloning the repo.

- `examples/nodejs-notes/package.json`: drop `private: true`; bump
  to 0.10.1 (lockstep with engine); bump `@joaoh82/sqlrite` pin to
  ^0.10.1; add `files` whitelist + `publishConfig` (public, OIDC
  provenance).
- `examples/nodejs-notes/src/cli.mjs`: read VERSION from package.json
  so the lockstep bump propagates automatically.
- `examples/nodejs-notes/README.md`: Install / Run sections lead with
  `npx sqlrite-notes init <dir>`; clone path kept under Development.
- `scripts/bump-version.sh`: add the example's package.json to
  JSON_FILES + new NPM_DEP_PIN_FILES sweep that rewrites the
  `@joaoh82/sqlrite` caret pin in lockstep; verification block
  extended to catch missed pins.
- `.github/workflows/release.yml`: new `publish-notes-example` job
  (mirrors publish-nodejs — OIDC trusted publishing, sigstore
  provenance, `--access public`); `sqlrite-notes-v$V` tag added to
  tag-all; wired into finalize.needs + umbrella release body.
- `docs/release-plan.md`: product-tag table row + lockstep note;
  bumped manifest list to include the example's package.json.
- `docs/release-secrets.md`: §3 retitled "three packages"; new §3c
  documents the placeholder-publish + trusted-publisher bootstrap
  for unscoped `sqlrite-notes` (with `@joaoh82/sqlrite-notes`
  fallback if the registry rejects the unscoped name).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented May 25, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
rust-sqlite Ready Ready Preview, Comment May 25, 2026 8:53pm

Request Review

@joaoh82 joaoh82 merged commit 83eae48 into main May 25, 2026
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@joaoh82