Vifty 1.3.2 Release Checklist
This checklist is prepended to the GitHub Release notes and uploaded as a release asset. It distinguishes the checks completed by the release workflow from the follow-up checks that must happen after publication.
Verified By The Release Workflow
- Release tag
v1.3.2matchedResources/Info.plist. - Release metadata matched the Homebrew cask version, artifact name, SHA shape, helper cleanup path, TeamID wiring, notarization gates, verifier checks, and publication assets.
- Required Developer ID and notarization secret names were present in GitHub Actions.
- Swift tests passed on the release runner.
-
Vifty.appwas built with the configured Developer ID signing identity andVIFTY_XPC_ALLOWED_TEAM_ID. - Bundle plist files, signing TeamID,
viftyctlsigning identifier, and bundled LaunchDaemon TeamID allowlist were verified. - Apple notarization completed, the ticket was stapled, stapling was validated, and Gatekeeper assessment passed.
-
Vifty-v1.3.2.zipandVifty-v1.3.2.zip.sha256were generated. -
scripts/verify-release-artifact.shpassed before publication and wroteVifty-v1.3.2-artifact-summary.json.
Required Post-Publication Follow-Up
- Update
Casks/vifty.rbwith the publishedVifty-v1.3.2.zip.sha256usingscripts/update-cask-checksum.sh --version 1.3.2. - Run
scripts/verify-release-artifact.sh --team-id "$APPLE_TEAM_ID"against the public cask artifact after the checksum update. - Collect a release-mode evidence bundle with
scripts/collect-validation-evidence.sh --release-summary ./Vifty-v1.3.2-artifact-summary.json --release-checklist ./Vifty-v1.3.2-release-checklist.md. - Review that bundle with
make validation-evidence-review VALIDATION_EVIDENCE_BUNDLE=<evidence-dir> VALIDATION_EVIDENCE_REVIEW_MODE=release VALIDATION_EVIDENCE_REVIEW_SUMMARY=<evidence-dir>/review-result.json. - Update
docs/release-status.mdafter the signed artifact, checksum, verifier summary, and cask SHA are aligned. - Keep compatibility claims gated on reviewed hardware reports with
manualSmokeTestResult: "passed-auto-restored".
Until the post-publication checks pass, do not describe the Homebrew path as a fully trusted public binary install.
What's Changed
- Publish v1.3.1 cask checksum and trust status by @Reedtrullz in #13
- fix: preempt stale fan writes on Auto by @Reedtrullz in #14
Full Changelog: v1.3.1...v1.3.2