Github Release

1---2name: github-release3description: "Prepare and publish GitHub releases. Sanitizes code for public release (secrets scan, personal artifacts, LICENSE/README validation), creates version tags, and publishes via gh CLI. Trigger with 'release', 'publish', 'open source', 'prepare for release', 'create release', or 'github release'."4compatibility: claude-code-only5---6 7# GitHub Release8 9Sanitize and release projects to GitHub. Two-phase workflow: safety checks first, then tag and publish.10 11## Prerequisites12 13- `gh` CLI installed and authenticated (`gh auth status`)14- `gitleaks` installed for secrets scanning (`brew install gitleaks` or download from GitHub)15- Git repository with a remote configured16 17## Workflow18 19### Phase 1: Sanitize20 21Run these checks before any public release. Stop on blockers.22 23#### 1. Scan for Secrets (BLOCKER)24 25```bash26gitleaks detect --no-git --source=. --verbose27```28 29If secrets found: **STOP**. Remove secrets, move to environment variables. Check git history with `git log -S "secret_value"` — if in history, use BFG Repo-Cleaner.30 31If gitleaks not installed, do manual checks:32 33```bash34# Check for .env files35find . -name ".env*" -not -path "*/node_modules/*"36 37# Check config files for hardcoded secrets38grep -ri "api_key\|token\|secret\|password" wrangler.toml wrangler.jsonc .dev.vars 2>/dev/null39```40 41#### 2. Remove Personal Artifacts42 43Check for and remove session/planning files that shouldn't be published:44 45- `SESSION.md` — session state46- `planning/`, `screenshots/` — working directories47- `test-*.ts`, `test-*.js` — local test files48 49Either delete them or add to `.gitignore`.50 51#### 3. Validate LICENSE52 53```bash54ls LICENSE LICENSE.md LICENSE.txt 2>/dev/null55```56 57If missing: create one. Check the repo visibility (`gh repo view --json visibility -q '.visibility'`). Use MIT for public repos. For private repos, consider a proprietary license instead.58 59#### 4. Validate README60 61Check README exists and has basic sections:62 63```bash64grep -i "## Install\|## Usage\|## License" README.md65```66 67If missing sections, add them before release.68 69#### 5. Check .gitignore70 71Verify essential patterns are present:72 73```bash74grep -E "node_modules|\.env|dist/|\.dev\.vars" .gitignore75```76 77#### 6. Build Test (non-blocking)78 79```bash80npm run build 2>&181```82 83#### 7. Dependency Audit (non-blocking)84 85```bash86npm audit --audit-level=high87```88 89#### 8. Create Sanitization Commit90 91If any changes were made during sanitization:92 93```bash94git add -A95git commit -m "chore: prepare for release"96```97 98### Phase 2: Release99 100#### 1. Determine Version101 102Check `package.json` for current version, or ask the user. Ensure version starts with `v` prefix.103 104#### 2. Check Tag Doesn't Exist105 106```bash107git tag -l "v[version]"108```109 110If it exists, ask user whether to delete and recreate or use a different version.111 112#### 3. Show What's Being Released113 114```bash115LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")116if [ -z "$LAST_TAG" ]; then117  git log --oneline --no-merges HEAD | head -20118else119  git log --oneline --no-merges ${LAST_TAG}..HEAD120fi121```122 123#### 4. Create Tag and Push124 125```bash126git tag -a v[version] -m "Release v[version]"127git push origin $(git branch --show-current)128git push origin --tags129```130 131#### 5. Create GitHub Release132 133```bash134gh release create v[version] \135  --title "Release v[version]" \136  --notes "[auto-generated from commits]"137```138 139For pre-releases add `--prerelease`. For drafts add `--draft`.140 141#### 6. Report142 143Show the user:144- Release URL145- Next steps (npm publish if applicable, announcements)146 147## Reference Files148 149| When | Read |150|------|------|151| Detailed safety checks | [references/safety-checklist.md](references/safety-checklist.md) |152| Release mechanics | [references/release-workflow.md](references/release-workflow.md) |