Nice! I was thinking of adding a signed release workflow to Liza, but I actually found it easier to update Zig executable projects by simply git pulling latest changes, building with zig build exe and already having their installed executables (zig-out/bin/exe) in $PATH.
Building from source does require zig, but downloading binaries requires a dependency as well – minisign. It’s a choice, but for small enough projects building from source is also viable.