Release 2.2.7 #3
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Updated vault-v2 package.json, Cargo.toml, and tauri.conf.json to v2.2.3 - Updated vault package.json, Cargo.toml, and tauri.conf.json to v2.2.3 - Updated kkcli Cargo.toml to v2.2.3 - Updated keepkey-rust Cargo.toml to v2.2.3 - Includes VaultInterface.tsx and Makefile changes from previous work
…lications - Add projects/vault/skills/build.ps1 for KeepKey Desktop v3 builds - Add skills/build.ps1 for KeepKey Vault-v2 builds - Both scripts handle prerequisites, clean builds, debug/release modes - Supports both Bun and npm package managers - Windows-specific targeting with x86_64-pc-windows-msvc - Merged from upstream production-windows branch
- Change 'bun run tauri:dev' to 'bun run tauri dev' - Change 'bun run tauri:build' to 'bun run tauri build' - Package.json only has 'tauri' script, not 'tauri:dev' or 'tauri:build'
…ates - Add FirmwareErase to LONG_TIMEOUT (5 minutes) for both read and write operations - Fix Windows HID specific timeout handling for FirmwareErase operations - Resolves HID communication timeout during bootloader erase on Windows - Allows sufficient time for v1.0.3 bootloader manual confirmation This fixes the error: 'HID read failed: hidapi error: hid_read_timeout/GetOverlappedResult: (0x0000048F) The device is not connected' during bootloader updates
TIMEOUT RETRY FIXES: - Add 3-attempt retry with exponential backoff (500ms, 1000ms delays) to event_controller.rs - Add retry logic to both timeout locations in commands.rs - Replace single 30-second timeout calls with resilient retry loops - Maintains PIN flow protection during retries - Comprehensive logging for each attempt and final failure UI IMPROVEMENTS: - Replace 'Checking device status...' with 'Follow Directions on device...' - Add green spinner to SetupWizard steps for better user feedback - Improve user guidance during device operations This resolves the frequent timeout issues where devices would fail after single attempts instead of retrying communication failures. Fixes errors like: - 'Device operation timed out' - 'Failed to get features for [device]: Device operation timed out'
GITHUB ACTIONS IMPROVEMENTS: - Add 'release-*' branch triggers to build.yml workflow - Add 'release-*' branch triggers to release.yml workflow - Make release-specific jobs (create-release, update-release-notes, publish-release) conditional to only run on tags, not branches - Allow build jobs (build-kkcli, build-tauri) to run on both tags and release branches - Use conditional needs dependencies to avoid job dependency issues This enables: release-2.2.4 branch builds will now trigger automatically Future release-* branches will build via GitHub Actions Actual releases still only happen on tagged versions Testing release builds on branches without creating releases Now your release-2.2.4 branch will trigger builds!
UPSTREAM WORKFLOW ADOPTION: - Replace our workflows with superior upstream release-2.2.3 versions - More comprehensive platform matrix (Ubuntu 22.04 & 24.04, universal macOS, multiple architectures) - Better dependency management and error handling - Proper signing credential checks and conditional usage - Direct GitHub release uploads with upload-release-asset - Cleaner job structure and better debugging RELEASE BRANCH SUPPORT: - Add 'release-*' branch triggers to both workflows - Make release-specific jobs conditional (tags only): * create-release, update-release-notes, publish-release - Allow build jobs to run on both tags and branches - Conditional releaseId and upload-release-asset for tags only This gives us the best of both worlds: Superior upstream workflow structure and features Our release-2.2.4 branch support for CI/CD testing Proper separation of build testing vs actual releases
- Fix Chakra UI prop compatibility issues (isDisabled -> disabled, isLoading -> loading) - Remove invalid thickness prop from Spinner components - Fix PinStep enum comparisons and remove unreachable code - All components now build successfully without TypeScript errors
- Remove ARM64 Linux target from Tauri build (glib cross-compilation too complex) - Add proper ARM64 cross-compilation setup for kkcli build - Set up cross-compilation environment variables for ARM64 targets - Enable multiarch support for ARM64 packages in Ubuntu builds This fixes the glib-sys pkg-config cross-compilation error.
- Update tauri.conf.json version from 2.2.3 to 2.2.4 - Update package.json version from 2.2.3 to 2.2.4 - Fixes version mismatch causing GitHub Actions to create wrong release tag
- Remove Ubuntu-24.04-LTS-i686 from Tauri build matrix - Fixes glib-sys pkg-config cross-compilation error for i686-unknown-linux-gnu - GUI cross-compilation for different architectures is too complex for CI - kkcli still builds for i686 in separate job
- Updated all version references to 2.2.6 - Enhanced Makefile with improved release workflow targets - Added RELEASE.md documentation for release process - Created release-2.2.6 branch for deployment
- Remove release-* branch trigger from release.yml workflow - Keep release workflow only for tags (v*) and manual dispatch - Build workflow continues to run on release-* branches for CI/CD - Update RELEASE.md documentation to clarify workflow purposes
- Fix Button component props (isLoading -> loading, isDisabled -> disabled) - Fix optional onComplete callback invocations - Replace leftIcon prop with HStack layout for Spinner buttons - Ensure build passes before release
- Remove kkcli builds from CI (out of scope) - Simplify Linux builds to single AppImage - Remove problematic i686 and aarch64 builds - Fix firmware/bootloader update race conditions - Add retry logic for device reconnection - Clean up device queue handles after updates - Improve lock management during device lookup
- Remove entire kkcli build job (was lines 17-141) - Simplify to just Tauri app builds - Keep only macOS universal, Linux AppImage, and Windows x64
- Fix UTF-16 encoding issue - Remove all kkcli build jobs completely - Keep only Tauri app builds for macOS, Linux, Windows - Ensure proper YAML syntax with event triggers
- Bump version to 2.2.7 across all projects - Add local signing scripts for macOS builds - Update GitHub Actions workflow with correct secret names - Add entitlements.plist for macOS hardened runtime - Document release process in README - Configure code signing with KEY HODLERS LLC certificate 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
- Add certificate import step to both build.yml and release.yml - Import certificate into temporary keychain before building - Remove unused CODESIGN_IDENTITY and KEYCHAIN variables - Add Apple notarization credentials to build workflow - Ensure certificate is available for codesign tool This fixes 'item could not be found in the keychain' error
- Cannot directly check secrets in if conditions - Add runtime check for APPLE_CERTIFICATE instead - Skip certificate import gracefully if not provided
- Add debugging output for certificate length and format - Check if certificate file is empty before decoding - Better error messages for troubleshooting - Write to file first to avoid pipe issues with base64
- Strip newlines and whitespace from base64 string before decoding - Try multiple decode methods for compatibility - Add file size debugging to verify base64 was cleaned - Use macOS-specific base64 -D flag first
- Try multiple password formats to handle special characters - Better error messages for password issues - Fallback attempts without quotes
- Show password length and prefix/suffix (safely) - Verify password starts with 'dsa' as expected - Help diagnose GitHub secrets configuration issues
- Add MD5 checksum to verify certificate integrity - Test import with hardcoded password dsaf123sdc123sa - Expected MD5: 46fb98667931c1b3d8e35be6c74baae5
- Use 'md5 -q' instead of 'md5sum' for macOS - Add version marker to verify latest code is running - Test with hardcoded password to isolate issue - Expected MD5: 46fb98667931c1b3d8e35be6c74baae5
- Switch from MSI to NSIS target in tauri.conf.json - Add Windows-specific configuration with Sectigo certificate - Create sign_nsis_setup.ps1 for signing NSIS executables - Add audit_and_sign_releases.ps1 for release management - Add build_and_sign.ps1 for complete build pipeline - NSIS resolves firmware bundling issues with MSI signing
- Update GitHub workflow to reference .exe instead of .msi - Add download_sign_upload.ps1 for local signing workflow - Complete infrastructure for unsigned CI builds + local signing - Ready to test full release process
- Support both keepkey/keepkey-bitcoin-only (main) and BitHighlander/keepkey-bitcoin-only (fork) - Add -UseFork flag to all scripts for easy testing - Add examples.md with workflow documentation - Default to main repo, easy switch to fork for testing
- Update VERSION and tauri.conf.json to 2.2.8 - Includes NSIS installer fixes and signing workflow improvements - Professional release ready for production
BREAKING CHANGES: - Switch from MSI to NSIS installer (resolves firmware signing issues) - Update workflow to publish releases even with partial build failures - Add comprehensive signing infrastructure for local Windows signing Features: - NSIS installer with desktop shortcuts and proper Windows integration - Dual repository support (main/fork) with -UseFork flag - Local signing scripts for Sectigo EV certificates - Download-sign-upload automation tools - Robust CI/CD that handles macOS signing failures gracefully Version Updates: - Bump VERSION to 2.2.8 - Update tauri.conf.json to 2.2.8 Workflow Improvements: - Releases now publish even if some platforms fail - Clear build status reporting in GitHub Actions summary - Proper artifact upload for debugging failures
BREAKING CHANGES: - Switch from MSI to NSIS installer (resolves firmware signing issues) - Update workflow to publish releases even with partial build failures - Add comprehensive signing infrastructure for local Windows signing Features: - NSIS installer with desktop shortcuts and proper Windows integration - Dual repository support (main/fork) with -UseFork flag - Local signing scripts for Sectigo EV certificates - Download-sign-upload automation tools - Robust CI/CD that handles macOS signing failures gracefully Version Updates: - Bump VERSION to 2.2.8 - Update tauri.conf.json to 2.2.8 Workflow Improvements: - Releases now publish even if some platforms fail - Clear build status reporting in GitHub Actions summary - Proper artifact upload for debugging failures
BitHighlander
added a commit
that referenced
this pull request
Aug 20, 2025
Bulletproof dialog system - prevent duplicate dialogs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.