Skip to content

Make selfupdate avoid GitHub API rate limits #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
wesm merged 8 commits into from
Jun 16, 2026
Merged

Make selfupdate avoid GitHub API rate limits #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
e2f7ed4
Make selfupdate avoid GitHub API rate limits
wesm Jun 15, 2026
3c90f8b
Fix selfupdate conventional release fallbacks
mariusvniekerk Jun 15, 2026
8f88957
Recover API checksums for web-discovered releases
mariusvniekerk Jun 15, 2026
74a6160
Require HTTPS for unsigned manifest updates
mariusvniekerk Jun 15, 2026
3da24ea
Block HTTP downgrades in selfupdate metadata fetches
mariusvniekerk Jun 15, 2026
36ea614
Enforce HTTPS for all unsigned selfupdate fetches
mariusvniekerk Jun 15, 2026
023c726
Close unsigned selfupdate redirect gaps
mariusvniekerk Jun 15, 2026
dc42b1c
Harden manifest and checksum fallback fetches
mariusvniekerk Jun 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions selfupdate/MIGRATION.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ client := selfupdate.Client{
BinaryName: "agentsview", // or "msgvault"
CurrentVersion: version,
CacheDir: appCacheDir,
GitHubToken: selfupdate.EnvironmentGitHubToken(), // optional API fallback auth
AllowUnsignedChecksums: true, // current CLI releases publish SHA256SUMS only
}
```
Expand All @@ -27,6 +28,50 @@ Use `client.Install(ctx, info, selfupdate.InstallOptions{Progress: progress})`
where the current command calls `PerformUpdate`. CLI output, config loading,
confirmation prompts, and command wiring should stay in the application.

## Release Discovery

By default, `Check` avoids unauthenticated `api.github.com` release discovery.
It follows `https://github.com/<owner>/<repo>/releases/latest` to the release
tag, constructs the conventional archive URL, and reads `SHA256SUMS` from the
release downloads. If that web path fails, it falls back to the GitHub REST API.
Set `GitHubToken` to authenticate only the API fallback request; kit never sends
that token to release asset or checksum download URLs.

Set `ReleaseManifestURL` when a project publishes a static latest-release JSON
document, such as from a docs site or CDN. The smallest useful manifest only
needs the current release tag:

```json
{
"tag_name": "v1.2.3"
}
```

With only a tag, kit uses the same conventional release asset and `SHA256SUMS`
URLs as web redirect discovery. Projects with custom asset URLs can instead
publish the same compact shape as the GitHub release fields kit consumes:

```json
{
"tag_name": "v1.2.3",
"assets": [
{
"name": "agentsview_1.2.3_darwin_arm64.tar.gz",
"size": 123456,
"browser_download_url": "https://github.com/kenn-io/agentsview/releases/download/v1.2.3/agentsview_1.2.3_darwin_arm64.tar.gz"
},
{
"name": "SHA256SUMS",
"browser_download_url": "https://github.com/kenn-io/agentsview/releases/download/v1.2.3/SHA256SUMS"
}
]
}
```

When `ReleaseManifestURL` is set, kit uses it directly instead of probing
GitHub's web or API endpoints. `GitHubWebBaseURL` and `GitHubAPIBaseURL` remain
available for tests and GitHub Enterprise installs.

Install verification fails closed by default and requires signed update
metadata. The current agentsview and msgvault CLI release workflows publish
archives plus `SHA256SUMS`, but not CLI update signatures or embedded public
Expand Down
Loading