laurigates/release-please-standards
configure-plugin/skills/release-please-standards/SKILL.md
release-please standards and configuration reference. Use when configuring release workflows, checking automation compliance, or working with version bumps.
$ install --global
skillsauthnpx skillsauth add laurigates/claude-plugins release-please-standardsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 9:17 AM165.8s1 file scanned
SKILL.md
- created:
- 2025-12-16
- modified:
- 2026-06-01
- reviewed:
- 2026-06-01
- name:
- release-please-standards
- description:
- release-please standards and configuration reference. Use when configuring release workflows, checking automation compliance, or working with version bumps.
- user-invocable:
- false
- allowed-tools:
- Bash, Read, Write, Edit, Grep, Glob
Release-Please Standards
When to Use This Skill
| Use this skill when... | Use the alternative instead when... |
|---|---|
| You need the canonical release-please workflow, manifest, and config-file shape | You want to audit or set up release-please end-to-end as an interactive workflow — use configure-release-please |
| You are checking an existing release-please setup against documented conventions | You want runtime detection of repo type and existing config before changes — use configure-release-please |
| Another skill needs to cite the standard release-please configuration | You are configuring monorepo component tags, per-package extra-files, or shared→component tag migration — use git-plugin:release-please-configuration |
Version: 2025.1
Standard release-please configuration for automated semantic versioning and changelog generation.
Standard Configuration
GitHub Actions Workflow
File: .github/workflows/release-please.yml
name: Release Please
on:
push:
branches:
- main
permissions:
contents: write
pull-requests: write
jobs:
release-please:
runs-on: ubuntu-latest
steps:
- uses: googleapis/release-please-action@v5
with:
token: ${{ secrets.MY_RELEASE_PLEASE_TOKEN }}
Configuration Files
File: release-please-config.json
{
"packages": {
".": {
"release-type": "node",
"changelog-sections": [
{"type": "feat", "section": "Features"},
{"type": "fix", "section": "Bug Fixes"},
{"type": "perf", "section": "Performance"},
{"type": "deps", "section": "Dependencies"},
{"type": "docs", "section": "Documentation", "hidden": true},
{"type": "chore", "section": "Miscellaneous", "hidden": true}
]
}
},
"plugins": ["node-workspace"]
}
File: .release-please-manifest.json
{
".": "0.0.0"
}
Note: Version 0.0.0 is a placeholder - release-please updates this automatically.
Project Type Variations
Node.js Frontend/Backend
- release-type:
node - plugins:
node-workspace - Updates:
package.jsonversion field
Python Service
- release-type:
python - Updates:
pyproject.tomlversion field,__version__in code
Infrastructure (Helm)
- release-type:
helm - Updates:
Chart.yamlversion field
Multi-package Repository
Monorepos need component on every package and include-component-in-tag: true
at the root, plus per-package extra-files and (optionally) the
linked-versions plugin:
{
"packages": {
"packages/frontend": {"release-type": "node", "component": "frontend"},
"packages/backend": {"release-type": "node", "component": "backend"}
},
"plugins": ["node-workspace"]
}
For the full monorepo strategy — component tagging, duplicate-tag / multiple-paths
fixes, per-package extra-files path rules, linked versions, adding a package,
and shared→component tag migration — see git-plugin:release-please-configuration.
Required Components
Minimum Requirements
-
Workflow file:
.github/workflows/release-please.yml- Uses
googleapis/release-please-action@v5 - Token:
MY_RELEASE_PLEASE_TOKENsecret - Triggers on push to
main
- Uses
-
Config file:
release-please-config.json- Valid release-type for project
- changelog-sections defined
-
Manifest file:
.release-please-manifest.json- Lists all packages with current versions
Token Configuration
The workflow uses MY_RELEASE_PLEASE_TOKEN secret (not GITHUB_TOKEN) because:
- Allows release PRs to trigger other workflows
- Enables CI checks on release PRs
- Maintains proper audit trail
Compliance Checking
Status Levels
| Status | Condition | |--------|-----------| | PASS | All three files present with valid configuration | | WARN | Files present but using deprecated action version (older than v5) | | FAIL | Missing required files or invalid configuration |
Validation Rules
-
Workflow validation:
- Action version:
v5(warn if older) - Token: Must use secret, not hardcoded
- Trigger: Must include
pushtomain
- Action version:
-
Config validation:
- release-type: Must be valid (node, python, helm, simple)
- changelog-sections: Must include feat and fix
-
Manifest validation:
- Must be valid JSON
- Packages must match config
Protected Files
IMPORTANT: Release-please manages these files automatically:
CHANGELOG.md- Never edit manually- Version fields in
package.json,pyproject.toml,Chart.yaml .release-please-manifest.json- Only edit for initial setup
See release-please-protection skill for enforcement.
Conventional Commits
Release-please requires conventional commit messages:
| Prefix | Release Type | Example |
|--------|--------------|---------|
| feat: | Minor | feat: add user authentication |
| fix: | Patch | fix: correct login timeout |
| feat!: | Major | feat!: redesign API |
| BREAKING CHANGE: | Major | In commit body |
Installation
- Create workflow file
- Create config file
- Create manifest file
- Add
MY_RELEASE_PLEASE_TOKENto repository secrets - Ensure pre-commit has conventional-pre-commit hook
Troubleshooting
Release PR Not Created
- Check conventional commit format
- Verify workflow has correct permissions
- Ensure token has write access
Version Not Updated
- Check manifest file is valid JSON
- Verify release-type matches project
- Review release-please logs in Actions
CI Not Running on Release PR
- Token must be PAT, not GITHUB_TOKEN
- Verify workflow trigger includes pull_request
Related Skills
laurigates/comfyui-node-scaffold
tools
VerifiedTrustedCommunity
Scaffold a new ComfyUI custom-node repo (pyproject, CI, release-please, vitest+pytest, JS extension skeleton) in the picker/gesture vein. Use when bootstrapping or init-ing a comfyui node pack.
35SKILL.mdUpdated Jun 5, 2026
laurigates/comfy-node
tools
VerifiedTrustedCommunity
Orchestrate a ComfyUI node pack from idea to registry: scaffold, create + seed the repo, open the gitops adoption PR. Use when releasing or spinning up a new comfyui node pack.
35SKILL.mdUpdated Jun 5, 2026
laurigates/endpoint-security-cpu
testing
VerifiedTrustedCommunity
macOS EndpointSecurity/EDR high CPU & battery drain. Use when Kandji ESF / XProtect pegs a core; trace the exec storm via powermetrics + eslogger.
35SKILL.mdUpdated Jun 4, 2026
laurigates/odiff-image-diffing
development
VerifiedTrustedCommunity
odiff pixel-by-pixel image diffing. Use when comparing screenshots, detecting visual regressions, diffing before/after PNGs, asserting golden images.
35SKILL.mdUpdated May 30, 2026