Files
openclaw/docs/platforms/mac/release.md
T
Peter Steinberger bcedeb4e1f
Workflow Sanity / no-tabs (push) Failing after 31s
CI / install-check (push) Has been cancelled
CI / checks (bunx tsc -p tsconfig.json, bun, build) (push) Has been cancelled
CI / checks (bunx vitest run, bun, test) (push) Has been cancelled
CI / checks (pnpm build, node, build) (push) Has been cancelled
CI / checks (pnpm format, node, format) (push) Has been cancelled
CI / checks (pnpm lint, node, lint) (push) Has been cancelled
CI / checks (pnpm protocol:check, node, protocol) (push) Has been cancelled
CI / checks (pnpm test, node, test) (push) Has been cancelled
CI / secrets (push) Has been cancelled
CI / checks-windows (pnpm build, node, build) (push) Has been cancelled
CI / checks-windows (pnpm lint, node, lint) (push) Has been cancelled
CI / checks-windows (pnpm protocol:check, node, protocol) (push) Has been cancelled
CI / checks-windows (pnpm test, node, test) (push) Has been cancelled
CI / checks-macos (pnpm test, test) (push) Has been cancelled
CI / macos-app (set -euo pipefail for attempt in 1 2 3; do if swift build --package-path apps/macos --configuration release; then exit 0 fi echo "swift build failed (attempt $attempt/3). Retrying…" sleep $((attempt * 20)) done exit 1 , build) (push) Has been cancelled
CI / macos-app (set -euo pipefail for attempt in 1 2 3; do if swift test --package-path apps/macos --parallel --enable-code-coverage --show-codecov-path; then exit 0 fi echo "swift test failed (attempt $attempt/3). Retrying…" sleep $((attempt *… (push) Has been cancelled
CI / macos-app (swiftlint --config .swiftlint.yml swiftformat --lint apps/macos/Sources --config .swiftformat , lint) (push) Has been cancelled
CI / ios (push) Has been cancelled
CI / android (./gradlew --no-daemon :app:assembleDebug, build) (push) Has been cancelled
CI / android (./gradlew --no-daemon :app:testDebugUnitTest, test) (push) Has been cancelled
chore: bump 2026.1.24
2026-01-24 15:00:00 +00:00

4.5 KiB
Raw Blame History

summary, read_when
summary read_when
Clawdbot macOS release checklist (Sparkle feed, packaging, signing)
Cutting or validating a Clawdbot macOS release
Updating the Sparkle appcast or feed assets

Clawdbot macOS release (Sparkle)

This app now ships Sparkle auto-updates. Release builds must be Developer IDsigned, zipped, and published with a signed appcast entry.

Prereqs

  • Developer ID Application cert installed (example: Developer ID Application: <Developer Name> (<TEAMID>)).
  • Sparkle private key path set in the environment as SPARKLE_PRIVATE_KEY_FILE (path to your Sparkle ed25519 private key; public key baked into Info.plist). If it is missing, check ~/.profile.
  • Notary credentials (keychain profile or API key) for xcrun notarytool if you want Gatekeeper-safe DMG/zip distribution.
    • We use a Keychain profile named clawdbot-notary, created from App Store Connect API key env vars in your shell profile:
      • APP_STORE_CONNECT_API_KEY_P8, APP_STORE_CONNECT_KEY_ID, APP_STORE_CONNECT_ISSUER_ID
      • echo "$APP_STORE_CONNECT_API_KEY_P8" | sed 's/\\n/\n/g' > /tmp/clawdbot-notary.p8
      • xcrun notarytool store-credentials "clawdbot-notary" --key /tmp/clawdbot-notary.p8 --key-id "$APP_STORE_CONNECT_KEY_ID" --issuer "$APP_STORE_CONNECT_ISSUER_ID"
  • pnpm deps installed (pnpm install --config.node-linker=hoisted).
  • Sparkle tools are fetched automatically via SwiftPM at apps/macos/.build/artifacts/sparkle/Sparkle/bin/ (sign_update, generate_appcast, etc.).

Build & package

Notes:

  • APP_BUILD maps to CFBundleVersion/sparkle:version; keep it numeric + monotonic (no -beta), or Sparkle compares it as equal.
  • Defaults to the current architecture ($(uname -m)). For release/universal builds, set BUILD_ARCHS="arm64 x86_64" (or BUILD_ARCHS=all).
  • Use scripts/package-mac-dist.sh for release artifacts (zip + DMG + notarization). Use scripts/package-mac-app.sh for local/dev packaging.
# From repo root; set release IDs so Sparkle feed is enabled.
# APP_BUILD must be numeric + monotonic for Sparkle compare.
BUNDLE_ID=com.clawdbot.mac \
APP_VERSION=2026.1.24 \
APP_BUILD="$(git rev-list --count HEAD)" \
BUILD_CONFIG=release \
SIGN_IDENTITY="Developer ID Application: <Developer Name> (<TEAMID>)" \
scripts/package-mac-app.sh

# Zip for distribution (includes resource forks for Sparkle delta support)
ditto -c -k --sequesterRsrc --keepParent dist/Clawdbot.app dist/Clawdbot-2026.1.24.zip

# Optional: also build a styled DMG for humans (drag to /Applications)
scripts/create-dmg.sh dist/Clawdbot.app dist/Clawdbot-2026.1.24.dmg

# Recommended: build + notarize/staple zip + DMG
# First, create a keychain profile once:
#   xcrun notarytool store-credentials "clawdbot-notary" \
#     --apple-id "<apple-id>" --team-id "<team-id>" --password "<app-specific-password>"
NOTARIZE=1 NOTARYTOOL_PROFILE=clawdbot-notary \
BUNDLE_ID=com.clawdbot.mac \
APP_VERSION=2026.1.24 \
APP_BUILD="$(git rev-list --count HEAD)" \
BUILD_CONFIG=release \
SIGN_IDENTITY="Developer ID Application: <Developer Name> (<TEAMID>)" \
scripts/package-mac-dist.sh

# Optional: ship dSYM alongside the release
ditto -c -k --keepParent apps/macos/.build/release/Clawdbot.app.dSYM dist/Clawdbot-2026.1.24.dSYM.zip

Appcast entry

Use the release note generator so Sparkle renders formatted HTML notes:

SPARKLE_PRIVATE_KEY_FILE=/path/to/ed25519-private-key scripts/make_appcast.sh dist/Clawdbot-2026.1.24.zip https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml

Generates HTML release notes from CHANGELOG.md (via scripts/changelog-to-html.sh) and embeds them in the appcast entry. Commit the updated appcast.xml alongside the release assets (zip + dSYM) when publishing.

Publish & verify

  • Upload Clawdbot-2026.1.24.zip (and Clawdbot-2026.1.24.dSYM.zip) to the GitHub release for tag v2026.1.24.
  • Ensure the raw appcast URL matches the baked feed: https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml.
  • Sanity checks:
    • curl -I https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml returns 200.
    • curl -I <enclosure url> returns 200 after assets upload.
    • On a previous public build, run “Check for Updates…” from the About tab and verify Sparkle installs the new build cleanly.

Definition of done: signed app + appcast are published, update flow works from an older installed version, and release assets are attached to the GitHub release.