Auto-Update

Signed static update feeds with tauri-plugin-updater and minisign.

Auto-update is flag-gated and on by default. It uses tauri-plugin-updater against a static, minisign-signed feed. The UI never makes a feed failure block startup, and it never downloads or installs without the user's action.

Feed model

The only current channel is latest; the settings type leaves room for a future beta channel. The effective endpoint is:

${UPDATE_SERVER_URL}/${settings.updateChannel}/latest.json

latest.json describes the release version, notes, publication time, and a per-platform URL with its inline minisign signature. Tauri verifies it against the public key in src-tauri/tauri.conf.json; bundle.createUpdaterArtifacts causes release builds to create the required updater artifacts.

The endpoint has three sources, resolved by src-tauri/src/commands/update.rs in this order:

  1. UPDATE_SERVER_URL in the running process environment, when non-empty.
  2. UPDATE_SERVER_URL baked into the binary at compile time.
  3. https://updates.soarstarter.com as the built-in default.

The config file's endpoints entry is the same starter default, but the command builds and passes its selected endpoint to the updater at runtime. Rebrand both the endpoint and the public key before release; otherwise your app is still trusting and querying the starter's feed.

Runtime behavior

UpdateStatus moves through idle, checking, available, downloading, progress, downloaded, and error. Rust emits the typed update-status event to /update, the Updates settings tab, and menu/tray surfaces. The manual sequence is check → download → install; install requests an app restart.

The scheduler in src/lib/updates/scheduler.ts is a separate runtime opt-in: settings.autoUpdate defaults off. When a user turns it on, the first background check waits about 30 seconds after startup and subsequent checks run every six hours. An unreachable or invalid feed becomes an error state; it is not a startup crash.

A flag-enabled updater still needs signed artifacts. Keep TAURI_SIGNING_PRIVATE_KEY (and its password when used) only in release CI. macOS updates also need signed, notarized builds for a smooth install; Windows signing is strongly recommended.

Release flow

Bump and tag the release.

npm version patch
git push --follow-tags

The v* tag triggers .github/workflows/release.yml. tauri-action builds macOS (Apple Silicon and Intel), Linux, and Windows installers; it attaches installers, signatures, and latest.json to a draft GitHub Release.

Publish a feed that matches the configured endpoint. You can copy the generated artifacts and manifest to your static host, or point UPDATE_SERVER_URL at a GitHub Release download base such as https://github.com/<owner>/<repo>/releases/latest/download. The workflow's optional Linux rsync deploy runs only when all UPDATE_DEPLOY_* secrets are present; verify the hosted layout includes latest.json and every URL it references.

Test from an older installed build. On Linux, test the AppImage path; deb and rpm packages are updated outside this updater.

Turn it off

Set VITE_AUTO_UPDATE_ENABLED=false at build time. The /update route, Updates settings tab, and update menu/tray entries are stripped. The scheduler also checks this flag, so it cannot start background checks in that build.

On this page