End-to-end flow for cutting a new GitHub release. Run from the project root.
.envat project root withAPPLE_ID,APPLE_TEAM_ID, andAPPLE_APP_SPECIFIC_PASSWORD(notarization will fail without these).ghauthenticated (gh auth status).- Working tree clean and on
master.
-
Bump the version in
package.jsonfollowing semver (feat:→ minor,fix:→ patch). Commit:git add package.json git commit -m "Release: v<X.Y.Z>" git push origin master -
Build, sign, notarize.
build:releasedoes not publish — it stops after producing artifacts indist/. Load Apple creds before running.set -a && source .env && set +a pnpm run build:release
Watch the log for
notarization successful(one line per arch). Artifacts:dist/chroma-explorer-<X.Y.Z>-arm64.dmg,dist/chroma-explorer-<X.Y.Z>-arm64.zip,dist/latest-mac.yml. -
Tag and publish to GitHub. Draft notes from the commits since the prior tag (
git log v<prev>..HEAD --oneline).git tag -a v<X.Y.Z> -m "v<X.Y.Z>" && git push origin v<X.Y.Z> gh release create v<X.Y.Z> --title v<X.Y.Z> --notes "..." \ dist/chroma-explorer-<X.Y.Z>-arm64.dmg \ dist/chroma-explorer-<X.Y.Z>-arm64.zip \ dist/latest-mac.yml
latest-mac.ymlis required — it's the manifest the in-app autoupdater polls. -
Sanity check the release page and try the autoupdater from the prior version if possible.
- Only arm64 is built. Electron-builder reads its config from the
buildfield inpackage.json(which lists["dmg", "zip"]with no arch spec, so it defaults to host arch) and ignoreselectron-builder.yml. Historical releases have all been arm64-only for the same reason. If x64 is needed, consolidate the config and setmac.target[].arch: [x64, arm64]. build:releasedoes not publish. It runselectron-builderwith no--publishflag, so thepublish: githubconfig inelectron-builder.ymlis also ignored. Usegh release create(above) to ship.- Notarization needs network. Each arch makes a round trip to Apple; budget ~3–5 min per arch.