Skip to content

ci(dmr): sign/notarize via internal repo and publish a Homebrew cask#1008

Open
doringeman wants to merge 1 commit into
mainfrom
dmr-sign-and-cask
Open

ci(dmr): sign/notarize via internal repo and publish a Homebrew cask#1008
doringeman wants to merge 1 commit into
mainfrom
dmr-sign-and-cask

Conversation

@doringeman

Copy link
Copy Markdown
Contributor

model-runner is public and can't use Docker's private signing action, so release-dmr.yml now only builds the (unsigned) archives, creates the release, and publishes WinGet — then auto-triggers release-dmr.yml in the internal docker/inference-engine-llama.cpp repo (which holds the signing credentials) to sign+notarize the macOS/Windows binaries, re-upload them to this release, and open the Homebrew cask PR.

  • Drop the unsigned Homebrew formula publish (replaced by a signed cask generated from the internal repo).
  • Add a trigger-signing job that dispatches the internal workflow with the tag (needs DMR_SIGN_TRIGGER_TOKEN: Actions:write on the internal repo).
  • Update packaging/README to document the two-repo, two-step flow.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the packaging documentation in packaging/README.md to describe a new two-step, multi-repository release and signing workflow for the dmr binary. It details how macOS and Windows binaries are signed and notarized via an internal repository before being published as a Homebrew cask, and updates the required repository secrets accordingly. I have no feedback to provide as there are no review comments.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've reviewed your changes and they look great!


Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

model-runner is public and can't use Docker's private signing action, so
release-dmr.yml now only builds the (unsigned) archives, creates the release,
and publishes WinGet — then auto-triggers release-dmr.yml in the internal
docker/inference-engine-llama.cpp repo (which holds the signing credentials)
to sign+notarize the macOS/Windows binaries, re-upload them to this release,
and open the Homebrew cask PR.

- Drop the unsigned Homebrew *formula* publish (replaced by a signed *cask*
  generated from the internal repo).
- Add a trigger-signing job that dispatches the internal workflow with the tag
  (needs DMR_SIGN_TRIGGER_TOKEN: Actions:write on the internal repo).
- Update packaging/README to document the two-repo, two-step flow.

Signed-off-by: Dorin Geman <dorin.geman@docker.com>
@doringeman doringeman force-pushed the dmr-sign-and-cask branch from e7e7d72 to ab34777 Compare July 9, 2026 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants