Codencer releases are managed from main by Release Please plus the reusable
Release Assets workflow. Normal public releases do not require local artifact
upload or manual version input.
- Land work through pull requests with Conventional Commit titles.
- Merge PRs to
main. - Release Please opens or updates a Release PR.
- Review the changelog and version in the Release PR.
- Merge the Release PR when the release is ready.
- Release Please creates the GitHub Release.
- The Release Please workflow calls
.github/workflows/release-assets.ymlto build release artifacts, generatechecksums.txtandmanifest.json, and upload them. - Verify the GitHub Release page has the Linux artifact, both macOS architecture artifacts, checksums, and manifest.
The asset build/upload is a reusable workflow called by Release Please because
GitHub resources created with GITHUB_TOKEN do not reliably trigger separate
release.created workflows.
If RELEASE_PLEASE_TOKEN is configured, the workflow uses it for Release
Please so Release PR checks can trigger normally. Otherwise it uses
GITHUB_TOKEN.
Release Please reads Conventional Commit messages on main:
fix:creates a patch release.feat:creates a minor release.feat!:orBREAKING CHANGE:creates a major release.
The Release PR is the human gate. Merging the Release PR creates the tag and GitHub Release.
version.txt is owned by Release Please and is used only as release automation
state for the simple strategy. It is not runtime product configuration and
should not be edited manually outside release automation bootstrap or cleanup
work.
The first automated public release bootstrap is complete. v0.3.0 has already
been released, and release-please-config.json must not keep
release-as: 0.3.0. Future versions are computed from Conventional Commits.
The patch that introduced the release asset workflow is expected to produce a
v0.3.1 Release PR because it is a fix: change.
version.txt and .release-please-manifest.json are then advanced by Release
Please PRs only.
The v0.3.0 GitHub Release was created before the reusable Release Assets
workflow existed and may have only GitHub source archive links. Source archives
are not installable Codencer product artifacts.
After the release asset workflow PR is merged to main, backfill v0.3.0 from
GitHub:
- Open
Actions -> Release Assets -> Run workflow. - Set
tag_nametov0.3.0. - Set
reftov0.3.0. - Set
replace_existingtofalse. - Run the workflow.
- Verify the
v0.3.0release now has:codencer_v0.3.0_linux_amd64.tar.gzcodencer_v0.3.0_darwin_arm64.tar.gzcodencer_v0.3.0_darwin_amd64.tar.gzchecksums.txtmanifest.json
Do not upload local artifacts manually for this backfill unless a separate emergency release procedure explicitly approves it.
The Release Assets workflow builds and uploads:
codencer_${TAG_NAME}_linux_amd64.tar.gzcodencer_${TAG_NAME}_darwin_arm64.tar.gzcodencer_${TAG_NAME}_darwin_amd64.tar.gzchecksums.txtmanifest.json
The macOS job builds both Darwin architectures that the public installer can select. Do not remove one Darwin artifact without also changing installer platform detection and this documentation.
Installable public Codencer releases are the attached codencer_*.tar.gz
binary archives. The GitHub-generated source ZIP/TAR links are source snapshots
only; they are not installable Codencer binary release artifacts. Operators
download the archive for their platform, verify it against checksums.txt,
extract it, and use the binaries from the archive bin/ directory.
manifest.json records:
- version and tag name;
- release SHA;
- deterministic
built_attimestamp derived from the release commit timestamp; - asset filename, SHA256, OS, architecture, and runner;
- a note that artifacts were built by GitHub Actions.
The upload step does not use --clobber. With replace_existing=false, an
existing identical asset is skipped and an existing differing asset fails the
workflow. manifest.json is deterministic for the same tag, release SHA, and
binary archive inputs so a retry after a partial publish can follow the same
skip-identical path. With replace_existing=true, only the exact known
Codencer target asset names are deleted and replaced; GitHub source archives are
never deleted.
Release Please creates non-draft releases today. If asset upload or verification fails, the Release Assets job fails loudly so the release cannot be mistaken for a complete binary release.
The canonical public install command is GitHub-only:
curl -fsSL https://raw.githubusercontent.com/lookmanrays/codencer/main/scripts/install.sh | shPinned release install:
curl -fsSL https://raw.githubusercontent.com/lookmanrays/codencer/main/scripts/install.sh | sh -s -- --version v0.3.1When install.sh is piped through sh, it runs in release-bootstrap mode. It
detects the platform, resolves the latest release unless --version is set,
downloads codencer_<version>_<platform>.tar.gz, checksums.txt, and
manifest.json, verifies the archive checksum and manifest entry, extracts the
archive in a temp directory, installs the release binaries, and initializes
CODENCER_HOME.
Piped install must never use caller-cwd ./bin. Package-local installs remain
available only when --bin-dir is explicit or the script path proves it is
inside an unpacked release package with a local bin/ directory. The installer
does not require gh, does not run sudo, does not edit shell profiles, does
not kill processes, and does not execute downloaded scripts.
make release-snapshot remains the implementation behind automated packaging.
Running it locally is allowed for emergency/debug verification only. Local
archives are not the normal public release upload path.
Useful local checks:
make release-snapshot VERSION=v0.3.0-local-debug TARGETS=host REQUIRE_TARGETS=host
make verify-release-artifact-selfhost VERSION=v0.3.0-local-debug TARGETS=host REQUIRE_TARGETS=host
make verify-public-releaseDo not upload local artifacts to a public release unless a documented emergency release procedure explicitly approves it.