Summary
src-tauri/tauri.conf.json:77-94 ships with null macOS signingIdentity and null Windows certificateThumbprint (with empty timestampUrl). Release workflow doesn't fail-fast on missing artifact uploads.
Status (after ae7b1f0)
Done:
- Removed
continue-on-error: true from every artifact upload step in .github/workflows/release.yml. A missing .deb, .AppImage, .msi, or .dmg now fails the job — no more silent half-releases.
- Fixed the workflow's Ubuntu dep list: it referenced
libwebkit2gtk-4.0-dev which is gone from ubuntu-24.04 runners. Now matches ci.yml's 4.1 stack (libwebkit2gtk-4.1-dev, libjavascriptcoregtk-4.1-dev, libsoup-3.0-dev, libayatana-appindicator3-dev, librsvg2-dev, patchelf).
- Documented required signing secrets in
release.yml env block.
Still TODO (needs repo-admin action, not code):
macOS — add these repo secrets, then set signingIdentity in tauri.conf.json:
APPLE_CERTIFICATE (base64 of .p12)APPLE_CERTIFICATE_PASSWORDAPPLE_SIGNING_IDENTITY (e.g. Developer ID Application: Your Name (TEAMID))APPLE_ID, APPLE_TEAM_ID, APPLE_APP_SPECIFIC_PASSWORD for notarization
Windows — add these repo secrets, then set certificateThumbprint + a real timestampUrl (e.g. http://timestamp.digicert.com) in tauri.conf.json:
WINDOWS_CERTIFICATE (base64 of .pfx)WINDOWS_CERTIFICATE_PASSWORD
Reopen / re-scope this issue once secrets are provisioned.
Summary
src-tauri/tauri.conf.json:77-94ships with null macOSsigningIdentityand null WindowscertificateThumbprint(with emptytimestampUrl). Release workflow doesn't fail-fast on missing artifact uploads.Status (after ae7b1f0)
Done:
continue-on-error: truefrom every artifact upload step in.github/workflows/release.yml. A missing.deb,.AppImage,.msi, or.dmgnow fails the job — no more silent half-releases.libwebkit2gtk-4.0-devwhich is gone fromubuntu-24.04runners. Now matchesci.yml's 4.1 stack (libwebkit2gtk-4.1-dev,libjavascriptcoregtk-4.1-dev,libsoup-3.0-dev,libayatana-appindicator3-dev,librsvg2-dev,patchelf).release.ymlenv block.Still TODO (needs repo-admin action, not code):
macOS — add these repo secrets, then set
signingIdentityintauri.conf.json:APPLE_CERTIFICATE(base64 of .p12)APPLE_CERTIFICATE_PASSWORDAPPLE_SIGNING_IDENTITY(e.g.Developer ID Application: Your Name (TEAMID))APPLE_ID,APPLE_TEAM_ID,APPLE_APP_SPECIFIC_PASSWORDfor notarizationWindows — add these repo secrets, then set
certificateThumbprint+ a realtimestampUrl(e.g.http://timestamp.digicert.com) intauri.conf.json:WINDOWS_CERTIFICATE(base64 of .pfx)WINDOWS_CERTIFICATE_PASSWORDReopen / re-scope this issue once secrets are provisioned.