feat(ci): Add Release Pipeline (NPM)

.github/actions/build/action.yml

@@ -0,0 +1,73 @@
+name: "Build"
+description: "Sets up environment and builds the WASM package"
+
+inputs:
+  github-app-token:
+    description: "GitHub App token for private git deps"
+    required: false
+    default: ""
+  configure-git-user:
+    description: "Configure git user for commits"
+    required: false
+    default: "false"
+  node-version:
+    description: "Node.js version to install"
+    required: false
+    default: "24"
+  setup-npm-registry:
+    description: "Setup NPM registry URL"
+    required: false
+    default: "false"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Configure git for GitHub App auth (private deps and push)
+      if: ${{ inputs.github-app-token != '' }}
+      shell: bash
+      env:
+        BULLET_APP_TOKEN: ${{ inputs.github-app-token }}
+      run: |
+        git config --global --add url."https://x-access-token:${BULLET_APP_TOKEN}@github.com/".insteadOf "ssh://git@github.com/"
+        git config --global --add url."https://x-access-token:${BULLET_APP_TOKEN}@github.com/".insteadOf "git@github.com:"
+        git config --global --add url."https://x-access-token:${BULLET_APP_TOKEN}@github.com/".insteadOf "https://github.com/"
+
+    - name: Configure Git user
+      if: ${{ inputs.configure-git-user == 'true' }}
+      shell: bash
+      run: |
+        git config user.name "github-actions[bot]"
+        git config user.email "github-actions[bot]@users.noreply.github.com"
+
+    - name: Setup Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ inputs.node-version }}
+        registry-url: ${{ inputs.setup-npm-registry == 'true' && 'https://registry.npmjs.org' || '' }}
+
+    - name: Setup Rust
+      uses: dtolnay/rust-toolchain@stable
+      with:
+        targets: wasm32-unknown-unknown
+
+    - name: Rust cache
+      uses: Swatinem/rust-cache@v2
+
+    - name: Install cargo-binstall
+      uses: cargo-bins/cargo-binstall@main
+
+    - name: Install wasm-pack
+      shell: bash
+      run: cargo binstall wasm-pack -y
+
+    - name: Install just
+      uses: extractions/setup-just@v2
+
+    - name: Install npm dependencies
+      shell: bash
+      working-directory: ./wasm
+      run: npm install
+
+    - name: Build WASM
+      shell: bash
+      run: just build-wasm

.github/workflows/npm-publish.yml

@@ -0,0 +1,83 @@
+# NPM publishing uses OIDC Trusted Publishers for authentication (no NPM_TOKEN needed).
+# Configure the Trusted Publisher at https://www.npmjs.com/package/@bulletxyz/sdk-wasm/access
+# See: https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions
+
+name: NPM Publish
+
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: "Branch to build and publish from"
+        required: true
+        default: "main"
+        type: string
+      level:
+        description: "Release level"
+        required: true
+        default: "patch"
+        type: choice
+        options:
+          - patch
+          - minor
+          - major
+          - rc
+
+env:
+  CARGO_TERM_COLOR: always
+  CARGO_NET_GIT_FETCH_WITH_CLI: true
+  CI: 1
+
+concurrency:
+  group: npm-publish
+  cancel-in-progress: false
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.branch }}
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Create GitHub App Token
+        id: app-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.BULLET_DEPLOY_APP_ID }}
+          private-key: ${{ secrets.BULLET_DEPLOY_KEY }}
+          owner: ${{ github.repository_owner }}
+
+      - name: Configure git
+        env:
+          GITHUB_APP_TOKEN: ${{ steps.app-token.outputs.token }}
+        run: |
+          git config user.name "bullet-deploy[bot]"
+          git config user.email "${{ vars.BULLET_DEPLOY_APP_ID }}+bullet-deploy[bot]@users.noreply.github.com"
+          git config --global url."https://x-access-token:${GITHUB_APP_TOKEN}@github.com/".insteadOf "https://github.com/"
+
+      - name: Build
+        uses: ./.github/actions/build
+        with:
+          github-app-token: ${{ steps.app-token.outputs.token }}
+          setup-npm-registry: "true"
+
+      - name: Install cargo-edit
+        run: cargo binstall cargo-edit -y
+
+      - name: Bump + publish to npm
+        run: just publish-wasm ${{ inputs.level }}
+
+      - name: Commit, tag, and push
+        run: |
+          V=$(cargo pkgid -p bullet-rust-sdk-wasm | cut -d@ -f2)
+          git add Cargo.toml rust/Cargo.toml wasm/Cargo.toml wasm/package.json
+          git commit -m "v${V} [skip ci]"
+          git tag -m "v${V}" "v${V}"
+          git push --follow-tags

Cargo.toml

@@ -2,6 +2,12 @@
 members = ["rust", "wasm"]
 resolver = "2"
 
+[workspace.package]
+version = "0.0.9"
+edition = "2024"
+license = "MIT"
+repository = "https://github.com/bulletxyz/bullet-rust-sdk"
+
 [workspace.dependencies]
 bon = "3.9.0"
 

flake.nix

@@ -87,6 +87,7 @@
             packages = [
               rust
               pkgs.cargo-nextest
+              pkgs.cargo-edit
               pkgs.just
               (makeWasmPack pkgs)
               pkgs.pkg-config

justfile

@@ -152,6 +152,30 @@ ci:
 
     printf '\n\033[1;32m✓ All checks passed\033[0m\n'
 
+# ── Publish ───────────────────────────────────────────────────────────────────
+
+# Bump workspace version, build, and publish to npm (no git ops).
+# Level: patch | minor | major | rc
+publish-wasm level="patch":
+    #!/usr/bin/env bash
+    set -euo pipefail
+    case "{{ level }}" in
+        patch|minor|major)
+            cargo set-version --workspace --bump {{ level }}
+            ;;
+        rc)
+            cargo set-version --workspace "$(cargo pkgid -p bullet-rust-sdk-wasm | cut -d@ -f2 | awk -F. '{print $1"."$2"."$3+1"-rc.0"}')"
+            ;;
+        *)
+            echo "Unknown level: {{ level }}" >&2; exit 1
+            ;;
+    esac
+    V=$(cargo pkgid -p bullet-rust-sdk-wasm | cut -d@ -f2)
+    cd wasm && npm version "$V" --no-git-tag-version --allow-same-version && cd ..
+    just build-wasm
+    tag=$([ "{{ level }}" = "rc" ] && echo "rc" || echo "latest")
+    cd wasm && npm publish --tag "$tag" --access public
+
 # ── OpenAPI spec ──────────────────────────────────────────────────────────────
 
 # Fetch and cache the latest OpenAPI spec from mainnet

rust/Cargo.toml

@@ -1,10 +1,10 @@
 [package]
 name = "bullet-rust-sdk"
-version = "0.0.4"
-edition = "2024"
-license = "MIT"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+repository.workspace = true
 description = "Rust SDK for the Bullet trading platform"
-repository = "https://github.com/bulletxyz/bullet-rust-sdk"
 links = "bullet_rust_codegen"
 
 [lib]

wasm/Cargo.toml

@@ -1,10 +1,10 @@
 [package]
 name = "bullet-rust-sdk-wasm"
-version = "0.0.4"
-edition = "2024"
-license = "MIT"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+repository.workspace = true
 description = "WebAssembly bindings for the Bullet trading SDK"
-repository = "https://github.com/bulletxyz/bullet-rust-sdk"
 
 [lib]
 crate-type = ["cdylib", "rlib"]

wasm/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bulletxyz/sdk-wasm",
-  "version": "0.0.4",
+  "version": "0.0.9",
   "description": "WebAssembly bindings for the Bullet trading SDK — works in Node.js, browsers, and Deno",
   "author": "Bullet.xyz",
   "license": "MIT",
@@ -21,7 +21,9 @@
   ],
   "type": "module",
   "scripts": {
-    "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js"
+    "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js",
+    "build": "cd .. && just build-wasm",
+    "prepublishOnly": "[ -n \"$CI\" ] || npm run build"
   },
   "devDependencies": {
     "@jest/globals": "^30.3.0",
@@ -67,4 +69,4 @@
   "sideEffects": [
     "./pkg/node.js"
   ]
-}
+}