Summary
- Publishes Load Rift 0.2.24 with app metadata aligned across npm, Cargo, Tauri packaging, and AppStream release metadata.
- Hardens CI and release workflows by pinning GitHub Actions to commit SHAs instead of mutable version or branch refs.
- Replaces third-party Tauri release publishing with first-party shell and
ghsteps so Apple signing and APT signing material stays out of third-party release actions. - Splits draft release creation, read-only platform builds, release asset uploads, APT Pages deployment, and final release publication into separate gated jobs.
- Keeps write-scoped release tokens out of jobs that execute third-party build/cache actions.
- Preserves completed
mainCI runs by cancelling only non-main in-progress CI runs.
Downloads
- macOS Apple Silicon DMG: attached to this GitHub release as
Load.Rift_0.2.24_aarch64.dmg - macOS Intel DMG: attached to this GitHub release as
Load.Rift_0.2.24_x64.dmg - Linux AppImage: attached to this GitHub release as
Load.Rift_0.2.24_amd64.AppImage - Linux
.deb: attached to this GitHub release asLoad.Rift_0.2.24_amd64.deb - Linux
.rpm: attached to this GitHub release asLoad.Rift-0.2.24-1.x86_64.rpm - APT setup script: attached to this GitHub release as
install-apt-repo.sh - APT setup package: attached to this GitHub release as
load-rift-repository-setup_1.0_all.deb
Linux APT Install
Enable the Load Rift APT repository once:
bash <(curl -fsSL https://github.com/ddv1982/load-rift/releases/latest/download/install-apt-repo.sh)Then install or update normally:
sudo apt update
sudo apt install load-riftThe setup script authenticates the repository setup package checksum with a detached GPG signature and a release-pinned signer fingerprint before installing the repository configuration.
Bundled Third-Party Software
This package bundles Grafana k6 v2.0.0, licensed under AGPL-3.0-only.
Corresponding source: https://github.com/grafana/k6/tree/v2.0.0
Source archive: https://github.com/grafana/k6/archive/refs/tags/v2.0.0.tar.gz
Additional bundled licensing notices are included in the package.
Verification
- Workflow YAML parse for
.github/workflows/ci.ymland.github/workflows/release.yml - Static release workflow invariant checks for pinned actions, release gating, secret scope, and write-token job isolation
-
npm run typecheck -
npm run lint -
npm test -
npm run build -
npm run rust:fmt -
npm run rust:clippy -
npm run rust:audit -
cargo test --manifest-path src-tauri/Cargo.toml -
cargo check --manifest-path src-tauri/Cargo.toml -
git diff --check
Lore
Constraint: Release notes are read by the GitHub Actions release workflow from docs/releases/v0.2.24.md when available.
Constraint: Third-party build/cache actions may run with read-only repository access, but release write tokens and signing material must remain scoped to first-party shell or gh steps.
Constraint: A release is created as a draft first and only published after platform assets are uploaded and the APT Pages repository deploy completes.
Rejected: Keeping tauri-apps/tauri-action for build-and-release convenience | direct Tauri builds plus explicit gh release upload make token and secret boundaries auditable.
Rejected: Allowing a rerun to turn an already published release back into a draft | the workflow now refuses that path and requires a new replacement tag.
Confidence: high
Scope-risk: moderate
Directive: Ship release hardening and aligned 0.2.24 metadata without rewriting existing v0.2.x tags.
Tested: Workflow YAML parse; release workflow invariant script; mutable-ref grep; python3 -m py_compile scripts/build_apt_repository.py && sh -n scripts/install-apt-repo.sh && git diff --check; npm exec prettier -- --check ".github/workflows/*.yml"; npm run verify.
Not-tested: Local packaged artifact generation with npm run tauri build; release workflow will build and attach packaged artifacts on tag push.