Omnis HelixGenome IDE
← Docs
Helix CLI docs
Browse Helix CLI docs

Public Release Channel

Helix source lives in the private repo, but public binary download assets are published to:

  • https://github.com/omniscoder/helix-public-assets/releases
  • https://downloads.helix-studio.com/releases/helix/

The website does not need to host large binaries directly. Instead, it serves public/release-assets/helix/release-manifest.json, and that manifest points at the currently promoted public asset base.

Supported Publish Flows

  1. Assemble a release directory containing:
    • desktop zip(s)
    • wheel / sdist
    • SHA256SUMS.txt
    • BUILD_META.txt
    • SBOM-linux.spdx.json
    • SBOM-windows.spdx.json
    • SBOM-macos.spdx.json
    • SHA256SUMS.txt.asc
    • SBOM-linux.spdx.json.asc
    • SBOM-windows.spdx.json.asc
    • SBOM-macos.spdx.json.asc
  2. Choose one public delivery channel and rewrite the website manifest.

The tagged release workflow builds those provenance assets in a fixed way:

  • SHA256SUMS.txt is generated from omnis-helix-linux.zip, omnis-helix-windows.zip, and omnis-helix-macos.zip
  • BUILD_META.txt records tag, commit, Python version, platform, and SHA256 lines for the normalized desktop assets
  • SBOMs are emitted as SPDX JSON via:
    • syft packages "$linux_out" -o spdx-json
    • syft packages "$windows_out" -o spdx-json
    • syft packages "$macos_out" -o spdx-json
  • if GPG_PRIVATE_KEY and GPG_PASSPHRASE are configured, the workflow writes detached armor signatures for the checksums and each SBOM
  • otherwise it still writes placeholder .asc files so the public release artifact set stays stable

GitHub-backed public assets

Use this when the website manifest should point at github.com/omniscoder/helix-public-assets/releases/download/<tag>/....

venv/bin/python tools/publish_github_release.py \
  --release-dir /path/to/release-dir \
  --website-root ~/Helix-WebSite \
  --repo omniscoder/helix-public-assets

This flow will:

  • infer the version from the wheel or sdist
  • use tag v<version>
  • create or reuse the public GitHub release
  • upload assets idempotently with --clobber
  • upload the large Linux zip last
  • preserve checksum, build metadata, SBOM, and .asc sidecar artifact names
  • rewrite the website manifest to https://github.com/omniscoder/helix-public-assets/releases/download/<tag>/...

Website-hosted download assets

Use this when the website manifest should point at the public download host directly, for example https://downloads.helix-studio.com/releases/helix/<version>/....

venv/bin/python tools/publish_website_release.py \
  --release-dir /path/to/release-dir \
  --website-root ~/Helix-WebSite \
  --bucket helix-downloads \
  --prefix releases/helix \
  --public-base-url https://downloads.helix-studio.com/releases/helix

This flow will:

  • upload every staged release artifact to the configured bucket/prefix
  • preserve stable artifact names like omnis-helix-linux.zip, wheel, sdist, SHA256SUMS.txt, BUILD_META.txt, SBOM-linux.spdx.json, and the matching .asc sidecars
  • write public/release-assets/helix/release-manifest.json in manifest-only mode
  • point the website manifest at https://downloads.helix-studio.com/releases/helix/<version>/...

Notes

  • The website manifest is the canonical bridge between the site UI and whichever public asset channel you promote.
  • The private source repo should not be used for public binary links.
  • The public GitHub release repo is one supported delivery channel; the website asset host is the other.
  • For prereleases, the promoted tag on the website may be newer than the repository's "latest stable" release.