uinaf/gh-release-pipeline
Set up or align a GitHub Actions release pipeline for a versioned package, library, CLI, or marketplace action. Use when standardizing repos around the verify-then-release shape: push to main → guardrails → semantic-release tags + publishes → version-bump commit back to main with [skip ci].
99
1.55x
Quality
100%
Does it follow best practices?
Impact
98%
1.55xAverage score across 4 eval scenarios
Securityby
Passed
No known issues
criteria.jsonevals/scenario-2/
{
"context": "Tests whether the agent correctly sets up a GitHub Actions CI/CD pipeline for an npm TypeScript library using semantic-release, covering the verify/release job structure, concurrency configuration, [skip ci] guards, checkout depth, bot identity, permissions, and semantic-release plugin ordering and configuration.",
"type": "weighted_checklist",
"checklist": [
{
"name": "fetch-depth verify",
"description": "The verify job's checkout step uses `fetch-depth: 0` (not the default shallow clone)",
"max_score": 5
},
{
"name": "fetch-depth release",
"description": "The release job's checkout step uses `fetch-depth: 0`",
"max_score": 5
},
{
"name": "Verify concurrency group",
"description": "The verify job (or workflow-level) has a cancellable concurrency group with `cancel-in-progress: true`",
"max_score": 6
},
{
"name": "Release concurrency group",
"description": "The release job has a job-level non-cancellable concurrency group with `cancel-in-progress: false`",
"max_score": 6
},
{
"name": "skip ci on verify",
"description": "The verify job has an `if:` condition that skips execution when the commit message contains `[skip ci]`",
"max_score": 6
},
{
"name": "skip ci on release",
"description": "The release job has an `if:` condition that skips execution when the commit message contains `[skip ci]`",
"max_score": 6
},
{
"name": "Bot identity in step env",
"description": "GIT_AUTHOR_NAME, GIT_AUTHOR_EMAIL, GIT_COMMITTER_NAME, GIT_COMMITTER_EMAIL are set inside the semantic-release step's `env:`, NOT at job level",
"max_score": 7
},
{
"name": "Bot uses noreply address",
"description": "The bot email addresses use a `noreply.github.com` domain (not a real human email)",
"max_score": 4
},
{
"name": "Release permissions",
"description": "The release job explicitly declares `permissions: { contents: write, issues: write, pull-requests: write }`",
"max_score": 6
},
{
"name": "semantic-release action version",
"description": "Uses `cycjimmy/semantic-release-action@v4` (not v3, v5, v6, or a different action)",
"max_score": 5
},
{
"name": "Plugin order",
"description": "Plugins are ordered: commit-analyzer before release-notes-generator, both before publish plugins, @semantic-release/git before @semantic-release/github",
"max_score": 8
},
{
"name": "Matching preset",
"description": "Both @semantic-release/commit-analyzer and @semantic-release/release-notes-generator are configured with `\"preset\": \"conventionalcommits\"`",
"max_score": 8
},
{
"name": "git plugin message",
"description": "The @semantic-release/git plugin's message contains `[skip ci]` and uses the `chore(release): ${nextRelease.version}` format",
"max_score": 8
},
{
"name": "registry-url in setup-node",
"description": "The `actions/setup-node` step in the release job includes `registry-url: \"https://registry.npmjs.org\"`",
"max_score": 8
},
{
"name": "release needs verify",
"description": "The release job declares `needs: [verify]` (or equivalent), making verify the gate to publish",
"max_score": 6
},
{
"name": "Secrets on step",
"description": "NPM_TOKEN and GITHUB_TOKEN are declared in the semantic-release step's `env:`, not at the job level",
"max_score": 6
}
]
}