Skip to content

build: add v2 release asset uploader#574

Closed
bjw9808 wants to merge 2 commits into
mainfrom
codex/v2-release-assets
Closed

build: add v2 release asset uploader#574
bjw9808 wants to merge 2 commits into
mainfrom
codex/v2-release-assets

Conversation

@bjw9808

@bjw9808 bjw9808 commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds a guarded release helper for uploading Evolver v2 standalone binaries to the public EvoMap/evolver GitHub Release assets, matching the v1 release-asset delivery model while validating artifacts before upload.

What changed

  • Added scripts/upload_v2_release_assets.js to validate and upload the fixed v2 asset set:
    • evolver-v2-darwin-arm64
    • evolver-v2-darwin-x64
    • evolver-v2-linux-x64
    • evolver-v2-linux-arm64
    • evolver-v2-windows-x64.exe
    • per-file .sha256 sidecars
    • SHA256SUMS-v2.txt
  • Added npm run release:v2-assets as the operator entry point.
  • Added unit coverage for checksum validation, manifest validation, symlink rejection, tag validation, and gh release upload argument construction.

How to use

Validate only:

npm run release:v2-assets -- --tag=v1.89.11 --asset-dir=/path/to/evolver-v2-private-dev/dist-binaries

Upload to the public release assets after validation:

npm run release:v2-assets -- --tag=v1.89.11 --asset-dir=/path/to/evolver-v2-private-dev/dist-binaries --yes

Security notes

  • No secrets, tokens, or credentials are stored or printed.
  • The upload target is pinned to EvoMap/evolver; the script does not accept arbitrary repos.
  • The script does not use shell glob expansion or shell interpolation for upload execution.
  • Upload requires explicit --yes; default mode is validate-only.
  • The script rejects symlinked asset directories and symlinked asset files.
  • The script verifies SHA256 sidecars and the combined SHA256SUMS-v2.txt before invoking gh release upload.
  • No new runtime or development dependencies were added.

Validation

npm ci
node --check scripts/upload_v2_release_assets.js
node --test test/uploadV2ReleaseAssets.test.js
npm run release:v2-assets -- --help
git diff --check

Focused validation passed.

npm test was also attempted after npm ci; it did not complete cleanly on this checkout because existing tests hit current baseline/environment failures, including scripts/internal-proxy-env.sh missing from test/proxySettings.test.js / test/validateSuite.test.js. That failure is unrelated to this PR's new release helper.

Risk

Medium operational risk, low runtime risk. This does not change application runtime behavior, but it adds a release-operator command that can upload public GitHub Release assets when invoked with --yes.

@bjw9808 bjw9808 closed this Jun 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bjw9808