Publishing and versioning
This document describes how jeap-jwe-client is versioned, packaged, documented, and published.
Scope
This document applies to the Angular library project:
projects/jeap-jwe-client/
The workspace root is only used for development tooling, tests, and build scripts. The publishable artifact is the built library package under:
dist/jeap-jwe-client/
Where the library version lives
The library version is defined in:
projects/jeap-jwe-client/package.json
Example:
{
"name": "@jeap/jeap-jwe-client",
"version": "1.0.0"
}
This version is copied into the generated package:
dist/jeap-jwe-client/package.json
The root package.json version is not the library version. The root package should stay private.
Recommended root metadata:
{
"name": "jeap-jwe-client-workspace",
"version": "0.0.0",
"private": true
}
Documentation versioning
Documentation is versioned together with the library.
A release tag should represent code, package metadata, changelog, and documentation together.
Tag format:
v1.0.0
Documentation location
The documentation lives in the repository root docs/ directory so the jEAP
documentation pipeline (Docusaurus) discovers and aggregates it, and so it renders
on GitHub:
README.md
docs/
projects/jeap-jwe-client/
The documentation is not bundled into the published npm package. The library
README.md links to the public documentation instead:
- the jEAP documentation site,
- the
docs/directory on GitHub.
This keeps a single source of truth for the documentation and avoids broken relative links on npmjs.com.
Packaging documentation assets
The published package includes the library README, the changelog, and the third-party license notices.
projects/jeap-jwe-client/ng-package.json:
{
"assets": [
"README.md",
"CHANGELOG.md",
"THIRD-PARTY-LICENSES.md"
]
}
Release flow
The package is published to the public npm registry as @jeap/jeap-jwe-client
through GitHub Actions, using npm Trusted Publishing (OIDC) — no long-lived
npm token is stored in CI in the steady state.
Releases are driven by the library version and run from the single
.github/workflows/build-and-release.yml workflow. You do not create release tags by hand.
- On a branch, bump the version in
projects/jeap-jwe-client/package.json, updatepubliccode.yml(softwareVersion/releaseDate) to match, and add a matchingCHANGELOG.mdentry. - Merge the version bump to
mainvia pull request. - On
main, the workflow runs lint, license verification, the compatibility matrix and packaging, then the Release to npm job. If the new version has no matchingv<version>tag yet, it diffsTHIRD-PARTY-LICENSES.md, builds the library, verifies the package contents, publishesdist/jeap-jwe-client/to npm with provenance, and pushes avX.Y.Zrecord tag (with the defaultGITHUB_TOKEN). A merge that does not bump the version is a no-op.
In short: merging a version bump to main releases that version. The tag is a
record/idempotency marker, not a trigger, so no PAT is involved.
The one-time maintainer setup that makes publishing work (npm org, the release
environment, the first bootstrap release, and configuring the trusted publisher) is
documented in npm publishing setup.