Release Runbook
Also available: Markdown Β· Plain text
Release Runbook β Gnomad Desktop Assistant
Audience: Maintainers cutting alpha/beta releases
Last updated: June 2026
Overview
Releases are tag-driven. Pushing a v* tag (or using workflow dispatch) runs .github/workflows/release.yml, builds installers for all platforms, and attaches them to a GitHub Release.
| Platform | Artifacts |
|---|---|
| macOS | Universal .dmg |
| Linux x86_64 | .deb, .rpm, .AppImage |
| Linux ARM64 | .deb, .AppImage |
| Windows | .msi, NSIS .exe |
In-app updates require signed artifacts β see UPDATER.md.
Pre-release checklist
- Version bump β align
package.json,src-tauri/tauri.conf.json, andsrc/lib/brand.ts(if applicable). - CHANGELOG β move
[Unreleased]items under the new version heading. - Docs β
npm run docs:exportafter any doc edits; verify GitHub Pages links. - Local QA β
npm run test,cd src-tauri && cargo test,npm run build. - Manual smoke (see QA_CHECKLIST.md):
- Cloud + local chat
- Agent shell + fs tools
- Sudo Gate / Path Gate tokens
- Settings β Updates (check only; full install needs signed release)
- Updater keys β run
npm run verify:updater(must pass before tagging); set CI secretsTAURI_SIGNING_PRIVATE_KEYandTAURI_SIGNING_PRIVATE_KEY_PASSWORDβ see UPDATER.md.
Cut a release
1. Merge to main
All release work should be on main (or the branch your workflows watch).
2. Create and push a tag
git tag -a v0.2.0-beta.1 -m "Gnomad v0.2.0-beta.1"
git push origin v0.2.0-beta.1
Or use Actions β Release β Run workflow with a tag name (creates/updates the release for that tag).
3. Monitor CI
Open the Release workflow run. Expect four matrix jobs:
macos-latestβ universal DMGubuntu-22.04β Linux x86_64 deb/rpm/AppImageubuntu-24.04-armβ Linux ARM64 deb/AppImagewindows-latestβ MSI + NSIS
Each job uploads assets via tauri-action with includeUpdaterJson: true.
4. Verify GitHub Release
- Assets named
gnomad-[name]-[version]-[platform][ext] latest.jsonpresent (updater manifest)- Release notes readable; mark pre-release for alpha/beta
5. Post-release verification
| Check | How |
|---|---|
| macOS install | Open DMG, drag to Applications, launch |
| Linux x86_64 | sudo dpkg -i gnomad_*.deb or run AppImage |
| Linux ARM64 | Same on ARM board / VM |
| Windows | Run MSI or setup.exe |
| Updater | Install previous build β Settings β Updates β Install (requires valid signing keys) |
Document results in QA_CHECKLIST.md or a release issue.
Hotfix workflow
- Branch from the release tag or
main. - Fix + tests + CHANGELOG entry.
- Merge to
main. - Tag patch version (
v0.2.0-beta.2).
Do not force-push tags that users may already have installed.
Rollback
GitHub Releases cannot be βun-publishedβ cleanly for users who already downloaded. For a bad build:
- Mark the release as pre-release or add a prominent warning in release notes.
- Publish a new patch tag with the fix.
- If updater keys were compromised, rotate minisign keys and update
pubkeyintauri.conf.json(users on old builds will not auto-update until they install manually once).
CI secrets reference
| Secret | Required for | Notes |
|---|---|---|
GITHUB_TOKEN |
All releases | Provided by Actions |
TAURI_SIGNING_PRIVATE_KEY |
Signed updates | Minisign private key contents |
TAURI_SIGNING_PRIVATE_KEY_PASSWORD |
Signed updates | Empty string if no password |
Related docs
- UPDATER.md β key generation and channels
- BUILD_PLATFORMS.md β local build commands
- LINUX_PACKAGES.md β install and ARM64 notes
- QA_CHECKLIST.md β sign-off matrix
Built with β€οΈ by Gnomad Studio π¦