[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Releases

From: David Chisnall
Subject: Re: Releases
Date: Wed, 11 Jan 2023 10:46:32 +0000
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1

On 11/01/2023 10:40, Ivan Vučica wrote:
There’s the GPG signing part that makes Github Actions less useful. That is: whether you want to use Github actions depends on where you want to store this rather secret key. (We should rotate the GPG key anyway, by the way; the one we use for gnustep make/base/gui/back is still a 1024 bit key, with no delegation to subkeys and no expiration dates set.)

This should be stored in a GitHub Secret and not stored on anyone's machine. It is then exposed only to the release pipeline and compromising your dev VM does not leak it.

Besides, making the tarballs themselves is the easiest part.

It's not easy, it's free. Every GitHub commit is automatically exposed as a tarball via a special URL, you don't need to do anything with it.

For the make/base/gui/back stuff, the hardest for me was going through the history, trying to make sense of everyone’s rather cryptic commit messages and rather lacking ChangeLog updates, identifying and summarizing the changes into something that might be useful to a reader, putting the changes into 2 different places, then generating the new release notes file.

For the runtime, I have an `ANNOUNCE` file containing markdown that is updated with things that will go in the release announcement as they're added. I then just copy it to the release text.

What about win32? I never built win32 releases with NSIS, either. There have been improvements on building .msi packages on free platforms (GNOME’s msitools have gotten some GUI support!), but last time I checked, it was still not sufficiently similar to WiX Tools on Windows.

For the runtime, I use CMake's CPack support, which produces a zip file that can just be extracted on Windows and used. It can also produce NuGet packages if you want to manage dependencies like that. GNUstep Make makes all of this much harder (running GNUstep Make on Windows at all is sufficiently painful that I've never managed it successfully).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]