Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

electron-updater and private source code #2292

Closed
naheller opened this issue Nov 12, 2017 · 10 comments
Closed

electron-updater and private source code #2292

naheller opened this issue Nov 12, 2017 · 10 comments
Labels
deployment question

Comments

@naheller
Copy link

In a recent issue #2289 I learned that electron-updater requires a GH_TOKEN on each user's machine in order to download private GitHub Releases. Since my app is only meant for employees of my company, I'm wondering if I can include the token in my code, and serve the initial DMG internally.

I got this idea from an issue over at electron-updater-example, which uses setFeedURL:

screen shot 2017-11-11 at 3 50 59 pm

However the auto-updater docs say not to use setFeedURL:

screen shot 2017-11-11 at 4 04 10 pm

I understand the security risks in hardcoding a token into the code, but is it possible to allow an app using electron-updater to download updates from a private GitHub repo using this method somehow?

If not, would this be possible using S3 in a similarly private/closed source situation?

Thank you!
@naheller
Copy link
Author

So I've gone ahead and tried this, and the result is new errors! I went ahead and added a setFeedURL with the following data:

autoUpdater.setFeedURL({
    provider: 'github',
    owner: 'owner',
    repo: 'repo',
    token: 'token'
})

and the error log shows the following:

[error] Error: Error: Unable to find latest version on GitHub (https://api.github.com/repos/[owner]/[repo]/releases/latest), please ensure a production release exists: Error: net::ERR_CONNECTION_REFUSED
at CancellationToken.createPromise (/Applications/Training Tracker.app/Contents/Resources/app.asar/node_modules/electron-updater/node_modules/builder-util-runtime/src/CancellationToken.ts:51:5)
at ElectronHttpExecutor.doApiRequest (/Applications/Training Tracker.app/Contents/Resources/app.asar/node_modules/electron-updater/node_modules/builder-util-runtime/src/httpExecutor.ts:69:30)
at ElectronHttpExecutor.request (/Applications/Training Tracker.app/Contents/Resources/app.asar/node_modules/electron-updater/node_modules/builder-util-runtime/src/httpExecutor.ts:61:17)
at PrivateGitHubProvider.httpRequest (/Applications/Training Tracker.app/Contents/Resources/app.asar/node_modules/electron-updater/src/Provider.ts:26:26)
at /Applications/Training Tracker.app/Contents/Resources/app.asar/node_modules/electron-updater/src/PrivateGitHubProvider.ts:86:38
at Generator.next (<anonymous>)

When I follow the link shown (https://api.github.com/repos/[owner]/[repo]/releases/latest): I get the following error from GitHub in my browser:

{
  "message": "Not Found",
  "documentation_url": "https://developer.github.com/v3/repos/releases/#get-the-latest-release"
}

Is the link being built incorrectly? What needs changing?

Thanks again!

@develar
Copy link
Member

develar commented Nov 15, 2017

  1. You can set token and private: true in the publish options and so, no need to call setFeedURL.
  2. In your current example you must also set private: true to use PrivateGitHubProvider.

@develar develar closed this as completed Nov 15, 2017
@naheller
Copy link
Author

Hi @develar, thanks for your reply. I have adjusted my package.json publish options to look as follows:

"build": {
    "appId": "com.github.owner.repo",
    "productName": "Training Tracker",
    "files": [
      "dist",
      "node_modules",
      "main.js",
      "package.json"
    ],
    "directories": {
      "output": "output"
    },
    "mac": {
      "publish": {
        "provider": "github",
        "private": true,
        "token": "token"
      },
      "target": [
        "zip",
        "dmg"
      ]
    }
  }

...and in my main.js, I simply call autoUpdater.checkForUpdatesAndNotify() when the app is ready.

When I run my app, the log shows the following error:

[error] Error: Error: Unable to find latest version on GitHub (https://api.github.com/repos/owner/training-tracker/releases/latest), please ensure a production release exists

Following the link above, I see this in my browser:

{
  "message": "Not Found",
  "documentation_url": "https://developer.github.com/v3/repos/releases/#get-the-latest-release"
}

What am I missing? Thanks!

@naheller
Copy link
Author

I'll also add that my GitHub Releases look like this:

screen shot 2017-11-16 at 3 57 24 pm

@naheller
Copy link
Author

Hoping this does not get buried as a "closed" issue!

@naheller naheller mentioned this issue Nov 20, 2017
Closed
@AlmondBro
Copy link

AlmondBro commented Feb 15, 2019
edited
Loading

Hi, please re-open this issue! I am in the same exact situation with my project.

@francescocatalano
Copy link

+1

@AnupamJuniwal
Copy link

{
"message": "Not Found",
"documentation_url": "https://developer.github.com/v3/repos/releases/#get-the-latest-release"
}

I see that you have defined build options in package.json, I had to face the same problem and found that defining build options in electron-builder.json (seperate file) fixes this issue.

much like done by this guy:
https://github.com/linuxjuggler/electron-auto-update-example

@zeyadmoamen1210
Copy link

same issue but 401
please ensure a production release exists: HttpError: 401
{
"message": "Bad credentials",
"documentation_url": "https://docs.github.com/rest"
}
any solution ?

@jesusrogliero
Copy link

Saludooo!!!

Estoy actualmente en la misma problemática, alguien ha podido encontrar la solución?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
deployment question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@develar @AlmondBro @francescocatalano @naheller @AnupamJuniwal @zeyadmoamen1210 @jesusrogliero