LogoPear Docs
About PearBuilding & shipping apps

Release pipeline

Why Pear desktop releases use stage, provision, and multisig pear links — the trust ladder, release lines, deployment directory, and recurring cycle.

This page explains why many Pear desktop release flows use three operations: stage, provision, and multisig, and how release lines and the deployment directory fit around them.

Read it before you run commands so the mental model matches the CLI (concrete steps live under Deploy your application and Build desktop distributables).

For the simplest publish/update workflow, let CI stage for you. Publish with GitHub Actions turns shipping a new version into a git push. This page is the full-control path when you need release lines, provision, and multisig.

Operator detail: Deploy your application, Build desktop distributables, and Troubleshoot desktop releases carry the same pipeline as these diagrams. The Glossary below defines the terms.

The short version

Centralized deploy pipelines often separate staging servers, preview, and production. Pear can fold similar trust boundaries into different Hyperdrives addressed by different pear:// links:

  1. You stage a folder of builds into a drive used for iteration,
  2. You provision from a versioned stage into a leaner prerelease drive, and
  3. You multisig-commit into production so a quorum of signers must agree. Each hop can shrink history or raise assurance.

OTA update event lifecycle

A running Pear desktop app polls the Hyperdrive behind its upgrade link, downloads new application data when the Hypercore length advances, and emits two events from pear.updater. The host process forwards them to renderers so the UI can react:

new core length 'updating' (download in progress) webContents.send('pear:event:updating') 'updated' (download ready) webContents.send('pear:event:updated') applyUpdate() updater.applyUpdate() appAfterUpdate() app.relaunch(); app.exit(0) swap app path on disk, remove old build Seeder peer pear.updater Electron main Renderer

You can disable updates per run with --no-updates (handy in development) or globally by setting "updates": false in package.json and spreading the package config into the PearRuntime options.

The two-event split is what lets you build UI like the "Update ready!" banner in Reshape into a production app: show a spinner on updating, swap to a restart button on updated, restart the app on click.

Stage, provision, multisig

Stage Provision Multisig
  • Stage — Local and team checks: feature branches, unsigned or lightly signed builds, ephemeral links. Appends to the application drive; good for iteration.
  • Provision — Prerelease / QA / dogfood: synchronizes from a versioned stage source onto a target link while compacting additions and deletions so the drive is closer to what stakeholders mirror.
  • Multisig — Production: writes require co-signing up to a configured quorum so one compromised machine cannot redefine the release line.

Each stage link can feed the next operation; a provisioned link becomes the source for multisig commits once signers agree.

Deployment directory and release lines

A deployment directory is the multi-architecture output you assemble after per-OS make steps (often with pear build merging darwin, linux, and win32 artifacts). That directory is what pear stage reads from disk and writes into Hypercore-backed storage for a given release line link.

Release lines are parallel stability tracks: common names are development, staging, rc (each a staged link), then prerelease (provisioned from rc), then production (multisig’d from prerelease). The upgrade field in package.json decides which link a shipped binary follows for OTA — so different builds can track different lines intentionally.

Stage Provision Multisig pear://‹dev-key› pear://‹staging-key› pear://‹PROD-KEY› source source Deployment directory development staging rc prerelease production

A common pattern is that rc’s upgrade pins the production multisig key, so rc builds do not receive casual OTA bumps — you ship new installers when that line moves.

Release cycle (steady state)

Once bootstrapping finishes, the steady release cycle is repetitive: bump version, make per platform, build the deployment directory, stage, iterate; when stable, provision; when assessed, run multisig prepare → sign → verify → commit; production goes live; the next cycle starts again at version.

stable assessed iterate next release 2. Version 3. Make distributables 4. Build deployment directory 5. Stage 6. Provision 7d. Prepare request 7e. Sign 7f. Verify 7g. Commit Production live

Numbered labels align with common documentation ordering (touch/seed and upgrade-link setup happen before this loop is warm).

Foundational steps (bootstrap + loop)

The foundational diagram adds multisig key creation and config beside the main loop: signing keys, multisig.json, pointing upgrade at the multisig link, then joining the same release flow.

Link setup stable assessed iterate next release setup V 3. Make distributables 4. Build deployment directory 5. Stage 6. Provision 7d. Prepare request 7e. Sign 7f. Verify 7g. Commit Production live 7a. Create signing keys 7b. Create multisig config 7c. Set upgrade to multisig link 0. Touch and seed 1. Set upgrade link

Stage-only is enough for proofs of concept; production benefits from quorum signing and machine-independent drives.

From per-OS builds to one directory

make make make Version /Windows/ /macOS/ /Linux/ pear build Deployment directory

That directory must at least contain package.json and by-arch/.../app trees before pear stage is meaningful.

Multisig setup and signing

The diagrams below follow hello-pear-electron's Foundational Steps — the same Electron + Bare worker template Keet and PearPass ship. One-time multisig wiring is in Set up multisig; every production shipment after that uses Sign with multisig. If a commit fails mid-flight, see Troubleshoot multisig.

How setup connects to the release cycle

multisig.json points at the provision drive (srcKey) from the most recent hello-pear-electron pear stage / pear provision. Shipped binaries read the multisig link from package.json upgrade.

Multisig setup hello-pear-electron release cycle srcKey package.json upgrade assessed 7d–7g. Multisig Production live 7a. Create signing keys 7b. Create multisig.json 7c. Set upgrade to multisig link 2. Version 3. Make distributables 4. pear build 5. pear stage 6. Provision drive

Quorum signing

Each production commit runs the four steps in Sign with multisig: hyper-multisig request, hypercore-sign from each signer until quorum is met, hyper-multisig verify, then hyper-multisig commit.

signing request signing request response response no yes hello-pear-electron provision drive 7d. Prepare request Gather signatures Signer 1 Other signers Quorum met? 7f. Verify 7g. Commit Production live

Release lines

For hello-pear-electron, one pear build output can feed parallel stage links; prerelease and production are the provision and multisig gates on the trust ladder.

Staged pear:// links Custom Provisioned Multisig production hello-pear-electron deployment directory development staging rc custom… prerelease production

Custom lines are optional forks for spikes, hotfixes, or instrumented builds — same mechanics, different seeded link.

Relationship to Pear’s global storage story

Platform installs still use Pear’s OS-wide tree described in Storage and distribution. The diagrams here are about application release artifacts moving between links — not replacing that global layout.

Glossary

Terms you will see across the Pear desktop release and OTA update docs:

TermMeaning
OTAOver-the-air: delivering a new app build without a traditional reinstall flow from a store.
OTA updatesSyncing the running app’s bundle from a peer-to-peer source when the application drive changes.
P2PPeer-to-peer: machines replicate directly; distribution does not require a single central server if seeders exist.
Application driveThe Hyperdrive that holds the published app files and version history for a given pear:// link.
Deployment directoryThe multi-architecture folder produced after per-OS builds are assembled (for example with pear build) and before pear stage. See Deployment directory and release lines.
MultisigCo-signing: a quorum of signers must approve before writes land on the production drive.
Pear linkStable pear://… identifier the swarm routes on; see the Links row in Command Line Interface and Storage and distribution.
QuorumMinimum number of multisig signers required to commit a release.
Release lineA parallel deployment stream (for example development, staging, rc) at its own stability level, each with its own staged link.
SeedingKeeping a drive announced and available so peers can discover and replicate it (pear seed).
Vendor signingOS-level code signing (Apple notarization, Windows Authenticode, etc.) so distributables run on other machines without quarantine.
Versioned linkA pear:// link that pins fork, length, and key of the Hypercore behind the application Hyperdrive — used when provisioning between known versions.

Where to go next

Workers

Previous Page

How To

Next Page

On this page

The short version
OTA update event lifecycle
Stage, provision, multisig
Deployment directory and release lines
Release cycle (steady state)
Foundational steps (bootstrap + loop)
From per-OS builds to one directory
Multisig setup and signing
How setup connects to the release cycle
Quorum signing
Release lines
Relationship to Pear’s global storage story
Glossary
Where to go next