Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
electron-updater and GitHub Releases from a private repo (2nd attempt)
See original GitHub issueHello, and thanks @develar for your continued support! My previous issue #2292 was closed prematurely and may have since been buried.
Here’s the quick summary: I’m building an app for use by employees at my company. I would like to use GitHub Releases to serve updates from a private repository. Can I do this by setting a token in the app’s package.json as follows?
"build": {
"appId": "com.github.<owner>.repo",
"productName": "Training Tracker",
"files": [
"dist",
"node_modules",
"main.js",
"package.json"
],
"directories": {
"output": "output"
},
"mac": {
"publish": {
"provider": "github",
"private": true,
"token": "<token>"
},
"target": [
"zip",
"dmg"
]
}
}
My main.js simply imports electron-updater and calls autoUpdater.checkForUpdatesAndNotify() when the app is ready. On startup, however, I get the following error in my logs:
[error] Error: Error: Unable to find latest version on GitHub (https://api.github.com/repos/<owner>/training-tracker/releases/latest), please ensure a production release exists followed by ERR_CONNECTION_REFUSED.
Following the link above, I see this in my browser:
{
"message": "Not Found",
"documentation_url": "https://developer.github.com/v3/repos/releases/#get-the-latest-release"
}
What am I missing? Your advice is appreciated!
Issue Analytics
- State:
- Created 6 years ago
- Comments:10 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
For what it’s worth, I had to go about it a different way. I didn’t want to hard-code my GitHub Repo Token inside the application (it’s not a read-only token), so as soon as the user of my application logs in, the app retrieves the GH token from my server and uses it to construct the setFeedURL for the updater just before it checks for updates:
Really glad you guys got to the bottom of how to use setFeedURL! I wasn’t able to figure this out from the docs.
A couple notes on GH tokens and private repos: I had a similar need but was not comfortable with the app storing a GH key. The fundamental problem with GH private repos being used in this way is that GH doesn’t have granular ACL. They have a single token that has VERY broad permissions and it’s dangerous for anyone outside your org to have access to that. The solution I use: I make a request from the app to my web server (using the “provider: generic” type) which then makes a GH API request for the latest.yml file asset and returns it. Having a web server I control in the middle of the flow between the app and GH allows me to throttle access to just the yml files and binary files (and not allow someone to delete releases, modify info, etc. which can all be done with the private token).
I still need to use setFeedURL in order to test a new build (including updating to it) before distributing it to my install base. setFeedURL allows me to reference a “prerelease” or a “beta” channel so I can QA the upgrade to the new app. Now I just need to build a settings flag I can flip in the frontend of the app!
I think the docs should be updated since saying “don’t use setFeedURL” is misleading (especially when in the same doc it describes the method and its parameters). Any takers? If not, I’ll try to update and send a PR (but @nbcnc should get credit for this one).