Release Workflow
BoxBrain uses a tag-triggered Gitea Actions workflow to publish the package to npm.
Trigger
Creating and pushing either of these tag forms starts the release workflow:
The workflow file lives at:
Verify stage
Before publishing, the workflow performs a full verification pass on the tagged source.
At a high level it:
- installs release tooling in the CI container
- clones the tagged BoxBrain source
- verifies that the tag name matches
package.json version
- runs the full verify pipeline:
bun install --frozen-lockfilebun run testbun run checkbun run build
Publish stage
Only after verify succeeds, the workflow:
- clones the tagged source again
- installs dependencies with Bun
- builds the package
- publishes to npm with
NODE_AUTH_TOKEN
IdentityDB dependency model
BoxBrain now depends on the published npm package:
That means the release workflow does not need a sibling IdentityDB checkout anymore.
Trusted Bun dependencies
The repository keeps these entries in trustedDependencies:
This matters because clean Bun installs must allow the necessary lifecycle scripts for native/runtime build steps.
Local verification before tagging
A normal local verification pass is:
If you want to simulate a clean release-style clone:
Current published version
At the time of writing, BoxBrain has already been published as: