Luxoria Desktop Deployments & CI/CD

Overview

This document describes how the Luxoria Desktop application (WinUI 3) is built, validated, signed, and released through GitHub Actions. It covers:

• Desktop application build process

• GitHub Actions CI/CD workflow

• Code signing for Windows SmartScreen

• Release creation and distribution

• Quality gates and testing

Desktop Deployment Flow

┌──────────────────────────────────────────────────────────────────┐
│  Developer Creates Feature Branch                                │
│  (feat/*, fix/*, or chore/*)                                     │
└─────────────────────────┬────────────────────────────────────────┘
                          │
                          ↓
        ┌─────────────────────────────────┐
        │  Push to Remote & Create PR     │
        │  ✓ Commit Linting               │
        │  ✓ Unit Tests (xUnit)           │
        │  ✓ Code Quality (SonarCloud)    │
        │  ✓ Build Verification           │
        │  ✗ NO RELEASE                   │
        └──────────┬──────────────────────┘
                   │ PR Approved
                   ↓
    ┌──────────────────────────────────┐
    │  Merge to DEVELOP Branch         │
    │  ✓ Semantic Release              │
    │  ✓ Generate changelog            │
    │  ✓ Create git tag (v1.2.0)       │
    │  ✓ Mark as pre-release           │
    └──────────┬───────────────────────┘
               │
               ↓
    ┌─────────────────────────────────────┐
    │  Manual Testing on Windows          │
    │  ✓ QA validation                    │
    │  ✓ User acceptance testing          │
    │  ✓ Performance benchmarks           │
    └──────────┬──────────────────────────┘
               │ Release Sign-Off
               ↓
    ┌────────────────────────────────────┐
    │  Create Release PR (develop→main)  │
    │  Update version & changelog        │
    └──────────┬─────────────────────────┘
               │ PR Review & Approve
               ↓
    ┌──────────────────────────────────┐
    │  Merge to MAIN Branch            │
    │  ✓ Semantic Release (stable)     │
    │  ✓ Generate release notes        │
    │  ✓ Create git tag (v1.2.0)       │
    └──────────┬───────────────────────┘
               │ Tag triggers GitHub Actions
               ↓
    ┌────────────────────────────────────┐
    │  GitHub Actions Workflow           │
    │  ✓ Build for x86, x64, ARM64       │
    │  ✓ Run all unit tests              │
    │  ✓ Sign binaries with certificate  │
    │  ✓ Create Inno Setup installer     │
    │  ✓ Create portable ZIP             │
    │  ✓ Upload to GitHub Release        │
    └──────────┬─────────────────────────┘
               │
               ↓
    ┌────────────────────────────────────┐
    │  Release Published                 │
    │  ✓ GitHub Release with assets      │
    │  ✓ luxoria.bluepelicansoft.com     │
    │  ✓ WinGet package manager          │
    └────────────────────────────────────┘

Branching & Release Model

Git Workflow for Desktop

Key Points:

• Branches: Short-lived feat/* and fix/* merge into develop

• Semantic Release: Runs on develop (marked as pre-release) and on main (marked as stable), both use same version format (e.g., 1.2.0)

• Release Trigger: GitHub Actions workflow triggers on tag push (v*)

• Testing: Manual QA and automated tests before stable release

Desktop Application Architecture

Luxoria Desktop (WinUI 3) - Build Pipeline

Build Details:

• Target Framework: net9.0-windows10.0.26100.0 (Windows 11 SDK)

• Self-Contained: Includes .NET runtime (no installation required)

• Single File: All dependencies bundled into one executable

• Signing: Required for Windows SmartScreen compatibility

GitHub Actions Workflow

Complete Desktop Release Pipeline

GitHub Actions Workflow YAML

Complete Desktop Release Workflow

Quality Gates & Testing

Desktop Testing Strategy

Test Execution:

Local Build Instructions

Building Desktop Locally

Creating Installer Locally

Prerequisites:

• Inno Setup installed

• Code signing certificate (for signed builds)

• Windows 10/11 with .NET 9 SDK

Build Steps:

Distribution & Release

Release Channels

Installation Methods:

1. GitHub Releases (Manual Download)

2. Windows Package Manager (WinGet)

3. Portable Version

Troubleshooting & Common Issues

Build Failures

Issue: .NET SDK Not Found

Issue: Missing Windows SDK

Issue: Test Failures

Signing Issues

Issue: Certificate Not Found

• Verify CODE_SIGN_CERT secret is set in GitHub

• Ensure certificate is base64-encoded

• Check certificate expiration date

Issue: Timestamp Server Unreachable

• Use alternative timestamp server: http://timestamp.comodoca.com

• Add retry logic in signing script

• Check network connectivity

Issue: SmartScreen Still Shows Warning

• EV certificates provide immediate reputation

• OV certificates require reputation building (time + downloads)

• Submit binary to Microsoft for analysis

Required Secrets & Configuration

GitHub Actions Secrets

Version Management

Semantic Versioning

Version Sources:

• Git tags (v*..)

• AssemblyInfo.cs (auto-updated by semantic-release)

• Package manifests (.csproj)

Release Checklist

Pre-Release Validation

• All unit tests passing

• No compiler warnings

• SonarCloud quality gate passed

• Manual QA completed

• CHANGELOG.md updated

• Version number correct

• Code signing certificate valid

• GitHub Actions workflow tested

Post-Release Verification

• GitHub Release created successfully

• Installer downloads and installs

• Application launches without errors

• Update mechanism works

• Website download links updated

• WinGet manifest submitted

• Release notes published

Document Version: 1.0 Last Updated: January 2026 Owner: Desktop Team Status: Production Ready