Skip to content

systems release tooling

Douwe de Vries edited this page Jul 1, 2026 · 1 revision

Release tooling

Active contributors: Douwe de Vries

Purpose

Release tooling validates version metadata, builds desktop artifacts, signs Linux distribution files, publishes the APT repository, and publishes the GitHub Release after all platform jobs pass. It connects repository metadata with the Tauri desktop package outputs.

Directory layout

Path Role
scripts/check-release-metadata.mjs Validates version consistency, tag naming, changelog notes, Linux icons, metainfo, desktop template, and absence of bundled model artifacts.
scripts/package-tauri-linux.mjs Builds Linux Tauri bundles or collects existing bundles into dist/rust/artifacts.
scripts/package-rust-macos.mjs Wraps a built macOS Tauri .app as a DMG and supports legacy native packaging only behind an explicit flag.
scripts/build_apt_repository.py Builds signed APT repository metadata, DEP-11 metadata, archive keyring output, and repository setup package.
scripts/check-apt-installer.mjs Validates the APT installer template or rendered script, fingerprint behavior, checksum path, and staging permissions.
.github/workflows/release.yml Orchestrates validation, draft release creation, macOS builds, Linux builds, APT Pages deployment, and final publishing.
docs/releasing.md Human release process, required metadata updates, artifact model, and local validation commands.

Key abstractions

  • Version identity spans package.json, frontend/package.json, frontend/package-lock.json, Cargo.toml, src-tauri/tauri.conf.json, changelog, and Linux metainfo.
  • Tauri CLI version is pinned by TAURI_CLI_VERSION in the release workflow.
  • dist/rust/artifacts is the staging directory for release assets.
  • dist/rust/apt-pages is the staged GitHub Pages artifact for the APT repository and bootstrap files.
  • Direct Linux installers receive .sha256 sidecars and detached signatures for the sidecars.
  • The APT repository is signed with InRelease and Release.gpg, then deployed through GitHub Pages.

How it works

graph TD
    Tag[v* tag] --> Validate[validate-release]
    Validate --> Draft[create draft release]
    Draft --> Mac[build macOS arm64 and x64]
    Draft --> Linux[build Linux x64]
    Linux --> Apt[build signed APT repository]
    Apt --> Pages[publish APT repository]
    Mac --> Publish[publish GitHub Release]
    Linux --> Publish
    Pages --> Publish
Loading

The release workflow first validates metadata, audits dependencies, checks contracts, runs dead-code checks, tests the frontend, builds the frontend, and validates the Rust workspace. Only then does it create or refresh a draft release. macOS jobs build a Tauri .app, sign and notarize it, wrap it in a DMG, then upload DMGs. Linux jobs build .deb, .rpm, and AppImage artifacts, validate package metadata, sign checksum sidecars, build the signed APT repository, stage the installer script, upload release assets, and deploy the Pages artifact.

Integration points

  • Tauri command shell and csv-anonymizer-tauri supply the desktop bundle that release tooling packages.
  • csv-anonymizer-app remains available for smoke harness checks and legacy macOS packaging paths.
  • README.md and Getting started list the canonical local gates that overlap with release validation.
  • scripts/check-contracts.mjs validates frontend and Rust DTO alignment before release.
  • src-tauri/tauri.conf.json, src-tauri/tauri.linux.conf.json, build/linux, and build/icons are release metadata inputs even though they are outside this systems section.

Entry points for modification

  • Change release metadata validation in scripts/check-release-metadata.mjs.
  • Change Linux artifact collection or Tauri build invocation in scripts/package-tauri-linux.mjs.
  • Change macOS DMG wrapping in scripts/package-rust-macos.mjs.
  • Change APT repository structure, signing, setup package, or DEP-11 metadata in scripts/build_apt_repository.py.
  • Change installer validation in scripts/check-apt-installer.mjs.
  • Change CI release sequencing, permissions, or uploaded assets in .github/workflows/release.yml.
  • Update operator-facing process notes in docs/releasing.md.

Key source files

  • scripts/check-release-metadata.mjs
  • scripts/package-tauri-linux.mjs
  • scripts/package-rust-macos.mjs
  • scripts/build_apt_repository.py
  • scripts/check-apt-installer.mjs
  • .github/workflows/release.yml
  • docs/releasing.md

Clone this wiki locally