Add versioning (#452)

* feat: add version environment variables and configuration

- Add version-related environment variable types
- Extend config.ts to include version information with fallback values
- Add build-time version injection
- Include version variables in test environment configuration

* feat: enhance semantic-release configuration for staging/production workflow

- Update semantic-release to support staging (beta) and production (stable) branches
- Add enhanced release notes proper categorization
- Configure changelog generation and git commits for version management
- Add commitlint configuration for conventional commit validation
- Add semantic-release plugins: changelog, git, and enhanced GitHub integration
- Maintain npm plugin for package.json version updates (without publishing)

* feat: create unified version management system

- Add useVersion hook that works for both web and desktop platforms
- Create VersionDisplay component with environment badges and optional details
- Support Tauri desktop version detection while falling back to web config
- Include build date, commit hash, and environment information

* feat: update settings page with enhanced version display and comprehensive tests

- Replace legacy Tauri-specific version display with unified VersionDisplay component
- Add error handling to useVersion hook

* feat: add version synchronization script for web and desktop builds

- Create sync-version.cjs script to sync versions from package.json to Cargo.toml
- Add standalone npm run sync-version command and tntegrated version sync into build process

* feat: create staging deployment workflow for automated beta releases

- Add GitHub Actions workflow that triggers on staging branch pushes

* feat: update production release workflow and add promotion workflow

- Create new promote-to-production.yml workflow for manual staging→main merges
- Enhance release-web.yaml with version injection and bot token authentication
- Remove staging deployment from production workflow for better separation
- Use bot token (engineering-ci[bot]) for all git operations across workflows

* feat: update desktop release workflow integration

- Add proper bot token generation using GitHub App credentials (BOT_ID + BOT_SK)
- Integrate version synchronization with npm run sync-version to keep Cargo.toml in sync
- Ensure desktop releases use same versioning system as web releases

* docs: add comprehensive versioning documentation

* docs: add comprehensive versioning documentation

* feat: update branching strategy to use main as staging and release as production

BREAKING CHANGE: Branching strategy has changed. Production deployments now use 'release' branch, staging uses 'main' branch.

New workflow:
- Feature branches → main (staging environment, beta releases)
- main → release (production environment, stable releases)

- Changed production deployments to trigger on 'release' branch instead of 'main'
- Updated staging deployments to trigger on 'main' branch instead of 'staging'
- Modified promotion workflow to merge 'main' → 'release' instead of 'staging' → 'main'
- Updated semantic-release configuration to create stable releases from 'release' branch and beta releases from 'main'

* docs: add workflow descriptions and update release process documentation

- Added detailed descriptions to all GitHub Actions workflow files explaining their role
- Updated README.md release process section with workflow file names for each step
- Clarified staging deployment uses Cloudflare Pages and desktop releases are manual

All workflows now clearly document when they trigger, what they do, and their role in the release process.

* refactor: removed version env vars

* chore(config): convert semantic-release to TypeScript and optimize configuration

* feat(ci): implement orchestrator release workflow for unified web and desktop releases

• Add orchestrator pattern to coordinate web and desktop releases from single workflow
• Create reusable release-desktop.yaml workflow for cross-platform desktop builds
• Implement efficient build strategy: build frontend once, reuse across all platforms
• Fix semantic-release to upload web artifacts to GitHub releases
• Simplify environment configuration with direct production values
• Add tauri:build convenience script and remove beforeBuildCommand from tauri.conf.json

* chore(docs): moved release info to CONTRIBUTING.md

* test: consolidate settings tests at page level

* chore: adjust the build layout and apply some fixes

* refactor(ci): combine build-app and create-release into single job

- Eliminate duplicate Node.js setup and npm install steps
- Combine build-app and create-release into build-and-release job
- Optimize workflow execution flow: version → sync → commit → build
- Update job dependencies to use single upstream job

refactor: rename create-release action to generate-release-version

* feat: use branch name instead of semantic-release output for production release detection

- Add IS_PRODUCTION_RELEASE environment variable for consistency
- Replace release-published checks with github.ref_name == 'release'

* fix: updated release.yml

* fix: handle breaking changes and cleaned main git history

* chore(ci): removed dependency on release web for sync to main

* chore: removed unused workflow output

* chore: uncommented used code

* refactor: removed keywords parseOpts

* docs: updated contributing guide

* refactor: release config ts to conditionally update changelog only on release branch

---------

Co-authored-by: Neil Campbell <[email protected]>

Author: lempira

.commitlintrc

@@ -0,0 +1,9 @@
+{
+  "extends": ["@commitlint/config-conventional"],
+  "rules": {
+    "type-enum": [2, "always", ["feat", "fix", "docs", "style", "refactor", "perf", "test", "build", "ci", "chore", "revert"]],
+    "subject-empty": [2, "never"],
+    "subject-full-stop": [2, "never", "."],
+    "header-max-length": [2, "always", 100]
+  }
+}

.github/actions/build-linux/action.yaml

@@ -59,7 +59,7 @@ runs:
     - name: Setup tauri.conf.json
       if: ${{ inputs.release-version != '' }}
       run: |
-        sed -i "s/\"version\": \"0.1.0\"/\"version\": \"${{ inputs.release-version }}\"/g" "src-tauri/tauri.conf.json"
+        sed -i "s/\"version\": \"0.0.0\"/\"version\": \"${{ inputs.release-version }}\"/g" "src-tauri/tauri.conf.json"
         sed -i "s/\"createUpdaterArtifacts\": false/\"createUpdaterArtifacts\": true/g" "src-tauri/tauri.conf.json"
         sed -i "s/CN_ORG_NAME/${{ inputs.crabnebula-org-name }}/g" "src-tauri/tauri.conf.json"
         sed -i "s/CN_APP_NAME/${{ inputs.crabnebula-app-name }}/g" "src-tauri/tauri.conf.json"

.github/actions/build-mac/action.yaml

@@ -80,7 +80,7 @@ runs:
     - name: Setup tauri.conf.json
       if: ${{ inputs.release-version != '' }}
       run: |
-        sed -i '' "s/\"version\": \"0.1.0\"/\"version\": \"${{ inputs.release-version }}\"/g" "src-tauri/tauri.conf.json"
+        sed -i '' "s/\"version\": \"0.0.0\"/\"version\": \"${{ inputs.release-version }}\"/g" "src-tauri/tauri.conf.json"
         sed -i '' "s/\"createUpdaterArtifacts\": false/\"createUpdaterArtifacts\": true/g" "src-tauri/tauri.conf.json"
         sed -i '' "s/CN_ORG_NAME/${{ inputs.crabnebula-org-name }}/g" "src-tauri/tauri.conf.json"
         sed -i '' "s/CN_APP_NAME/${{ inputs.crabnebula-app-name }}/g" "src-tauri/tauri.conf.json"

.github/actions/build-windows/action.yaml

@@ -49,7 +49,7 @@ runs:
       run: |
         input_version="${{ inputs.release-version }}"
         version="${input_version/beta./""}"
-        sed -i "s/\"version\": \"0.1.0\"/\"version\": \"$version\"/g" "src-tauri/tauri.conf.json"
+        sed -i "s/\"version\": \"0.0.0\"/\"version\": \"$version\"/g" "src-tauri/tauri.conf.json"
         sed -i "s/\"createUpdaterArtifacts\": false/\"createUpdaterArtifacts\": true/g" "src-tauri/tauri.conf.json"
         sed -i "s/CN_ORG_NAME/${{ inputs.crabnebula-org-name }}/g" "src-tauri/tauri.conf.json"
         sed -i "s/CN_APP_NAME/${{ inputs.crabnebula-app-name }}/g" "src-tauri/tauri.conf.json"

.github/actions/create-release/action.yaml renamed to .github/actions/generate-release-version/action.yaml

@@ -4,9 +4,6 @@ inputs:
   github-token:
     description: 'The GitHub token'
     required: true
-  production-release:
-    description: 'Is production release?'
-    required: true
   node-version:
     description: 'The Node version'
     required: true
@@ -32,22 +29,31 @@ runs:
       uses: actions/setup-node@v4
       with:
         node-version: ${{ inputs.node-version }}
+        registry-url: 'https://npm.pkg.github.com'
+        scope: '@algorandfoundation'
+        cache: 'npm'
 
     - name: Install npm dependencies
-      run: npm install
+      run: npm ci --ignore-scripts
+      env:
+        NODE_AUTH_TOKEN: ${{ inputs.github-token }}
+      shell: bash
+
+    # Let scripts run without the token
+    - run: npm rebuild
       shell: bash
 
     - name: Get next version (dry run)
       id: get-next-version
-      run: npx semantic-release --dry-run ${{ inputs.production-release == 'true' && '--branches main' || '' }}
+      run: npx semantic-release --dry-run
       env:
         GITHUB_TOKEN: ${{ inputs.github-token }}
       shell: bash
 
-    - name: Create release ${{ inputs.production-release == 'true' && '' || 'beta' }}
+    - name: Create release
       env:
         GITHUB_TOKEN: ${{ inputs.github-token }}
-      run: npx semantic-release ${{ inputs.production-release == 'true' && '--branches main' || '' }}
+      run: npx semantic-release
       shell: bash
 
     - name: Get release tag

.github/workflows/pr.yaml

@@ -2,7 +2,6 @@ name: PR checks
 
 on:
   pull_request:
-    branches: '**'
 
 permissions: {}
 

.github/workflows/promote-to-production.yaml

@@ -0,0 +1,55 @@
+# Promotion Workflow
+#
+# This workflow is manually triggered to promote tested changes from 'main' to 'release'.
+# It performs a merge from main branch to release branch, which then triggers
+# the production deployment workflow.
+#
+# Role in release workflow:
+# - Manually triggered via GitHub Actions UI
+# - Merges tested changes from 'main' → 'release' branch
+# - Triggers production deployment automatically after merge
+# - Acts as the final approval gate before production release
+
+name: Promote to Production
+
+on:
+  workflow_dispatch:
+    inputs:
+      promote-from-main:
+        description: 'Promote main to production'
+        required: true
+        default: true
+        type: boolean
+
+concurrency: promote-to-production
+
+jobs:
+  promote-main-to-release:
+    name: Promote Main to Release
+    runs-on: ubuntu-latest
+    if: inputs.promote-from-main
+    steps:
+      - name: Generate bot token
+        uses: actions/create-github-app-token@v1
+        id: app_token
+        with:
+          app-id: ${{ secrets.BOT_ID }}
+          private-key: ${{ secrets.BOT_SK }}
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ steps.app_token.outputs.token }}
+
+      - name: Set Git user as GitHub actions
+        run: git config --global user.email "179917785+engineering-ci[bot]@users.noreply.github.com" && git config --global user.name "engineering-ci[bot]"
+
+      - name: Merge main to release
+        id: merge-main
+        run: |
+          git checkout release
+          git pull origin release
+          git merge origin/main --no-ff -X theirs -m "chore: promote main (i.e. staging) to production
+
+          This promotion merges tested changes from main branch to release for production release."
+          git push origin release

.github/workflows/release-desktop.yaml

@@ -0,0 +1,156 @@
+# Desktop Release Workflow
+#
+# This workflow is called by the main release orchestrator to build desktop applications.
+# It downloads pre-built web artifacts and builds cross-platform desktop applications.
+#
+# Role in release workflow:
+# - Called by main release.yaml orchestrator
+# - Receives version from semantic-release
+# - Downloads pre-built web artifacts
+# - Builds cross-platform desktop applications
+# - Publishes desktop apps via CrabNebula
+
+name: Release Desktop
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        description: 'Release version'
+        required: true
+        type: string
+      production-release:
+        description: 'Production release?'
+        required: true
+        type: string
+      release-tag:
+        description: 'Release tag'
+        required: true
+        type: string
+      crabnebula-release-id:
+        description: 'CrabNebula release ID'
+        required: true
+        type: string
+
+concurrency: build-desktop
+
+env:
+  PRODUCTION_RELEASE: ${{ inputs.production-release == 'true' }}
+
+jobs:
+  build-tauri:
+    name: Build Tauri app
+    runs-on: ${{ matrix.platform }}
+    strategy:
+      matrix:
+        # macos-14 is the Apple Arm runner
+        # macos-13 is the Apple Intel runner
+        platform: [ubuntu-22.04, windows-latest, macos-13, macos-14]
+
+    steps:
+      - name: Generate bot token
+        uses: actions/create-github-app-token@v1
+        id: app_token
+        with:
+          app-id: ${{ secrets.BOT_ID }}
+          private-key: ${{ secrets.BOT_SK }}
+
+      - uses: actions/checkout@v4
+        with:
+          # Use bot token for authenticated operations
+          token: ${{ steps.app_token.outputs.token }}
+          fetch-depth: 0
+
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@algorandfoundation'
+          cache: 'npm'
+
+      - name: Install Rust stable
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install npm dependencies
+        run: npm ci --ignore-scripts
+        env:
+          NODE_AUTH_TOKEN: ${{ steps.app_token.outputs.token }}
+
+      # Let scripts run without the token
+      - run: npm rebuild
+
+      - name: Download app build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: app-build
+          path: dist/
+
+      - name: Build for Linux
+        id: build-linux
+        if: ${{ runner.os == 'Linux' }}
+        uses: ./.github/actions/build-linux
+        with:
+          release-tag: ${{ inputs.release-tag }}
+          production-release: ${{ env.PRODUCTION_RELEASE  }}
+          crabnebula-release-id: ${{ inputs.crabnebula-release-id }}
+          appimage-signing-private-key: ${{ secrets.APPIMAGE_SIGNING_PRIVATE_KEY }}
+          appimage-signing-private-key-password: ${{ secrets.APPIMAGE_SIGNING_PRIVATE_KEY_PASSWORD }}
+          tauri-signing-public-key: ${{ secrets.TAURI_SIGNING_PUBLIC_KEY }}
+          tauri-signing-private-key: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          tauri-signing-private-key-password: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
+          crabnebula-org-name: ${{ secrets.CN_ORG_NAME }}
+          crabnebula-app-name: ${{ secrets.CN_APP_NAME }}
+          crabnebula-api-key: ${{ secrets.CN_API_KEY }}
+
+      - name: Build for Windows
+        id: build-windows
+        if: ${{ runner.os == 'Windows' }}
+        uses: ./.github/actions/build-windows
+        with:
+          release-tag: ${{ inputs.release-tag }}
+          production-release: ${{ env.PRODUCTION_RELEASE  }}
+          crabnebula-release-id: ${{ inputs.crabnebula-release-id }}
+          package_name: algokit-lora
+          azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          azure_client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+          tauri-signing-public-key: ${{ secrets.TAURI_SIGNING_PUBLIC_KEY }}
+          tauri-signing-private-key: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          tauri-signing-private-key-password: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
+          crabnebula-org-name: ${{ secrets.CN_ORG_NAME }}
+          crabnebula-app-name: ${{ secrets.CN_APP_NAME }}
+          crabnebula-api-key: ${{ secrets.CN_API_KEY }}
+
+      - name: Build for Mac
+        id: build-mac
+        if: ${{ runner.os == 'macOS' }}
+        uses: ./.github/actions/build-mac
+        with:
+          release-tag: ${{ inputs.release-tag }}
+          production-release: ${{ env.PRODUCTION_RELEASE  }}
+          crabnebula-release-id: ${{ inputs.crabnebula-release-id }}
+          apple-certificate: ${{ secrets.APPLE_CERTIFICATE }}
+          apple-certificate-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+          keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
+          apple-id: ${{ secrets.APPLE_ID }}
+          apple-password: ${{ secrets.APPLE_PASSWORD }}
+          apple-team-id: ${{ secrets.APPLE_TEAM_ID }}
+          tauri-signing-public-key: ${{ secrets.TAURI_SIGNING_PUBLIC_KEY }}
+          tauri-signing-private-key: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          tauri-signing-private-key-password: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
+          crabnebula-org-name: ${{ secrets.CN_ORG_NAME }}
+          crabnebula-app-name: ${{ secrets.CN_APP_NAME }}
+          crabnebula-api-key: ${{ secrets.CN_API_KEY }}
+
+  publish-crabnebula:
+    name: Publish CrabNebula release
+    needs:
+      - build-tauri
+    runs-on: ubuntu-latest
+    steps:
+      - name: Publish CrabNebula release
+        uses: crabnebula-dev/[email protected]
+        with:
+          command: release publish "${{ secrets.CN_ORG_NAME }}/${{ secrets.CN_APP_NAME }}" "${{ inputs.crabnebula-release-id }}" ${{ env.PRODUCTION_RELEASE != 'true' && '--channel beta' || '' }}
+          api-key: ${{ secrets.CN_API_KEY }}