Public release-artefact host for Microsoft Architect
(the source repo is private). This repo holds nothing of value on its
own — every release is uploaded as GitHub Release assets, and the in-app
auto-updater (Tauri plugin) reads latest.json from
releases/latest/download/ to know whether a new version is available.
- This README, the
.gitignore, and the GitHub Releases — that's it. - No source. No build artefacts in the tree. No commit history of code.
- The auth boundary is GitHub itself: signed MSIs are verified by the client app against an embedded public key before the install runs.
GitHub couples release visibility to repository visibility. The main Microsoft Architect repo is private, so its releases are too — which means the Tauri auto-updater can't fetch from there without shipping an authenticated token in the app (bad idea). Splitting the public release surface into this tiny repo keeps the source private while letting the updater work over plain anonymous HTTPS.
From the main repo, after npm run tauri build produces the signed
MSI + .sig and node scripts/build-release-manifest.mjs writes
latest.json:
# Run from C:\Tooling\AzureArchitect, NOT from this repo
gh release create v1.5.0 `
-R sjswaby/AzureArchitect-Updates `
--title "v1.5.0" `
--notes "See main repo CHANGELOG.md" `
"src-tauri\target\release\bundle\msi\Microsoft Architect_1.5.0_x64_en-US.msi" `
"src-tauri\target\release\bundle\msi\Microsoft Architect_1.5.0_x64_en-US.msi.sig" `
"src-tauri\target\release\bundle\msi\latest.json"The -R sjswaby/AzureArchitect-Updates flag targets this repo
explicitly without needing to clone it locally.
The in-app updater verifies the signature against the public key
embedded in tauri.conf.json of the source repo. Without the matching
private key (which lives only on the author's machine, never here),
nobody else can publish a release that the client will trust.