chore: release v1.0.1

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/renovate.json

@@ -0,0 +1,4 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["local>ivuorinen/renovate-config"]
+}

.github/workflows/ci.yml

@@ -11,6 +11,8 @@ jobs:
   lint:
     name: Lint & Auto-fix
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - name: Checkout code
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -40,6 +42,8 @@ jobs:
     name: Test
     runs-on: ubuntu-latest
     needs: lint
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -69,6 +73,8 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     needs: lint
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

.github/workflows/release.yml

@@ -1,8 +1,6 @@
 name: Release
 
 on:
-  release:
-    types: [published]
   push:
     tags:
       - 'v*.*.*'
@@ -11,6 +9,8 @@ jobs:
   lint:
     name: Lint
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -31,6 +31,8 @@ jobs:
     name: Test
     runs-on: ubuntu-latest
     needs: lint
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -58,6 +60,8 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     needs: lint
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -80,10 +84,33 @@ jobs:
           name: dist
           path: dist/
 
+  create-release:
+    name: Create GitHub Release
+    runs-on: ubuntu-latest
+    needs: [lint, test, build]
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        with:
+          name: dist
+          path: dist/
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.2.0
+        with:
+          generate_release_notes: true
+          files: |
+            dist/**/*
+
   publish:
     name: Publish to npm
     runs-on: ubuntu-latest
-    needs: [lint, test, build]
+    needs: [lint, test, build, create-release]
     permissions:
       contents: read
       id-token: write
@@ -104,7 +131,24 @@ jobs:
       - name: Build project
         run: npm run build
 
+      - name: Check if version exists on npm
+        id: check-version
+        run: |
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          PACKAGE_NAME=$(node -p "require('./package.json').name")
+          echo "version=$PACKAGE_VERSION" >> $GITHUB_OUTPUT
+          echo "name=$PACKAGE_NAME" >> $GITHUB_OUTPUT
+
+          if npm view "$PACKAGE_NAME@$PACKAGE_VERSION" version 2>/dev/null; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+            echo "⚠️ Version $PACKAGE_VERSION already exists on npm, skipping publish"
+          else
+            echo "exists=false" >> $GITHUB_OUTPUT
+            echo "✅ Version $PACKAGE_VERSION does not exist on npm, will publish"
+          fi
+
       - name: Publish to npm
+        if: steps.check-version.outputs.exists == 'false'
         run: npm publish --provenance --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.nvmrc

@@ -1 +1 @@
-22.18
+22.20

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@ivuorinen/gh-codeql-report",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@ivuorinen/gh-codeql-report",
-      "version": "1.0.0",
+      "version": "1.0.1",
       "license": "MIT",
       "dependencies": {
         "@types/yargs": "^17.0.33",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ivuorinen/gh-codeql-report",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Collect repository CodeQL findings as a LLM ready report for easier fixing.",
   "keywords": [
     "cli",
@@ -32,7 +32,10 @@
     "lint": "biome check src/",
     "lint:fix": "biome check --write .",
     "format": "biome format --write .",
-    "prepare": "husky"
+    "prepare": "husky",
+    "release:patch": "npm version patch -m 'chore: release v%s' && git push origin main --follow-tags",
+    "release:minor": "npm version minor -m 'chore: release v%s' && git push origin main --follow-tags",
+    "release:major": "npm version major -m 'chore: release v%s' && git push origin main --follow-tags"
   },
   "dependencies": {
     "@types/yargs": "^17.0.33",

src/cli.ts

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 
 import { writeFile } from 'node:fs/promises';
+import { fileURLToPath } from 'node:url';
 import { Octokit } from 'octokit';
 import yargs from 'yargs';
 import { hideBin } from 'yargs/helpers';
@@ -114,7 +115,12 @@ export async function main(): Promise<number> {
 }
 
 // Only run if this is the main module (not imported for testing)
-if (import.meta.url === `file://${process.argv[1]}`) {
+const modulePath = fileURLToPath(import.meta.url);
+const isMainModule =
+  process.argv[1] &&
+  (modulePath === process.argv[1] || modulePath === fileURLToPath(`file://${process.argv[1]}`));
+
+if (isMainModule) {
   main().then((exitCode) => {
     process.exit(exitCode);
   });