- Guard uploaded_keys append with !dry_run so the rollback list
never contains keys for objects that were never written.
- Prefer GITHUB_ACTOR over local OS username for manifest.uploaded_by;
manifest.json is CDN-fronted so leaking a developer's login is
unnecessary (falls back to 'local').
- Extend test_windows_has_no_stale_third_party to cover bun.exe/rg.exe
too, matching the macOS forbidden-set pattern.
* feat(build): swap podman server resources for Lima (WS3)
- Upload limactl (arm64 + x64) to R2 via new 'browseros upload lima' CLI.
- Rewrite scripts/build/config/server-prod-resources.json: 2 Lima entries,
12 podman-family entries removed.
- Update codesign metadata (server_binaries.py) to add limactl, drop podman
family. Sign modules need no edits (data-driven).
- Delete orphaned podman-{vfkit,krunkit} entitlement plists.
- Release-gating note in browseros-agent/CLAUDE.md: don't cut releases off
dev between this commit and WS6 landing (OpenClaw still invokes podman).
* fix: address review comments for 0422-ws3_lima_resources
- Tighten _find_limactl_member to match exactly .../bin/limactl via
Path.parts, avoiding incidental matches like 'xbin/limactl'.
- Fall back USER -> USERNAME -> 'unknown' for uploaded_by so Windows
shells don't all record 'unknown'.
- Comment the broad except in upload_lima to explain why rollback
must fire for any mid-loop failure.
* chore: drop bun + rg from Windows sign list
These executables are already absent from server-prod-resources.json (no
Windows entries shipped); keeping them in the sign list produces
"Binary not found" warnings on every Windows build.
* feat(ota): bundle full server resources tree (server + third_party bins)
The OTA Sparkle payload now ships the complete resources/ tree the agent
build produced, not just browseros_server. Every third-party binary (bun,
ripgrep, podman, gvproxy, vfkit, krunkit, podman-mac-helper, win-sshproxy)
flows to OTA-updated installs so podman integration works for users on the
OTA channel, matching fresh Chromium-build installs.
Extract the per-binary sign table into build/common/server_binaries.py so
the Chromium-build sign path (modules/sign/) and OTA sign path (modules/ota/)
share a single source of truth. Adding a new third-party dep is now a
one-file edit that both paths pick up automatically; unknown executables
under resources/bin/ are a hard error at release time.
* fix(ota): address review comments on bundle signing flow
- Avoid double-zipping during notarization: add notarize_macos_zip for
pre-built Sparkle bundles so notarytool submits the zip directly
instead of re-wrapping it through ditto --keepParent (Apple's service
does not descend into nested archives). Keep notarize_macos_binary for
single-binary callers. Share credential setup + submit logic via
internal helpers.
- Fail fast on unknown executables in sign_server_bundle_macos: collect
the unknown-files list before any codesign call so a missing shared-
table entry aborts in seconds, not after a full signing round.
- Drop dead get_entitlements_path helper (no callers remain after the
bundle refactor).
* fix(ota): address PR review comments (greptile + claude)
- sign_server_bundle_macos filters to executables only (p.is_file() +
not p.is_symlink() + os.access X_OK) before applying the unknown-file
guard. Non-Mach-O files (configs, dylibs, etc.) under resources/bin/
no longer cause misleading 'unknown executable' hard failures.
- sign_server_bundle_windows now hard-errors on a missing expected
binary instead of silently skipping it. Symmetric with the macOS
guard — an incomplete bundle must not publish.
- ServerOTAModule.execute() uses tempfile.TemporaryDirectory context
managers for both the download and staging roots so they are cleaned
up on every path, including failures.
- Per-platform sign/notarize/Sparkle-sign failures now raise RuntimeError
instead of silently skipping the platform — a release pipeline can no
longer omit a target while reporting success.
- Move import os and import shutil to the top of ota/sign_binary.py.
- Drop unused log_error import from ota/server.py.
* chore: bump server
`release.linux.yaml` now declares `architecture: [x64, arm64]` and the
runner loops the entire pipeline once per architecture. depot_tools
fetches both Linux sysroots automatically — `git_setup` idempotently
ensures `target_cpus = ['x64', 'arm64']` is in `.gclient` before
`gclient sync`, so cross-compiling arm64 from an x64 host just works.
The resolver returns `List[Context]` (single-element for the common
single-arch case), and `build/cli/build.py` loops `execute_pipeline` over
the per-arch contexts. Modules stay 100% arch-agnostic — no new
orchestration module, no new YAML schema beyond the list form.
Also fix a cross-compile bug in `build/modules/package/linux.py`: the
appimagetool binary must match the BUILD machine's arch (it executes
locally), not the target arch. Split into a host-keyed
`LINUX_HOST_APPIMAGETOOL` lookup vs the existing target-keyed
`LINUX_ARCHITECTURE_CONFIG`. Target arch is still passed to appimagetool
via the `ARCH` env var.
- build/common/resolver.py: scalar OR list `architecture` -> List[Context]
- build/cli/build.py: loop pipeline per arch, log multi-arch headers
- build/config/release.linux.yaml: `architecture: [x64, arm64]`
- build/modules/setup/git.py: idempotent `target_cpus` edit on Linux
- build/modules/package/linux.py: host vs target appimagetool split
- build/modules/package/linux_test.py: cover the host/target split
* feat: ota release
* chore: clean-up old binaries
* fix: ota cli sub-commands, path fixes
* chore: browseros server binary update
* fix: add sparkle sign_update path as ENV
* fix: CLOUDFLARE_API_TOKEN to env
* fix: use same upload r2 module
* feat: upload appcast is separate
* feat: write sparkle sign in python
* fix: handle appcast update
* fix: add missing sparkle.py file
* fix: remove redudant cli options in ota
* chore: 0.0.37 macos signed release
* chore: linux browseros server ota
* fix: copy binaries to temp file and then sign
* feat: new extension installer + bundle support
* feat: support bundle extension download in cli
* chore: update release yaml to include new bundle_extensions module
* chore: new browseros-server binaries
* bugfix: was writing chromium_patches/ in wrong location
* patch: ntp footer disabled by default
* patch: browseros alpha flag
* patch: add log for port saving
* chore: increment PATCH
* feat: use packages/browseros as root_dir properly in context.py
* feat: new upload to r2, better semantic app name, sparkle signing as part of build
* feat: consistent artifact naming
* minor: add additional logging in build.py
* minor
* feat: better notify, so it's not too verbose
* refactor: rename R2UploadModule to just UploadModule
* fix: sparkle signature uplaod.py
* minor: debugging
* fix: sparkle update and metadata for release artificats
* feat: v1 release module
* feat: new release cli with modules/
* minor: env update
* refactor 1: new typer based cli and browseros cli module
* refactor 2: fixes to context.py
* refactor 3: common/ and notify
* new sign and package module
* update .gitignore
* refactor 5: dev.py and modules for each
* refactor 6: clean-up old files
* refactor 7: organise modules fruther
* refactor 8: renaming nxtscape to browseros
* refactor 9: dev.py remove cli load
* fix: pyproject.toml
* fix: typer pretty exception disable
* refactor 10: cli/build.py set to primary
* refactor 10: cli/build.py set to primary, move OS detection
* refactor: context split, env and module dataclass
* reactor: clean and git moved ot new module type
* refactor: compile and configure
* reactor: sign and package module update
* refactor: new build.py cli
* 'refactor: remove reducant OS checks
* refactor: rename BuildContext to Context
* refactor: rename BuildModule to CommandModule
* refactor: dev.py to use the new modules
* build.py: improve help output
* remove old patching way
* clean-up: remove old build.py stuff
* refactor: move to proper yaml parsing
* clean-up: remove legacy args gating
* fix: patches issues
* fix: clean-up build.py and ars resolver
* minor: gitignore
* fix: patches.py issue
* support universal build
* fix: ENV variable and YAMLs
* fix: move compile to folder to avoid compflics
* fixes: more env fixes
* fix: build_type override in CLI fix
* fix: universal clean all archs before starting
* fix: universal build type constants
* fix: linter, extract options
* fix: linter
* fix: remove chromium_src as a not a conflicting flag
* fix: support chromium_src from cli in config mode
* fix: notify with better messages
* feat: new apply patch with --reset-to feature
* feat: refactor apply and extract into separate sub modules
* 142 patches working (#211)
* updates to build.py apply/patch
* removed all old patches
* 142 build update
* fix: get updated patches from main to 142
* fix: correct patches dir
* fix: import path
* add pyright
* fix: setup pyright
* fix: new updated patches from 137 rebased on 142
* feat: new extract_patch command
* fix: add mising side_panel build patch
* fix: extension uninstall for browseros
* fix: prefs fix
* fix: ota extension updater patch fix
* fix: llm hub and chat
* feat: unvisersal module also package individual archs
* fix: add browseros-server binaries
* fix: attach color for notify
* fix: attachment for slack
* fix: update chromium version to 142.0.7444.175
* feat: add new icons needed
* fix: disable settings in menu
* fix: uv add build-backend
* minor: chromium version bump
* clean-up: removed old files of extnesion and sidepanel
* fix: product logo generate and assets.car and appicon.icns
* feat: few chromium UI fixes
* fix: update features.yaml
* fix: features.yaml path in context
* refactor: rename to get_patches_dir()
* feat: show browserOS version in about page
* fix: copy browseros_version on the build time and rename other to offset
* bump offset
* fix: update features.yaml
* feat: load env from .env files too
* fix: enable split view
* clean-up: removed old prefs
* fix: minor import issue
* fix: linux flag update
