github-release
This skill sanitizes code for public release by scanning for secrets with gitleaks, validating LICENSE and README files, removing personal artifacts, and checking build integrity before creating and publishing version tags to GitHub via the gh CLI. Use it before making any project publicly available or deploying to GitHub to ensure sensitive credentials are removed, required documentation exists, and the codebase is in releasable condition.
git clone --depth 1 https://github.com/jezweb/claude-skills /tmp/github-release && cp -r /tmp/github-release/plugins/dev-tools/skills/github-release ~/.claude/skills/github-releaseSKILL.md
# GitHub Release
Sanitize and release projects to GitHub. Two-phase workflow: safety checks first, then tag and publish.
## Prerequisites
- `gh` CLI installed and authenticated (`gh auth status`)
- `gitleaks` installed for secrets scanning (`brew install gitleaks` or download from GitHub)
- Git repository with a remote configured
## Workflow
### Phase 1: Sanitize
Run these checks before any public release. Stop on blockers.
#### 1. Scan for Secrets (BLOCKER)
```bash
gitleaks detect --no-git --source=. --verbose
```
If secrets found: **STOP**. Remove secrets, move to environment variables. Check git history with `git log -S "secret_value"` — if in history, use BFG Repo-Cleaner.
If gitleaks not installed, do manual checks:
```bash
# Check for .env files
find . -name ".env*" -not -path "*/node_modules/*"
# Check config files for hardcoded secrets
grep -ri "api_key\|token\|secret\|password" wrangler.toml wrangler.jsonc .dev.vars 2>/dev/null
```
#### 2. Remove Personal Artifacts
Check for and remove session/planning files that shouldn't be published:
- `SESSION.md` — session state
- `planning/`, `screenshots/` — working directories
- `test-*.ts`, `test-*.js` — local test files
Either delete them or add to `.gitignore`.
#### 3. Validate LICENSE
```bash
ls LICENSE LICENSE.md LICENSE.txt 2>/dev/null
```
If missing: create one. Check the repo visibility (`gh repo view --json visibility -q '.visibility'`). Use MIT for public repos. For private repos, consider a proprietary license instead.
#### 4. Validate README
Check README exists and has basic sections:
```bash
grep -i "## Install\|## Usage\|## License" README.md
```
If missing sections, add them before release.
#### 5. Check .gitignore
Verify essential patterns are present:
```bash
grep -E "node_modules|\.env|dist/|\.dev\.vars" .gitignore
```
#### 6. Build Test (non-blocking)
```bash
npm run build 2>&1
```
#### 7. Dependency Audit (non-blocking)
```bash
npm audit --audit-level=high
```
#### 8. Create Sanitization Commit
If any changes were made during sanitization:
```bash
git add -A
git commit -m "chore: prepare for release"
```
### Phase 2: Release
#### 1. Determine Version
Check `package.json` for current version, or ask the user. Ensure version starts with `v` prefix.
#### 2. Check Tag Doesn't Exist
```bash
git tag -l "v[version]"
```
If it exists, ask user whether to delete and recreate or use a different version.
#### 3. Show What's Being Released
```bash
LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
if [ -z "$LAST_TAG" ]; then
git log --oneline --no-merges HEAD | head -20
else
git log --oneline --no-merges ${LAST_TAG}..HEAD
fi
```
#### 4. Create Tag and Push
```bash
git tag -a v[version] -m "Release v[version]"
git push origin $(git branch --show-current)
git push origin --tags
```
#### 5. Create GitHub Release
```bash
gh release create v[version] \
--title "Release v[version]" \
--notes "[auto-generated from commits]"
```
For pre-releases add `--prerelease`. For drafts add `--draft`.
#### 6. Report
Show the user:
- Release URL
- Next steps (npm publish if applicable, announcements)
## Reference Files
| When | Read |
|------|------|
| Detailed safety checks | [references/safety-checklist.md](references/safety-checklist.md) |
| Release mechanics | [references/release-workflow.md](references/release-workflow.md) |Hit the Cloudflare REST API directly for operations that wrangler and MCP can't handle well. Bulk DNS, custom hostnames, email routing, cache purge, WAF rules, redirect rules, zone settings, Worker routes, D1 cross-database queries, R2 bulk operations, KV bulk read/write, Vectorize queries, Queues, and fleet-wide resource audits. Produces curl commands or scripts. Triggers: 'cloudflare api', 'bulk dns', 'custom hostname', 'email routing', 'cache purge', 'waf rule', 'd1 query', 'r2 bucket', 'kv bulk', 'vectorize query', 'audit resources', 'fleet operation'.
Scaffold and deploy Cloudflare Workers with Hono routing, Vite plugin, and Static Assets. Describe project, scaffold structure, configure bindings, deploy. Use whenever the user wants to create a Worker project, set up Hono on Cloudflare, configure D1 / R2 / KV / Queues bindings, or troubleshoot Worker export syntax, API route conflicts, HMR issues, or deployment failures.
Generate Drizzle ORM schemas for Cloudflare D1 databases with correct D1-specific patterns. Produces schema files, migration commands, type exports, and DATABASE_SCHEMA.md documentation. Handles D1 quirks: foreign keys always enforced, no native BOOLEAN/DATETIME types, 100 bound parameter limit, JSON stored as TEXT. Use when creating a new database, adding tables, or scaffolding a D1 data layer.
Cloudflare D1 migration workflow: generate with Drizzle, inspect SQL for gotchas, apply to local and remote, fix stuck migrations, handle partial failures. Use when running migrations, fixing migration errors, or setting up D1 schemas.
Generate database seed scripts with realistic sample data. Reads Drizzle schemas or SQL migrations, respects foreign key ordering, produces idempotent TypeScript or SQL seed files. Handles D1 batch limits, unique constraints, and domain-appropriate data. Use when populating dev/demo/test databases. Triggers: 'seed database', 'seed data', 'sample data', 'populate database', 'db seed', 'test data', 'demo data', 'generate fixtures'.
Scaffold Hono API routes for Cloudflare Workers. Produces route files, middleware, typed bindings, Zod validation, error handling, and API_ENDPOINTS.md documentation. Use after a project is set up with cloudflare-worker-builder or vite-flare-starter, when you need to add API routes, create endpoints, or generate API documentation.
Build a full-stack TanStack Start app on Cloudflare Workers from scratch — SSR, file-based routing, server functions, D1+Drizzle, better-auth, Tailwind v4+shadcn/ui. Use whenever the user mentions TanStack Start, asks to scaffold a full-stack Cloudflare app with SSR, wants an SSR dashboard, or asks for a React 19 + Cloudflare Workers app with file-based routing and server functions — even if they don't name TanStack Start specifically. No template repo — Claude generates every file fresh per project.
Scaffold a full-stack Cloudflare app from the vite-flare-starter template — React 19 + Hono + D1+Drizzle + better-auth + Tailwind v4+shadcn/ui + TanStack Query + R2 + Workers AI. Run setup.sh to clone, configure, and deploy. Use whenever the user wants a batteries-included Cloudflare full-stack app, vite-flare-starter scaffold, or a React + Cloudflare app with auth + database + Workers AI ready to go.