sudacode/SubMiner
1
0
Fork 0
mirror of https://github.com/ksyasuda/SubMiner.git synced 2026-03-20 03:16:46 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
5f320edab59c724524e750667ea1e73e384ff0ae
SubMiner/backlog/tasks/task-138 - Publish-unsigned-Windows-release-artifacts-and-add-local-unsigned-build-script.md

2.8 KiB
Raw Blame History

id, title, status, assignee, created_date, updated_date, labels, dependencies, references, priority
id title status assignee created_date updated_date labels dependencies references priority
TASK-138 Publish unsigned Windows release artifacts and add local unsigned build script Done
codex
2026-03-09 00:00 2026-03-09 00:00
release
windows
.github/workflows/release.yml
package.json
src/release-workflow.test.ts
high

Description

Stop the tag-driven release workflow from depending on SignPath and publish unsigned Windows .exe and .zip artifacts directly. Add an explicit local build:win:unsigned script without changing the existing build:win command.

Acceptance Criteria

  • #1 Windows release CI builds unsigned artifacts without requiring SignPath secrets.
  • #2 The Windows release job uploads release/*.exe and release/*.zip directly as the windows artifact.
  • #3 The repo exposes a local build:win:unsigned script for explicit unsigned Windows packaging.
  • #4 Regression coverage fails if the workflow reintroduces SignPath submission or drops the unsigned script.

Implementation Plan

  1. Update workflow regression tests to assert unsigned Windows release behavior and the new local script.
  2. Patch package.json to add build:win:unsigned.
  3. Patch .github/workflows/release.yml to build unsigned Windows artifacts and upload them directly.
  4. Add the release changelog fragment and run focused verification.

Implementation Notes

Removed the Windows SignPath secret validation and submission steps from .github/workflows/release.yml. The Windows release job now runs bun run build:win:unsigned and uploads release/*.exe and release/*.zip directly as the windows artifact consumed by the release job.

Added scripts/build-win-unsigned.mjs plus the build:win:unsigned package script. The wrapper clears Windows code-signing environment variables and disables identity auto-discovery before invoking electron-builder, so release CI stays unsigned even if signing credentials are configured elsewhere.

Updated src/release-workflow.test.ts to assert the unsigned workflow contract and added the release changelog fragment in changes/unsigned-windows-release-builds.md.

Final Summary

Windows release CI now publishes unsigned artifacts directly and no longer depends on SignPath. Local developers also have an explicit bun run build:win:unsigned path for unsigned packaging without changing the existing build:win command.

Verification:

  • bun test src/release-workflow.test.ts
  • bun run typecheck
  • node --check scripts/build-win-unsigned.mjs
Reference in New Issue View Git Blame Copy Permalink