From aa2c5d71dd2e66e37532b6f39877c86b9547aa22 Mon Sep 17 00:00:00 2001
From: Andrew Ho <andyminhtuanho@gmail.com>
Date: Mon, 13 Apr 2026 03:57:08 -0700
Subject: [PATCH 1/2] ci(release): create GitHub Releases on tag publish

---
 .github/workflows/release.yml | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index dc7cbb5..a62f4a8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,7 +15,8 @@ jobs:
   release:
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write
+      id-token: write
     steps:
       - uses: actions/checkout@v4
 
@@ -49,6 +50,28 @@ jobs:
           fi
           echo "Version OK: $cli_version"
 
+      - name: Verify Tag Matches package.json
+        if: startsWith(github.ref, 'refs/tags/v')
+        run: |
+          tag_version="${GITHUB_REF_NAME#v}"
+          pkg_version="$(node -p "require('./package.json').version")"
+          if [ "$tag_version" != "$pkg_version" ]; then
+            echo "Tag/package mismatch: tag=$tag_version package=$pkg_version"
+            exit 1
+          fi
+          echo "Tag matches package version: $pkg_version"
+
+      - name: Pack npm artifact
+        run: npm pack --pack-destination .
+
+      - name: Create GitHub Release
+        if: startsWith(github.ref, 'refs/tags/v')
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true
+          files: |
+            *.tgz
+
       - name: Publish To npm
         if: ${{ github.event_name == 'push' || github.event.inputs.publish == 'true' }}
         run: npm publish --cache /tmp/npm-cache

From 622fc7c1cf502acfdd982449de74dbfc48fcf934 Mon Sep 17 00:00:00 2001
From: Andrew Ho <andyminhtuanho@gmail.com>
Date: Tue, 28 Apr 2026 00:17:49 -0700
Subject: [PATCH 2/2] ci(release): migrate npm publish to trusted publishing

---
 .github/workflows/release.yml | 4 +---
 package.json                  | 4 ++++
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a62f4a8..dba699b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,7 +28,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: 22
+          node-version: 24
           registry-url: https://registry.npmjs.org
 
       - name: Install Dependencies
@@ -75,5 +75,3 @@ jobs:
       - name: Publish To npm
         if: ${{ github.event_name == 'push' || github.event.inputs.publish == 'true' }}
         run: npm publish --cache /tmp/npm-cache
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/package.json b/package.json
index cb038e5..96d5236 100644
--- a/package.json
+++ b/package.json
@@ -2,6 +2,10 @@
   "name": "bluebubbles-cli",
   "version": "0.1.6",
   "description": "Curated BlueBubbles CLI organized around terminal-friendly resources",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/anmho/bluebubbles-cli"
+  },
   "type": "module",
   "bin": {
     "bluebubbles": "dist/index.js"