Week 51 — Deploying · From Zero to AI Hero

You’ve built the engines, the bridges, and the UIs. But a folder full of source code isn't a product. To get your games into the hands of users, you need to navigate the logistics of deployment. This means compiling for release, signing your code so the OS trusts it, and packaging it into a format that is easy to install.

Apple: Signing and Notarization

On macOS, "it works on my machine" isn't enough. To distribute an app outside the App Store, you must sign it with a Developer ID certificate and submit it to Apple for notarization. This is a security check that ensures your app isn't containing known malware. Without this, users will see a scary "App cannot be opened" warning.

// Notarizing via the command line
xcrun notarytool submit PositionGames.dmg --keychain-profile "AC_PASSWORD" --wait

Windows: MSIX and the Store

On Windows, the modern standard is the MSIX package. It handles installation, updates, and clean uninstallation. You can distribute these packages directly on your website or submit them to the Microsoft Store. Like Apple, Windows requires code signing (usually via an EV Certificate) to avoid the "Windows Protected Your PC" SmartScreen filter.

Shipping is a feature. A perfect app that no one can install is functionally identical to an app that doesn't exist.

Three ways to put it in users' hands

Once your app is signed and notarized, you have three honest distribution paths:

Direct download (a .dmg or .msix on your website). Maximum control, no platform cut, full freedom over pricing. The user has to trust you and click through the OS warnings.
App Store / Microsoft Store. Discoverability, automatic updates, OS-native trust, and a 15–30% cut. App Review exists; a rejection is usually fixable but adds days.
GitHub Releases / Steam / itch.io. Strong fit for hobby and indie projects. Steam in particular has the best long-tail discoverability for games specifically.

The certificates are not free. Apple's Developer Program is $99/year and gets you both notarization and App Store access. Windows code signing requires a publisher certificate from a CA — typically $200–$400/year for a standard cert, more for an EV cert that immediately satisfies SmartScreen. Microsoft Store registration is a one-time $19 (individuals) or $99 (companies). Budget for these before launch.

Auto-update is not optional

If you ship outside the App Store / Microsoft Store, you need an update mechanism. The easiest answers:

On macOS, the Sparkle framework — drop in a feed URL, Sparkle handles version checking, signature verification, and the user prompt.
On Windows, Squirrel or, more recently, the WinAppSDK auto-update API for MSIX packages.

Without auto-update, every patch becomes a manual ask of every user — and most of them will simply never update. The first time you find a bug in a shipped build, you'll wish you'd wired this in earlier.

CI/CD with AI

Building and packaging manually is error-prone. We use Continuous Integration (CI) tools like GitHub Actions to automate the process. Every time you push code, a server in the cloud compiles the C++, runs the bridge tests, signs the binaries, and creates the installer. You can even use AI to write these complex YAML build scripts for you.

# GitHub Actions snippet to compile C++ on push
jobs:
  build:
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v4
      - name: Build Engine DLL
        run: msbuild engine.sln /p:Configuration=Release

Try it yourself

Switch your Xcode or Visual Studio configuration to "Release" and perform a "Clean Build".
Verify that the resulting binary doesn't require any local debug files (like .pdb on Windows) to run.
Copy the app to a different computer (or a virtual machine) and try to launch it. Note any missing DLLs or security warnings.
Research "GitHub Actions for C++" and try to set up a basic workflow that compiles your bridge header on every commit.

What's next

You are now a full-stack native developer. You've seen the entire journey from a single transistor to a global distribution pipeline. Next week, we wrap up the year. We'll reflect on The AI Hero's Journey and why your deep understanding of the metal makes you uniquely qualified to lead in the age of AI.

Week 52 is The AI Hero’s Journey.

Quick check

1. To distribute a Mac app outside the App Store without scary warnings, you must…

Compile with -O3
Sign with a Developer ID certificate AND have Apple notarize the binary
Run as root

Reveal Answer

Answer: B. Notarization is the security check that lets Gatekeeper trust your app. Without it, users see 'cannot be opened'.

2. What is MSIX on Windows?

An antivirus
A modern app package format that handles install, update, and clean uninstall
A C# library

Reveal Answer

Answer: B. MSIX replaces the old MSI format. Cleaner sandboxing, automatic updates, and Microsoft Store compatibility.

3. What does the Sparkle framework provide for Mac apps?

Code signing
An auto-update framework — checks a feed URL, verifies signatures, prompts the user
A debugger

Reveal Answer

Answer: B. Without Sparkle (or similar), every patch becomes a manual ask of every user — and most never update.