33Use this checklist before producing store or production distribution builds for
44OnTime.
55
6+ Draft status for #462 : this checklist is repo-ready source material, but #462
7+ must stay open until the release build, Play Console, device QA, and pre-launch
8+ prerequisites in #450 -#459 settle.
9+
10+ ## Release Gate
11+
12+ - Confirm #450 and #451 are complete before attempting signed Android release
13+ builds.
14+ - Confirm #452 produced or identified the signed Android App Bundle that will be
15+ tested or submitted.
16+ - Confirm #453 has locked the first production versioning rule.
17+ - Confirm #454 recorded Play App Signing, upload key, SHA-1, and SHA-256
18+ fingerprints in the appropriate secure or console locations.
19+ - Confirm #455 has checked Play Console developer verification and package
20+ registration status.
21+ - Confirm #456 , #457 , #458 , and #459 have recorded release smoke test, alarm and
22+ notification QA, account deletion QA, and pre-launch report results.
23+ - Assign a release owner and backup owner before any Play Console submission.
24+
25+ ## Required Verification Commands
26+
27+ Run these commands from the repository root before building or submitting a
28+ release candidate:
29+
30+ ``` sh
31+ flutter pub get
32+ dart run build_runner build --delete-conflicting-outputs
33+ flutter analyze
34+ flutter test
35+ flutter build appbundle --release
36+ ```
37+
38+ - After code generation, run ` git diff --exit-code ` or review the diff to
39+ confirm generated files are intentionally updated.
40+ - For local Android release builds, provide the signing, Firebase, ` ENV ` , and
41+ ` REST_API_URL ` inputs documented in ` docs/Android-Release-Configuration.md `
42+ and ` docs/Android-Release-Signing.md ` .
43+ - For CI Play uploads, use the ` Android Play Internal Deploy ` workflow from
44+ ` main ` ; it runs package install, code generation, generated-file drift
45+ checking, analysis, tests, AAB build, artifact upload, and internal testing
46+ draft upload.
47+ - Record any command failure with the failing command, environment, and owner
48+ before release approval.
49+
650## Versioning
751
852- Create store candidates from ` release/x.y.z ` branches and production releases
@@ -16,22 +60,35 @@ OnTime.
1660 with checked-in Flutter build suffix ` +1 ` .
1761- Keep the public version name manual in ` pubspec.yaml ` .
1862- For Android Play deploys, CI derives ` versionName ` from ` pubspec.yaml ` and
19- uses ` github.run_number ` as the generated Android ` versionCode ` . The
20- generated value must be greater than every previous Play Console upload for
21- ` club.devkor.ontime ` .
22- - For future public releases, bump the semantic ` major.minor.patch ` value in
23- ` pubspec.yaml ` according to release impact. Do not open PRs only to bump the
24- checked-in build suffix for Android CI deploys; change the suffix only when a
25- manual or non-CI store package needs a distinct local build number.
63+ uses ` github.run_number ` as the generated ` versionCode ` ; do not open PRs only
64+ to bump the checked-in build suffix.
65+ - When uploading manually, choose an Android ` versionCode ` greater than every
66+ previously uploaded Play build for ` club.devkor.ontime ` .
67+
68+ ## Generated Files And Dependencies
69+
70+ - Run code generation after changes to Drift tables and DAOs, JSON models,
71+ Freezed classes, Injectable registrations, Widgetbook annotations, or any
72+ file that owns generated ` *.g.dart ` , ` *.freezed.dart ` , or ` *.config.dart `
73+ output.
74+ - Keep generated Dart outputs in the same PR as the source change that requires
75+ them.
76+ - Do not commit local release secrets, generated Firebase config files,
77+ keystores, ` android/key.properties ` , Play service-account JSON, coverage
78+ output, or build artifacts.
79+ - Review ` pubspec.lock ` , native lockfiles, and generated platform files when
80+ dependencies or plugins change.
2681
27- ## Branch and Environment
82+ ## Branch And Environment
2883
2984- Confirm the candidate branch is named ` release/x.y.z ` for planned releases or
3085 ` hotfix/x.y.z ` for urgent production repairs.
3186- Confirm final production deployments are triggered from a ` vX.Y.Z ` tag, not
3287 directly from ` main ` or a release branch.
3388- Use ` ENV=staging ` for release-candidate QA builds.
3489- Use ` ENV=prod ` for tagged production builds.
90+ - Confirm ` REST_API_URL ` points at the approved release or production API
91+ environment.
3592- Require manual approval before promoting tagged builds to Play Store or App
3693 Store production.
3794
@@ -52,10 +109,18 @@ OnTime.
52109 - Legacy environment variables ` ONTIME_ANDROID_KEYSTORE_PATH ` ,
53110 ` ONTIME_ANDROID_KEYSTORE_PASSWORD ` , ` ONTIME_ANDROID_KEY_ALIAS ` , and
54111 ` ONTIME_ANDROID_KEY_PASSWORD ` .
55- - Follow ` docs/Android-Signing-Setup.md ` when creating or configuring the
56- upload key.
112+ - Follow ` docs/Android-Signing-Setup.md ` when creating or configuring the upload
113+ key.
57114- Keep keystores, passwords, and ` key.properties ` out of git.
58115- Verify the release build fails clearly when signing secrets are missing.
116+ - Confirm the release Firebase config is available through
117+ ` ANDROID_GOOGLE_SERVICES_JSON_B64 ` in CI or
118+ ` android/app/src/release/google-services.json ` for local release builds.
119+ - After Play App Signing is enabled, verify Firebase and auth provider
120+ fingerprint configuration against the final Play App Signing and upload-key
121+ SHA-1/SHA-256 values.
122+ - Record the generated ` .aab ` path, build name, build number, workflow run, and
123+ commit SHA.
59124
60125## iOS
61126
@@ -75,23 +140,55 @@ OnTime.
75140 apple mobile web app title, and touch icon.
76141- Rebuild the web app before deployment.
77142
78- ## Store Metadata
143+ ## Store Metadata And Screenshots
79144
80145- Confirm the app name, short description, full description, screenshots,
81- support contact, privacy policy, and category are ready for the target stores.
146+ support contact, privacy policy, category, and release notes are ready for the
147+ target stores.
82148- Use ` docs/Google-Play-Listing-Copy.md ` as the draft source for Google Play
83149 short and full descriptions until product/design approve final copy.
84- - Use ` docs/Google-Play-Release-Screenshots.md ` to capture and review release
85- screenshots from real app screens before uploading them to Play Console.
86- - Track any brand, icon, screenshot, or store copy gaps before submission.
150+ - Verify screenshots against the release candidate build, not older debug or
151+ mock screens.
152+ - Re-check screenshot, feature graphic, app title, and listing copy after any
153+ visible UI, brand, onboarding, permission, account, alarm, notification, or
154+ privacy flow change.
155+ - Keep screenshots free of personal data, test credentials, debug banners, and
156+ staging-only content.
157+ - Track any brand, icon, screenshot, or store copy gap before submission.
158+
159+ ## Privacy Policy And Data Safety Triggers
160+
161+ Review and update privacy policy, Play Data safety, account deletion, and store
162+ disclosures before submission when any release change adds, removes, or changes:
163+
164+ - Personal data collection, including account identifiers, profile fields,
165+ schedule content, preparation steps, locations, feedback text, deletion
166+ requests, device identifiers, push tokens, analytics, diagnostics, or logs.
167+ - Data sharing with a new backend, Firebase project, auth provider, analytics
168+ provider, crash reporting provider, notification service, support tool, or
169+ other third party.
170+ - Authentication, account deletion, sign-out, data export, retention, or backend
171+ deletion behavior.
172+ - Notification, exact alarm, full-screen intent, boot restore, background
173+ execution, location, photos, contacts, camera, microphone, health, finance, or
174+ other permission-sensitive behavior.
175+ - Store listing claims about privacy, security, notifications, alarms, account
176+ control, or data deletion.
177+ - User-created content that becomes visible to other users.
178+ - Age range, target audience, ads, content rating, restricted category, or
179+ regulated-content answers.
87180
88- ## Content Category and UGC
181+ If any trigger applies, block release approval until the release owner records
182+ which privacy policy section, Play Data safety answer, Play declaration, or
183+ store listing field was reviewed or changed.
184+
185+ ## Content Category And UGC
89186
90187- Current release audit result (2026-05-09): no UGC is exposed to other users.
91- Users can create schedules, schedule notes, preparation steps,
92- account profile values, and deletion or feedback text, but the checked app
93- routes and API clients do not provide public profiles, shared schedules,
94- comments, chat, feeds, uploads, groups, or other user-to-user content surfaces.
188+ Users can create schedules, schedule notes, preparation steps, account profile
189+ values, and deletion or feedback text, but the checked app routes and API
190+ clients do not provide public profiles, shared schedules, comments, chat ,
191+ feeds, uploads, groups, or other user-to-user content surfaces.
95192- Current restricted-category audit result (2026-05-09): OnTime is a schedule
96193 preparation, alarm, reminder, and arrival-time planning app. The checked source
97194 does not implement gambling, betting, regulated finance, trading, lending,
@@ -100,8 +197,87 @@ OnTime.
100197 schedule, preparation, authentication, notification, and alarm data sources,
101198 and user-facing flows for any newly added shared or public content surfaces.
102199- If user-created content becomes visible to other users, open release-blocking
103- issues for reporting, blocking, moderation or abuse handling, Play Data safety,
104- and content rating updates before release.
105- - Keep store category and listing copy aligned with productivity, planner, alarm,
106- and reminder functionality unless a future feature and policy review supports a
107- different category.
200+ issues for reporting, blocking, moderation or abuse handling, Play Data
201+ safety, and content rating updates before release.
202+ - Keep store category and listing copy aligned with productivity, planner,
203+ alarm, and reminder functionality unless a future feature and policy review
204+ supports a different category.
205+
206+ ## Play Console Declarations
207+
208+ - Confirm Play App Signing and certificate fingerprints before final Firebase
209+ or auth provider release verification.
210+ - Confirm developer verification and package registration status in Play Console
211+ before the first production submission.
212+ - Confirm Data safety, privacy policy URL, account deletion URL, content rating,
213+ target audience, app category, app access, ads, permissions, full-screen
214+ intent, and background activity declarations match the submitted build.
215+ - Keep Play Console declaration evidence in the release tracking thread or
216+ secure shared folder, not in source control when it contains account,
217+ reviewer, or console-private data.
218+ - If Play review rejects the app, use
219+ ` docs/Play-Review-Rejection-Playbook.md ` before resubmitting or appealing.
220+
221+ ## Device QA And Pre-launch
222+
223+ - Install the release build through internal testing or a release-equivalent
224+ path.
225+ - Test first launch, login, logout, schedule create/edit/delete, My Page, and
226+ privacy policy link.
227+ - Test notification permission granted and denied states.
228+ - Test exact alarm permission granted and denied states.
229+ - Test alarm firing, full-screen alarm UI, fallback notification behavior, and
230+ cancellation.
231+ - Test boot restore behavior after device restart where practical.
232+ - Test account deletion end to end with a release test account.
233+ - Record device model, Android version, app version, build number, API
234+ environment, result, and owner.
235+ - Run or review the Play Console pre-launch report before wider rollout.
236+ - Fix release-blocking crashes, ANRs, policy warnings, severe accessibility
237+ warnings, install failures, sign-in blockers, deletion failures, missed alarms,
238+ Firebase initialization failures, and backend token registration failures.
239+
240+ ## Rollout Monitoring
241+
242+ - Follow ` docs/Release-Rollout-Monitoring.md ` for release owner assignment,
243+ staged rollout gates, monitoring locations, pause criteria, and first 24-hour
244+ and first 7-day checks.
245+ - Record version name, generated build number, track, rollout percentage,
246+ release owner, backup owner, dashboards checked, decision, and next check time
247+ at every rollout decision.
248+ - Do not widen rollout while Play review, policy email, Android Vitals,
249+ Firebase, backend monitoring, ratings, reviews, tester feedback, or support
250+ reports show an unresolved release-caused blocker.
251+
252+ ## Release Evidence Template
253+
254+ ``` md
255+ Release:
256+ Version name:
257+ Build number:
258+ Commit SHA:
259+ Workflow run:
260+ Artifact path:
261+ Track:
262+ Release owner:
263+ Backup owner:
264+
265+ Commands:
266+ - flutter pub get:
267+ - dart run build_runner build --delete-conflicting-outputs:
268+ - flutter analyze:
269+ - flutter test:
270+ - flutter build appbundle --release:
271+
272+ Generated files reviewed:
273+ Signing and Firebase config verified:
274+ Play App Signing fingerprints verified:
275+ Privacy policy/Data safety reviewed:
276+ Store metadata/screenshots reviewed:
277+ Device QA completed:
278+ Pre-launch report reviewed:
279+ Rollout monitoring note created:
280+
281+ Open risks:
282+ Decision:
283+ ```
0 commit comments