antjanus/setup-semantic-release
skills/setup-semantic-release/SKILL.md
Set up semantic-release with conventional commits. Use when asked to "set up semantic release", "add conventional commits", "configure automated versioning", "set up commitlint", "add husky hooks", or "generate a changelog".
$ install --global
skillsauthnpx skillsauth add antjanus/skillbox setup-semantic-releaseInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 1, 2026, 3:31 AM278.6s2 files scanned
SKILL.md
- name:
- setup-semantic-release
- description:
- Set up semantic-release with conventional commits. Use when asked to "set up semantic release", "add conventional commits", "configure automated versioning", "set up commitlint", "add husky hooks", or "generate a changelog".
- license:
- MIT
- author:
- Antonin Januska
- version:
- 1.2.0
Setup Semantic Release & Conventional Commits
Wire up automated versioning: conventional commits → commitlint → husky hooks → semantic-release. Version bumps, changelogs, and GitHub releases are derived from commit messages. Core principle: commits drive releases — enforce format at author time, automate the rest.
Skip if the project already has .releaserc*, uses another release tool (changesets, release-it, standard-version), or has no package.json. Prerequisites: package.json, git remote on GitHub, Node ≥18, and a CI environment (GitHub Actions).
Phase 1: Install
npm install --save-dev \
@commitlint/cli@^19.0.0 @commitlint/config-conventional@^19.0.0 \
semantic-release@^24.0.0 @semantic-release/changelog@^6.0.0 \
@semantic-release/git@^10.0.0 husky@^9.0.0
| Package | Purpose |
|---------|---------|
| @commitlint/cli + config-conventional | Validate commit messages against conventional rules |
| semantic-release | Automate version bumps, changelogs, releases |
| @semantic-release/changelog | Generate/update CHANGELOG.md |
| @semantic-release/git | Commit release artifacts back to repo |
| husky | Manage git hooks |
Phase 2: Commitlint
Create commitlint.config.js (use module.exports = {...} if package.json lacks "type": "module"):
export default {
extends: ['@commitlint/config-conventional'],
rules: {
'type-enum': [2, 'always', [
'feat', 'fix', 'docs', 'style', 'refactor',
'perf', 'test', 'build', 'ci', 'chore', 'revert',
]],
'subject-case': [2, 'always', 'lower-case'],
'header-max-length': [2, 'always', 100],
'body-max-line-length': [0], // disable — conflicts with semantic-release notes
},
};
Type → bump: feat = minor · fix = patch · feat! or BREAKING CHANGE: footer = major · all others (docs, test, chore, …) = no release.
Phase 3: Semantic-release
Create .releaserc.json (plugin order matters; set branches to your default branch):
{
"branches": ["main"],
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
["@semantic-release/changelog", { "changelogFile": "CHANGELOG.md" }],
["@semantic-release/git", {
"assets": ["CHANGELOG.md", "package.json", "package-lock.json"],
"message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
}],
"@semantic-release/github"
]
}
[skip ci] prevents the release commit from triggering an infinite CI loop. For pre-release branches see references/REFERENCE.md.
Phase 4: Husky hooks
npx husky init # creates .husky/, adds "prepare": "husky"
echo 'npx --no -- commitlint --edit $1' > .husky/commit-msg # validate every commit message
Then ask the user what pre-commit check they want, and write it (or remove the default):
| Choice | Command |
|--------|---------|
| TypeScript build | npm run build |
| Lint | npm run lint |
| Test | npm test |
| Lint + Test | npm run lint && npm test |
| None | rm .husky/pre-commit |
echo '<chosen-command>' > .husky/pre-commit
If npx husky init didn't add "prepare": "husky" to package.json scripts, add it manually — it reinstalls hooks on every npm install.
Phase 5: Starter CHANGELOG
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
Semantic-release prepends entries on each release.
Phase 6: CI workflow
Create .github/workflows/release.yml:
name: Release
on:
push:
branches: [main]
permissions:
contents: write
issues: write
pull-requests: write
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # required — semantic-release needs full history
- uses: actions/setup-node@v4
with:
node-version: 'lts/*'
- run: npm ci
- run: npx semantic-release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} # only if publishing to npm; else remove
GITHUB_TOKEN is provided automatically. Update branches if your default isn't main.
Files this creates
commitlint.config.js · .releaserc.json · .husky/commit-msg · .husky/pre-commit (or removed) · CHANGELOG.md · .github/workflows/release.yml · modifies package.json (devDeps + prepare).
Verify & troubleshoot
Smoke test, per-phase verification checklist, the commit cheat sheet, and troubleshooting (commitlint rejections, husky not running, duplicate changelog entries, CI loops, ENOGITHEAD) are in references/REFERENCE.md.
Quick check: echo "feat: test" | npx commitlint exits 0; echo "bad" | npx commitlint fails.
References
Conventional Commits · SemVer · semantic-release · commitlint · Husky. Pairs with track-session for tracking the setup across phases.
Related Skills
antjanus/evolve-skills
development
VerifiedTrustedCommunity
EXPERIMENTAL. Mine recent Claude Code transcripts for friction events, cluster them by active skill, propose patches for skills with 3+ friction events, validate each patch via headless replay, scrub the report through /publish-check, and present an EVOLUTION_REPORT.md for human review on a branch (never auto-merge). Use when asked to "evolve my skills", "audit skills against recent friction", "propose skill improvements from transcripts", "run the skill evolution pipeline", or as part of a weekly skill-quality cadence.
2SKILL.mdUpdated May 8, 2026
antjanus/track-qa
testing
VerifiedTrustedCommunity
Manual QA tracking — things tests can't verify. Use when asked to "create a QA list", "set up QA for this project", "what should I QA", "track manual QA", "audit the QA list", or "start manual QA".
2SKILL.mdUpdated May 7, 2026
antjanus/deep-research
development
VerifiedTrustedCommunity
Multi-source web research with cited synthesis in chat. Use when asked to "research X", "deep research on Y", "deep dive on Z", "investigate this topic", "compare X and Y", "pros and cons of X", or "survey the landscape of Y".
2SKILL.mdUpdated May 7, 2026
antjanus/code-review
development
VerifiedTrustedCommunity
Use this skill whenever the user wants a multi-agent review of local changes — triggers include "review my code", "review these changes", "do a code review", or "check my changes before I commit". Writes REVIEW.md. Do NOT use for an open PR by number (use /review) or a security-specific pass (use /security-review).
2SKILL.mdUpdated Apr 29, 2026