chore: commit version bump directly to master instead of opening a PR

[Copilot]

After publishing to npm, the release workflow was creating a PR to bump the version back to master, requiring a manual merge. This replaces that flow with a direct commit+push to the default branch.

Changes

• Workflow rename: Release (npm publish + version bump PR) → Release (npm publish + version bump)
• Permissions: Removed pull-requests: write (no longer needed)
• Last two steps replaced with a single Commit version bump to default branch step:

- name: Commit version bump to default branch
  env:
    DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
    VERSION: ${{ steps.ver.outputs.version }}
  run: |
    git restore package.json package-lock.json
    git checkout "$DEFAULT_BRANCH"
    npm version "$VERSION" --no-git-tag-version
    git config user.name "github-actions[bot]"
    git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
    git add package.json package-lock.json
    git commit -m "chore(release): ${VERSION}"
    git push origin "$DEFAULT_BRANCH"

Drops the peter-evans/create-pull-request@v8 dependency entirely.

Original prompt

Rework .github/workflows/release.yml so that after publishing to npm, the version bump is committed and pushed directly to the default branch (master) instead of creating a pull request that needs to be manually merged.

Changes required to .github/workflows/release.yml:

1. Update the workflow name from Release (npm publish + version bump PR) to Release (npm publish + version bump).

2. Remove the pull-requests: write permission — it's no longer needed since we're not creating a PR. Keep contents: write and id-token: write.

3. Replace the last two steps ("Switch to default branch for version bump" and "Create PR for version bump back to default branch" using peter-evans/create-pull-request@v8) with a single step named "Commit version bump to default branch" that:

   • Uses env vars DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} and VERSION: ${{ steps.ver.outputs.version }}
   • Restores package.json and package-lock.json (discarding changes from the publish step)
   • Checks out $DEFAULT_BRANCH
   • Runs npm version "$VERSION" --no-git-tag-version
   • Configures git identity as github-actions[bot] (name: github-actions[bot], email: 41898282+github-actions[bot]@users.noreply.github.com)
   • Stages package.json and package-lock.json
   • Commits with message chore(release): ${VERSION}
   • Pushes to origin "$DEFAULT_BRANCH"

Final file should look like:

---
name: Release (npm publish + version bump)

on:
  release:
    types: [published]

permissions:
  contents: write
  id-token: write

jobs:
  release:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout (release tag)
        uses: actions/checkout@v6
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v6
        with:
          node-version: 24
          cache: npm
          registry-url: https://registry.npmjs.org

      - name: Validate release tag (must be SemVer without leading "v")
        id: ver
        shell: bash
        run: |
          TAG="${{ github.event.release.tag_name }}"

          # Enforce: no leading "v"
          if [[ "$TAG" == v* ]]; then
            echo "Release tag '$TAG' starts with 'v'. Please use tags like '0.25.1' (no leading v)."
            exit 1
          fi

          # Enforce: SemVer-like
          if ! [[ "$TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+([.-].+)?$ ]]; then
            echo "Release tag '$TAG' does not look like SemVer (expected e.g. 0.25.1)."
            exit 1
          fi

          echo "version=$TAG" >> "$GITHUB_OUTPUT"

      - name: Install dependencies
        run: npm ci

      - name: Ensure package is not private
        shell: bash
        run: |
          node -e '
            const p=require("./package.json");
            if (p.private === true) {
              console.error("package.json has private:true - refusing to publish.");
              process.exit(1);
            }
          '

      - name: Set package version to release version (no git tag)
        run: npm version "${{ steps.ver.outputs.version }}" --no-git-tag-version

      - name: Preflight - show what will be published
        run: |
          node -p "require('./package.json').name + '@' + require('./package.json').version"
          npm pack --dry-run

      - name: Publish to npm (Trusted Publishing / OIDC)
        run: npm publish --access public

      # After publishing, commit the version bump directly to the default branch.
      # The release event checks out the tag (detached HEAD), so we switch to
      # the default branch and re-apply the version bump there.
      - name: Commit version bump to default branch
        env:
          DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
          VERSION: ${{ steps.ver.outputs.version }}
        run: |
          git restore package.json package-lock.json
          git checkout "$DEFAULT_BRANCH"
          npm version "$VERSION" --no-git-tag-version
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git add package.json package-lock.json
          git commit -m "chore(release): ${VERSION}"
          git push origin "$DEFAULT_BRANCH"

This pull request was created from Copilot chat.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[KristjanESPERANTO]

That's seems to be a much nicer solution 👍