Open nchapman opened 5 months ago
Should I take care of this?
@ospfranco yes please! Let me know what you think we should do about hosting the update manifest.
As for hosting the Manifest: I guess we can just use github right? I do the same for Sol. They just need a public URL.
Regarding generating the keys, I guess you want to take care of this and keep them somewhere safe? You can then later, upload them encrypted into the repo secrets and we will then use them to sign the package on CI.
GitHub would usually be fine. The only problem for us is that we're going to move the repo to a different org which will break the URL. Not sure what to do about that.
Regarding the keys, I went ahead and generated them. I added the pubkey into a branch and added the private key as a secret on the repo. You can take it from here! Let me know if I need to put the private key anywhere else.
Without the name or the next domain available I don't see any solution then. We can just release the app as beta versions and once a rebrand happens then add a Download link to a new app version?
What if we just use a Gist for now? Then we can just update the manifest location in a future update and have it point to the new repo.
From what I'm reading it doesn't make much of a difference right? The manifest only needs to be there. After each update, the tauri.conf.json
will be updated in the process. So the last release that will be in the manifest will be a middle update that can then be later updated to future versions. A gist is kinda fragile, I would rather have the manifest automatically updated and committed via ci/scripts.
Yeah I agree that the gist is fragile in that it's not easily automated. We will have the problem where we will have a version that points to the old repo that can't discover updates in the new one. What if we push the manifest to S3 instead?
I think I didn't get my point across. I think it shouldn't be a problem as long as we add one last entry with an update to the latest version with a new url. Here is an illustration:
Old clients will update to version 0.3 (just an example). That version itself will point to an updated manifest, meaning once open, it will update to the further versions. So 0.3 will be a stop-gap update for users still using Pulsar at EOL.
I think this would work as long as GitHub correctly redirects to the new repo location. Otherwise when 0.2 goes to check for updates, the repo will have already moved and it won't be able to find that file. GitHub generally tends to handle redirects for moved repos quite well. I don't know if that extends to all URLs like raw.githubusercontent.com
.
S3 is a bit unwieldy. At that point I prefer a gist tbh.
Just for documentation purposes. We decided to go with a r2 bucket. Gists are not updatable via command line (only via github cli and https authentication, which is too much work). Secrets are configured on this repo and there will be a script soon that updates the manifest and uploads it again to the r2 bucket.
https://tauri.app/v1/guides/distribution/updater