search

postmanlabs / postman-app-support

Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
https://www.postman.com
5.85k stars 839 forks source link

Versioned download links do not work #10992

Closed driverkt closed 2 years ago

driverkt commented 2 years ago

Is there an existing issue for this?

Describe the Issue

See comments on this commit for postman in homebrew: https://github.com/Homebrew/homebrew-cask/commit/9b3ddcbb40d295fda967f5ce4689e971a6f5db5f

Versioned download links such as this one do not work; hence the homebrew cask maintainers are disabling the sha check on postman's cask.

Steps To Reproduce

$ wget https://dl.pstmn.io/download/version/20.3/osx_arm64
--2022-06-10 23:45:01--  https://dl.pstmn.io/download/version/20.3/osx_arm64
Resolving dl.pstmn.io (dl.pstmn.io)... 13.249.74.111, 13.249.74.72, 13.249.74.47, ...
Connecting to dl.pstmn.io (dl.pstmn.io)|13.249.74.111|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2022-06-10 23:45:01 ERROR 404: Not Found.

Screenshots or Videos

No response

Operating System

macOS

Postman Version

9.20.3

Postman Platform

Postman App

Additional Context?

No response

driverkt commented 2 years ago

The reason this is valuable is that it keeps the homebrew cask from breaking if a new release gets pushed to "latest" before a cask maintainer can make the update. It breaks the cask for everyone. With versioned download links, the cask will not be broken if it is not immediately updated for the latest release.

driverkt commented 2 years ago

Here's sample homebrew output with the current cask code (no checksum due to the lack of versioned url):

==> Upgrading 1 outdated package:
postman 9.19.0 -> 9.20.3
==> Upgrading postman
==> Purging files for version 9.20.3 of Cask postman
Error: postman: Cask 'postman' does not have a sha256 checksum defined and was not installed.
This means you have the --require-sha option set, perhaps in your HOMEBREW_CASK_OPTS.
RaisinTen commented 2 years ago

https://dl.pstmn.io/download/version/9.19.0/osx_arm64 appears to be the latest versioned link for ARM64 macOS. The downloaded binary also matches with what gets downloaded from the unversioned link - https://dl.pstmn.io/download/latest/osx_arm64.

RaisinTen commented 2 years ago

My guess is that 9.20.0 is a UI only update and not a platform update, i.e., the binary doesn't get updated when you move from 9.19.0 -> 9.20.0. The changes are only on the web-side, which gets downloaded and rendered automatically by the app when it runs. (verifying my claims internally now)

driverkt commented 2 years ago

Can we verify that this is why?

See updated comment on the homebrew-cask side:

https://github.com/Homebrew/homebrew-cask/commit/9b3ddcbb40d295fda967f5ce4689e971a6f5db5f#r76128394

bevanjkay commented 2 years ago

@RaisinTen Is there an API endpoint or appcast that Homebrew could access to find what the latest available versioned download is? There is a command called brew livecheck that checks a specified URL to find the latest version being provided, and this is then used to initiate version bumps. In this instance, the https://dl.pstmn.io/download/latest/osx_arm64 was being used to find the latest version in the filename of the returned artifact, however the version being reported in the artifact is different from the in-app version, and there is no versioned download URL available.

RaisinTen commented 2 years ago

@driverkt

Can we verify that this is why?

My claim was correct, v9.20.0 is a UI-only update, so no changes will be reflected in the binary. Previously, the web-only part of Postman was bundled into our desktop app during releases. This meant that our desktop users don't use the latest version of our codebase and can choose to remain on old versions of Postman. This means that any bug fixes take a full release to reach users. This would make it difficult to support older versions of Postman. So our solution to this problem was to split releases into - platform releases and UI releases, so that UI only fixes could be delivered to our users without having to go through a fresh release cycle.

RaisinTen commented 2 years ago

@bevanjkay

@RaisinTen Is there an API endpoint or appcast that Homebrew could access to find what the latest available versioned download is?

https://dl.pstmn.io/download/latest/osx_arm64 is the only reliable endpoint at this moment and it serves the latest Postman version, so I would recommend using that link and not the versioned one.

There is a command called brew livecheck that checks a specified URL to find the latest version being provided, and this is then used to initiate version bumps. In this instance, the https://dl.pstmn.io/download/latest/osx_arm64 was being used to find the latest version in the filename of the returned artifact, however the version being reported in the artifact is different from the in-app version, and there is no versioned download URL available.

Actually, when you download the binary served from https://dl.pstmn.io/download/latest/osx_64 and log in to your account, the version changes from v9.19.0 to the latest version, i.e., v9.21.2. So using https://dl.pstmn.io/download/latest/osx_arm64 should be okay.

Screen Shot 2022-06-15 at 3 57 02 PM
driverkt commented 2 years ago

Reposting this comment from above. Also, I don't think logging into an account is a reasonable expectation, since it is not required to use the application and something scripted will not do this action.

The reason this is valuable is that it keeps the homebrew cask from breaking if a new release gets pushed to "latest" before a cask maintainer can make the update. It breaks the cask for everyone. With versioned download links, the cask will not be broken if it is not immediately updated for the latest release.

In general, saying "use the 'latest' URL" means that for maintainers of the cask, the checksum could change at any moment, without warning. This makes the "latest" URL unusable to the homebrew cask if a checksum is desired.

Since, as you state, separating the binary and web release versions is a desirable feature, can we consider this an RFE then rather than "versioned links are broken"?

Maintaining a cask with a checksum requires a versioned link for the binary which is independent of the UI/web version. In a sense, updating the version number based upon the UI/web version breaks the traditional concept of a version number anyway, though it may be characteristic of electron-based apps.

RaisinTen commented 2 years ago

Reposting this comment from above. Also, I don't think logging into an account is a reasonable expectation, since it is not required to use the application and something scripted will not do this action.

I agree with you, I find it a little confusing when the version number magically updates itself when I log in to the application. I think a solution to this problem would be to completely get rid of the UI version numbers both from the website and the app and stabilize the versioned links.

cc @akshaytate wdyt?

akshaytate commented 2 years ago

@RaisinTen The UI version is used for other use cases as well currently it is not viable to get rid of it.

@driverkt https://dl.pstmn.io/api/version/latest this endpoint will always return the latest version of binary available to download. So you can combine the version from that endpoint with the download link to get the exact binary: https://dl.pstmn.io/download/version/<version_from_latest_endpoint>/osx_arm64. Please let me know if this solution works for your use case.

bevanjkay commented 2 years ago

@akshaytate That's perfect. Thanks for your help 👍🏼