buckyos
Publish releases
Release binaries are currently published to https://www.cyfs.com/download. I cannot confidently find where those binaries came from, what is the source code.
This issue proposes some improvements to the release process.
Why?
Build system integrity is an important part of building software. And it is super important if that software is backing up your sensitive files (which is a current or future use case of this software.)
Work plan
- [ ] [Create a file](https://github.com/buckyos/CYFS/new/main) called RELEASE.md that explains the release process, include:
- [ ] Create a tag and release notes in GitHub
- [ ] Build/sign binaries and attach to this release
- [ ] Upload the binaries to CYFS (which requires project maintainers to sign it)
- [ ] Link to the CYFS binaries from the GitHub release (this confirm authenticity from the project maintainers)
- [ ] Release to app stores using the same signed binaries as in the release
- [ ] Perform a release with this new process
- [ ] Link from the https://www.cyfs.com/download web page to these releases.
Follow on work
These can be discussed later, maybe in some other issue some day.
- Reproducible builds
- Continuous deployment
Thanks for your suggestion~
According to our plan, cyfs.com should be officially published on cyfs://cyfs/ in the future. Using the Web3 protocol of Content Base can effectively improve the credibility of the release, and any modification can be tracked. But in practice we realized that there is a circular dependency here ~ so we are back to the main release of Web2, but believe that in the near future, we will achieve our goal.
The current development of CYFS is moving towards Beta II at a high speed, but our work on release transparency will continue to improve, and we will improve our Build System according to your suggestions.
P.S: Currently the tag of https://github.com/buckyos/CYFS points to the version number of OOD Service~
