Skip to content

deployment

Douwe de Vries edited this page Jul 1, 2026 · 2 revisions

Deployment

Deployment is driven by GitHub Actions, release metadata synchronization, Tauri packaging, and signing steps. For local release preparation, see /Users/vriesd/projects/csv-align/docs/releasing.md. For the validation commands, see testing.

CI workflow

/Users/vriesd/projects/csv-align/.github/workflows/ci.yml runs on pushes and pull requests to main.

The workflow starts with path filters:

  • Docs-only changes, limited to Markdown and LICENSE, skip full CI.
  • Rust-related changes run root Rust tests, formatting, and clippy on Ubuntu and macOS.
  • Frontend changes run npm test, npm run lint, and npm run build.
  • Tauri-impacting changes build the frontend, validate the prebuilt frontend contract, run Tauri wrapper tests, build Linux Tauri packages, validate Linux package metadata, sign .deb packages on main, and upload reusable release artifacts.

Reusable CI artifacts include:

  • csv-align-linux-x86_64-release-bundle
  • csv-align-frontend-dist

Release workflow

/Users/vriesd/projects/csv-align/.github/workflows/release.yml runs on tags matching v*.

The tagged release flow:

  1. Checks out the repository.
  2. Runs python3 /Users/vriesd/projects/csv-align/scripts/check_release_metadata.py --expected-tag <tag>.
  3. Waits for the successful CI run on main for the tagged commit.
  4. Verifies that the reusable Linux package and frontend dist artifacts are present and not expired.
  5. Extracts the matching /Users/vriesd/projects/csv-align/CHANGELOG.md section.
  6. Creates or refreshes a draft GitHub Release.
  7. Publishes Linux package assets and APT repository assets.
  8. Builds and uploads macOS DMGs for Apple Silicon and Intel targets.
  9. Publishes the draft release after packaging succeeds.

If CI artifacts expire, rerun CI on the main push commit that the tag points to, then rerun the release workflow for the tag.

Linux packages

Linux release assets include:

  • .deb
  • .rpm
  • .AppImage
  • csv-align-repository-setup_1.0_all.deb
  • csv-align-repository-setup_1.0_all.deb.sha256
  • csv-align-repository-setup_1.0_all.deb.sha256.asc
  • install-apt-repo.sh

The .deb package is produced by Tauri, normalized by /Users/vriesd/projects/csv-align/scripts/normalize_linux_deb_desktop_id.py, validated by /Users/vriesd/projects/csv-align/scripts/validate_linux_deb_metadata.py, and signed with dpkg-sig on main CI builds.

The .rpm package is rebuilt by /Users/vriesd/projects/csv-align/scripts/build_rpm_package.py so the package contains one canonical desktop launcher, AppStream metadata, icons, binary, and MIT license file.

The validator enforces:

  • AppStream component id com.csvalign.desktop.
  • Desktop id com.csvalign.desktop.desktop.
  • Binary csv-align.
  • Project license MIT.
  • Expected license file locations.
  • No extra .desktop launchers in gate mode.

APT repository

Tagged releases build a signed static APT repository with /Users/vriesd/projects/csv-align/scripts/build_apt_repository.py.

The repository is deployed to GitHub Pages under:

https://ddv1982.github.io/csv-align/apt/

The generated tree includes dists/stable, pool/main/c/csv-align, Packages, Packages.gz, DEP-11 metadata, InRelease, Release.gpg, and csv-align-archive-keyring.pgp.

The setup package installs:

  • /usr/share/keyrings/csv-align-archive-keyring.pgp
  • /etc/apt/sources.list.d/csv-align.sources

/Users/vriesd/projects/csv-align/scripts/install-apt-repo.sh downloads the setup package, authenticates the signed SHA256 sidecar with the pinned release key, verifies the package checksum, and installs the setup package with APT.

macOS DMGs

macOS release jobs run on GitHub-hosted macOS runners for:

  • aarch64-apple-darwin
  • x86_64-apple-darwin

The workflow imports a Developer ID Application certificate, prepares an App Store Connect API key, downloads the prebuilt frontend dist artifact from CI, installs the Tauri CLI, and runs cargo tauri build --verbose --target <target>.

The release job sets TAURI_BUNDLER_DMG_IGNORE_CI=false so Tauri's generated DMG script keeps its CI-safe behavior on GitHub runners.

Release metadata

Version metadata must stay synchronized across:

  • /Users/vriesd/projects/csv-align/Cargo.toml
  • /Users/vriesd/projects/csv-align/Cargo.lock
  • /Users/vriesd/projects/csv-align/src-tauri/Cargo.toml
  • /Users/vriesd/projects/csv-align/src-tauri/Cargo.lock
  • /Users/vriesd/projects/csv-align/src-tauri/tauri.conf.json
  • /Users/vriesd/projects/csv-align/src-tauri/appstream/com.csvalign.desktop.metainfo.xml
  • /Users/vriesd/projects/csv-align/frontend/package.json
  • /Users/vriesd/projects/csv-align/frontend/package-lock.json
  • /Users/vriesd/projects/csv-align/CHANGELOG.md

The changelog heading must match:

## vX.Y.Z - YYYY-MM-DD

See configuration for release secrets and variables.

Key source files

File Purpose
/Users/vriesd/projects/csv-align/.github/workflows/ci.yml CI validation, Tauri Linux package build, package metadata validation, and reusable artifacts.
/Users/vriesd/projects/csv-align/.github/workflows/release.yml Tag release validation, release asset publishing, APT Pages deployment, and macOS DMG publishing.
/Users/vriesd/projects/csv-align/docs/releasing.md Maintainer release process, prerequisites, and manual verification commands.
/Users/vriesd/projects/csv-align/scripts/check_release_metadata.py Synchronized version and changelog validation.
/Users/vriesd/projects/csv-align/scripts/validate_linux_deb_metadata.py Linux package metadata validator for .deb and .rpm artifacts.
/Users/vriesd/projects/csv-align/scripts/build_apt_repository.py Signed APT repository and setup package generator.
/Users/vriesd/projects/csv-align/src-tauri/tauri.conf.json Tauri bundle and platform package configuration.

Clone this wiki locally