- 📅 CalVer format —
YY.M.Dfor the first bump of the day,YY.M.D-Nfor same-day collisions (e.g.26.5.10,26.5.10-1,26.5.10-2). Valid semver, npm-accepted. - 📦 Monorepo support — path-glob config selects which
package.jsonfiles to bump based on what changed in the merged PR. - 🛡️ Ruleset-friendly — authenticates as a registered GitHub App that you add to your branch protection's bypass list. No long-lived PATs.
- ☁️ Zero hosted infrastructure — the App has no webhooks; the Action runs in your CI and mints short-lived installation tokens itself.
- ✅ Verified commits — bump commits are GPG-signed by GitHub on the App's behalf, no signing key to manage.
- Register the easy-versioning GitHub App in your org (one-time) — see
docs/installation.md. - Install it on your repo and add
EASY_VERSIONING_APP_ID+EASY_VERSIONING_PRIVATE_KEYas repo or org secrets. - Copy
examples/workflow.yml→.github/workflows/easy-versioning.yml. - (Optional) Copy
examples/easy-versioning.yml→.github/easy-versioning.ymlfor monorepo configuration. - Add the App to your default branch's ruleset bypass list.
- Open a PR, merge it, watch the version bump commit appear. 🎉
flowchart LR
A[PR merged] --> B[push to default branch]
B --> C[Action runs in CI]
C --> D[diff HEAD vs prev commit]
D --> E{file matches<br/>package triggers?}
E -- yes --> F[bump package.json]
E -- no --> G[skip]
F --> H[createCommitOnBranch<br/>GraphQL]
H --> I[✅ Verified bump commit]
- 🔁 The action runs on
pushevents to your default branch (after a PR merges). - 🔍 It diffs
HEADagainst the previous commit to compute changed files. - 📂 For each
packages[]entry in your config, if any changed file matches itstriggersglobs (and isn't in the globalignorelist), the action bumps that package's version. - ✍️ The bump commit is created via GitHub's GraphQL
createCommitOnBranchmutation, so it shows up as Verified (signed by GitHub) and is properly attributed to your App's bot identity. The commit message includes[skip ci]so it doesn't trigger another CI run. - 🔢 Same-day collisions add a numeric
-Nsuffix that increments per same-day bump (26.5.10,26.5.10-1,26.5.10-2...).
| Document | What's inside |
|---|---|
| 📖 Installation guide | App registration, secrets, workflow setup |
| 🔐 Security model | Threat model, ruleset bypass semantics, key rotation |
| 📄 App manifest | Pre-filled GitHub App registration template |
MIT — see LICENSE.