{"id":14155909,"url":"https://github.com/cdklabs/publib","last_synced_at":"2026-02-02T20:13:43.659Z","repository":{"id":37051965,"uuid":"240862686","full_name":"cdklabs/publib","owner":"cdklabs","description":"A unified toolchain for publishing libraries to popular package managers (formally jsii-release)","archived":false,"fork":false,"pushed_at":"2024-10-29T18:09:10.000Z","size":5547,"stargazers_count":54,"open_issues_count":8,"forks_count":23,"subscribers_count":15,"default_branch":"main","last_synced_at":"2024-10-29T20:52:33.763Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cdklabs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-16T09:16:43.000Z","updated_at":"2024-10-29T18:07:34.000Z","dependencies_parsed_at":"2024-01-04T01:55:46.218Z","dependency_job_id":"8776b63d-a005-45a3-81a1-a87e9791a28b","html_url":"https://github.com/cdklabs/publib","commit_stats":{"total_commits":758,"total_committers":28,"mean_commits":"27.071428571428573","dds":"0.30343007915567277","last_synced_commit":"3d8486b5dc90b888e4011c603da16d7332233c0e"},"previous_names":[],"tags_count":908,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdklabs%2Fpublib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdklabs%2Fpublib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdklabs%2Fpublib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdklabs%2Fpublib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cdklabs","download_url":"https://codeload.github.com/cdklabs/publib/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228829010,"owners_count":17978131,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-17T08:05:05.334Z","updated_at":"2025-12-30T09:26:27.247Z","avatar_url":"https://github.com/cdklabs.png","language":"TypeScript","funding_links":[],"categories":["others"],"sub_categories":[],"readme":"# publib\n\n\u003e Previously known as `jsii-release`\n\nA unified toolchain for publishing libraries to popular package managers.\n\nSupports:\n\n* npm\n* PyPI\n* NuGet\n* Maven\n* Go (GitHub)\n\n## Usage\n\nThis is an npm module. You can install it using `yarn add publib` or\n`npm install publib`. In most cases it will be installed as a `devDependency`\nin your `package.json`.\n\nThis tool expects to find a distribution directory (default name is `dist`)\nwhich contains \"ready-to-publish\" artifacts for each package manager.\n\n* `dist/js/*.tgz` - npm tarballs\n* `dist/python/*.whl` - Python wheels\n* `dist/nuget/*.nupkg` - Nuget packages\n* `dist/java/**` - Maven artifacts in local repository structure\n* `dist/go/**/go.mod` - Go modules. Each subdirectory should have its own go.mod file.\n\nEach publisher needs a set of environment variables with credentials as\ndescribed below (`NPM_TOKEN`, `TWINE_PASSWORD` etc).\n\nThen:\n\n```shell\npublib\n```\n\nYou can customize the distribution directory through `publib DIR` (the\ndefault is `dist`)\n\nThis command will discover all the artifacts based on the above structure and\nwill publish them to their respective package manager.\n\nYou can also execute individual publishers:\n\n* `publib-maven`\n* `publib-nuget`\n* `publib-npm`\n* `publib-pypi`\n* `publib-golang`\n\n## npm\n\nPublishes all `*.tgz` files from `DIR` to [npmjs](npmjs.com), [GitHub Packages](https://github.com/features/packages) or [AWS CodeArtifact](https://aws.amazon.com/codeartifact/).\n\nIf AWS CodeArtifact is used as npm registry, a temporary npm authorization token is created using AWS CLI. Therefore, it is necessary to provide the necessary [configuration settings](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html), e.g. by passing access key ID and secret access key to this script.\n\n**Usage:**\n\n```shell\nnpx publib-npm [DIR]\n```\n\n`DIR` is a directory with npm tarballs (*.tgz). Default is `dist/js`.\n\n**Options (environment variables):**\n\n| Option | Required | Description |\n| ----------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `NPM_TOKEN` | Optional | Registry authentication token (either [npm.js publishing token](https://docs.npmjs.com/creating-and-viewing-authentication-tokens) or a [GitHub personal access token](https://help.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-npm-for-use-with-github-packages#authenticating-to-github-packages)), not used for AWS CodeArtifact |\n| `NPM_TRUSTED_PUBLISHER` | Optional | Use a [Trusted Publisher](https://docs.npmjs.com/trusted-publishers) configuration to publish packages. Requires npm CLI version 11.5.1 or later. When set, `NPM_TOKEN` will be ignored. |\n| `NPM_REGISTRY` | Optional | The registry URL (defaults to \"registry.npmjs.org\"). Use \"npm.pkg.github.com\" to publish to GitHub Packages. Use repository endpoint for AWS CodeAtifact, e.g. \"my-domain-111122223333.d.codeartifact.us-west-2.amazonaws.com/npm/my_repo/\". |\n| `NPM_DIST_TAG` | Optional | Registers the published package with the given [dist-tag](https://docs.npmjs.com/cli/dist-tag) (e.g. `next`, default is `latest`) |\n| `NPM_ACCESS_LEVEL` | Optional | Publishes the package with the given [access level](https://docs.npmjs.com/cli/v8/commands/npm-publish#access) (e.g. `public`, default is `restricted` for scoped packages and `public` for unscoped packages) |\n| `AWS_ACCESS_KEY_ID` | Optional | If AWS CodeArtifact is used as registry, an AWS access key can be spedified. |\n| `AWS_SECRET_ACCESS_KEY` | Optional | Secret access key that belongs to the AWS access key. |\n| `AWS_ROLE_TO_ASSUME` | Optional | If AWS CodeArtifact is used as registry, an AWS role ARN to assume before authorizing. |\n| `DISABLE_HTTPS` | Optional | Connect to the registry with HTTP instead of HTTPS (defaults to false). |\n\n## Maven\n\nPublishes all Maven modules in the `DIR` to [Maven Central](https://search.maven.org/).\n\n\u003e [!IMPORTANT]\n\u003e Starting July 2025 you must switch over to the new Maven Central Publisher. Follow these steps:\n\u003e\n\u003e * Log in to \u003chttps://central.sonatype.com/\u003e with your existing username and password.\n\u003e * Under your account, click **View Namespaces**, then click **Migrate Namespace** for your target namespaces.\n\u003e * Generate a new username and password on the new publisher using the **Generate User Token** feature.\n\u003e * Configure `MAVEN_SERVER_ID=central-ossrh`.\n\u003e * Unset any `MAVEN_ENDPOINT`.\n\u003e * Configure the new `MAVEN_USERNAME` and `MAVEN_PASSWORD`.\n\nIf you are still on Nexus and you signed up at SonaType after February 2021, you\nneed to use this URL: `https://s01.oss.sonatype.org`\n([announcement](https://central.sonatype.org/news/20210223_new-users-on-s01/)).\n\n**Usage:**\n\n```shell\nnpx publib-maven [DIR]\n```\n\n`DIR` is a directory with a local maven layout. Default is `dist/java`.\n\n**Options (environment variables):**\n\nThe server type is selected using the `MAVEN_SERVER_ID` variable.\n\n* `MAVEN_SERVER_ID=ossrh`; this is currently the default but will stop working in July 2025. Publish to the old OSSRH Nexus server.\n* `MAVEN_SERVER_ID=central-ossrh`; publish to the new Central Publishing platform using a service endpoint more-or-less compatible with the old OSSRH Nexus server. This is required to publish to Maven Central starting July 2025.\n* `MAVEN_SERVER_ID=\u003canything else\u003e`; publish to a custom Nexus server.\n\n| Server | Option | Required | Description |\n| -------------------- | --------------------------------------------------------------------- | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| (all) | `MAVEN_SERVER_ID` | Yes going forward | Either `ossrh` (default but deprecated), `central-ossrh`, or any other string for a custom Nexus server. |\n| (all) | `MAVEN_USERNAME` and `MAVEN_PASSWORD` | Yes | Username and password for maven repository. For Maven Central, you will need to [Create JIRA account](https://issues.sonatype.org/secure/Signup!default.jspa) and then request a [new project](https://issues.sonatype.org/secure/CreateIssue.jspa?issuetype=21\u0026pid=10134). Read the [OSSRH guide](https://central.sonatype.org/pages/ossrh-guide.html) for more details. |\n| (all) | `MAVEN_DRYRUN` | No | Set to \"true\" for a dry run |\n| (all) | `MAVEN_VERBOSE` | No | Make Maven print debug output if set to `true` |\n| `central-ossrh` | `MAVEN_GPG_PRIVATE_KEY[_FILE]` and `MAVEN_GPG_PRIVATE_KEY_PASSPHRASE` | Yes | GPG private key or file that includes it. This is used to sign your Maven packages. See instructions below |\n| `central-ossrh` | `MAVEN_ENDPOINT` | No | URL of Nexus repository. Defaults to `https://ossrh-staging-api.central.sonatype.com/`. |\n| `\u003ccustom\u003e` | `MAVEN_REPOSITORY_URL` | No | Deployment repository when not deploying to Maven Central |\n| `ossrh` (deprecated) | `MAVEN_GPG_PRIVATE_KEY[_FILE]` and `MAVEN_GPG_PRIVATE_KEY_PASSPHRASE` | Yes | GPG private key or file that includes it. This is used to sign your Maven packages. See instructions below |\n| `ossrh` (deprecated) | `MAVEN_STAGING_PROFILE_ID` | Yes | Central Publisher (sonatype) staging profile ID, corresponding to namespace (e.g. `com.sonatype.software`). |\n| `ossrh` (deprecated) | `MAVEN_ENDPOINT` | No | URL of Nexus repository. Defaults to `https://central.sonatype.com`. |\n\n### How to create a GPG key\n\nInstall [GnuPG](https://gnupg.org/).\n\nGenerate your key:\n\n```console\n$ gpg --full-generate-key\n# select RSA only, 4096, passphrase\n```\n\nYour selected passphrase goes to `MAVEN_GPG_PRIVATE_KEY_PASSPHRASE`.\n\nExport and publish the public key:\n\n```console\ngpg -a --export \u003e public.pem\n```\n\nGo to \u003chttps://keyserver.ubuntu.com/\u003e and submit the public key.\nYou can use `cat public.pem` and copy/paste it into the \"Submit Key\" dialog.\n\nExport the private key:\n\n```console\ngpg -a --export-secret-keys \u003cfingerprint\u003e \u003e private.pem\n```\n\nNow, either set `MAVEN_GPG_PRIVATE_KEY_FILE` to point to `private.pem` or\nexport the private key to a single line where newlines are encoded as `\\n`\nand then assign it to `MAVEN_GPG_PRIVATE_KEY`:\n\n```console\necho $(cat -e private.pem) | sed 's/\\$ /\\\\n/g' | sed 's/\\$$//'\n```\n\n**Publish to GitHub Packages**\\\nAn example GitHub Actions publish step:\n\n```yaml\n- name: Publish package\n run: npx -p publib publib-maven\n env:\n MAVEN_SERVER_ID: github\n MAVEN_USERNAME: ${{ github.actor }}\n MAVEN_PASSWORD: ${{ secrets.GITHUB_TOKEN }}\n MAVEN_REPOSITORY_URL: \"https://maven.pkg.github.com/${{ github.repository }}\"\n```\n\n## NuGet\n\nPublishes all `*.nupkg` to the [NuGet Gallery](https://www.nuget.org/).\n\n**Usage:**\n\n```shell\nnpx publib-nuget [DIR]\n```\n\n`DIR` is a directory with Nuget packages (*.nupkg). Default is `dist/dotnet`.\n\n**Options (environment variables):**\n\n| Option | Required | Description |\n| ------------------------- | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `NUGET_TRUSTED_PUBLISHER` | Optional | Set to any value to use NuGet [Trusted Publisher](https://learn.microsoft.com/en-us/nuget/nuget-org/trusted-publishing) authentication (OIDC). Requires a supported ambient identity (i.e. CI/CD environment). |\n| `NUGET_USERNAME` | for Trusted Publisher auth | NuGet.org username (profile name, not email address) for Trusted Publisher authentication. |\n| `NUGET_AUDIENCE` | Optional | OIDC audience for token generation (defaults to `https://www.nuget.org`) |\n| `NUGET_TOKEN_SERVICE_URL` | Optional | NuGet token service endpoint (defaults to `https://www.nuget.org/api/v2/token`) |\n| `NUGET_API_KEY` | Optional | [NuGet API Key](https://www.nuget.org/account/apikeys) with \"Push\" permissions. Not required when using Trusted Publishers. Also set to use a short-lived NuGet API key via e.g. \u003chttps://github.com/NuGet/login\u003e |\n| `NUGET_SERVER` | Optional | NuGet Server URL (defaults to nuget.org) |\n\n### Trusted Publishers\n\nNuGet [Trusted Publishers](https://learn.microsoft.com/en-us/nuget/nuget-org/trusted-publishing) allows publishing without API keys by using OpenID Connect (OIDC) authentication between a trusted third-party service and NuGet.org.\n\n**Trusted Publisher Setup:**\n\n1. Configure your NuGet.org project to use a [Trusted Publisher](https://learn.microsoft.com/en-us/nuget/nuget-org/trusted-publishing)\n2. Set `NUGET_TRUSTED_PUBLISHER=1` in your workflow environment\n3. Set `NUGET_USERNAME` to your NuGet.org username (profile name)\n4. No `NUGET_API_KEY` needed\n\n**Requirements:**\n\n* **GitHub Actions**: Your workflow must have `id-token: write` permission.\n* **Python 3**: Required when using Trusted Publishers without providing `NUGET_API_KEY`. The `id` package is automatically installed.\n\n**Publish to GitHub Packages**\\\nYou can publish to GitHub Packages instead, with the following options:\n\n* Set `NUGET_SERVER` to `https://nuget.pkg.github.com/[org or user]`.\n* Set `NUGET_API_KEY` to a token with write packages permissions.\n* Make sure the repository url in the project file matches the org or user used for the server\n\n## PyPI\n\nPublishes all `*.whl` files to [PyPI](https://pypi.org/).\n\n**Usage:**\n\n```shell\nnpx publib-pypi [DIR]\n```\n\n`DIR` is a directory with Python wheels (*.whl). Default is `dist/python`.\n\n**Options (environment variables):**\n\n| Option | Required | Description |\n| --------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `TWINE_USERNAME` | Optional | PyPI username ([register](https://pypi.org/account/register/)). Not required when using Trusted Publishers. |\n| `TWINE_PASSWORD` | Optional | PyPI password or API token. Not required when using Trusted Publishers. |\n| `TWINE_REPOSITORY` | Optional | The repository to upload the package to. Defaults to `pypi`, set `testpypi` to publish to the testing index. |\n| `TWINE_REPOSITORY_URL` | Optional | A custom repository URL, overrides `TWINE_REPOSITORY`. |\n| `PYPI_TRUSTED_PUBLISHER` | Optional | Set to any value to use PyPI [Trusted Publisher](https://docs.pypi.org/trusted-publishers/) authentication (OIDC). Requires a supported ambient identity (i.e. CI/CD environment). |\n| `PYPI_DISABLE_ATTESTATIONS` | Optional | Set to any value to disable [PyPI attestations](https://docs.pypi.org/attestations/producing-attestations/) (enabled by default with Trusted Publishers). |\n\n### Trusted Publishers and Attestations\n\nPyPI [Trusted Publishers](https://docs.pypi.org/trusted-publishers/) allows publishing without API tokens by using OpenID Connect (OIDC) authentication between a trusted third-party service and PyPI.\nTypically these are CI/CD providers like GitHub Actions or Gitlab CI/CD.\nPyPI attestations provide cryptographic proof of package provenance and integrity and are **enabled by default when using Trusted Publishers**. Attestations are only available when using Trusted Publisher authentication.\n\n**Trusted Publisher Setup:**\n\n1. Configure your PyPI project to use a [Trusted Publisher](https://docs.pypi.org/trusted-publishers/adding-a-publisher/)\n2. Set `PYPI_TRUSTED_PUBLISHER=1` in your workflow environment\n3. No `TWINE_USERNAME` or `TWINE_PASSWORD` needed\n\n**Requirements:**\n\n* **GitHub Actions**: Your workflow must have `id-token: write` permission.\n* **Gitlab CI/CD**: The keyword `id_tokens` is used to request an OIDC token from GitLab with name `PYPI_ID_TOKEN` and audience `pypi`.\n\n## Golang\n\nPushes a directory of golang modules to a GitHub repository.\n\n**Usage:**\n\n```shell\nnpx publib-golang [DIR]\n```\n\n`DIR` is a directory where the golang modules are located (default is `dist/go`). Modules can be located either in subdirectories, (e.g 'dist/go/my-module/go.mod')\nor in the root (e.g 'dist/go/go.mod').\n\nIf you specify the `VERSION` env variable, all modules will recieve that version, otherwise a `version` file is expected to exist in each module directory.\nRepository tags will be in the following format:\n\n* For a module located at the root: `v${module_version}` (e.g `v1.20.1`)\n* For modules located inside subdirectories: `\u003csubdir-name\u003e/v${module_version}` (e.g `my-module/v3.3.1`)\n\n**Options (environment variables):**\n\n| Option | Required | Description |\n| ----------------------------------------------------- | ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `GITHUB_TOKEN` | Required when not in SSH mode, see `GIT_USE_SSH` | [GitHub personal access token.](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) |\n| `GIT_USE_SSH` | Optional | Set to a non-falsy value to use SSH with [deploy keys](https://docs.github.com/en/developers/overview/managing-deploy-keys#deploy-keys) or your private SSH key. Your system must ready to use the key as publib will not set it up. |\n| `GITHUB_USE_SSH` | Deprecated | Legacy alias for `GIT_USE_SSH`. |\n| `GH_ENTERPRISE_TOKEN` or\u003cbr\u003e`GITHUB_ENTERPRISE_TOKEN` | Optional | [Custom Authentication token for API requests to GitHub Enterprise](https://cli.github.com/manual/gh_help_environment). |\n| `GH_HOST` | Optional | Force use of a different [Hostname for GitHub Enterprise](https://cli.github.com/manual/gh_help_environment). |\n| `GITHUB_API_URL` | Optional | If present, used to detect the GitHub instance to target. This is specified by default in [GitHub Actions workflow](https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables) and should not be set manually. |\n| `VERSION` | Optional | Module version. Defaults to the value in the 'version' file of the module directory. Fails if it doesn't exist. |\n| `GIT_BRANCH` | Optional | Branch to push to. Defaults to 'main'. |\n| `GIT_USER_NAME` | Optional | Username to perform the commit with. Defaults to the git user.name config in the current directory. Fails if it doesn't exist. |\n| `GIT_USER_EMAIL` | Optional | Email to perform the commit with. Defaults to the git user.email config in the current directory. Fails if it doesn't exist. |\n| `GIT_COMMIT_MESSAGE` | Optional | The commit message. Defaults to 'chore(release): $VERSION'. |\n| `GIT_CLONE_DEPTH` | Optional | The git clone depth. Usually only the latest commit is required. Defaults to 1. |\n| `DRYRUN` | Optional | Set to \"true\" for a dry run. |\n\n## Publish to CodeArtifact for testing\n\nThis package contains the `publib-ca` CLI tool which is intended to use to publish\npackages to CodeArtifact for testing (in a pipeline, before publishing to the\nactual public package managers).\n\nUse the following commands:\n\n`publib-ca create [--no-gc] [--no-login]` creates a new CodeArtifact repository\nwith a random name, with upstreams configured for all supported public package\nmanagers. By default this command runs the `gc` and `login` subcommands\nautomatically.\n\n`publib-ca login --repo NAME [--cmd COMMAND]` logs in to a CodeArtifact repository and prepares some files that configure package managers for use with this CodeArtifact repository. If `--cmd` is given, the command is run in an environment\nwhere all supported package managers have been configured for the given repository.\nOtherwise, activate these settings in the current bash shell by running\n`source ~/.publib-ca/usage/activate.bash`. This will set some\nenvironment variables and copy some files into the current directory. (Note: the\nCodeArtifact repository used here does not have to be created using `publib-ca create`. It\nis fine if it already existed beforehand).\n\n`publib-ca gc` collects old repositories created using `publib-ca create`.\n\n`publib-ca publish [--repo NAME] DIRECTORY` publishes all packages in the given\ndirectory to the given repository. If `--repo` is not given, the most recently\nlogged-into repository is used, if the login session is still valid.\n\n## Roadmap\n\n* [X] GitHub Support: Maven\n* [X] GitHub Support: NuGet\n* [ ] CodeArtifact Support: Maven\n* [ ] CodeArtifact Support: NuGet\n* [ ] CodeArtifact Support: Python\n\n## License\n\nReleased under the [Apache 2.0](./LICENSE) license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcdklabs%2Fpublib","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcdklabs%2Fpublib","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcdklabs%2Fpublib/lists"}