This guide walks you through setting up the complete CI/CD pipeline for token-optimizer-mcp.
npm installThis will install all required dependencies including:
- semantic-release
- commitlint
- conventional-changelog
- Go to https://www.npmjs.com/settings/YOUR_USERNAME/tokens
- Click "Generate New Token" → "Classic Token"
- Select "Automation" type
- Copy the token
- Go to GitHub: Settings > Secrets and variables > Actions
- Click "New repository secret"
- Name:
NPM_TOKEN - Value: Paste your token
- Click "Add secret"
- Go to https://codecov.io/
- Sign in with GitHub
- Click "Add repository"
- Find
ooples/token-optimizer-mcp - Copy the upload token
- Add to GitHub Secrets as
CODECOV_TOKEN
For release notifications:
# In GitHub: Settings > Secrets and variables > Actions > Variables tab
Name: DISCORD_WEBHOOK_URL
Value: https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN# In GitHub: Settings > Secrets and variables > Actions > Variables tab
Name: SLACK_WEBHOOK_URL
Value: https://hooks.slack.com/services/YOUR/WEBHOOK/URLFollow the detailed instructions in BRANCH_PROTECTION.md
Quick Checklist:
- Navigate to Settings > Branches
- Add rule for
masterbranch - Require 1 pull request approval
- Require status checks to pass
- Require branches to be up to date
- Require conversation resolution
- Enforce linear history
- Disable force push
- Disable deletion
The performance baseline already exists at .github/performance-baseline.json with placeholder values. It will be automatically updated after the first benchmark run.
To manually update after running benchmarks locally:
npm run test:benchmark > benchmark-results.txt
# Parse results and update .github/performance-baseline.json
git add .github/performance-baseline.json
git commit -m "chore: update performance baseline"
git pushAfter first successful build:
npm run build
du -sb dist | cut -f1 > .github/bundle-size-baseline.txt
git add .github/bundle-size-baseline.txt
git commit -m "chore: add bundle size baseline"
git pushCreate a test pull request:
# Create a test branch
git checkout -b test/ci-pipeline
# Make a small change
echo "# Test" >> TEST.md
# Commit with conventional format
git add TEST.md
git commit -m "test: verify CI pipeline"
# Push
git push origin test/ci-pipelineCreate a PR on GitHub and verify:
- CI workflow runs
- Quality gates workflow runs
- Commitlint workflow runs
- All checks pass
After merging your first PR with a feat: or fix: commit:
- Watch the release workflow run
- Verify GitHub release is created
- Verify npm package is published
- Check CHANGELOG.md was updated
- All workflow files are in
.github/workflows/ - Workflows appear in Actions tab
- Secrets are configured
- Variables are configured (if using notifications)
- Cannot push directly to master
- Cannot merge PR without approval
- Cannot merge PR with failing checks
- All required status checks are listed
- Semantic-release is configured
- NPM token is valid
- First release was created successfully
- Package appears on npm
- Dependabot is enabled
- First dependency PR created (wait 1 week or trigger manually)
- Dependabot PRs are labeled correctly
Solution:
- Verify NPM_TOKEN is correct
- Check token hasn't expired
- Ensure token has "Automation" type permissions
- Verify package name isn't taken on npm
Solution:
- Ensure commits follow conventional commit format
- Check that you have at least one
feat:orfix:commit since last release - Verify
.releaserc.jsonis valid JSON
Solution:
- Run
npm run test:coveragelocally - Check
coverage/index.htmlfor uncovered lines - Add more tests to reach 80% coverage
Solution:
- Verify CODECOV_TOKEN is correct
- Check that repository is added to Codecov
- This is optional - remove from workflow if not using
Solution:
- Workflows must run at least once for checks to appear
- Create a test PR to trigger all workflows
- Wait a few minutes for GitHub to register the checks
- Refresh the branch protection settings page
Edit .releaserc.json to customize version bumping:
{
"releaseRules": [
{ "type": "feat", "release": "minor" },
{ "type": "fix", "release": "patch" },
{ "type": "perf", "release": "patch" },
{ "breaking": true, "release": "major" }
]
}Edit .commitlintrc.json:
{
"rules": {
"type-enum": [2, "always", ["feat", "fix", "docs", "chore"]],
"header-max-length": [2, "always", 100]
}
}Edit .github/dependabot.yml:
schedule:
interval: "daily" # or "weekly", "monthly"
time: "09:00"
timezone: "America/New_York"- Review Dependabot PRs
- Check for security vulnerabilities
- Monitor bundle size trends
- Review code coverage metrics
- Review and update performance baselines
- Audit npm dependencies
- Check for outdated GitHub Actions
- Review and optimize workflow run times
- Rotate secrets (NPM_TOKEN, etc.)
- Review branch protection rules
- Update CI/CD documentation
- Evaluate new quality tools
- Documentation: GitHub Actions CI/CD Documentation
- Issues: https://github.com/ooples/token-optimizer-mcp/issues
- Discussions: https://github.com/ooples/token-optimizer-mcp/discussions
After completing this setup:
- Read the full GitHub Actions README
- Review Branch Protection Rules
- Learn about Conventional Commits
- Explore Semantic Release docs