Desktop Packaging And Release Notes
next platform extension work, with emphasis on Windows packaging.
Current State
- The shipping desktop shell is Electron-based and wraps the existing runner and dashboard.
- macOS arm64 is the only production platform currently wired end to end.
- Windows x64 packaging is now supported through GitHub Actions runners, so a local Windows machine is not required to create installer artifacts.
- Production releases are signed, notarized, published to the public releases repository, and verified to auto-update successfully.
- User state remains under
~/.coro, matching the CLI and existing local runtime expectations.
Current macOS Release Surface
- Build package:
packages/desktop-electron - Packaging config:
packages/desktop-electron/electron-builder.json5 - Validation workflow:
.github/workflows/desktop-validation.yml - Release workflow:
.github/workflows/desktop-release.yml - Public update repo:
Coro-ai-framework/coro-release - Published artifacts today:
Coro-<version>-arm64.dmgCoro-<version>-arm64.zip*.blockmaplatest-mac.yml
The macOS updater path uses electron-updater against GitHub Releases. The app
checks at startup, downloads in the background, prompts when the update is
ready, and installs on restart or app quit.
Operator Notes
The current operator workflow is:
- Trigger
.github/workflows/desktop-release.ymlmanually with the target semantic version and aplatformsvalue. - Provide a release type of
release,prerelease, ordraft. - Let the workflow temporarily rewrite the desktop package version for the build and publish the artifacts to the public releases repo.
- For macOS releases, the workflow also signs and notarizes the app.
- For Windows releases, the workflow builds on a Windows runner and publishes NSIS installer artifacts. If Windows signing secrets are present, it signs the installer during the same workflow run.
- Verify the public release includes the platform-appropriate updater metadata and binaries.
- Validate the installed app updates from the previously released version.
Valid platforms examples:
macoswindowsmacos,windows
Required secrets already used by the workflow:
CORO_RELEASE_GITHUB_TOKENAPPLE_SIGNING_CERT_B64APPLE_SIGNING_CERT_PASSWORDAPPLE_API_KEY_B64APPLE_API_KEY_IDAPPLE_API_ISSUER
Optional Windows signing secrets:
WINDOWS_SIGNING_CERT_B64WINDOWS_SIGNING_CERT_PASSWORD
Windows Packaging Focus
Windows packaging is now intended to happen primarily in GitHub Actions. That is the correct default if there is no dedicated local Windows machine available.
Recommended Windows Packaging Shape
- Target installer:
nsis - Update mechanism:
electron-updaterwith NSIS artifacts - Primary architectures:
x64firstarm64later if there is demand and a stable Windows-on-ARM test path
- Release channel: reuse the existing public GitHub releases repository unless a Windows-specific distribution constraint appears
This is now reflected in the desktop workflows:
.github/workflows/desktop-validation.ymlbuilds Windows x64 artifacts on a Windows runner for validation..github/workflows/desktop-release.ymlcan publish Windows x64 artifacts when dispatched withplatforms=windows..github/workflows/desktop-release.ymlcan publish both platforms for the same version from one dispatch withplatforms=macos,windows.
nsis is the recommended Windows target because it is the updater path that
electron-updater supports well for packaged Electron apps. We should not plan
around Squirrel.Windows.
Expected Windows Artifacts
Once implemented, the expected release outputs should look like:
Coro-<version>-x64.exeCoro-<version>-x64.nsis.7zor other updater side artifacts emitted by electron-builderlatest.yml- optional blockmap artifacts if emitted by the chosen target/config
Unlike macOS, Windows updater metadata is expected in latest.yml rather than
latest-mac.yml.
Required Packaging Changes
The Windows packaging baseline now includes:
- A
wintarget inpackages/desktop-electron/electron-builder.json5using NSIS onx64. - Windows packaging scripts in
packages/desktop-electron/package.json. - Cross-platform icon generation that emits a Windows
.icoasset as part of the desktop build. - A packaged sidecar resource layout that resolves the bundled Node binary
correctly on Windows, where the executable will be
node.exe. - Windows validation and release jobs in GitHub Actions.
The remaining code-level validation work is behavioral rather than structural:
- Validate sidecar start/stop behavior under Windows process semantics, especially around quit-and-install and child-process termination.
- Confirm the published Windows updater flow across two real releases.
Required Release Infrastructure
Windows production releases will also need signing before they should be treated as first-class downloadable builds.
That implies:
- a code-signing certificate suitable for Windows executables
- CI secret material for the certificate and password
- runner support for secure certificate import during the release job
- post-build validation that SmartScreen reputation and signature verification are acceptable for distribution
Validation Checklist For Windows
Before calling Windows packaging complete, we should verify:
- Fresh install on a clean Windows machine.
- Runner sidecar boots and dashboard loads.
- State persists under the intended Coro data directory without regressing the CLI compatibility model.
- Auto-update from one published Windows version to the next succeeds.
- App restart during update does not leave the UI alive against a dead runner.
- Signed installer and installed app pass Windows signature verification.
Windows Risks To Watch
- Windows process shutdown behavior differs from macOS and is more sensitive to installer/updater timing.
- Code signing on Windows is a user trust issue as much as a packaging issue; unsigned builds may work technically while still producing a poor install experience.
- If we support both
x64andarm64, release validation cost rises immediately because updater metadata and artifact coverage must be confirmed for both targets.
Suggested Implementation Order
- Use the new Windows validation job to confirm unsigned
x64packaging stays healthy on repository changes. - Add Windows signing secrets and confirm signed publish behavior in
.github/workflows/desktop-release.yml. - Verify updater behavior across two real Windows releases.
- Evaluate whether Windows
arm64is worth adding.
Out Of Scope For This Document
- Linux desktop packaging
- tray integration
- background updater UI improvements
- release channels beyond the default latest channel