Error during update check

[marisademeglio]

I am seeing this text in the About Box:

error during update check : {"errno":-2,"code":"ENOENT","syscall":"open","path":"/Applications/DAISY Pipeline (2023).app/Contents/Resources/app-update.yml"}

And I can confirm that the file it's looking for does not exist.

@NPavie would you mind having a look at this?

[NPavie]

Hi @marisademeglio this error means the app used was not made with electron-builder "publish" mode In the package.json, it is the release target that came with the template.

The thing I'm not sure of is how to plug this release target result in the current release workflow : the idea of the publish mode of electron builder is to create a draft release on github with the correct release configuration to also allow auto updates. It actually creates this app-update file but only after the dist versions of the app, and it seems to include it in the app only while preparing the draft release. I need to look at the content of the app-update file to see exactly what it contains.

I need to ask this in the next meeting but, if i recall ACE is also a signed electron app, so could we use the same "release" workflow ? (Only thing is I don't know if Ace has auto updates like the one that are included here but requires to use the "publish" mode of electron-builder)

[danielweck]

Hello, no auto-updates in Ace. Just a basic notification of available newer release.

[marisademeglio]

Ok this was a build I made locally with yarn dist-mac-dev, which does yarn dist --mac with a null identity so the signing doesn't happen (it's very slow for dev purposes). Maybe if I made a build and posted a release like we usually do, then this would look like it normally does?

Or if there's a chance this message would show up for users, we should edit out the JSON and just log that info and display something simple like "Update error".

[NPavie]

@marisademeglio I'll indeed replace the message by a simple "Update error".

I have looked at the app-update.yml file and its simply a configuration on where to look for updates. Here the file content in the releases I made (without signing) using the yarn release command without notarization activated (used it when testing auto-updates on my fork)

owner: NPavie
repo: pipeline-ui
provider: github
updaterCacheDirName: pipeline-ui-updater

(You can find the example of a release it created and that i used for testing of the auto-updater here : https://github.com/NPavie/pipeline-ui/releases/tag/v1.2.0-BETA)

It should be possible to embed this directly (without the publish requirement) so that apps that we make locally are still eligible to auto updates. The thing i'm not sure for now is how are we going to make and publish the signed version for windows so that it is discoverable by the auto-update mecanism.

(@danielweck do you use some CI/CD to build and sign ACE for windows or do you the build and signing on your own machine ?)

[danielweck]

I build the Electron app Windows releases on my local computer, and I manually sign the build artefact (NSIS installer exe file) using a physical hardware token (i.e. USB device that contains the code signing certificate) which requires manually entering a passcode into a text input control (GUI dialog). There are of course ways to automate this process, a good start would be to code-sign via a cloud service instead of a physical hardware device. I imagine a secure authentication bearer would be needed, some kind of revokable access token.

[danielweck]

...another option would be to mimic the Mac OS process which relies on KeyChain (the code-signing certificate was manually added into my personal computer once, the electron-builder process is hen able to discover it by name lookup without user input, in order to sign the app bundle resources)

[marisademeglio]

I am looking into this now, which would allow us to automate the signing of the Mac app in a GH workflow. If we could get the Windows certificate on its own then perhaps we could do the same thing: https://github.com/daisy/pipeline-ui/issues/156

[NPavie]

A quick report from meeting :

• PKG format is not auto-updatable according to https://www.electron.build/configuration/publish.html So app-update.yml is not created for PKG release.

As a fallback, I will do something similar as ACE and do a check on last version available in the github release page.

[marisademeglio]

Notes from chat: pkg installers on mac (required for running post-install scripts) are not eligible for auto-updates in the electron world.

The workaround for right now: the auto-update function on mac will fall back to just checking and informing the user of a new version but it won't manage the actual updating. This workaround behavior will be triggered when there is no yml file (normally this is what gets checked for updates).