Release Process
Use this checklist when you are preparing a tag-based release.
1. Ensure master is green
CI must pass on master.
2. Bump versions
Use the Makefile guard (recommended):
make set-version X.Y.ZaN
This writes to VERSION and updates backend/frontend/tauri packaging files.
It also blocks same-or-lower version values.
If release_metadata.md already exists, this step also refreshes .github/release/metadata.json.
3. Generate release metadata
Update release_metadata.md in repo root with:
- first non-empty line as title
- remaining content as release body
If you update release_metadata.md after that, regenerate the tracked metadata JSON:
make metadata
This writes .github/release/metadata.json, which release workflow uses for title/body.
4. Commit and push
make test
make git-add
make git-commit
make git-push
5. Create and push tag
make git-tag
6. GitHub Actions release workflow
Workflow file: .github/workflows/release.yml
What it does:
- Verifies tag commit is on
master. - Waits for
ci.ymlto complete and requires success for the same commit SHA. - Builds desktop artifacts via Tauri action (macOS + Windows matrix; Windows uses NSIS bundle).
- Publishes desktop artifacts to the GitHub prerelease for the tag.
7. Verify published release
Open GitHub Releases and verify notes/artifacts on the published prerelease.
Notes
- Current artifacts are unsigned unless signing is configured.
- Optional signing/notarization hooks are already wired in workflow via secrets.
- Add production secrets before distributing signed builds:
TAURI_SIGNING_PRIVATE_KEYTAURI_SIGNING_PRIVATE_KEY_PASSWORDAPPLE_CERTIFICATEAPPLE_CERTIFICATE_PASSWORDAPPLE_SIGNING_IDENTITYAPPLE_IDAPPLE_PASSWORDAPPLE_TEAM_IDWINDOWS_CERTIFICATEWINDOWS_CERTIFICATE_PASSWORD