-
Notifications
You must be signed in to change notification settings - Fork 0
Ops Release Operations
title: Release Operations description: Operator checklist for repository transfer, trusted releases, OpenUPM, and Unity Asset Store onboarding
This section is for maintainers doing account, repository, registry, and store
work for DxMessaging. It is not user-facing package documentation. Keep only
non-sensitive execution notes in .operator-runbooks/; keep private account,
security, publisher, and approval status in the provider console or approved
organization password manager.
Canonical public identifiers:
- GitHub repository:
Ambiguous-Interactive/DxMessaging - Package ID:
com.wallstop-studios.dxmessaging - Documentation site:
https://ambiguous-interactive.github.io/DxMessaging/ - Release workflow:
.github/workflows/release.yml - Unity workflow lock: every Unity-credential-using job acquires
wallstop-organization-buildsthroughAmbiguous-Interactive/ambiguous-organization-build-lockimmediately before the licensedgame-ci/unity-test-runner@v4section and releases it withif: always(). Native GitHubconcurrencyis repository-scoped, sowallstop-organization-buildsmust not be used as a nativeconcurrency.group. IL2CPP is thestandaloneentry in theunity-teststest-modematrix, not a separate job. - Unity runner labels: uniform static
runs-on: [self-hosted, Windows, RAM-64GB]across all Unity-credential-using jobs, so either ELI-MACHINE or DAD-MACHINE can pick up any Unity job. Thefastmarker remains on ELI-MACHINE for a future opt-in hotfix dispatch but no currently-active workflow requests it. - Stuck-job watchdog:
.github/workflows/stuck-job-watchdog.ymlruns every 5 minutes to detect and recover from the known GitHub Actions self-hosted dispatcher bug (Community Discussion #186811) where a queued run never receives an Online/Idle runner. The watchdog excludesrelease.ymlfrom auto-cancellation to protect attestation and publishing flows. For immediate one-click recovery of a single stuck run, operators dispatch.github/workflows/unstick-run.ymlfrom the Actions tab with the stuck run id (it bypasses the cron wait and the queue-age threshold). Note that GitHubschedule:cron triggers fire only from the repository default branch, so the watchdog cron is INACTIVE untilstuck-job-watchdog.ymlreachesmaster; until then, useunstick-run.ymlor the watchdog's manualworkflow_dispatchtrigger.
Tracked pages:
- Github-Transfer
- Ci-And-Github-Settings
- Npm-Release-Publishing
- Openupm-Metadata
- Unity-Asset-Store-Upm
- Post-Transfer-Verification
Generate an ignored local checklist for non-sensitive execution notes:
npm run generate:ambiguous-release-runbookThe command writes .operator-runbooks/ambiguous-release-setup.md. The file is
gitignored and excluded from npm packages. Generation refuses to overwrite an
existing runbook; use node scripts/generate-ambiguous-release-runbook.js --force
only after preserving local notes.
Do not store secrets, tokens, recovery codes, screenshots, publisher identifiers, private account metadata, private contact details, or publisher portal notes in tracked files or this local runbook. Keep secret values and publisher-only records in the appropriate provider consoles or approved organization password manager.
The release trigger is a pushed tag named vX.Y.Z. The tag must exactly match
package.json.version with a leading v. For example, package version 3.0.1
must be released from tag v3.0.1.
There is no manual workflow_dispatch release path. A tag such as 3.0.1 or
v3.0.1-rc.1 does not pass the release verifier.
The release workflow performs these gates:
- Verify the semver tag and package version.
- Run script tests, Unity workflow contract tests, npm package validation,
llms.txtvalidation, repository identity validation, andvalidate:all. - Pack the npm tarball and write a
.sha256checksum. - Attest the packed
.tgzwith GitHub artifact attestations. - Run the trusted Unity release check on the Ambiguous self-hosted Windows runner.
- Create or update the GitHub Release with the
.tgzand checksum. - Publish to npm with Trusted Publishing and provenance.
Release assets are currently npm .tgz plus .sha256. The workflow does not
build or upload a .unitypackage.
- GitHub repository transfer docs: https://docs.github.com/articles/about-repository-transfers
- npm Trusted Publishing: https://docs.npmjs.com/trusted-publishers
- npm provenance: https://docs.npmjs.com/generating-provenance-statements
- OpenUPM package metadata: https://openupm.com/docs/adding-upm-package.html
- Unity Asset Store publishing: https://support.unity.com/hc/en-us/sections/12259768837268-Publishing-on-the-Asset-Store
- Unity package standards: https://unity.com/core-standards
- Getting-Started-Overview
- Getting-Started-Getting-Started
- Getting-Started-Install
- Getting-Started-Quick-Start
- Getting-Started-Visual-Guide
- Concepts-Message-Types
- Concepts-Listening-Patterns
- Concepts-Targeting-And-Context
- Concepts-Interceptors-And-Ordering
- Guides-Patterns
- Guides-Unity-Integration
- Guides-Testing
- Guides-Diagnostics
- Guides-Advanced
- Guides-Migration-Guide
- Advanced-Emit-Shorthands
- Advanced-Message-Bus-Providers
- Advanced-Runtime-Configuration
- Advanced-String-Messages
- Reference-Reference
- Reference-Quick-Reference
- Reference-Helpers
- Reference-Faq
- Reference-Glossary
- Reference-Troubleshooting
- Reference-Compatibility
Links