feat: prepare library for npm publishing

dsiu · dsiu · commit 8f0439b25fec · 2026-01-30T14:47:35.000+08:00
- Add npm publishing metadata (description, repository, homepage, bugs)
- Add files field to explicitly include only library files
- Add prepublishOnly script for build/test before publish
- Add .npmignore to exclude tests, demos, and dev files
- Add publish.yml workflow for Trusted Publishing (OIDC)
- Add LICENSE, CHANGELOG.md, and RELEASING.md
- Update version to 0.1.0
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,33 @@
+# Publish to npm using Trusted Publishing (OIDC)
+# No NPM_TOKEN secret required - uses GitHub's OIDC provider
+# Triggered manually when a release is published
+
+name: Publish to npm
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - run: corepack enable
+      - uses: actions/checkout@v4
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          registry-url: 'https://registry.npmjs.org'
+          cache: 'yarn'
+      - name: Install dependencies
+        run: yarn install
+      - name: Build
+        run: yarn build
+      - name: Test
+        run: yarn test
+      - name: Publish to npm
+        run: npm publish --provenance --access public
diff --git a/.npmignore b/.npmignore
@@ -0,0 +1,51 @@
+# Test files
+__tests__/
+
+# Demo files (not needed by consumers)
+src/Demo.res
+src/Demo.res.mjs
+src/Demo_AStar.res
+src/Demo_AStar.res.mjs
+src/iter_test.res
+src/iter_test.res.mjs
+
+# GitHub
+.github/
+
+# IDE/Editor
+.vscode/
+.idea/
+
+# Documentation (internal)
+CLAUDE.md
+AGENTS.md
+CHANGELOG.md
+RELEASING.md
+
+# Git
+.gitignore
+
+# Yarn
+.yarn/
+.yarnrc.yml
+yarn.lock
+
+# Build artifacts
+lib/
+coverage/
+*.lock
+.bsb.lock
+rewatch.lock
+rescript.lock
+
+# OS
+.DS_Store
+
+# Graph output files
+*.gexf
+*.cyc
+*.svg
+*.xgr
+
+# Claude settings
+.claude/
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,30 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.1.0] - 2025-01-30
+
+### Added
+
+- Initial release with comprehensive ReScript bindings for Graphology
+- **Core Graph Operations**: Full CRUD operations for nodes and edges with attributes
+- **Graph Types**: Support for directed, undirected, multi-graphs, and mixed graphs
+- **Algorithms**:
+  - Shortest path: Dijkstra, A*, unweighted (bidirectional & single-source)
+  - Simple path algorithms
+  - Graph traversal: BFS, DFS
+- **Layout Algorithms**: Circular, CirclePack, Rotation
+- **Graph Generators**: Complete, path, cycle, clique, star, karate club, etc.
+- **Import/Export**: GEXF format and SVG rendering
+- **Iterator Support**: Native JavaScript Iterator protocol for nodes, edges, and neighbors
+- **Utility Functions**: Graph merging, key renaming, type inference
+
+### Technical Details
+
+- Built for ReScript v12.x with ES modules
+- Functor-based architecture for type safety
+- 532 passing tests with comprehensive coverage
+- Verified against official Graphology API documentation
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Danny Siu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -222,7 +222,7 @@ describe("Graph Tests", () => {
 
 ## Requirements
 
-- ReScript v12.0.0-rc.5 or later
+- ReScript v12.x or later
 - Graphology v0.26.0 or later
 - Node.js with ES module support
 
diff --git a/RELEASING.md b/RELEASING.md
@@ -0,0 +1,117 @@
+# Releasing
+
+This document describes how to release new versions of `@dsiu/rescript-graphology`.
+
+## Prerequisites
+
+- You must be logged in to npm: `npm whoami`
+- You must have publish access to the `@dsiu` scope on npm
+
+## One-Time Setup: Trusted Publishing
+
+This package uses [npm Trusted Publishing](https://docs.npmjs.com/generating-provenance-statements) with GitHub Actions OIDC. This eliminates the need for npm tokens stored as secrets.
+
+### Configure Trusted Publishing on npmjs.com
+
+1. Go to [npmjs.com](https://www.npmjs.com) and log in
+2. Navigate to your package: `@dsiu/rescript-graphology`
+3. Go to **Settings** > **Publishing access**
+4. Under **Trusted Publishing**, click **Add a trusted publisher**
+5. Configure:
+   - **Repository owner**: `dsiu`
+   - **Repository name**: `rescript-graphology`
+   - **Workflow filename**: `publish.yml`
+   - **Environment**: (leave blank)
+6. Click **Add**
+
+> **Note**: You must publish the package manually at least once before you can configure Trusted Publishing.
+
+## Release Process
+
+### 1. Update Version
+
+```bash
+# Update version in package.json
+npm version patch  # or minor, major
+```
+
+This will:
+- Update `package.json` version
+- Create a git commit
+- Create a git tag
+
+### 2. Push Changes and Tag
+
+```bash
+git push origin main --tags
+```
+
+### 3. Create GitHub Release
+
+```bash
+# Create a release (this triggers the publish workflow)
+gh release create v0.1.0 --title "v0.1.0" --notes "See CHANGELOG.md for details"
+```
+
+Or create the release via GitHub UI:
+1. Go to **Releases** > **Create a new release**
+2. Choose the tag you just pushed
+3. Add release title and notes
+4. Click **Publish release**
+
+The `publish.yml` workflow will automatically:
+- Run tests
+- Publish to npm with provenance
+
+## First-Time Manual Publish
+
+For the very first publish (before Trusted Publishing is configured):
+
+```bash
+# Ensure you're logged in
+npm whoami
+
+# Build and test
+yarn clean && yarn build && yarn test
+
+# Publish (first time only)
+npm publish --access public
+```
+
+After the first publish, configure Trusted Publishing as described above.
+
+## Manual Publishing (Fallback)
+
+If you need to publish manually (e.g., Trusted Publishing issues):
+
+```bash
+# Login to npm
+npm login
+
+# Build and test
+yarn clean && yarn build && yarn test
+
+# Publish
+npm publish --access public
+```
+
+## Verifying the Release
+
+After publishing:
+
+1. Check npm: `npm view @dsiu/rescript-graphology`
+2. Verify provenance badge on npmjs.com package page
+3. Test installation in a new project:
+   ```bash
+   mkdir test-install && cd test-install
+   npm init -y
+   npm install @dsiu/rescript-graphology
+   ```
+
+## Version Guidelines
+
+- **Patch** (0.0.x): Bug fixes, documentation updates
+- **Minor** (0.x.0): New features, non-breaking changes
+- **Major** (x.0.0): Breaking changes
+
+For pre-1.0 releases, minor versions may include breaking changes.
diff --git a/package.json b/package.json
@@ -1,18 +1,46 @@
 {
   "name": "@dsiu/rescript-graphology",
-  "version": "0.0.1",
+  "version": "0.1.0",
+  "description": "Type-safe ReScript bindings for Graphology, a robust JavaScript graph library",
   "type": "module",
   "packageManager": "yarn@4.12.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/dsiu/rescript-graphology.git"
+  },
+  "homepage": "https://github.com/dsiu/rescript-graphology#readme",
+  "bugs": {
+    "url": "https://github.com/dsiu/rescript-graphology/issues"
+  },
   "scripts": {
     "build": "rescript build .",
     "watch": "rescript watch .",
     "clean": "rescript clean .",
-    "test": "jest"
+    "test": "jest",
+    "prepublishOnly": "yarn clean && yarn build && yarn test"
   },
+  "files": [
+    "src/Graphology*.res",
+    "src/Graphology*.resi",
+    "src/Graphology*.res.mjs",
+    "rescript.json",
+    "README.md",
+    "LICENSE"
+  ],
   "keywords": [
-    "rescript"
+    "rescript",
+    "graphology",
+    "graph",
+    "network",
+    "data-structure",
+    "algorithms",
+    "shortest-path",
+    "dijkstra",
+    "bfs",
+    "dfs",
+    "traversal"
   ],
-  "author": "Danny Siu <danny.siu@gmail.com>",
+  "author": "Danny Siu",
   "license": "MIT",
   "jest": {
     "testMatch": [
@@ -62,7 +90,6 @@
     "graphology-svg": "^0.1.3",
     "graphology-traversal": "^0.3.1",
     "graphology-types": "^0.24.0",
-    "rescript": "^12.2.0-rc.1",
     "rescript-nodejs": "^16.1.0"
   }
 }
