laurigates/configure-release-please
configure-plugin/skills/configure-release-please/SKILL.md
release-please workflow setup and auditing. Use when configuring release-please, upgrading release-please-action, or adding a package to a monorepo config.
$ install --global
skillsauthnpx skillsauth add laurigates/claude-plugins configure-release-pleaseInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 9:16 AM177.4s2 files scanned
SKILL.md
- created:
- 2025-12-16
- modified:
- 2026-05-09
- reviewed:
- 2025-12-16
- description:
- release-please workflow setup and auditing. Use when configuring release-please, upgrading release-please-action, or adding a package to a monorepo config.
- allowed-tools:
- Glob, Grep, Read, Write, Edit, Bash, AskUserQuestion, TodoWrite, WebSearch, WebFetch
- args:
- [--check-only] [--fix]
- argument-hint:
- [--check-only] [--fix]
- name:
- configure-release-please
/configure:release-please
Check and configure release-please against project standards.
When to Use This Skill
| Use this skill when... | Use another approach when... |
|------------------------|------------------------------|
| Setting up release-please for a new project from scratch | Manually editing CHANGELOG.md or version fields — use conventional commits instead |
| Auditing existing release-please configuration for compliance | Creating a one-off release — use gh release create directly |
| Upgrading release-please-action to the latest version | Debugging a failed release PR — check GitHub Actions logs directly |
| Ensuring workflow uses correct token (MY_RELEASE_PLEASE_TOKEN) | Managing npm/PyPI publishing — configure separate publish workflows |
| Adding a new package to a monorepo release-please configuration | Writing conventional commit messages — use /git:commit skill |
Context
- Workflow file: !
find .github/workflows -maxdepth 1 -name 'release-please*' - Config file: !
find . -maxdepth 1 -name \'release-please-config.json\' - Manifest file: !
find . -maxdepth 1 -name \'.release-please-manifest.json\' - Package files: !
find . -maxdepth 1 \( -name 'package.json' -o -name 'pyproject.toml' -o -name 'Cargo.toml' -o -name 'go.mod' \) - Workflows dir: !
find . -maxdepth 1 -type d -name \'.github/workflows\'
Skills referenced: release-please-standards, release-please-protection
Parameters
Parse from command arguments:
--check-only: Report status without offering fixes--fix: Apply all fixes automatically
Execution
Execute this release-please configuration check:
Step 1: Fetch latest action version
Run this command to get the current release-please-action version dynamically:
curl -s https://api.github.com/repos/googleapis/release-please-action/releases/latest | jq -r '.tag_name'
References:
- release-please-action releases
- release-please CLI releases
Step 2: Detect project type
Determine appropriate release-type from detected package files:
- node: Has
package.json(default for frontend/backend apps) - python: Has
pyproject.tomlwithoutpackage.json - helm: Infrastructure with Helm charts
- simple: Generic projects
Step 3: Analyze compliance
Workflow file checks:
- Action version:
googleapis/release-please-action@v4 - Token: Uses
MY_RELEASE_PLEASE_TOKENsecret (not GITHUB_TOKEN) - Trigger: Push to
mainbranch - Permissions:
contents: write,pull-requests: write
Config file checks:
- Valid release-type for project
- changelog-sections includes
featandfix - Appropriate plugins (e.g.,
node-workspacefor Node projects)
Manifest file checks:
- Valid JSON structure
- Package paths match config
Step 4: Generate compliance report
Print a formatted compliance report showing file status and configuration check results. If --check-only is set, stop here.
For the report format, see REFERENCE.md.
Step 5: Apply configuration (if --fix or user confirms)
- Missing workflow: Create from standard template
- Missing config: Create with detected release-type
- Missing manifest: Create with initial version
0.0.0 - Outdated action: Update to v4
- Wrong token: Update to use MY_RELEASE_PLEASE_TOKEN
For standard templates, see REFERENCE.md.
Step 6: Update standards tracking
Update .project-standards.yaml:
components:
release-please: "2025.1"
Agentic Optimizations
| Context | Command |
|---------|---------|
| Quick compliance check | /configure:release-please --check-only |
| Auto-fix all issues | /configure:release-please --fix |
| Check latest action version | curl -s https://api.github.com/repos/googleapis/release-please-action/releases/latest \| jq -r '.tag_name' |
| Verify config JSON | jq . release-please-config.json |
| Verify manifest JSON | jq . .release-please-manifest.json |
| Check workflow exists | find .github/workflows -name 'release-please*' |
Important Notes
- Requires
MY_RELEASE_PLEASE_TOKENsecret in repository settings - CHANGELOG.md is managed by release-please - never edit manually
- Version fields in package.json/pyproject.toml are managed automatically
- Works with
conventional-pre-commithook for commit validation
See Also
/configure:pre-commit- Ensure conventional commits hook/configure:all- Run all compliance checksrelease-please-protectionskill - Protected file rules
Related Skills
laurigates/workflow-verify-before-filing
testing
VerifiedTrustedCommunity
Verify accumulated bug claims at upstream HEAD and dedup against trackers before filing issues. Use when filing upstream reports from backlogs, audit docs, or git-history findings.
38SKILL.mdUpdated Jun 12, 2026
laurigates/cold-read-gate
documentation
VerifiedTrustedCommunity
Gate outward-bound text (upstream issues, docs, PR bodies) through isolated haiku fresh-reader critique before publishing. Use when an artifact must survive a reader with zero project context.
38SKILL.mdUpdated Jun 12, 2026
laurigates/evaluate-improve
tools
VerifiedTrustedCommunity
Suggest improvements to SKILL.md content, descriptions, or tool config from eval results. Use when raising pass rates, fixing triggering, or iterating on a skill after evaluation.
38SKILL.mdUpdated Apr 16, 2026
laurigates/deadbranch
tools
VerifiedTrustedCommunity
deadbranch CLI for stale-branch cleanup — dry-run preview, TUI or non-interactive delete, protects main/develop/WIP. Use when asked to clean up branches, prune branches, or remove stale branches.
37SKILL.mdUpdated Jun 11, 2026