Ship dual-arch releases with OTA verification#495
Conversation
- add one-shot release shipping command - build and validate macOS arm64 and x64 artifacts - merge and verify published macOS updater manifests
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
github-actions
Bot
added
size:XL
vouch:trusted
- Attach the original parse error as the cause - Use `toSorted` when selecting the latest workflow run - Keep release ship tests aligned with shared asset fixtures
There was a problem hiding this comment.
Pull request overview
Adds an end-to-end release shipping command and tightens the desktop release contract so macOS OTA updates work across both arm64 and x64, with CI enforcing completeness and Windows stable signing requirements.
Changes:
- Require dual-arch macOS (arm64 + x64) DMG/ZIP/blockmap artifacts and merge macOS updater manifests before publishing.
- Add
release:shiporchestration script to run local preflight + prepare-release, wait for therelease.ymlworkflow, then verify the published GitHub Release (including mergedlatest-mac.ymlOTA coverage). - Update release docs/playbooks and CI gating (stable Windows builds must have Azure Trusted Signing secrets configured).
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/validate-release-assets.ts | Tightens required release asset rules to enforce macOS dual-arch OTA artifacts. |
| scripts/validate-release-assets.test.ts | Expands validation tests to cover missing macOS x64 OTA assets. |
| scripts/release-smoke.ts | Updates smoke fixtures/assertions for dual-arch macOS and merged manifest behavior. |
| scripts/release-ship.ts | New release shipping orchestrator + published-release verification (assets + merged latest-mac.yml). |
| scripts/release-ship.test.ts | Adds coverage for workflow-run selection, publish verification, and orchestration call order. |
| scripts/prepare-release.ts | Updates rollout checklist wording to reflect dual-arch macOS as part of the main train. |
| package.json | Adds release:ship script entrypoint. |
| docs/superpowers/plans/2026-04-25-release-ship-and-ota.md | Documents the implementation plan for release shipping + OTA validation. |
| docs/release.md | Updates release process docs to require both macOS architectures and describe release:ship. |
| .github/workflows/release.yml | Adds macOS x64 to the matrix, merges macOS manifests, and enforces Windows stable signing secrets. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| case "--repo": | ||
| repo = argv[index + 1] ?? repo; | ||
| index += 1; | ||
| break; | ||
| case "--timeout-ms": | ||
| timeoutMs = Number(argv[index + 1] ?? timeoutMs); | ||
| index += 1; | ||
| break; | ||
| case "--poll-interval-ms": | ||
| pollIntervalMs = Number(argv[index + 1] ?? pollIntervalMs); | ||
| index += 1; | ||
| break; |
There was a problem hiding this comment.
parseArgs coerces --timeout-ms / --poll-interval-ms with Number(...) but never validates the result or ensures a value is actually provided. Passing a non-numeric value (or omitting the next token) can yield NaN, causing the workflow wait loop to behave incorrectly and producing confusing errors like Timed out after NaNms. Please validate that flag values are present, finite numbers, and > 0 (or fall back to defaults) and throw a clear error otherwise.
|
@copilot apply changes based on the comments in this thread |
…gs in release-ship Agent-Logs-Url: https://github.com/OpenKnots/okcode/sessions/283afe47-b626-4d9f-9e8e-ae1e3c8ff9bd Co-authored-by: BunsDev <68980965+BunsDev@users.noreply.github.com>
Applied both review findings in commit
|
Summary
codex login statusis unauthenticated.Testing
bun fmtbun lintbun typecheck