You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: AGENTS.md
+65-5Lines changed: 65 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -78,9 +78,69 @@ For desktop input or packaging changes, also run the relevant manual smoke path:
78
78
79
79
## Release flow
80
80
81
-
Release automation is not implemented yet. Until a release issue defines the final flow:
81
+
Only the maintainer should publish releases.
82
82
83
-
- Use semantic versions for early packages.
84
-
- Do not tag releases without a dedicated release issue.
85
-
- Do not publish installers without a Windows smoke test.
86
-
- Do not add code signing, auto-update, WinGet, or cross-platform packaging unless an issue explicitly scopes it.
83
+
Release builds are published from tags named `vX.Y.Z`, where `X.Y.Z` must match `package.json`.
84
+
85
+
The release workflow is `.github/workflows/release.yml`. It runs on the self-hosted Windows signing runner with the `switchify-signing` label. The runner is expected to have:
86
+
87
+
- Windows.
88
+
- Node and npm.
89
+
- GitHub CLI authentication available to the workflow.
90
+
- Windows SDK signing tools available, including `signtool`.
91
+
- The Certum SimplySign certificate available in `Cert:\CurrentUser\My`.
92
+
- An active SimplySign session before the release job runs.
93
+
94
+
Production release signing uses Certum SimplySign through `signtool`. Do not document or commit the real certificate thumbprint. Use placeholders in docs and examples.
95
+
96
+
Required signing environment for production packaging:
0 commit comments