feat: add Windows builds, Homebrew cask, and APT repository

[BrianLeishman]

Summary

• Windows x86_64 builds: Added windows-latest / x86_64-pc-windows-msvc target to both release and dry-run CI jobs, producing NSIS .exe installer + updater. Handles zpl.dll bundling via TAURI_CONFIG env var injection and sidecar placeholders with .exe extension.
• Homebrew cask automation: New update-homebrew-cask.yml workflow triggers on release, computes SHA256 of both arm64/x86_64 DMGs, and pushes an updated cask to the StirlingMarketingGroup/homebrew-marlin tap repo.
• APT repository: New apt-repo.yml workflow builds a GPG-signed apt repo with reprepro and deploys to GitHub Pages. Sources old packages from GitHub Releases (immutable) for provenance safety.
• Build system: Updated build.rs to copy zpl.dll to src-tauri/ root on Windows (next to exe for DLL loader), while macOS/Linux continue using src-tauri/lib/.
• Security: All getsentry/action-github-app-token usages pinned to commit SHA. Third-party action tags not used as sole reference.

Manual setup required

Homebrew

1. Create repo: gh repo create StirlingMarketingGroup/homebrew-marlin --public
2. Ensure the GitHub App has contents: write on the tap repo

APT

1. Generate GPG key: gpg --batch --gen-key (see workflow comments)
2. Add APT_GPG_PRIVATE_KEY repo secret
3. Enable GitHub Pages with "GitHub Actions" as source

Windows code signing (optional)

Not included — NSIS installer works unsigned but SmartScreen will warn. Can add EV/OV cert later.

Test plan

• Verify dry-run CI passes for all 5 matrix entries (macOS arm64/x86_64, Linux x86_64/arm64, Windows x86_64)
• Create StirlingMarketingGroup/homebrew-marlin repo with Casks/ directory
• Generate APT GPG key and add secret, enable GitHub Pages
• Tag a test release and verify all 3 new workflows trigger and succeed
• Test brew install --cask StirlingMarketingGroup/marlin/marlin on macOS
• Test apt repo install on Ubuntu/Debian
• Test Windows NSIS installer runs and zpl.dll loads correctly

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly expands the application's distribution capabilities by introducing automated build and packaging processes for Windows, Homebrew, and APT. It enables broader platform support and streamlines the release pipeline for these new targets, alongside necessary build system adjustments to accommodate platform-specific library handling and security enhancements for GitHub Actions.

Highlights

• Windows x86_64 Builds: Added Windows x86_64 builds to the CI/CD pipeline, producing NSIS installers and handling zpl.dll bundling by copying it to the src-tauri/ root.
• Homebrew Cask Automation: Implemented a new workflow (update-homebrew-cask.yml) that triggers on release, computes SHA256 for both arm64/x86_64 DMGs, and pushes an updated cask to the StirlingMarketingGroup/homebrew-marlin tap repository.
• APT Repository: Introduced a new workflow (apt-repo.yml) to build a GPG-signed APT repository using reprepro and deploy it to GitHub Pages, ensuring provenance safety by sourcing old packages from GitHub Releases.
• Build System Updates: Modified build.rs to copy zpl.dll to the src-tauri/ root for Windows builds (next to the executable for DLL loading), while macOS and Linux continue to use src-tauri/lib/.
• Security Enhancements: Pinned all usages of getsentry/action-github-app-token to specific commit SHAs, avoiding reliance on third-party action tags as the sole reference.

Changelog

• .gitignore
  • Added src-tauri/zpl.dll to the ignore list to prevent it from being tracked by Git.
• src-tauri/build.rs
  • Modified the setup_libzpl function to include platform-specific logic for copying zpl.dll.
  • Ensured zpl.dll is copied to the src-tauri/ root directory for Windows builds, aligning with how Windows DLLs are loaded.
  • Maintained the existing logic for macOS and Linux, copying zpl.dll to src-tauri/lib/.
• src-tauri/tauri.conf.json
  • Added a new windows configuration block within the tauri.conf.json file.
  • Configured the NSIS installer for Windows to allow installation for 'both' current user and all users.

Ignored Files

• Ignored by pattern: .github/workflows/** (3)
  • .github/workflows/apt-repo.yml
  • .github/workflows/release.yml
  • .github/workflows/update-homebrew-cask.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces significant enhancements to the build and distribution process by adding support for Windows builds, and laying the groundwork for Homebrew cask and APT repository automation. The changes to .gitignore, src-tauri/build.rs, and src-tauri/tauri.conf.json are well-aligned with this goal. The logic for handling the zpl.dll on Windows in the build script is correct. I have one suggestion in src-tauri/build.rs to improve error handling for better build-time diagnostics, which will enhance maintainability.