Auto-Update
Signed static update feeds with tauri-plugin-updater and minisign.
Auto-update is flag-gated and on by default. It uses tauri-plugin-updater
against a static, minisign-signed feed. The UI never makes a feed failure block
startup, and it never downloads or installs without the user's action.
Feed model
The only current channel is latest; the settings type leaves room for a future
beta channel. The effective endpoint is:
${UPDATE_SERVER_URL}/${settings.updateChannel}/latest.jsonlatest.json describes the release version, notes, publication time, and a
per-platform URL with its inline minisign signature. Tauri verifies it against
the public key in src-tauri/tauri.conf.json; bundle.createUpdaterArtifacts
causes release builds to create the required updater artifacts.
The endpoint has three sources, resolved by src-tauri/src/commands/update.rs
in this order:
UPDATE_SERVER_URLin the running process environment, when non-empty.UPDATE_SERVER_URLbaked into the binary at compile time.https://updates.soarstarter.comas the built-in default.
The config file's endpoints entry is the same starter default, but the command
builds and passes its selected endpoint to the updater at runtime. Rebrand both
the endpoint and the public key before release; otherwise your app is still
trusting and querying the starter's feed.
Runtime behavior
UpdateStatus moves through idle, checking, available, downloading,
progress, downloaded, and error. Rust emits the typed update-status
event to /update, the Updates settings tab, and menu/tray surfaces. The
manual sequence is check → download → install; install requests an app restart.
The scheduler in src/lib/updates/scheduler.ts is a separate runtime opt-in:
settings.autoUpdate defaults off. When a user turns it on, the first background
check waits about 30 seconds after startup and subsequent checks run every six
hours. An unreachable or invalid feed becomes an error state; it is not a
startup crash.
A flag-enabled updater still needs signed artifacts. Keep
TAURI_SIGNING_PRIVATE_KEY (and its password when used) only in release CI.
macOS updates also need signed, notarized builds for a smooth install;
Windows signing is strongly recommended.
Release flow
Bump and tag the release.
npm version patch
git push --follow-tagsThe v* tag triggers .github/workflows/release.yml. tauri-action
builds macOS (Apple Silicon and Intel), Linux, and Windows installers;
it attaches installers, signatures, and latest.json to a draft GitHub Release.
Publish a feed that matches the configured endpoint. You can copy the
generated artifacts and manifest to your static host, or point
UPDATE_SERVER_URL at a GitHub Release download base such as
https://github.com/<owner>/<repo>/releases/latest/download. The workflow's
optional Linux rsync deploy runs only when all UPDATE_DEPLOY_* secrets
are present; verify the hosted layout includes latest.json and every URL
it references.
Test from an older installed build. On Linux, test the AppImage path; deb and rpm packages are updated outside this updater.
Turn it off
Set VITE_AUTO_UPDATE_ENABLED=false at build time. The /update route,
Updates settings tab, and update menu/tray entries are stripped. The scheduler
also checks this flag, so it cannot start background checks in that build.
