lightfastai · jeevanpillay · May 6, 2026 · May 6, 2026 · May 6, 2026 · May 6, 2026
diff --git a/.github/workflows/desktop-ci.yml b/.github/workflows/desktop-ci.yml
@@ -30,9 +30,13 @@ permissions:
 
 jobs:
   package:
-    name: Typecheck + package (unsigned)
-    runs-on: macos-14
+    name: Typecheck + package (unsigned, ${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
     timeout-minutes: 30
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-14, ubuntu-22.04]
     env:
       TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
       TURBO_TEAM: ${{ vars.TURBO_TEAM }}
@@ -48,10 +52,20 @@ jobs:
           node-version: 22
           cache: 'pnpm'
 
+      - name: Install Linux maker prerequisites
+        if: runner.os == 'Linux'
+        run: |
+          sudo apt-get update && sudo apt-get install -y rpm fakeroot
+          # Fail fast if the runner image (x64 or arm) is missing any tool
+          which dpkg-deb fakeroot rpm rpmbuild
+
       - run: pnpm install --frozen-lockfile
 
       - name: Typecheck
         run: pnpm --filter @lightfast/desktop typecheck
 
       - name: Package (unsigned)
+        # electron-forge defaults to host platform: macOS leg packages darwin
+        # via MakerZIP/MakerDMG, Linux leg packages linux via MakerDeb/MakerRpm.
+        # Each maker's platform filter (forge.config.ts:143-152) does the routing.
         run: pnpm --filter @lightfast/desktop package
diff --git a/.github/workflows/desktop-release.yml b/.github/workflows/desktop-release.yml
@@ -71,8 +71,8 @@ jobs:
               "${notes_arg[@]}"
           fi
 
-  build:
-    name: Build ${{ matrix.arch }}
+  build_macos:
+    name: Build macOS ${{ matrix.arch }}
     needs: prepare
     runs-on: macos-14
     timeout-minutes: 60
@@ -166,11 +166,83 @@ jobs:
       - name: Attest build provenance
         uses: actions/attest-build-provenance@v2
         with:
-          subject-path: 'apps/desktop/out/make/**/*.zip'
+          subject-path: |
+            apps/desktop/out/make/**/*.zip
+            apps/desktop/out/make/**/*.dmg
+
+  build_linux:
+    name: Build Linux ${{ matrix.arch }}
+    needs: prepare
+    runs-on: ${{ matrix.runner }}
+    timeout-minutes: 60
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: x64
+            runner: ubuntu-22.04
+          - arch: arm64
+            runner: ubuntu-22.04-arm
+    permissions:
+      contents: write
+      id-token: write
+      attestations: write
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      # Intentionally no Sentry env vars: sourcemap upload runs on the mac
+      # leg only. Sentry's debug-id system dedupes server-side and the
+      # renderer/main JS source is identical across platforms, so a second
+      # upload would be duplicated work, not added coverage.
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Node.js 22
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: 'pnpm'
+
+      - name: Install Linux maker prerequisites
+        run: |
+          sudo apt-get update && sudo apt-get install -y rpm fakeroot
+          # Fail fast if the runner image (x64 or arm) is missing any tool
+          which dpkg-deb fakeroot rpm rpmbuild
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Stamp version, buildFlavor, buildNumber, signingMode, prerelease env
+        working-directory: apps/desktop
+        run: |
+          npm version "${{ needs.prepare.outputs.version }}" --no-git-tag-version --allow-same-version
+          npm pkg set buildFlavor=prod
+          npm pkg set buildNumber="$GITHUB_RUN_NUMBER"
+          # `signingMode=ad-hoc` keeps build-info shape platform-uniform.
+          # `updater.ts:32-42` returns null on Linux today, so this field is
+          # not yet load-bearing. The future Linux Sparkle PR will read it as
+          # the safe-default guard (same pattern as the mac path). Delete this
+          # line if/when Linux Sparkle introduces a Linux-specific signing scheme.
+          npm pkg set signingMode=ad-hoc
+          echo "LIGHTFAST_DESKTOP_RELEASE_PRERELEASE=${{ needs.prepare.outputs.prerelease }}" >> "$GITHUB_ENV"
+
+      - name: Publish (forge)
+        working-directory: apps/desktop
+        run: pnpm exec electron-forge publish --arch=${{ matrix.arch }} --platform=linux
+
+      - name: Attest build provenance
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: |
+            apps/desktop/out/make/**/*.deb
+            apps/desktop/out/make/**/*.rpm
 
   finalize:
     name: Finalize release
-    needs: [prepare, build]
+    needs: [prepare, build_macos, build_linux]
     runs-on: ubuntu-latest
     permissions:
       contents: write

diff --git a/apps/desktop/README.md b/apps/desktop/README.md
@@ -27,6 +27,28 @@ auto-update is disabled on ad-hoc builds because Squirrel.Mac requires the
 new build to match the running app's designated requirement, and ad-hoc DRs
 are content-bound (they change with every build).
 
+### Linux
+
+Download the artifact for your distribution and architecture from the latest
+[Pre-release](https://github.com/lightfastai/lightfast/releases?q=prerelease%3Atrue):
+
+- **Debian / Ubuntu**: `lightfast_<version>_amd64.deb` (Intel/AMD) or
+  `lightfast_<version>_arm64.deb` (ARM)
+- **Fedora / RHEL / openSUSE**: `lightfast-<version>.x86_64.rpm` (Intel/AMD) or
+  `lightfast-<version>.aarch64.rpm` (ARM)
+
+Install via your package manager:
+
+```bash
+# Debian/Ubuntu
+sudo apt install ./lightfast_<version>_amd64.deb
+
+# Fedora/RHEL
+sudo dnf install ./lightfast-<version>.x86_64.rpm
+```
+
+Linux auto-update is not yet wired — re-download manually for new versions.
+
 ## Run
 
 ```bash
@@ -155,10 +177,17 @@ The `Release desktop` workflow then:
 1. Creates a draft GitHub Release for the tag.
 2. Builds signed+notarized ZIP and DMG artifacts for both `arm64` and `x64`
    via `electron-forge publish` on `macos-14`.
-3. Generates `latest-mac-<arch>.json` (Squirrel.Mac feed format) and uploads
-   them to the release. The app's updater points at
-   `releases/latest/download/latest-mac-${arch}.json`.
-4. Undrafts the release.
+3. Builds `.deb` and `.rpm` artifacts for both `arm64` and `x64` via
+   `electron-forge publish` on `ubuntu-22.04` / `ubuntu-22.04-arm`.
+4. Generates `latest-mac-<arch>.json` (Squirrel.Mac feed). Linux auto-update
+   is deferred, so no Linux feed is emitted yet — Linux users re-download
+   manually for new versions.
+5. Undrafts the release.
+
+We ship per-arch artifacts (no universal-binary merge on macOS) — users pick
+the matching arch. Rationale: the merge doubles download size, Linux has no
+universal concept, and the per-arch `.deb`/`.rpm` packages already encode the
+right architecture for `apt`/`dnf`.
 
 ### Required GitHub secrets
 

diff --git a/apps/desktop/forge.config.ts b/apps/desktop/forge.config.ts
@@ -2,7 +2,9 @@ import { execFileSync } from "node:child_process";
 import { cpSync, existsSync } from "node:fs";
 import { resolve } from "node:path";
 import { FuseV1Options, FuseVersion } from "@electron/fuses";
+import { MakerDeb } from "@electron-forge/maker-deb";
 import { MakerDMG } from "@electron-forge/maker-dmg";
+import { MakerRpm } from "@electron-forge/maker-rpm";
 import { MakerSquirrel } from "@electron-forge/maker-squirrel";
 import { MakerZIP } from "@electron-forge/maker-zip";
 import { AutoUnpackNativesPlugin } from "@electron-forge/plugin-auto-unpack-natives";
@@ -149,6 +151,34 @@ const config: ForgeConfig = {
     new MakerDMG({
       format: "ULFO",
     }),
+    new MakerDeb(
+      {
+        options: {
+          name: "lightfast",
+          productName: "Lightfast",
+          genericName: "Developer Tool",
+          maintainer: "Lightfast <releases@lightfast.ai>",
+          homepage: "https://lightfast.ai",
+          categories: ["Development", "Utility"],
+          icon: resolve(import.meta.dirname, "build/icon.png"),
+        },
+      },
+      ["linux"]
+    ),
+    new MakerRpm(
+      {
+        options: {
+          name: "lightfast",
+          productName: "Lightfast",
+          genericName: "Developer Tool",
+          license: "MIT",
+          homepage: "https://lightfast.ai",
+          categories: ["Development", "Utility"],
+          icon: resolve(import.meta.dirname, "build/icon.png"),
+        },
+      },
+      ["linux"]
+    ),
   ],
   plugins: [
     new AutoUnpackNativesPlugin({}),

diff --git a/apps/desktop/package.json b/apps/desktop/package.json
@@ -17,7 +17,9 @@
   },
   "devDependencies": {
     "@electron-forge/cli": "^7.11.1",
+    "@electron-forge/maker-deb": "^7.11.1",
     "@electron-forge/maker-dmg": "^7.11.1",
+    "@electron-forge/maker-rpm": "^7.11.1",
     "@electron-forge/maker-squirrel": "^7.11.1",
     "@electron-forge/maker-zip": "^7.11.1",
     "@electron-forge/plugin-auto-unpack-natives": "^7.11.1",