Release Process

The Dahlke PressCenter project uses an automated GitHub Actions workflow for building and releasing Windows installers.

Release Workflow Overview

The release workflow (.github/workflows/release.yml) automates the following steps:

1. Version Extraction: Extracts version information from git tags or manual input

2. Build: Compiles the .NET application for Windows (win-x64)

3. Installer Creation: Builds a Windows installer using NSIS

4. SLSA Attestation: Generates SLSA Level 3 provenance for supply chain security

5. GitHub Release: Creates a GitHub release with auto-generated release notes

Triggering a Release

Manual Release

To manually trigger a release:

1. Navigate to the Actions tab in the GitHub repository

2. Select the Release workflow

3. Click Run workflow

4. Enter the version number (e.g., 1.2.0)

5. Click Run workflow button

The workflow will: - Build the installer with the specified version - Create a git tag v{version} if it doesn’t exist - Create a GitHub release with auto-generated notes - Upload the installer and SLSA provenance

Automatic Release

To automatically trigger a release by pushing a tag:

# Create and push a version tag
git tag v1.2.0
git push origin v1.2.0

The workflow will automatically: - Detect the version from the tag name - Build the installer - Create a GitHub release - Upload artifacts

Version Scheme

The project follows semantic versioning (SemVer):

• Major: Incompatible API changes

• Minor: Backwards-compatible functionality additions

• Build/Patch: Backwards-compatible bug fixes

• Revision: GitHub Actions run number (auto-generated)

Tag format: v{major}.{minor}.{build} (e.g., v1.2.0)

SLSA Level 3 Compliance

The release workflow generates SLSA Level 3 provenance attestations for all installer artifacts. This provides:

• Build Integrity: Verifiable proof of how the binary was built

• Non-Falsifiable Provenance: Cryptographically signed build metadata

• Source Integrity: Traceable to specific source code commits

The provenance file (*.intoto.jsonl) is uploaded alongside the installer in each release.

Installer Details

The Windows installer is built using NSIS (Nullsoft Scriptable Install System) with the following characteristics:

• Installer Script: Installer/leitstand.nsi

• Target Platform: Windows x64

• Self-Contained: Includes .NET 8.0 runtime

• Installation Location: C:Program FilesDahlkePressCenter (default)

Prerequisites for Local Build

If you need to build the installer locally:

1. Install .NET 8.0 SDK

2. Install NSIS (Nullsoft Scriptable Install System)

3. Restore NuGet packages:

   dotnet restore
   

4. Build the project:

   dotnet build --configuration Release
   

5. Publish for Windows:

   dotnet publish Dahlke.PressCenter/Dahlke.PressCenter.csproj \
     --configuration Release \
     --runtime win-x64 \
     --self-contained true \
     --output Dahlke.PressCenter/bin/Release/net8.0/win-x64/publish
   

6. Build the installer:

   makensis -DVERSIONMAJOR="1" -DVERSIONMINOR="0" -DVERSIONBUILD="0" \
     -DVERSIONREVISION="0" -DVERSIONTEXT="" -DCONFIGNAME="Release" \
     Installer\leitstand.nsi
   

Release Checklist

Before creating a release:

1. ✅ All tests pass

2. ✅ Version number updated in Dahlke.PressCenter.csproj

3. ✅ CHANGELOG updated with release notes (if maintained separately)

4. ✅ Documentation updated

5. ✅ All changes committed and pushed

6. ✅ Branch is up to date with main

Troubleshooting

Workflow fails at build step

• Check that all NuGet packages can be restored

• Verify ACTION_NUGET_PACKAGES secret is configured

Installer not found after NSIS build

• Check NSIS script syntax

• Verify publish output directory matches SOURCEDIR in leitstand.nsi

SLSA provenance generation fails

• Ensure id-token: write permission is set

• Check that artifact hash format is correct

Release creation fails

• Verify GITHUB_TOKEN has appropriate permissions

• Check that tag doesn’t already exist (for manual releases)