Tauri's built-in DMG styling relies on AppleScript/Finder access which
silently fails on CI (tauri-apps/tauri#1731). Switch to create-dmg tool
which works on GitHub Actions macOS runners.
- Replace Tauri DMG with create-dmg: background image, icon positions,
app-drop-link, codesign, hide-extension
- Regenerate background image at 2x Retina resolution (1320x800)
- Revert tauri.conf.json dmg config (ineffective on CI)
- Reorder steps: Prepare → Notarize DMG → Verify
- Notarize and Verify now use release-assets/ path for DMG
- Add DMG background image with drag-to-install arrow guide
- Configure window size (660x400), app and Applications icon positions
- Center icons horizontally with visual arrow between them
Tauri only notarizes the .app bundle, not the DMG container. This caused
stapler staple to fail with "Record not found" for the DMG.
- Add "Notarize macOS DMG" step using xcrun notarytool with retry logic
- Add retry logic (3 attempts) to macOS build step for transient network failures
- Add hdiutil verify before DMG notarization submission
- Import Developer ID Application certificate into temporary keychain
- Inject APPLE_SIGNING_IDENTITY/APPLE_ID/APPLE_PASSWORD/APPLE_TEAM_ID
into Tauri build step for automatic signing and notarization
- Staple notarization tickets to both .app and .dmg (hard-fail)
- Add verification step: codesign --verify + spctl -a + stapler validate
for both .app and .dmg, gating the release on success
- Collect .dmg alongside .tar.gz and .zip in release assets
- Clean up temporary keychain with original default restored
- Update release notes to recommend .dmg and note Apple notarization
- Remove all xattr workarounds and "unidentified developer" warnings
from README, README_ZH, installation guides, and FAQ (EN/ZH/JA)
- Add xdg-utils dependency for xdg-mime binary required by AppImage bundler
- Remove unused McpStatus struct from gemini_mcp.rs (duplicate of claude_mcp.rs)
- Add #![allow(dead_code)] to proxy models reserved for future type-safe API
- Add ubuntu-22.04-arm runner to build matrix
- Rename Linux artifacts with architecture suffix (x86_64/arm64)
- Update pnpm cache key with runner.arch to avoid cross-arch pollution
- Add linux-aarch64 platform to latest.json for Tauri updater
Flatpak build has persistent issues with libdbusmenu dependencies.
Removing it for now to allow release. Can be re-added later with
proper libayatana dependency configuration.
- Add RPM bundle to Linux build targets in CI workflow
- Add Flatpak manifest, desktop entry, and AppStream metainfo
- Update release workflow to build and publish .rpm and .flatpak artifacts
- Update README docs with new Linux package formats and installation instructions
- Add .gitignore rules for Flatpak build artifacts
- Add concurrency control to prevent multiple simultaneous releases
- Upgrade softprops/action-gh-release from v1 to v2 for better reliability
- Add docs/ directory to .gitignore to exclude documentation build artifacts
- Switch to passing complete two-line private key content instead of base64 only
- Use GitHub Actions heredoc syntax (<<'EOF') for proper multiline handling
- Preserve original minisign private key format with comment and base64 lines
- Improve compatibility with Tauri CLI's private key parsing
- Switch from file path to direct base64 content for better compatibility
- Extract private key base64 from second line for stable parsing
- Enhance error handling for key extraction process
- Improve cross-version compatibility for different Tauri CLI versions
- Update CI workflow to use TAURI_SIGNING_PRIVATE_KEY consistently
- Simplify key handling logic and add password support
- Update pubkey in tauri.conf.json to match new signing key
- Remove redundant environment variables for key content export
- Focus on providing proper key file path to Tauri CLI to avoid decoding ambiguity
- Maintain support for all three key formats (two-line, base64-wrapped, single base64)
- Improve reliability by standardizing on file-based key passing approach
- Configure Tauri updater plugin with Ed25519 signing
- Add GitHub Actions support for signed builds
- Set up GitHub releases as update endpoint
- Enable update checking in Settings modal
- Configure GitHub Actions to generate platform-specific releases:
- macOS: zip package only (avoids signing issues)
- Windows: installer (NSIS) and portable version
- Linux: AppImage and deb packages
- Update Tauri config to build all available targets
- Add documentation for macOS signature workarounds
- Replace env var STORE_PATH with step output\n- Add id to pnpm-store step and write to \n- Reference cache path via steps.pnpm-store.outputs.path\n- Resolves linter warning: Context access might be invalid: STORE_PATH\n- No behavior change; caching remains the same
