CI/CD Pipeline (Temporary Manual Release Mode)
Voxeltron is temporarily running in manual release mode from build-mac.
For this short-term window, do not run Woodpecker release automation and do not use GitHub Actions as the release path.
Current Mode
- Release host:
build-mac - Release entrypoint:
scripts/release/manual-release.sh - Woodpecker release pipeline: paused for day-to-day release operations
- GitHub release workflow: manual fallback only (
workflow_dispatch)
Build Host Access
ssh build-macRequired Environment Variables
GH_TOKENDOCKER_USERNAMEDOCKER_PASSWORDGPG_PRIVATE_KEY(ASCII-armored or base64-encoded private key)GPG_PASSPHRASEGPG_KEY_ID
Manual Release Commands
# Full release (includes smoke gate)
./scripts/release/manual-release.sh vX.Y.Z
# Skip smoke gate (emergency only)
./scripts/release/manual-release.sh vX.Y.Z --skip-smoke
# Build artifacts without publishing
./scripts/release/manual-release.sh vX.Y.Z --dry-runManual Release Quick Checklist
Use this sequence for every short-term manual release:
-
Connect to
build-macand ensure a clean working tree:ssh build-mac cd /path/to/voxeltron git status --short - Confirm required environment variables are present (
GH_TOKEN, Docker creds, GPG vars). -
Run a dry run first to build artifacts without publishing:
./scripts/release/manual-release.sh vX.Y.Z --dry-run -
Publish the release:
./scripts/release/manual-release.sh vX.Y.Z -
Verify integrity artifacts after publish (PASS/FAIL output):
./scripts/release/verify-release-artifacts.sh dist - Confirm release assets exist on GitHub for the new tag.
Verification Expectations
checksums.txtmatches published artifacts- GPG metadata signatures verify (
Release.gpg,repomd.xml.asc) - Release includes expected assets (
.tar.gz,.deb,.rpm, SBOMs, repo snapshots, signing key)
Exit Criteria for Manual Mode
- Woodpecker release pipeline validated end-to-end on
build-mac - Secret management stable
- A dry-run and one successful tagged release completed with verification evidence