# Release instructions This section documents the release process. Unless you're a dangerzone developer making a release, you'll probably never need to follow it. ## Changelog, version, and signed git tag Before making a release, all of these should be complete: - [ ] Update `version` in `pyproject.toml` - [ ] Update `share/version.txt` - [ ] Update version and download links in `README.md`, and screenshot if necessary - [ ] CHANGELOG.md should be updated to include a list of all major changes since the last release - [ ] In `.circleci/config.yml`, add new platforms and remove obsolete platforms - [ ] Create a test build in Windows and make sure it works - [ ] Create a test build in mcaOS and make sure it works - [ ] There must be a PGP-signed git tag for the version, e.g. for dangerzone 0.1.0, the tag must be `v0.1.0` Before making a release, verify the release git tag: ``` git fetch git tag -v v$VERSION ``` If the tag verifies successfully and check it out: ``` git checkout v$VERSION ``` ## macOS release To make a macOS release, go to macOS build machine: - Build machine must have: - macOS 10.14 - Apple-trusted `Developer ID Application: FIRST LOOK PRODUCTIONS, INC.` and `Developer ID Installer: FIRST LOOK PRODUCTIONS, INC.` code-signing certificates installed - An app-specific Apple ID password saved in the login keychain called `flockagent-notarize` - Verify and checkout the git tag for this release - Run `poetry install` - Run `poetry run ./install/macos/build_app.py --with-codesign`; this will make `dist/Dangerzone.dmg` - Notarize it: `xcrun altool --notarize-app --primary-bundle-id "media.firstlook.dangerzone" -u "micah@firstlook.org" -p "@keychain:dangerzone-notarize" --file dist/Dangerzone.dmg` - Wait for it to get approved, check status with: `xcrun altool --notarization-history 0 -u "micah@firstlook.org" -p "@keychain:dangerzone-notarize"` - (If it gets rejected, you can see why with: `xcrun altool --notarization-info [RequestUUID] -u "micah@firstlook.org" -p "@keychain:dangerzone-notarize"`) - After it's approved, staple the ticket: `xcrun stapler staple dist/Dangerzone.dmg` This process ends up with the final file: ``` dist/Dangerzone.dmg ``` Rename `Dangerzone.dmg` to `Dangerzone-$VERSION.dmg`. ## Windows release To make a Windows release, go to the Windows build machine: - Build machine should be running Windows 10, and have the Windows codesigning certificate installed - Verify and checkout the git tag for this release - Run `poetry install` - Run `poetry shell`, then `cd ..\pyinstaller`, `python setup.py install`, `exit` - Run `poetry run install\windows\step1-build-exe.bat` - Open a second command prompt _as an administratror_, cd to the dangerzone directory, and run: `install\windows\step2-make-symlink.bat` - Back in the first command prompt, run: `poetry run install\windows\step3-build-installer.bat` - When you're done you will have `dist\Dangerzone.msi` Rename `Dangerzone.msi` to `Dangerzone-$VERSION.msi`. ## Linux release Linux binaries are automatically built and deployed to repositories when a new tag is pushed. ## Publishing the release To publish the release: - Create a new release on GitHub, put the changelog in the description of the release, and upload the macOS and Windows installers - Update the [Installing Dangerzone](https://github.com/firstlookmedia/dangerzone/wiki/Installing-Dangerzone) wiki page - Update the [Dangerzone website](https://github.com/firstlookmedia/dangerzone.rocks) to link to the new installers