-
Notifications
You must be signed in to change notification settings - Fork 0
deployment
Deployment is driven by GitHub Actions, release metadata synchronization, Tauri packaging, and signing steps. For local release preparation, see /Users/vriesd/projects/csv-align/docs/releasing.md. For the validation commands, see testing.
/Users/vriesd/projects/csv-align/.github/workflows/ci.yml runs on pushes and pull requests to main.
The workflow starts with path filters:
- Docs-only changes, limited to Markdown and
LICENSE, skip full CI. - Rust-related changes run root Rust tests, formatting, and clippy on Ubuntu and macOS.
- Frontend changes run
npm test,npm run lint, andnpm run build. - Tauri-impacting changes build the frontend, validate the prebuilt frontend contract, run Tauri wrapper tests, build Linux Tauri packages, validate Linux package metadata, sign
.debpackages onmain, and upload reusable release artifacts.
Reusable CI artifacts include:
csv-align-linux-x86_64-release-bundlecsv-align-frontend-dist
/Users/vriesd/projects/csv-align/.github/workflows/release.yml runs on tags matching v*.
The tagged release flow:
- Checks out the repository.
- Runs
python3 /Users/vriesd/projects/csv-align/scripts/check_release_metadata.py --expected-tag <tag>. - Waits for the successful CI run on
mainfor the tagged commit. - Verifies that the reusable Linux package and frontend dist artifacts are present and not expired.
- Extracts the matching
/Users/vriesd/projects/csv-align/CHANGELOG.mdsection. - Creates or refreshes a draft GitHub Release.
- Publishes Linux package assets and APT repository assets.
- Builds and uploads macOS DMGs for Apple Silicon and Intel targets.
- Publishes the draft release after packaging succeeds.
If CI artifacts expire, rerun CI on the main push commit that the tag points to, then rerun the release workflow for the tag.
Linux release assets include:
.deb.rpm.AppImagecsv-align-repository-setup_1.0_all.debcsv-align-repository-setup_1.0_all.deb.sha256csv-align-repository-setup_1.0_all.deb.sha256.ascinstall-apt-repo.sh
The .deb package is produced by Tauri, normalized by /Users/vriesd/projects/csv-align/scripts/normalize_linux_deb_desktop_id.py, validated by /Users/vriesd/projects/csv-align/scripts/validate_linux_deb_metadata.py, and signed with dpkg-sig on main CI builds.
The .rpm package is rebuilt by /Users/vriesd/projects/csv-align/scripts/build_rpm_package.py so the package contains one canonical desktop launcher, AppStream metadata, icons, binary, and MIT license file.
The validator enforces:
- AppStream component id
com.csvalign.desktop. - Desktop id
com.csvalign.desktop.desktop. - Binary
csv-align. - Project license
MIT. - Expected license file locations.
- No extra
.desktoplaunchers in gate mode.
Tagged releases build a signed static APT repository with /Users/vriesd/projects/csv-align/scripts/build_apt_repository.py.
The repository is deployed to GitHub Pages under:
https://ddv1982.github.io/csv-align/apt/
The generated tree includes dists/stable, pool/main/c/csv-align, Packages, Packages.gz, DEP-11 metadata, InRelease, Release.gpg, and csv-align-archive-keyring.pgp.
The setup package installs:
/usr/share/keyrings/csv-align-archive-keyring.pgp/etc/apt/sources.list.d/csv-align.sources
/Users/vriesd/projects/csv-align/scripts/install-apt-repo.sh downloads the setup package, authenticates the signed SHA256 sidecar with the pinned release key, verifies the package checksum, and installs the setup package with APT.
macOS release jobs run on GitHub-hosted macOS runners for:
aarch64-apple-darwinx86_64-apple-darwin
The workflow imports a Developer ID Application certificate, prepares an App Store Connect API key, downloads the prebuilt frontend dist artifact from CI, installs the Tauri CLI, and runs cargo tauri build --verbose --target <target>.
The release job sets TAURI_BUNDLER_DMG_IGNORE_CI=false so Tauri's generated DMG script keeps its CI-safe behavior on GitHub runners.
Version metadata must stay synchronized across:
/Users/vriesd/projects/csv-align/Cargo.toml/Users/vriesd/projects/csv-align/Cargo.lock/Users/vriesd/projects/csv-align/src-tauri/Cargo.toml/Users/vriesd/projects/csv-align/src-tauri/Cargo.lock/Users/vriesd/projects/csv-align/src-tauri/tauri.conf.json/Users/vriesd/projects/csv-align/src-tauri/appstream/com.csvalign.desktop.metainfo.xml/Users/vriesd/projects/csv-align/frontend/package.json/Users/vriesd/projects/csv-align/frontend/package-lock.json/Users/vriesd/projects/csv-align/CHANGELOG.md
The changelog heading must match:
## vX.Y.Z - YYYY-MM-DD
See configuration for release secrets and variables.
| File | Purpose |
|---|---|
/Users/vriesd/projects/csv-align/.github/workflows/ci.yml |
CI validation, Tauri Linux package build, package metadata validation, and reusable artifacts. |
/Users/vriesd/projects/csv-align/.github/workflows/release.yml |
Tag release validation, release asset publishing, APT Pages deployment, and macOS DMG publishing. |
/Users/vriesd/projects/csv-align/docs/releasing.md |
Maintainer release process, prerequisites, and manual verification commands. |
/Users/vriesd/projects/csv-align/scripts/check_release_metadata.py |
Synchronized version and changelog validation. |
/Users/vriesd/projects/csv-align/scripts/validate_linux_deb_metadata.py |
Linux package metadata validator for .deb and .rpm artifacts. |
/Users/vriesd/projects/csv-align/scripts/build_apt_repository.py |
Signed APT repository and setup package generator. |
/Users/vriesd/projects/csv-align/src-tauri/tauri.conf.json |
Tauri bundle and platform package configuration. |