{"id":15650697,"url":"https://github.com/felipecrs/semantic-release-vsce","last_synced_at":"2026-04-02T13:54:59.774Z","repository":{"id":37513312,"uuid":"110897511","full_name":"felipecrs/semantic-release-vsce","owner":"felipecrs","description":"semantic-release plugin to package and publish VS Code extensions","archived":false,"fork":false,"pushed_at":"2026-03-26T23:03:15.000Z","size":4164,"stargazers_count":41,"open_issues_count":3,"forks_count":16,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-03-26T23:06:06.848Z","etag":null,"topics":["hacktoberfest","semantic-release","semantic-release-plugin","vsce","vscode"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/felipecrs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["felipecrs"]}},"created_at":"2017-11-15T23:12:17.000Z","updated_at":"2026-03-26T21:17:57.000Z","dependencies_parsed_at":"2023-02-16T10:16:25.436Z","dependency_job_id":"2d8ef5a3-e744-4db2-80f6-d32031f25778","html_url":"https://github.com/felipecrs/semantic-release-vsce","commit_stats":{"total_commits":503,"total_committers":15,"mean_commits":33.53333333333333,"dds":"0.26441351888667997","last_synced_commit":"a96368ac1d891bc702ec8f5b247fa9ead069e677"},"previous_names":[],"tags_count":112,"template":false,"template_full_name":null,"purl":"pkg:github/felipecrs/semantic-release-vsce","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipecrs%2Fsemantic-release-vsce","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipecrs%2Fsemantic-release-vsce/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipecrs%2Fsemantic-release-vsce/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipecrs%2Fsemantic-release-vsce/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/felipecrs","download_url":"https://codeload.github.com/felipecrs/semantic-release-vsce/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipecrs%2Fsemantic-release-vsce/sbom","scorecard":{"id":334662,"data":{"date":"2025-08-11","repo":{"name":"github.com/felipecrs/semantic-release-vsce","commit":"6b8bcc28ead6b11c506ffe525b52c2ae0462ab68"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.8,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/22 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/felipecrs/semantic-release-vsce/ci.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/felipecrs/semantic-release-vsce/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/felipecrs/semantic-release-vsce/ci.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/felipecrs/semantic-release-vsce/ci.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate-pr-title.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/felipecrs/semantic-release-vsce/validate-pr-title.yaml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   2 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yaml:14","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/validate-pr-title.yaml:11","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ci.yaml:34"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":-1,"reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e502 Bad Gateway\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e502 Bad Gateway\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\u003c/body\u003e\\r\\n\u003c/html\u003e\\r\\n\"","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T04:26:00.202Z","repository_id":37513312,"created_at":"2025-08-18T04:26:00.202Z","updated_at":"2025-08-18T04:26:00.202Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31307351,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","semantic-release","semantic-release-plugin","vsce","vscode"],"created_at":"2024-10-03T12:35:31.542Z","updated_at":"2026-04-02T13:54:59.768Z","avatar_url":"https://github.com/felipecrs.png","language":"JavaScript","funding_links":["https://github.com/sponsors/felipecrs"],"categories":[],"sub_categories":[],"readme":"# semantic-release-vsce\n\n[semantic-release](https://github.com/semantic-release/semantic-release) plugin to package and publish VS Code extensions.\n\n[![npm](https://img.shields.io/npm/v/semantic-release-vsce.svg)](https://www.npmjs.com/package/semantic-release-vsce)\n[![downloads](https://img.shields.io/npm/dt/semantic-release-vsce.svg)](https://www.npmjs.com/package/semantic-release-vsce)\n[![ci](https://github.com/felipecrs/semantic-release-vsce/workflows/ci/badge.svg)](https://github.com/felipecrs/semantic-release-vsce/actions?query=workflow%3Aci)\n[![dependencies](https://david-dm.org/felipecrs/semantic-release-vsce/status.svg)](https://david-dm.org/felipecrs/semantic-release-vsce)\n[![peerDependencies](https://david-dm.org/felipecrs/semantic-release-vsce/peer-status.svg)](https://david-dm.org/felipecrs/semantic-release-vsce?type=peer)\n[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)\n\n| Step      | Description                                                                                                                                                 |\n| --------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `verify`  | Verify the `package.json` and the validity of the personal access tokens against Visual Studio Marketplace and/or Open VSX Registry when publish is enabled |\n| `prepare` | Generate the `.vsix` file using `vsce` (can be be controlled by the [`packageVsix` config option](#packagevsix)                                             |\n| `publish` | Publish the extension to Visual Studio Marketplace and/or Open VSX Registry (learn more [here](#publishing))                                                |\n\n## Install\n\n```console\nnpm install --save-dev semantic-release-vsce\n```\n\nor\n\n```console\nyarn add --dev semantic-release-vsce\n```\n\n## Usage\n\nThe plugin can be configured in the [**semantic-release** configuration file](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#configuration):\n\n```json\n{\n  \"plugins\": [\n    \"@semantic-release/commit-analyzer\",\n    \"@semantic-release/release-notes-generator\",\n    [\n      \"semantic-release-vsce\",\n      {\n        \"packageVsix\": true\n      }\n    ],\n    [\n      \"@semantic-release/github\",\n      {\n        \"assets\": [\n          {\n            \"path\": \"*.vsix\"\n          }\n        ]\n      }\n    ]\n  ]\n}\n```\n\n## Configuration\n\n### `packageVsix`\n\nWhether to package or not the extension into a `.vsix` file, or where to place it. This controls if `vsce package` gets called or not, and what value will be used for `vsce package --out`.\n\n| Value              | Description                                                                                                  |\n| ------------------ | ------------------------------------------------------------------------------------------------------------ |\n| `\"auto\"` (default) | behave as `true` in case [`publish`](#publish) is disabled or the `OVSX_PAT` environment variable is present |\n| `true`             | package the extension `.vsix`, and place it at the current working directory                                 |\n| `false`            | disables packaging the extension `.vsix` entirely                                                            |\n| a `string`         | package the extension `.vsix` and place it at the specified path                                             |\n\n### `publish`\n\nWhether to publish or not the extension to Visual Studio Marketplace and/or to Open VSX Registry. This controls if `vsce publish` or `ovsx publish` gets called or not. Learn more [here](#publishing).\n\n| Value            | Description                                                                                |\n| ---------------- | ------------------------------------------------------------------------------------------ |\n| `true` (default) | publishes the extension to Visual Studio Marketplace and/or to Open VSX Registry           |\n| `false`          | disables publishing the extension to Visual Studio Marketplace and/or to Open VSX Registry |\n\n### `publishPackagePath`\n\nWhich `.vsix` file (or files) to publish. This controls what value will be used for `vsce publish --packagePath`.\n\n| Value              | Description                                                                                                       |\n| ------------------ | ----------------------------------------------------------------------------------------------------------------- |\n| `\"auto\"` (default) | uses the `.vsix` packaged during the `prepare` step (if packaged), or behave as `false` otherwise                 |\n| `false`            | do not use a `.vsix` file to publish, which causes `vsce` to package the extension as part of the publish process |\n| a `string`         | publish the specified `.vsix` file(s). This can be a glob pattern, or a comma-separated list of files             |\n\n### `packageRoot`\n\nThe directory of the extension relative to the current working directory. Defaults to `cwd`.\n\n### Environment variables\n\nThe following environment variables are supported by this plugin:\n\n| Variable                | Description                                                                                                                                                                                                                                                                                                     |\n| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `OVSX_PAT`              | _Optional_. The personal access token to push to Open VSX Registry                                                                                                                                                                                                                                              |\n| `VSCE_PAT`              | _Optional_. The personal access token to publish to Visual Studio Marketplace. _Note:_ Cannot be set at the same time as `VSCE_AZURE_CREDENTIAL`.                                                                                                                                                               |\n| `VSCE_AZURE_CREDENTIAL` | _Optional_. When set to `true` or `1`, `vsce` will use the `--azure-credential` flag to authenticate. _Note:_ Cannot be set at the same time as `VSCE_PAT`.                                                                                                                                                     |\n| `VSCE_PRE_RELEASE`      | _Optional_. When set to `true` or `1`, `vsce` will use the `--pre-release` flag when packaging the extension to mark it as a pre-release.                                                                                                                                                                       |\n| `VSCE_TARGET`           | _Optional_. The target to use when packaging or publishing the extension (used as `vsce package --target ${VSCE_TARGET}`). When set to `universal`, behave as if `VSCE_TARGET` was not set (i.e. build the universal/generic `vsix`). See [the platform-specific example](#platform-specific-on-github-actions) |\n\n### Configuring `vsce`\n\nYou can set `vsce` options in the `package.json`, like:\n\n```json\n{\n  \"vsce\": {\n    \"baseImagesUrl\": \"https://my.custom/base/images/url\",\n    \"dependencies\": true,\n    \"yarn\": false\n  }\n}\n```\n\nFor more information, check the [`vsce` docs](https://github.com/microsoft/vscode-vsce#configuration).\n\n## Publishing\n\nThis plugin can publish extensions to Visual Studio Marketplace and/or Open VSX Registry.\n\nYou can enable or disable publishing with the [`publish`](#publish) config option.\n\nWhen publish is enabled (default), the plugin will publish to Visual Studio Marketplace if the `VSCE_PAT` environment variable is present, and/or to Open VSX Registry if the `OVSX_PAT` environment variable is present.\n\nFor example, you may want to disable publishing if you only want to publish the `.vsix` file as a GitHub release asset.\n\n### Publishing to Visual Studio Marketplace\n\nPublishing extensions to Visual Studio Marketplace using this plugin is easy:\n\n1. Create your personal access token for Visual Studio Marketplace. Learn more [here](https://code.visualstudio.com/api/working-with-extensions/publishing-extension#get-a-personal-access-token).\n\n2. Configure the `VSCE_PAT` environment variable in your CI with the token that you created.\n\n3. Enjoy! The plugin will automatically detect the environment variable and it will publish to Visual Studio Marketplace, no additional configuration is needed.\n\n### Publishing to Open VSX Registry\n\nPublishing extensions to Open VSX Registry using this plugin is easy:\n\n1. Create your personal access token for Open VSX Registry. Learn more [here](https://github.com/eclipse/openvsx/wiki).\n\n2. Configure the `OVSX_PAT` environment variable in your CI with the token that you created.\n\n3. Enjoy! The plugin will automatically detect the environment variable and it will publish to Open VSX Registry, no additional configuration is needed.\n\n## Examples\n\n### GitHub Actions\n\n```yaml\nname: release\n\non:\n  push:\n    branches:\n      - master\n\npermissions:\n  contents: read # for checkout\n\njobs:\n  release:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: write # to be able to publish a GitHub release\n      issues: write # to be able to comment on released issues\n      pull-requests: write # to be able to comment on released pull requests\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-node@v4\n        with:\n          node-version: 22\n      - run: npm ci\n      - run: npm audit signatures\n      - run: npx semantic-release\n        env:\n          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n          # In case you want to publish to Visual Studio Marketplace\n          VSCE_PAT: ${{ secrets.VSCE_PAT }}\n          # In case you want to publish to Open VSX Registry\n          OVSX_PAT: ${{ secrets.OVSX_PAT }}\n```\n\n### Platform-specific on GitHub Actions\n\n1. Install [`semantic-release-stop-before-publish`](https://github.com/felipecrs/semantic-release-stop-before-publish)\n\n   ```console\n   npm install --save-dev semantic-release-stop-before-publish\n   ```\n\n   We will use it to make `semantic-release` stop before publishing anything, so that we can use `semantic-release` to build each `.vsix` in a matrix.\n\n2. Separate your `semantic-release` configuration into two, one for packaging and another for publishing.\n\n   The one for packaging has `semantic-release-stop-before-publish` so that `semantic-release` does not publish anything (which includes the git tag).\n\n   ```js\n   // package.release.config.js\n   /**\n    * @type {import('semantic-release').GlobalConfig}\n    */\n   export default {\n     plugins: [\n       '@semantic-release/commit-analyzer',\n       '@semantic-release/release-notes-generator',\n       [\n         'semantic-release-vsce',\n         {\n           packageVsix: true,\n           publish: false,\n         },\n       ],\n       'semantic-release-stop-before-publish',\n     ],\n   };\n   ```\n\n   The one for publishing does not package the `.vsix`, but publishes all the `*.vsix` files.\n\n   ```js\n   // publish.release.config.js\n   /**\n    * @type {import('semantic-release').GlobalConfig}\n    */\n   export default {\n     plugins: [\n       '@semantic-release/commit-analyzer',\n       '@semantic-release/release-notes-generator',\n       [\n         'semantic-release-vsce',\n         {\n           packageVsix: false,\n           publishPackagePath: '*.vsix',\n         },\n       ],\n       [\n         '@semantic-release/github',\n         {\n           assets: '*.vsix',\n         },\n       ],\n     ],\n   };\n   ```\n\n   \u003e **Note:** do not forget to remove your existing `semantic-release` configuration.\n\n3. Create a workflow file like below:\n\n```yaml\n# .github/workflows/ci.yaml\nname: ci\n\non:\n  push:\n    branches:\n      - master\n\npermissions:\n  contents: read # for checkout\n\njobs:\n  build:\n    strategy:\n      matrix:\n        include:\n          - os: windows-latest\n            target: win32-x64\n            npm_config_arch: x64\n          - os: windows-latest\n            target: win32-arm64\n            npm_config_arch: arm64\n          - os: ubuntu-latest\n            target: linux-x64\n            npm_config_arch: x64\n          - os: ubuntu-latest\n            target: linux-arm64\n            npm_config_arch: arm64\n          - os: ubuntu-latest\n            target: linux-armhf\n            npm_config_arch: arm\n          - os: ubuntu-latest\n            target: alpine-x64\n            npm_config_arch: x64\n          - os: ubuntu-latest\n            target: alpine-arm64\n            npm_config_arch: arm64\n          - os: macos-latest\n            target: darwin-x64\n            npm_config_arch: x64\n          - os: macos-latest\n            target: darwin-arm64\n            npm_config_arch: arm64\n          - os: ubuntu-latest\n            target: universal\n    runs-on: ${{ matrix.os }}\n    # Even though semantic-release will not publish anything, it still needs to\n    # validate the GITHUB_TOKEN\n    permissions:\n      contents: write # to be able to publish a GitHub release\n      issues: write # to be able to comment on released issues\n      pull-requests: write # to be able to comment on released pull requests\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-node@v4\n        with:\n          node-version: 22\n      - if: matrix.target != 'universal'\n        name: Install dependencies (with binaries)\n        run: npm ci\n        env:\n          npm_config_arch: ${{ matrix.npm_config_arch }}\n      - if: matrix.target == 'universal'\n        name: Install dependencies (without binaries)\n        run: npm ci\n      - run: npx semantic-release --extends ./package.release.config.js\n        env:\n          VSCE_TARGET: ${{ matrix.target }}\n          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n      - uses: actions/upload-artifact@v4\n        with:\n          name: ${{ matrix.target }}\n          path: '*.vsix'\n      # vsce updates the version in package.json and package-lock.json during\n      # package step, so we need to save them for the publish step\n      - if: matrix.target == 'universal'\n        uses: actions/upload-artifact@v4\n        with:\n          name: package-json\n          path: |\n            package.json\n            package-lock.json\n\n  release:\n    runs-on: ubuntu-latest\n    needs: build\n    permissions:\n      contents: write # to be able to publish a GitHub release\n      issues: write # to be able to comment on released issues\n      pull-requests: write # to be able to comment on released pull requests\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/download-artifact@v4\n        with:\n          merge-multiple: true\n      - uses: actions/setup-node@v4\n        with:\n          node-version: 22\n      - run: npm ci\n      - run: npm audit signatures\n      - run: npx semantic-release --extends ./publish.release.config.js\n        env:\n          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n          # In case you want to publish to Visual Studio Marketplace\n          VSCE_PAT: ${{ secrets.VSCE_PAT }}\n          # In case you want to publish to Open VSX Registry\n          OVSX_PAT: ${{ secrets.OVSX_PAT }}\n```\n\n### GitHub Actions - Release to VS Marketplace with Azure credentials\n\n```yaml\nname: release\n\non:\n  push:\n    branches:\n      - master\n\npermissions:\n  contents: read # for checkout\n\njobs:\n  release:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: write # to be able to publish a GitHub release\n      issues: write # to be able to comment on released issues\n      pull-requests: write # to be able to comment on released pull requests\n    steps:\n      - uses: actions/checkout@v4\n      - uses: azure/login@v2\n        with:\n          client-id: ${{ secrets.AZURE_CLIENT_ID }}\n          tenant-id: ${{ secrets.AZURE_TENANT_ID }}\n          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}\n      - uses: actions/setup-node@v4\n        with:\n          node-version: 22\n      - run: npm ci\n      - run: npm audit signatures\n      - run: npx semantic-release\n        env:\n          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n          VSCE_AZURE_CREDENTIAL: 'true'\n```\n\nA reference implementation can also be found in the [VS Code ShellCheck extension](https://github.com/vscode-shellcheck/vscode-shellcheck/pull/805).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffelipecrs%2Fsemantic-release-vsce","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffelipecrs%2Fsemantic-release-vsce","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffelipecrs%2Fsemantic-release-vsce/lists"}