Configuration
Universal Release uses a single .release.yaml file to configure all aspects of package publishing.
Basic Configurationβ
version: 1
global:
versionScheme: semantic
commitConvention: conventional-commits
ecosystems:
npm:
enabled: true
Configuration Structureβ
Global Settingsβ
global:
# Version management
versionScheme: semantic | calver | custom
commitConvention: conventional-commits | angular | none
# Security
sbom:
enabled: true
format: spdx | cyclonedx
attestation:
enabled: true
framework: slsa | in-toto
signing:
enabled: true
provider: cosign | gpg
Ecosystem Configurationβ
Each ecosystem can be configured independently:
ecosystems:
npm:
enabled: true
registry: https://registry.npmjs.org
validation:
build: true
test: true
lint: true
prePublishScripts:
- npm audit
- npm run security-check
tag: latest
Full Exampleβ
version: 1
global:
versionScheme: semantic
commitConvention: conventional-commits
sbom:
enabled: true
format: spdx
attestation:
enabled: true
framework: slsa
signing:
enabled: true
provider: cosign
ecosystems:
npm:
enabled: true
validation:
build: true
test: true
lint: true
prePublishScripts:
- bun audit
tag: latest
docker:
enabled: true
registries:
- ghcr.io/org/image
- docker.io/org/image
validation:
build: true
monorepo:
enabled: false
strategy: independent
packages: packages/*
Environment-Specific Configurationβ
You can override settings using environment variables:
RELEASE_NPM_REGISTRY=https://npm.company.com release publish
Validationβ
Validate your configuration:
release config --validate
View merged configuration:
release config --show
Next Stepsβ
- Architecture - Understand how it works
- CLI Commands - Full command reference
- Ecosystem Guides - Ecosystem-specific docs