updates to readmes

README.md

@@ -76,14 +76,18 @@ http://msdn.microsoft.com/en-us/windows/hardware/gg487309.aspx
 
 ## Submit the Ziti Desktop Edge application to Microsoft store
 
-Build the application using the same step "Building a release" above, it will generate a msixuplod file in the Build_MSIX_APPXSetupFiles folder inside the Installer directory. Then login to microsoft partner portal and follow the below steps to submit the application to microsoft store.
-
-1. Go to Windows & xbox and create an application with the name Ziti Desktop Edge. Once this application name is reserved for you, you can create the submission. (One time step)
-2. Create a package flight and upload the msixupload file. When you click on save, it will validate the package. It will verify whether the applcation Id and name are matching to what is configured in the partner portal. If there are validation errors, you need to fix the errors first and upload the package again. You dont need to digitally sign the exe when you create the package, the partner portal will sign it for you.
+Build the application using the same step "Building a release" above, it will generate a msixuplod file in the Build_MSIX_APPXSetupFiles folder 
+inside the Installer directory. Then login to microsoft partner portal and follow the below steps to submit the application to microsoft store.
+
+1. Go to Windows & xbox and create an application with the name Ziti Desktop Edge. Once this application name is reserved for you, you can create 
+   the submission. (One time step)
+2. Create a package flight and upload the msixupload file. When you click on save, it will validate the package. It will verify whether the 
+   applcation Id and name are matching to what is configured in the partner portal. If there are validation errors, you need to fix the errors 
+   first and upload the package again. You dont need to digitally sign the exe when you create the package, the partner portal will sign it for you.
 3. Once the package is validated and saved successfully, create a submission with this packge. Ziti application requires restricted capabilities like runFullTrust, localSystemServices and packagedServices. These capabilities are configured in the new Package aip file. So this submission has to be approved by the partner portal, when you submit it for the first time. You need to provide explanation stating why we need whose features and submit to the store for approval.
 
 ## Testing Automatic Upgrades
 
 When updating the ZitiUpdateService (aka ZitiMonitorService), it's important to ensure the upgrade solution continues to work.
-For information about this testing, see [./release-streams/README.md](./release-streams/README.md)
+For information about this testing, see [releasing](./releasing.md).
 

ZitiDesktopEdge.sln

@@ -12,6 +12,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		.github\workflows\mattermost-ziti-webhook.yml = .github\workflows\mattermost-ziti-webhook.yml
 		README.md = README.md
 		Installer\reg.bat = Installer\reg.bat
+		releasing.md = releasing.md
 		update-versions.ps1 = update-versions.ps1
 		ziti.ico = ziti.ico
 	EndProjectSection
@@ -24,6 +25,14 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ZitiUpdateService", "ZitiUp
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "UpgradeSentinel", "UpgradeSentinel\UpgradeSentinel.csproj", "{3904DEC1-ED7A-49D8-BA4D-D88F3B419248}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "release-streams", "release-streams", "{36C30126-C9DC-4233-835E-9E036BCD1A29}"
+	ProjectSection(SolutionItems) = preProject
+		release-streams\beta.json = release-streams\beta.json
+		release-streams\dev.json = release-streams\dev.json
+		release-streams\latest.json = release-streams\latest.json
+		release-streams\stable.json = release-streams\stable.json
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -212,6 +221,9 @@ Global
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{36C30126-C9DC-4233-835E-9E036BCD1A29} = {D66B1C6A-ADFE-437E-B037-C4C849A6CA97}
+	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {3E499EAC-C1BA-41A0-8076-D660F8ACC977}
 	EndGlobalSection

release-streams/beta.json

@@ -1,12 +1,12 @@
-{
-  "name": "2.1.35 Override",
-  "tag_name": "2.1.35",
-  "published_at": "2023-11-01T19:33:11Z",
-  "installation_critical": false,
-  "assets": [
-    {
-      "name": "Ziti.Desktop.Edge.Client-2.1.35.exe",
-      "browser_download_url": "http://localhost:8000/ZitiDesktopEdgeClient/2.1.35/Ziti.Desktop.Edge.Client-2.1.35.exe"
-    }
-  ]
+{
+  "name": "2.1.35 Override",
+  "tag_name": "2.1.35",
+  "published_at": "2023-11-01T19:33:11Z",
+  "installation_critical": false,
+  "assets": [
+    {
+      "name": "Ziti.Desktop.Edge.Client-2.1.35.exe",
+      "browser_download_url": "http://localhost:8000/ZitiDesktopEdgeClient/2.1.35/Ziti.Desktop.Edge.Client-2.1.35.exe"
+    }
+  ]
 }

releasing.md

@@ -1,6 +1,88 @@
 # Making a Release
 
-Making a point release is a manual process at this time. It's kept as a manual process but is quick to perform. There are a few things which must be done before a release can be considered ready.
+## Prerequisites
+
+1. Visual Studio (currently 2022) / dotnet
+1. Powershell
+1. the latest [Advanced Installer](https://www.advancedinstaller.com/download.html)
+1. [optional for automatic upgrade] two signing certificates:
+    1. the OpenZiti signing cert/key/passphrase
+    1. a legitimage 3rd party CA signer
+1. (add any that are missed if there are any)
+
+## Making a Release for Local Testing
+
+First, you should probably bump the file that drives the [version](../version). The project does not follow the
+[semver](https://semver.org/) versioning scheme exclusively but it follows it in spirit. Do not use these versions for
+decisions related to the API/domain socket protocols used. Use your best judgement when bumping the version.
+
+Creating a release for local testing is accomplished by running the [`build.ps1`](../Installer/build.ps1) Powershell script.
+It should "just run" assuming you have the prerequisties. You'll need to set the environment variable: `OPENZITI_P12_PASS`
+in order for the process to sign the built executable a second time. Set it using: `$env:OPENZITI_P12_PASS="__passphrase_here__"`
+
+After the `build.ps1` script finishes, an executable will be produced at `Installer\Output`. You'll see output similar to:
+```
+Done Adding Additional Store
+Successfully signed: C:\work\git\github\openziti\desktop-edge-win\Installer\Output\Ziti Desktop Edge Client-2.2.1.6.exe
+========================== build.ps1 completed ==========================
+=========== emitting a json file that represents this build ============
+published_at resolved to: 2023-11-21T10:10:41Z
+```
+
+This installer can be executed manually/directly to test the installer and to test the deployed components.
+
+## Automatic Installation
+
+### Testing
+
+For years, the ZDEW has had automatic upgrade capabilities built into it. Testing the automatic upgrade __must__ always
+be done before marking/deploying a release. Starting with the 2.2.1.x, the url used to discover updates has been exposed
+to users, allowing for easier testing of the automatic upgrade process.
+
+For the automatic upgrade to succeed, the executable __must__ meet the following criteria:
+* the executable must be signed by the expected signing certificate
+* the executable must have a sha256 which matches the executable produced
+* the upgrade url must return a block of json. the json must be in this format, shown is the 2.1.16 release example:
+
+      {
+        "name": "2.1.16",
+        "tag_name": "2.1.16",
+        "published_at": "2023-03-14T20:41:27Z",
+        "installation_critical": false,
+        "assets": [
+          {
+            "name": "Ziti.Desktop.Edge.Client-2.1.16.exe",
+            "browser_download_url": "https://github.com/openziti/desktop-edge-win/releases/download/2.1.16/Ziti.Desktop.Edge.Client-2.1.16.exe"
+          }
+        ]
+      }
+
+If you do not have the OpenZiti signer `OPENZITI_P12_PASS` variable set. When you build the installer you'll see
+something like the following:
+
+    Not calling signtool - env:OPENZITI_P12_PASS is not set
+
+This is an indication that the exe was not signed by the `build.ps1` process, and this build will never work in
+the automatic upgrade scenario. For the automatic upgrade to succeed, you'll need to make sure the expected 
+signer (the one that signs the exe) signed the executable, see [SignedFileValidator.cs](../ZitiUpdateService/checkers/PeFile/SignedFileValidator.cs).
+
+Once the build is created, you can change to this project and run a simple server such as:
+
+    python -m http.server 8000
+
+Then, update your locally running ZDEW and point it to something like: http://localhost:8000/release-streams/dev.json
+
+### Making the Official Release
+
+Once you've tested the build and feel confident it's ready to be released you're ready to make an actual release. To do this, do the following:
+* make a new 'release' on github
+* put up a pull request against the repo and change the associated stream/s: latest, stable, etc.
+* test, this change by using the corresponding `release-next` raw url. For example if you are updating stable, use:
+
+      https://raw.githubusercontent.com/openziti/desktop-edge-win/release-next/release-streams/stable.json
+
+* Once tested, merge the pull request to main. Once merged the release will show in the stream
+
 
 ## Checklist