Add feature flag to disable edits temporarily during bugfix

.github/workflows/workflow.yml

@@ -1,33 +1,40 @@
-name: Build Release
+name: Build and Release
 on:
-  push:
-    tags:
-      - '*'
-  workflow_dispatch:
+  release:
+    types: [published]
 
 permissions:
   contents: write
 
 jobs:
   get-version:
-    name: Get Version
+    name: Get Version and Release Info
     runs-on: ubuntu-latest
     outputs:
       version: ${{ steps.set-version.outputs.version }}
+      is_prerelease: ${{ steps.set-info.outputs.is_prerelease }}
+      should_upload_to_stores: ${{ steps.set-info.outputs.should_upload_to_stores }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
 
-      - name: Get version from lib/dev_config.dart
+      - name: Get version from pubspec.yaml
         id: set-version
         run: |
           echo version=$(grep "version:" pubspec.yaml | head -1 | cut -d ':' -f 2 | tr -d ' ' | cut -d '+' -f 1) >> $GITHUB_OUTPUT
 
-#      - name: Extract version from pubspec.yaml
-#        id: extract_version
-#        run: |
-#          version=$(grep '^version: ' pubspec.yaml | cut -d ' ' -f 2 | tr -d '\r')
-#          echo "VERSION=$version" >> $GITHUB_ENV
+      - name: Determine release actions
+        id: set-info
+        run: |
+          echo "is_prerelease=${{ github.event.release.prerelease }}" >> $GITHUB_OUTPUT
+          
+          if [ "${{ github.event.release.prerelease }}" = "true" ]; then
+            echo "should_upload_to_stores=false" >> $GITHUB_OUTPUT
+            echo "✅ Pre-release - will build and attach assets, no store uploads"
+          else
+            echo "should_upload_to_stores=true" >> $GITHUB_OUTPUT
+            echo "✅ Full release - will build, attach assets, and upload to stores"
+          fi
 
   build-android-apk:
     name: Build Android APK
@@ -246,27 +253,6 @@ jobs:
           path: Runner.ipa
           if-no-files-found: 'error'
 
-      - name: Upload to App Store Connect
-        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
-        env:
-          APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
-          APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
-          APP_STORE_CONNECT_API_KEY_BASE64: ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }}
-        run: |
-          # Create the private keys directory and decode API key
-          mkdir -p ~/private_keys
-          echo -n "$APP_STORE_CONNECT_API_KEY_BASE64" | base64 --decode > ~/private_keys/AuthKey_${APP_STORE_CONNECT_API_KEY_ID}.p8
-          
-          # Upload to App Store Connect / TestFlight
-          xcrun altool --upload-app \
-            --type ios \
-            --file Runner.ipa \
-            --apiKey $APP_STORE_CONNECT_API_KEY_ID \
-            --apiIssuer $APP_STORE_CONNECT_ISSUER_ID
-          
-          # Clean up sensitive files
-          rm -rf ~/private_keys
-
   attach-to-release:
     name: Attach Assets to Release
     needs: [get-version, build-android-apk, build-android-aab, build-ios]
@@ -300,3 +286,54 @@ jobs:
             deflock_v${{ needs.get-version.outputs.version }}.apk
             deflock_v${{ needs.get-version.outputs.version }}.aab
             deflock_v${{ needs.get-version.outputs.version }}.ipa
+
+  upload-to-stores:
+    name: Upload to App Stores
+    needs: [get-version, build-android-aab, build-ios]
+    runs-on: macos-latest  # Need macOS for iOS uploads
+    if: needs.get-version.outputs.should_upload_to_stores == 'true'
+    steps:
+      - name: Download AAB artifact for Google Play
+        uses: actions/download-artifact@v4
+        with:
+          name: deflock_v${{ needs.get-version.outputs.version }}.aab
+
+      - name: Download IPA artifact for App Store
+        uses: actions/download-artifact@v4
+        with:
+          name: deflock_v${{ needs.get-version.outputs.version }}.ipa
+
+      # Temporarily disabled - uncomment when Google Play service account is ready
+      # - name: Upload to Google Play Store
+      #   uses: r0adkll/upload-google-play@v1
+      #   with:
+      #     serviceAccountJsonPlainText: ${{ secrets.GOOGLE_PLAY_SERVICE_ACCOUNT_JSON }}
+      #     packageName: me.deflock.deflockapp
+      #     releaseFiles: app-release.aab
+      #     track: internal  # Uploads to Internal Testing track for review before production
+      #     status: completed
+      #     inAppUpdatePriority: 0
+
+      - name: Upload to App Store Connect
+        env:
+          APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+          APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
+          APP_STORE_CONNECT_API_KEY_BASE64: ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }}
+        run: |
+          # Create the private keys directory and decode API key
+          mkdir -p ~/private_keys
+          echo -n "$APP_STORE_CONNECT_API_KEY_BASE64" | base64 --decode > ~/private_keys/AuthKey_${APP_STORE_CONNECT_API_KEY_ID}.p8
+          
+          # Upload to App Store Connect / TestFlight
+          xcrun altool --upload-app \
+            --type ios \
+            --file Runner.ipa \
+            --apiKey $APP_STORE_CONNECT_API_KEY_ID \
+            --apiIssuer $APP_STORE_CONNECT_ISSUER_ID
+          
+          # Clean up sensitive files
+          rm -rf ~/private_keys
+
+      - name: Clean up artifacts
+        run: |
+          rm -f app-release.aab Runner.ipa

DEVELOPER.md

@@ -494,6 +494,84 @@ void updateMultipleThings() {
 
 ---
 
+## Release Process & GitHub Actions
+
+The app uses a **clean, release-triggered workflow** that rebuilds from scratch for maximum reliability:
+
+### How It Works
+
+**Trigger: GitHub Release Creation**
+- Create a GitHub release → Workflow automatically builds, attaches assets, and optionally uploads to stores
+- **Pre-release checkbox** controls store uploads:
+  - ✅ **Checked** → Build + attach assets (no store uploads)
+  - ✅ **Unchecked** → Build + attach assets + upload to App/Play stores
+
+### Release Types
+
+**Development/Beta Releases**
+1. Create GitHub release from any tag/branch
+2. ✅ **Check "pre-release"** checkbox
+3. Publish → Assets built and attached, no store uploads
+
+**Production Releases**  
+1. Create GitHub release from main/stable branch
+2. ❌ **Leave "pre-release" unchecked**
+3. Publish → Assets built and attached + uploaded to stores
+
+### Store Upload Destinations
+
+**Google Play Store:**
+- Uploads to **Internal Testing** track
+- Requires manual promotion to Beta/Production
+- You maintain full control over public release
+
+**App Store Connect:**
+- Uploads to **TestFlight**  
+- Requires manual App Store submission
+- You maintain full control over public release
+
+### Required Secrets
+
+**For Google Play Store Upload:**
+- `GOOGLE_PLAY_SERVICE_ACCOUNT_JSON` - Complete JSON service account key (plain text)
+
+**For iOS App Store Upload:**
+- `APP_STORE_CONNECT_API_KEY_ID` - App Store Connect API key ID
+- `APP_STORE_CONNECT_ISSUER_ID` - App Store Connect issuer ID  
+- `APP_STORE_CONNECT_API_KEY_BASE64` - Base64-encoded .p8 API key file
+
+**For Building:**
+- `OSM_PROD_CLIENTID` - OpenStreetMap production OAuth2 client ID
+- `OSM_SANDBOX_CLIENTID` - OpenStreetMap sandbox OAuth2 client ID
+- Android signing secrets (keystore, passwords, etc.)
+- iOS signing certificates and provisioning profiles
+
+### Google Play Store Setup
+
+1. **Google Cloud Console:**
+   - Create Service Account with "Project Editor" role
+   - Enable Google Play Android Developer API
+   - Download JSON key file
+
+2. **Google Play Console:**
+   - Add service account email to Users & Permissions
+   - Grant "Release Manager" permissions for your app
+   - Complete first manual release to activate app listing
+
+3. **GitHub Secrets:**
+   - Store entire JSON key as `GOOGLE_PLAY_SERVICE_ACCOUNT_JSON` (plain text)
+
+### Workflow Benefits
+
+✅ **Brutalist simplicity** - One trigger, clear behavior  
+✅ **No external dependencies** - Only uses trusted `r0adkll/upload-google-play@v1`  
+✅ **Explicit control** - GitHub's UI checkbox controls store uploads  
+✅ **Always rebuilds** - No stale artifacts or cross-workflow complexity  
+✅ **Safe defaults** - Pre-release prevents accidental production uploads  
+✅ **No tag coordination** - Works with any commit, tag, or branch
+
+---
+
 ## Build & Development Setup
 
 ### Prerequisites

README.md

@@ -80,6 +80,7 @@ A comprehensive Flutter app for mapping public surveillance infrastructure with
 **See [DEVELOPER.md](DEVELOPER.md)** for comprehensive technical documentation including:
 - Architecture overview and design decisions
 - Development setup and build instructions  
+- Release process and GitHub Actions automation
 - Code organization and contribution guidelines
 - Debugging tips and troubleshooting
 
@@ -90,6 +91,8 @@ cp lib/keys.dart.example lib/keys.dart
 # Add OAuth2 client IDs, then: flutter run
 ```
 
+**Releases**: The app uses GitHub's release system for automated building and store uploads. Simply create a GitHub release and use the "pre-release" checkbox to control whether builds go to app stores - checked for beta releases, unchecked for production releases.
+
 ---
 
 ## Roadmap

assets/changelog.json

@@ -1,4 +1,7 @@
 {
+  "1.3.2": {
+    "content": "• HOTFIX: Temporarily disabled node editing to prevent OSM database issues while a bug is resolved\n• TECH: Added kEnableNodeEdits feature flag for controlling edit functionality"
+  },
   "1.3.1": {
     "content": "• UX: Network status indicator always enabled\n• UX: Direction slider wider on small screens\n• UX: Fixed iOS keyboard missing 'Done' in settings\n• UX: Fixed multi-direction nodes in upload queue\n• UX: Improved suspected locations loading indicator; removed popup, fixed stuck spinner"
   },

lib/dev_config.dart

@@ -44,11 +44,14 @@ const String kClientName = 'DeFlock';
 const String kSuspectedLocationsCsvUrl = 'https://stopflock.com/app/flock_utilities_mini_latest.csv';
 
 // Development/testing features - set to false for production builds
-const bool kEnableDevelopmentModes = true; // Set to false to hide sandbox/simulate modes and force production mode
+const bool kEnableDevelopmentModes = false; // Set to false to hide sandbox/simulate modes and force production mode
 
 // Navigation features - set to false to hide navigation UI elements while in development
 const bool kEnableNavigationFeatures = kEnableDevelopmentModes; // Hide navigation until fully implemented
 
+// Node editing features - set to false to temporarily disable editing
+const bool kEnableNodeEdits = false; // Set to false to temporarily disable node editing
+
 /// Navigation availability: only dev builds, and only when online
 bool enableNavigationFeatures({required bool offlineMode}) {
   if (!kEnableDevelopmentModes) {

lib/localizations/de.json

@@ -89,6 +89,7 @@
     "profileRequired": "Bitte wählen Sie ein Profil aus, um fortzufahren.",
     "direction": "Richtung  {}°",
     "profileNoDirectionInfo": "Dieses Profil benötigt keine Richtung.",
+    "temporarilyDisabled": "Bearbeitungen wurden vorübergehend deaktiviert, während wir einen Fehler beheben - Entschuldigung - schauen Sie bald wieder vorbei.",
     "mustBeLoggedIn": "Sie müssen angemeldet sein, um Knoten zu bearbeiten. Bitte melden Sie sich über die Einstellungen an.",
     "sandboxModeWarning": "Bearbeitungen von Produktionsknoten können nicht an die Sandbox übertragen werden. Wechseln Sie in den Produktionsmodus in den Einstellungen, um Knoten zu bearbeiten.",
     "enableSubmittableProfile": "Aktivieren Sie ein übertragbares Profil in den Einstellungen, um Knoten zu bearbeiten.",

lib/localizations/en.json

@@ -107,6 +107,7 @@
     "profileRequired": "Please select a profile to continue.",
     "direction": "Direction  {}°",
     "profileNoDirectionInfo": "This profile does not require a direction.",
+    "temporarilyDisabled": "Edits have been temporarily disabled while we sort out a bug - apologies - check back soon.",
     "mustBeLoggedIn": "You must be logged in to edit nodes. Please log in via Settings.",
     "sandboxModeWarning": "Cannot submit edits on production nodes to sandbox. Switch to Production mode in Settings to edit nodes.",
     "enableSubmittableProfile": "Enable a submittable profile in Settings to edit nodes.",

lib/localizations/es.json

@@ -107,6 +107,7 @@
     "profileRequired": "Por favor, seleccione un perfil para continuar.",
     "direction": "Dirección  {}°",
     "profileNoDirectionInfo": "Este perfil no requiere una dirección.",
+    "temporarilyDisabled": "Las ediciones han sido temporalmente deshabilitadas mientras solucionamos un error - disculpas - regrese pronto.",
     "mustBeLoggedIn": "Debe estar conectado para editar nodos. Por favor, inicie sesión a través de Configuración.",
     "sandboxModeWarning": "No se pueden enviar ediciones de nodos de producción al sandbox. Cambie al modo Producción en Configuración para editar nodos.",
     "enableSubmittableProfile": "Habilite un perfil envíable en Configuración para editar nodos.",

lib/localizations/fr.json

@@ -107,6 +107,7 @@
     "profileRequired": "Veuillez sélectionner un profil pour continuer.",
     "direction": "Direction  {}°",
     "profileNoDirectionInfo": "Ce profil ne nécessite pas de direction.",
+    "temporarilyDisabled": "Les modifications ont été temporairement désactivées pendant que nous résolvons un bug - désolés - revenez bientôt.",
     "mustBeLoggedIn": "Vous devez être connecté pour modifier les nœuds. Veuillez vous connecter via les Paramètres.",
     "sandboxModeWarning": "Impossible de soumettre des modifications de nœuds de production au sandbox. Passez au mode Production dans les Paramètres pour modifier les nœuds.",
     "enableSubmittableProfile": "Activez un profil soumissible dans les Paramètres pour modifier les nœuds.",

lib/localizations/it.json

@@ -107,6 +107,7 @@
     "profileRequired": "Per favore seleziona un profilo per continuare.",
     "direction": "Direzione  {}°",
     "profileNoDirectionInfo": "Questo profilo non richiede una direzione.",
+    "temporarilyDisabled": "Le modifiche sono state temporaneamente disabilitate mentre risolviamo un bug - scuse - torna presto.",
     "mustBeLoggedIn": "Devi essere loggato per modificare i nodi. Per favore accedi tramite Impostazioni.",
     "sandboxModeWarning": "Impossibile inviare modifiche di nodi di produzione alla sandbox. Passa alla modalità Produzione nelle Impostazioni per modificare i nodi.",
     "enableSubmittableProfile": "Abilita un profilo inviabile nelle Impostazioni per modificare i nodi.",

lib/localizations/pt.json

@@ -107,6 +107,7 @@
     "profileRequired": "Por favor, selecione um perfil para continuar.",
     "direction": "Direção  {}°",
     "profileNoDirectionInfo": "Este perfil não requer uma direção.",
+    "temporarilyDisabled": "As edições foram temporariamente desabilitadas enquanto resolvemos um bug - desculpe - volte em breve.",
     "mustBeLoggedIn": "Você deve estar logado para editar nós. Por favor, faça login via Configurações.",
     "sandboxModeWarning": "Não é possível enviar edições de nós de produção para o sandbox. Mude para o modo Produção nas Configurações para editar nós.",
     "enableSubmittableProfile": "Ative um perfil enviável nas Configurações para editar nós.",

lib/localizations/zh.json

@@ -107,6 +107,7 @@
     "profileRequired": "请选择配置文件以继续。",
     "direction": "方向  {}°",
     "profileNoDirectionInfo": "此配置文件不需要方向。",
+    "temporarilyDisabled": "编辑功能已暂时禁用，我们正在修复一个错误 - 抱歉 - 请稍后再试。",
     "mustBeLoggedIn": "您必须登录才能编辑节点。请通过设置登录。",
     "sandboxModeWarning": "无法将生产节点的编辑提交到沙盒。在设置中切换到生产模式以编辑节点。",
     "enableSubmittableProfile": "在设置中启用可提交的配置文件以编辑节点。",

lib/widgets/edit_node_sheet.dart

@@ -157,7 +157,8 @@ class EditNodeSheet extends StatelessWidget {
 
         final submittableProfiles = appState.enabledProfiles.where((p) => p.isSubmittable).toList();
         final isSandboxMode = appState.uploadMode == UploadMode.sandbox;
-        final allowSubmit = appState.isLoggedIn && 
+        final allowSubmit = kEnableNodeEdits && 
+            appState.isLoggedIn && 
             submittableProfiles.isNotEmpty && 
             session.profile != null && 
             session.profile!.isSubmittable;
@@ -209,7 +210,23 @@ class EditNodeSheet extends StatelessWidget {
               // Direction controls
               _buildDirectionControls(context, appState, session, locService),
 
-              if (!appState.isLoggedIn)
+              if (!kEnableNodeEdits)
+                Padding(
+                  padding: const EdgeInsets.fromLTRB(16, 0, 16, 12),
+                  child: Row(
+                    children: [
+                      const Icon(Icons.construction, color: Colors.orange, size: 20),
+                      const SizedBox(width: 6),
+                      Expanded(
+                        child: Text(
+                          locService.t('editNode.temporarilyDisabled'),
+                          style: const TextStyle(color: Colors.orange, fontSize: 13),
+                        ),
+                      ),
+                    ],
+                  ),
+                )
+              else if (!appState.isLoggedIn)
                 Padding(
                   padding: const EdgeInsets.fromLTRB(16, 0, 16, 12),
                   child: Row(

pubspec.yaml

@@ -1,7 +1,7 @@
 name: deflockapp
 description: Map public surveillance infrastructure with OpenStreetMap
 publish_to: "none"
-version: 1.3.1+9   # The thing after the + is the version code, incremented with each release
+version: 1.3.2+10   # The thing after the + is the version code, incremented with each release
 
 environment:
   sdk: ">=3.5.0 <4.0.0"   # oauth2_client 4.x needs Dart 3.5+