Skip to main content

CI and Releases

Current Hosanna app CI runs generation, linting, web build, Hosanna Compiler install, Roku compilation, and tests. Release flows build on the same scripts and add versioning, changelogs, GitHub releases, Keygen publishing, or store uploads depending on the repo.

App CI Baseline

A typical app CI pipeline runs:

npm ci --no-audit --no-fund
npx hst ci:restore-flags
npm run generate
npm run lint
npm run build
npx hst install:compiler
bin/hsc --project platforms/hsconfig-roku.json
npm run test

Required secrets:

SecretPurpose
DEBUG_FLAGS_DEV_BASE64restores assets/meta/debug-flags.dev.json
DEBUG_FLAGS_PROD_BASE64restores production debug flags when needed
HSC_LICENSE_KEYcompiler activation in CI
HSC_CACHE_DIRoptional compiler cache location

Generate debug flag secrets locally:

npx hst ci:extract-config

The extractor can limit which root keys are included:

npx hst ci:extract-config --root-keys env,remoteDebug

Roku Packaging In CI

Use these secrets for signed Roku packaging:

SecretPurpose
ROKU_DEV_IDRoku signing developer ID
ROKU_DEV_PASSWORDRoku signing password
ROKU_PKG_KEY_BASE64base64 signed key package
ROKU_IPoptional device IP for installer workflows
ROKU_DEVPASSWORDRoku developer installer password

Extract the key package from an existing signed package:

npx hst ci:extract-pkg-key myapp.pkg --base64-only

Package in CI:

npx hst roku:package --env prod --quiet

roku:package can also run a prebuild command:

npx hst roku:package --env prod --prebuild "npm run roku:build"

Release Scripts

Hosanna UI uses:

npm run release -- patch
npm run release -- minor --dry-run
npm run release -- major --allow-branch

The UI release script:

  • requires a clean main branch unless --allow-branch is passed
  • strips a -next suffix before release
  • runs release-it
  • can use XAI_API_KEY for AI changelog generation
  • requires authenticated gh for GitHub releases

The Hosanna Compiler release script adds:

  • KEYGEN_ACCOUNT_ID
  • KEYGEN_PRODUCT_ID
  • KEYGEN_ADMIN_TOKEN
  • optional --skip-tests
  • binary packaging and Keygen publishing
  • GitHub release creation when not a dry run

Hosanna Compiler Release Workflow

The Hosanna Compiler repo also supports GitHub Actions release flow:

  • input a version or major / minor / patch
  • set package.json to the release version
  • lint, build, and test
  • package binaries to dist/bin
  • generate changelog
  • tag vX.Y.Z
  • upload binaries to Keygen
  • create a GitHub release
  • move main back to <version>-next

Required CI secrets:

KEYGEN_ACCOUNT_ID
KEYGEN_PRODUCT_ID
KEYGEN_ADMIN_TOKEN

Browser Extension Release

The DevTools extension release script can run:

npm run release -- patch
npm run release -- minor
npm run release -- major

It lints, tests, builds, packages extension.zip, creates a GitHub release, and can publish to Chrome Web Store and Edge Add-ons when store credentials are configured.

Nightly Checks

Nightly app checks run the same generation, lint, build, Hosanna Compiler install, Roku compilation, and tests as CI. They can optionally generate a changelog preview when XAI_API_KEY is configured.

Practical Advice

  • Keep debug flags and signing keys out of git; use ci:extract-config, ci:restore-flags, and ci:extract-pkg-key.
  • Run npm run lint before hsc; linter diagnostics are faster and often map to compiler errors.
  • Use npm run lint:strict before releases when you want extra portability checks.
  • For release candidates, run the release command with --dry-run first.