Closed
Conversation
Move the macOS packaging spike evidence down to Track A so the doc reads as conclusions first and proof near the recommended next step. Made-with: Cursor
Record the packaging and signature preservation spikes, drop the macOS resource-copy step, and keep final app signing as the bundle finalization path. Made-with: Cursor
Record that the macOS copy-step question is resolved enough to unblock updater plumbing, and split the next work into a dedicated Track B plan with exact file targets, release-shape decisions, and verification gates. Made-with: Cursor
Record the release-flow blocker in the Track B plan and add a custom post-finalization macOS updater artifact path so the served updater tarball and signature come from the finalized signed app instead of the earlier Tauri build output. Made-with: Cursor
Capture that DMG notarization is not sufficient evidence for the separate updater tarball path, and that the updater-served app likely needs to be notarized and stapled before packaging into .app.tar.gz. Made-with: Cursor
Remove shell xtrace around updater secrets, notarize and staple the finalized app before packaging the updater tarball, make updater asset names matrix-safe, and fail the workflow if the extracted updater payload does not pass stapler, spctl, and codesign validation. Made-with: Cursor
Link the Track B plan to a small proof-run doc that records the exact release assets, log markers, pass criteria, and command path for the first real macOS updater CI validation run. Made-with: Cursor
Record the first proof-run failure mode, stop tauri-action from uploading release assets, and keep release publishing in the explicit upload step so the macOS updater asset contract comes from one path only. Made-with: Cursor
callumflack
force-pushed
the
callum1/bui-249-auto-update-the-app-2
branch
from
9fb629d to
450084d
Compare
The release workflow was deleting root node_modules before the post-finalization updater signer ran, which caused the v0.7.38 macOS proof run to fail with tauri: command not found.\n\nKeep the repo-pinned Tauri CLI available through finalization, call the local CLI directly from the updater artifact script, and record the decision and proof-run status in the working docs.\n\nRefs: #82
The v0.7.39 proof run cleared the earlier Tauri CLI availability bug, but both macOS jobs still failed in finalization because GitHub Actions exported an empty TAURI_SIGNING_PRIVATE_KEY_PATH.\n\nStop exporting the empty path secret in the release workflow, strip empty signing env vars before invoking the Tauri signer, and record the new proof result in the working docs.\n\nRefs: #82
The v0.7.40 proof run showed the finalized macOS updater artifacts and signatures are now publishing correctly, but tauri-action still leaves behind a generic DataConnect.app.tar.gz for the pre-finalization app.\n\nRemove the raw archless tarball and signature before the custom updater artifact step so release uploads only contain the finalized, versioned payloads.\n\nRefs: #82
Publish latest.json from final release assets, wire the Tauri updater/process plugins, and switch useAppUpdate to a macOS staged-download/restart flow while preserving the non-mac release-page fallback. Cargo.lock was not regenerated in this shell because cargo is unavailable here.
Bump tauri.conf.json to 0.7.43 so the next release run can target the updater-runtime changes from the preceding commit. This commit does not create the remote GitHub release from this shell.
Update the Rust lockfile after adding tauri-plugin-updater and tauri-plugin-process so the branch is releaseable from a machine with Cargo available.
Add the canonical rebuild plan, colleague-facing handoff spec, and secret inventory for rebuilding the macOS updater runtime from main without relying on this branch's commit history.
Document where release and signing secrets are expected to live, how to verify them, and when a human must re-provision values that cannot be read back from GitHub.
Member
Author
|
Closed in favour of #91 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.