Skip to content

RELEASING.md

Latest commit

 

History

History
66 lines (49 loc) · 3.17 KB

RELEASING.md

File metadata and controls

66 lines (49 loc) · 3.17 KB

Releasing

Versioning

The app currently uses a pragmatic release model. Keep these files aligned when cutting a release:

  • Resources/Info.plist
  • CHANGELOG.md
  • README.md if install, menu structure or runtime behavior changed materially

Do not bump Resources/Info.plist for ordinary maintenance, documentation sync or unreleased feature commits. Only change the bundle version when you are actually cutting a release.

Local Release Checklist

  1. Run make check.
  2. Update the unreleased section in CHANGELOG.md.
  3. If this commit is a real release, bump CFBundleShortVersionString and CFBundleVersion in Resources/Info.plist.
  4. Build release artifacts with make package (unsigned by default).
  5. Confirm package content and signature with ./Scripts/verify-package.sh dist/DevStackMenu-*.pkg 0 for unsigned path, or 1 when signing is mandatory.
  6. Run a root-install smoke checklist with one command:
./Scripts/release-smoke-install.sh dist/DevStackMenu-*.pkg

It performs installer + pkgutil + post-install checks. 7. Sanity-check generated apps in /Applications after install (script already validates this, including /Applications/Import Compose To DX.app and /usr/local/bin/dx).

  • Release package install is expected to be self-validating; postinstall fails if /usr/local/bin/dx is not installed or executable.
  1. Verify the main app and compose-import helper use distinct bundle identifiers in the built artifacts.
  2. Verify single-instance behavior by launching the installed app twice and confirming the second launch exits while the original instance stays alive.
  3. If signing credentials are configured, run workflow_dispatch on Release Artifacts for signed/notarized output.
  4. If signing credentials are not configured, expect downloaded GitHub Release .pkg files to be blocked by Gatekeeper until the user removes com.apple.quarantine manually.

GitHub Release Flow

The repository includes a workflow that builds a .pkg artifact, uploads it as a workflow artifact, and attaches it to the GitHub release for the tag on push/tag events. Signed/notarized output is optional and driven by workflow secrets. Without these secrets, GitHub Release assets remain unsigned and non-notarized, which is acceptable for maintainer testing but not a polished public install flow.

To enable signing/notarization on workflow_dispatch, configure:

  • CODESIGN_INSTALLER_IDENTITY
  • MACOS_INSTALLER_CERT_P12_BASE64
  • MACOS_INSTALLER_CERT_PASSWORD
  • NOTARYTOOL_KEY_ID
  • NOTARYTOOL_ISSUER_ID
  • NOTARYTOOL_KEY_P8_BASE64

Recommended tag format:

v0.1.1

Notes

  • Artifacts are unsigned by default.
  • make install-local is a convenience for maintainers and local users; it is not a substitute for a signed distribution flow.
  • For a downloaded unsigned package, the current manual bypass is:
PKG="$(find "$HOME/Downloads" -maxdepth 1 -type f -name 'DevStackMenu-*.pkg' -exec stat -f '%m %N' {} \; | sort -nr | head -n 1 | cut -d' ' -f2-)"
[ -n "$PKG" ] && [ -f "$PKG" ] || { echo "DevStackMenu pkg not found in ~/Downloads" >&2; exit 1; }
xattr -d com.apple.quarantine "$PKG" 2>/dev/null || xattr -c "$PKG"
sudo installer -pkg "$PKG" -target /