// Production release runbook for freenet-email. Use when the user asks to "cut a release", "release v0.X.Y", "publish to production", or after a non-trivial bug sweep that should reach users. Source of truth is RELEASING.md.
| name | freenet-mail-release |
| description | Production release runbook for freenet-email. Use when the user asks to "cut a release", "release v0.X.Y", "publish to production", or after a non-trivial bug sweep that should reach users. Source of truth is RELEASING.md. |
main and the user asks whether to
ship it.Do NOT invoke for: facade-only pointer updates without webapp changes
(those are a separate flow; see RELEASING.md ยง"Facade contract
update"), test/CI-only commits, doc-only commits.
You CAN:
git log v0.1.X..main).gtar), fdev, dx,
cargo-make, gh.freenet network node is reachable on 127.0.0.1:7509
(or whatever FREENET_PORT overrides to).scripts/smoke-test-production.sh).You CANNOT:
scripts/release.sh itself unsupervised. It signs with the
production key, pushes to the live network, commits + tags + pushes
to origin/main. Steps 4-10 are irreversible. The user must drive
this, or explicitly authorize each confirmation.freenet network. The node is a long-running interactive
process whose output the user should be watching during publish.~/.config/freenet-email/web-container-keys.toml and is the user's
asset.Run these checks before suggesting release.sh:
# 1. Clean tree, on main, up to date with origin.
git status # must report "nothing to commit"
git rev-parse --abbrev-ref HEAD # must be `main`
git fetch origin main && git status # must be ahead == 0 behind == 0
# 2. Tag is free.
git tag | grep "^v<VERSION>$" && echo "TAG TAKEN" || echo "TAG OK"
# 3. Commits since last tag โ confirm there's actual user-facing change.
git log $(git describe --tags --abbrev=0)..main --oneline
# 4. Production key present.
ls -la ~/.config/freenet-email/web-container-keys.toml
# 5. GNU tar โ required by compress-webapp for reproducible archives.
which gtar || (tar --version | grep -q GNU && echo "system tar is GNU") || \
echo "MISSING gtar โ `brew install gnu-tar`"
# 6. Network-connected node reachable (or warn the user to start one).
curl -s -o /dev/null -w "%{http_code}\n" http://127.0.0.1:7509/
# 200 / 404 / 405 = node is up; 000 = not running, user must run `freenet network`
# 7. Required tools.
which fdev dx cargo-make gh
Report any failures as a punch list before the user runs release.sh.
Do not paper over them.
Semver per Cargo.toml:
v0.1.X โ v0.1.X+1): bug fixes only. The recent
228+ sweep was a patch.v0.1.X โ v0.2.0): user-visible features, schema
additions, new contracts.Confirm the version with the user before suggesting; do not pick unilaterally.
The user runs:
freenet network # other terminal โ wait for peers
scripts/release.sh <VERSION> # interactive, three confirmations
scripts/smoke-test-production.sh # post-publish liveness check
release.sh prompts at:
If the user wants you to type "y" at each prompt, they should pass
--yes to release.sh and confirm authorization explicitly. Don't
assume.
After release.sh exits successfully (or if it aborted post-publish โ
see "Recovery" below), verify the deploy actually works:
# 1. Smoke test the new webapp.
scripts/smoke-test-production.sh
# Runs ui/tests/production-liveness.spec.ts across 5 browser profiles.
# Asserts: gateway serves the webapp, WASM loads, Dioxus mounts,
# "Create new identity" link renders. Does NOT exercise identity
# creation / messaging โ that needs the manual checklist in AGENTS.md.
# 2. Facade pointer flipped to new app id.
NEW_APP_ID=$(cat published-contract/contract-id.txt)
FACADE_ID=$(cat published-contract/facade-id.txt)
curl -s "http://127.0.0.1:7509/v1/contract/web/${FACADE_ID}/?__sandbox=1" \
| grep -F "${NEW_APP_ID}"
# expect: var CURRENT_APP_ID = "<new app id>";
# 3. The new webapp serves directly.
curl -sI "http://127.0.0.1:7509/v1/contract/web/${NEW_APP_ID}/" | head -1
# expect: HTTP/1.1 200 OK
If facade ?__sandbox=1 shows the OLD app id, the gateway is serving
a stale extracted webapp from its on-disk cache. See AGENTS.md
ยง"Manual pointer flip / recovery" for the cache-bust recipe.
release.sh aborts during publish (fdev 300s timeout)freenet-core#4102: fdev publish returns a 300s client timeout despite
the server-side publish having succeeded. The webapp landed; the
facade pointer didn't flip. Recipe lives in RELEASING.md ยง"Manual
pointer flip"; the key facts:
fdev execute update needs --as-state, not the default
UpdateData::Delta (the facade contract silently rejects Delta as
InvalidUpdate). See memory fdev_update_needs_as_state.md.web slot must be an xz-tar containing index.html, not
raw HTML. cargo make sign-facade-state (which chains
pack-facade-loader) gets this right; do not skip it. See memory
facade_state_framing.md.The webapp is live but broken. Options:
Do not attempt to delete or overwrite the bad contract โ Freenet contracts are immutable; only the facade pointer can be flipped, and only forward.
Generate a new one with scripts/generate-production-key.sh. The new
contract id will differ; every existing user must re-point their
client. Announce the rotation. Treat this as a last-resort recovery
path, not a routine action.
release.sh from a dirty tree or a non-main branch.
The script refuses, but if forced via a flag, the resulting tag
points at non-main state and is unrecoverable.Cargo.lock churn
shifts wasm bytes (#198) โ burning a version on a no-op release
wastes a bookmark migration for users.published-contract/ by hand. Every committed file
there is produced by update-published-contract-prod (or the facade
equivalent) and signed with the production key.target/facade/facade.state. Per-release signed
artifact; only the WASM/parameters/id snapshot under
published-contract/facade.* is tracked.RELEASING.md โ full runbook with recovery and facade details.AGENTS.md ยง"Publishing" โ facade architecture, framing, lockfile
isolation.fdev_update_needs_as_state.md โ flag required for facade
UPDATEs.facade_state_framing.md โ web slot framing requirement.test_vs_prod_snapshot.md โ why the test snapshot drifts
between test and prod publishes.