Wire Forge-native release infrastructure
Some checks failed
Cache: Publish Nix / Publish Nix Cache (push) Waiting to run
Build Rust / Cargo Test (push) Successful in 4m14s
Build Site / Next.js Build (push) Failing after 6s
Infra: OpenTofu / OpenTofu (grafana) (push) Successful in 5s
Lint Governance / BEP Metadata (push) Successful in 0s
Build: Android / Android Rust Core Stub (push) Failing after 23s
Some checks failed
Cache: Publish Nix / Publish Nix Cache (push) Waiting to run
Build Rust / Cargo Test (push) Successful in 4m14s
Build Site / Next.js Build (push) Failing after 6s
Infra: OpenTofu / OpenTofu (grafana) (push) Successful in 5s
Lint Governance / BEP Metadata (push) Successful in 0s
Build: Android / Android Rust Core Stub (push) Failing after 23s
This commit is contained in:
parent
97c569fb35
commit
002bd382e9
199 changed files with 14268 additions and 185 deletions
22
store-metadata/android/README.md
Normal file
22
store-metadata/android/README.md
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
# Android Store Metadata
|
||||
|
||||
This directory is the repo-owned home for Android distribution metadata.
|
||||
|
||||
Current state:
|
||||
|
||||
- Kotlin app shell exists under `Android/app`.
|
||||
- Rust core FFI exists under `crates/burrow-mobile-ffi`.
|
||||
- full VPN support is not enabled yet.
|
||||
|
||||
Before Play Store upload:
|
||||
|
||||
- implement Android `VpnService`
|
||||
- complete the Play VPN service declaration
|
||||
- complete data-safety review
|
||||
- wire signing through the release signing lane
|
||||
|
||||
Before F-Droid upload:
|
||||
|
||||
- add reproducible metadata
|
||||
- keep a source-built flavor without proprietary Play dependencies
|
||||
- document Rust core build inputs and target ABIs
|
||||
18
store-metadata/app-store-connect/README.md
Normal file
18
store-metadata/app-store-connect/README.md
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
# App Store Connect Metadata
|
||||
|
||||
This directory is the repo-owned home for Burrow App Store Connect metadata.
|
||||
|
||||
The release upload lane expects dedicated App Store Connect API credentials
|
||||
sealed with agenix:
|
||||
|
||||
- `secrets/apple/appstore-connect.env.age`
|
||||
|
||||
That single secret contains the key ID, issuer ID, and base64-encoded `.p8`.
|
||||
CI decrypts it into a temporary App Store Connect key file, syncs provisioning
|
||||
profiles from App Store Connect, and then uploads `.ipa`/`.pkg` artifacts.
|
||||
Forgejo secrets should only provide the runner age identity fallback, not the
|
||||
App Store key itself.
|
||||
|
||||
The initial release pipeline can upload `.ipa` and `.pkg` artifacts once the
|
||||
Apple build lane produces signed outputs. TestFlight external distribution must
|
||||
remain explicit until review metadata, groups, and tester policy are complete.
|
||||
|
|
@ -0,0 +1 @@
|
|||
Burrow is a VPN client for infrastructure operated by the Burrow project.
|
||||
|
|
@ -0,0 +1 @@
|
|||
contact@burrow.net
|
||||
|
|
@ -0,0 +1 @@
|
|||
contact@burrow.net
|
||||
|
|
@ -0,0 +1 @@
|
|||
Burrow
|
||||
|
|
@ -0,0 +1 @@
|
|||
Operator
|
||||
|
|
@ -0,0 +1 @@
|
|||
true
|
||||
|
|
@ -0,0 +1 @@
|
|||
Use the dedicated Burrow test account supplied out of band for review. The app talks to the local Burrow daemon over its gRPC boundary.
|
||||
8
store-metadata/flatpak/README.md
Normal file
8
store-metadata/flatpak/README.md
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
# Flatpak Metadata
|
||||
|
||||
Flatpak is a desktop GUI distribution lane for Burrow.
|
||||
|
||||
The Flatpak package should not be considered a complete VPN backend unless a
|
||||
host daemon or privileged helper is installed and verified. The GUI can manage
|
||||
configuration and status through a constrained local API, while TUN, routes,
|
||||
DNS, and firewall state remain outside the sandbox.
|
||||
30
store-metadata/sparkle/README.md
Normal file
30
store-metadata/sparkle/README.md
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
# Sparkle Release Channel
|
||||
|
||||
Burrow stages Sparkle files under `dist/builds/<build>/sparkle/<channel>/` and
|
||||
publishes them through `.forgejo/workflows/publish-store-uploads.yml`.
|
||||
|
||||
The current implementation prepares the channel and public pointer layout:
|
||||
|
||||
- `sparkle/<channel>/appcast.xml`
|
||||
- `sparkle/appcast.xml`
|
||||
- `sparkle/default/`
|
||||
- `sparkle/main-channel.txt`
|
||||
|
||||
Sparkle enclosure signatures can be produced with the non-exportable
|
||||
`sparkle-ed25519` Google KMS key:
|
||||
|
||||
```sh
|
||||
Scripts/sparkle/sign-appcast-kms.py \
|
||||
--appcast dist/builds/<build>/sparkle/<channel>/appcast.xml \
|
||||
--artifact-dir dist/builds/<build>/sparkle/<channel>
|
||||
```
|
||||
|
||||
The public EdDSA key embedded in macOS release builds is:
|
||||
|
||||
```text
|
||||
Myv9ZNZT6YGKMtMezh52ra4WqaeEKc4VlvVU0evhJeI=
|
||||
```
|
||||
|
||||
The build lane only signs appcasts when `BURROW_SPARKLE_SIGN_WITH_KMS=true`.
|
||||
The live Google KMS key uses `EC_SIGN_ED25519` with software protection because
|
||||
Google KMS rejects Ed25519 for HSM protection level.
|
||||
Loading…
Add table
Add a link
Reference in a new issue