feat: add version tracking, Nix packaging, and auto-update foundation#26
Merged
flexiondotorg merged 4 commits intomainfrom Mar 23, 2026
Merged
feat: add version tracking, Nix packaging, and auto-update foundation#26flexiondotorg merged 4 commits intomainfrom
flexiondotorg merged 4 commits intomainfrom
Conversation
- justfile: auto-bump package.json on release if tag mismatch, stamp with dev version on build - ci: validate package.json matches git tag on tag pushes, skip jobs if version gate fails - logging: add startup log with app name and version from package.json Centralises version truth in package.json, with CI validation and local dev stamping to keep all version sources in sync. Signed-off-by: Martin Wimpress <code@wimpress.io>
… docs Add Nix flake outputs for Linux (buildFHSEnv with vendored Electron) and macOS (DMG installer fetcher) to enable system package management. Introduce version-gate CI job to validate package.json version matches git tags, and nix-hash job to compute and update package hashes after release. Update builder workflow to remove redundant version stamping from build job. Add Install section to README with platform-specific instructions and Nix examples. Include unsigned binary security bypass guidance for macOS Gatekeeper and Windows SmartScreen. Add sponsor goal CTA. Signed-off-by: Martin Wimpress <code@wimpress.io>
- Add src/update.ts with GitHub API version checking and semver comparison - Gate notifications on existing notifications toggle setting - Integrate update status into tray menu with conditional items - Add update notification strings for 33 languages in i18n.ts - Trigger version check 5 seconds after app startup in main.ts Signed-off-by: Martin Wimpress <code@wimpress.io>
Contributor
There was a problem hiding this comment.
6 issues found across 12 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="README.md">
<violation number="1" location="README.md:64">
P2: The RPM install command is incorrect for openSUSE: `dnf` is Fedora-specific. Split Fedora and openSUSE instructions (or use the correct openSUSE command) so users on openSUSE can install successfully.</violation>
</file>
<file name="justfile">
<violation number="1" location="justfile:169">
P2: `git commit` here can accidentally include unrelated staged changes. Restrict the commit to the version files so release automation doesn't sweep in pre-staged work.</violation>
</file>
<file name="nix/linux.nix">
<violation number="1" location="nix/linux.nix:68">
P1: Disable fixup/strip for the unpacked deb payload; otherwise post-install phases can still mutate the signed binary.</violation>
</file>
<file name="src/tray.ts">
<violation number="1" location="src/tray.ts:142">
P2: Validate `update.url` before calling `shell.openExternal` to avoid opening unexpected URI schemes from remote data.</violation>
</file>
<file name=".github/workflows/builder.yml">
<violation number="1" location=".github/workflows/builder.yml:232">
P1: Artifact filename includes the `v` prefix from the tag, but electron-builder produces filenames using the version from `package.json` (no `v` prefix). These URLs will 404, breaking the entire nix-hash job.
Split the tag and the bare version so the download path uses the tag (`v0.2.2`) and the filename uses the bare version (`0.2.2`).</violation>
</file>
<file name="src/update.ts">
<violation number="1" location="src/update.ts:61">
P1: Normalise GitHub `tag_name` before comparing versions; a `v`-prefixed tag makes `isNewer` fail and can prevent update detection.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
- Strip v-prefix from GitHub release tags before version comparison to prevent silent failure if API includes prefix - Validate update URL protocol (https/http only) before opening in browser to prevent unintended handler execution - Add dontFixup=true to Nix Linux build to prevent strip/patchelf breaking VMP-signed Electron binary - Scope release commit in justfile to package.json and package-lock.json only, preventing accidental staging of unrelated files - Document separate installation paths for Fedora (dnf) and openSUSE (zypper) - Add autoUpdate.enabled to configuration schema documentation Signed-off-by: Martin Wimpress <code@wimpress.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Establish canonical version source in package.json with validation across build system and CI. Create Nix flake outputs for reproducible builds on Linux and macOS. Document and plan electron-updater implementation for AppImage/NSIS auto-updates. Add GitHub Sponsors tiers. Extend README with platform-specific installation instructions.
Changes
Testing