chore: appcast generation

deansheather · deansheather · commit 26706bb9fb03 · 2025-06-05T21:04:12.000+10:00
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -68,6 +68,9 @@ jobs:
         service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
         token_format: "access_token"
 
+    - name: Install gcloud
+      uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # 2.1.4
+
     - name: Install wix
       shell: pwsh
       run: |
@@ -120,6 +123,43 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+    - name: Update appcast
+      if: startsWith(github.ref, 'refs/tags/')
+      shell: pwsh
+        $ErrorActionPreference = "Stop"
+
+        $keyPath = Join-Path $env:TEMP "appcast-key.pem"
+        $key = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($env:APPCAST_SIGNATURE_KEY_BASE64))
+        Set-Content -Path $keyPath -Value $key
+
+        $oldAppCastPath = Join-Path $env:TEMP "appcast.old.xml"
+        & gsutil cp $env:APPCAST_GCS_URI $oldAppCastPath
+        if ($LASTEXITCODE -ne 0) { throw "Failed to download appcast" }
+
+        $newAppCastPath = Join-Path $env:TEMP "appcast.new.xml"
+        $newAppCastSignaturePath = $newAppCastPath + ".signature"
+        & ./scripts/Update-AppCast.ps1 `
+          -tag "${{ github.ref_name }}" `
+          -version "${{ steps.version.outputs.VERSION }}" `
+          -channel stable `
+          -x64Path "${{ steps.release.outputs.X64_OUTPUT_PATH }}" `
+          -arm64Path "${{ steps.release.outputs.ARM64_OUTPUT_PATH }}" `
+          -keyPath $keyPath `
+          -inputAppCastPath $oldAppCastPath `
+          -outputAppCastPath $newAppCastPath `
+          -outputAppCastSignaturePath $newAppCastSignaturePath
+        if ($LASTEXITCODE -ne 0) { throw "Failed to generate new appcast" }
+
+        & gsutil cp $newAppCastPath $env:APPCAST_GCS_URI
+        if ($LASTEXITCODE -ne 0) { throw "Failed to upload new appcast" }
+        & gsutil cp $newAppCastSignaturePath $env:APPCAST_SIGNATURE_GCS_URI
+        if ($LASTEXITCODE -ne 0) { throw "Failed to upload new appcast signature" }
+      env:
+        APPCAST_GCS_URI: gs://releases.coder.com/coder-desktop/windows/appcast.xml
+        APPCAST_SIGNATURE_GCS_URI: gs://releases.coder.com/coder-desktop/windows/appcast.xml.signature
+        APPCAST_SIGNATURE_KEY_BASE64: ${{ secrets.APPCAST_SIGNATURE_KEY_BASE64 }}
+        GCLOUD_ACCESS_TOKEN: ${{ steps.gcloud_auth.outputs.access_token }}
+
   winget:
     runs-on: depot-windows-latest
     needs: release
@@ -177,7 +217,6 @@ jobs:
           # to GitHub and then making a PR in a different repo.
           WINGET_GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }}
 
-
       - name: Comment on PR
         run: |
           # wait 30 seconds
diff --git a/.gitignore b/.gitignore
@@ -411,3 +411,12 @@ publish
 *.wixmdb
 *.wixprj
 *.wixproj
+
+appcast.xml
+appcast.xml.signature
+*.key
+*.key.*
+*.pem
+*.pem.*
+*.pub
+*.pub.*
diff --git a/App/Assets/changelog.css b/App/Assets/changelog.css
@@ -6,6 +6,8 @@
 
     Changes:
       - Removed @media queries in favor of requiring `[data-theme]` attributes
+        on the body themselves
+      - Overrides `--bgColor-default` to transparent
 */
 
 .markdown-body {
@@ -19,8 +21,10 @@
   --base-text-weight-semibold: 600;
   --fontStack-monospace: ui-monospace, SFMono-Regular, SF Mono, Menlo, Consolas, Liberation Mono, monospace;
   --fgColor-accent: Highlight;
+
+  --bgColor-default: transparent !important;
 }
-.markdown-body[data-theme="dark"] {
+body[data-theme="dark"] .markdown-body {
   /* dark */
   color-scheme: dark;
   --focus-outlineColor: #1f6feb;
@@ -74,7 +78,7 @@
   --color-prettylights-syntax-meta-diff-range: #d2a8ff;
   --color-prettylights-syntax-sublimelinter-gutter-mark: #3d444d;
 }
-.markdown-body[data-theme="light"] {
+body[data-theme=""] .markdown-body {
   /* light */
   color-scheme: light;
   --focus-outlineColor: #0969da;
diff --git a/App/Services/UpdateController.cs b/App/Services/UpdateController.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
+using System.Runtime.InteropServices;
 using System.Threading;
 using System.Threading.Tasks;
 using Coder.Desktop.App.ViewModels;
@@ -43,7 +44,7 @@ public class UpdaterConfig
     public bool EnableUpdater { get; set; } = true;
     //[Required] public string UpdateAppCastUrl { get; set; } = "https://releases.coder.com/coder-desktop/windows/appcast.xml";
     [Required] public string UpdateAppCastUrl { get; set; } = "http://localhost:8000/appcast.xml";
-    [Required] public string UpdatePublicKeyBase64 { get; set; } = "Uxc0ir6j3GMhkL5D1O/W3lsD4BNk5puwM9hohNfm32k=";
+    [Required] public string UpdatePublicKeyBase64 { get; set; } = "NNWN4c+3PmMuAf2G1ERLlu0EwhzHfSiUugOt120hrH8=";
     public UpdateChannel? ForcedUpdateChannel { get; set; } = null;
 }
 
@@ -83,8 +84,7 @@ public SparkleUpdateController(ILogger<SparkleUpdateController> logger, IOptions
         // Swift's Sparkle does not support verifying app cast signatures yet,
         // but we use this functionality on Windows for added security against
         // malicious release notes.
-        // TODO: REENABLE STRICT CHECKING
-        var checker = new Ed25519Checker(SecurityMode.Unsafe,
+        var checker = new Ed25519Checker(SecurityMode.Strict,
             publicKey: _config.UpdatePublicKeyBase64,
             readFileBeingVerifiedInChunks: true);
 
@@ -93,7 +93,7 @@ public SparkleUpdateController(ILogger<SparkleUpdateController> logger, IOptions
             // TODO: custom Configuration for persistence, could just specify
             //       our own save path with JSONConfiguration TBH
             LogWriter = new CoderSparkleLogger(logger),
-            AppCastHelper = new CoderSparkleAppCastHelper(logger, _config.ForcedUpdateChannel),
+            AppCastHelper = new CoderSparkleAppCastHelper(_config.ForcedUpdateChannel),
             UIFactory = uiFactory,
             UseNotificationToast = uiFactory.CanShowToastMessages(),
             RelaunchAfterUpdate = true,
@@ -103,7 +103,7 @@ public SparkleUpdateController(ILogger<SparkleUpdateController> logger, IOptions
 
         // TODO: user preference for automatic checking. Remember to
         //       StopLoop/StartLoop if it changes.
-#if !DEBUG || true
+#if !DEBUG
         _ = _sparkle.StartLoop(true, UpdateCheckInterval);
 #endif
     }
@@ -157,22 +157,20 @@ public void PrintMessage(string message, params object[]? arguments)
     }
 }
 
-public class CoderSparkleAppCastHelper : AppCastHelper
+public class CoderSparkleAppCastHelper(UpdateChannel? forcedChannel) : AppCastHelper
 {
-    private readonly UpdateChannel? _forcedChannel;
-
-    public CoderSparkleAppCastHelper(ILogger<SparkleUpdateController> logger, UpdateChannel? forcedChannel) : base()
-    {
-        _forcedChannel = forcedChannel;
-    }
+    // This might return some other OS if the user compiled the app for some
+    // different arch, but the end result is the same: no updates will be found
+    // for that arch.
+    private static string CurrentOperatingSystem => $"win-{RuntimeInformation.ProcessArchitecture.ToString().ToLowerInvariant()}";
 
     public override List<AppCastItem> FilterUpdates(List<AppCastItem> items)
     {
         items = base.FilterUpdates(items);
 
-        // TODO: factor in user choice too once we have a settings page
-        var channel = _forcedChannel ?? UpdateChannel.Stable;
-        return items.FindAll(i => i.Channel != null && i.Channel == channel.ChannelName());
+        // TODO: factor in user channel choice too once we have a settings page
+        var channel = forcedChannel ?? UpdateChannel.Stable;
+        return items.FindAll(i => i.Channel == channel.ChannelName() && i.OperatingSystem == CurrentOperatingSystem);
     }
 }
 
diff --git a/App/ViewModels/UpdaterUpdateAvailableViewModel.cs b/App/ViewModels/UpdaterUpdateAvailableViewModel.cs
@@ -189,7 +189,6 @@ public async Task Changelog_Loaded(object sender, RoutedEventArgs e)
         settings.IsStatusBarEnabled = false;
 
         // Hijack navigation to prevent links opening in the web view.
-        // TODO: block new windows as well
         webView.CoreWebView2.NavigationStarting += (_, e) =>
         {
             // webView.NavigateToString uses data URIs, so allow those to work.
@@ -203,6 +202,14 @@ public async Task Changelog_Loaded(object sender, RoutedEventArgs e)
             if (Uri.TryCreate(e.Uri, UriKind.Absolute, out var uri) && uri is { Scheme: "http" or "https" })
                 Process.Start(new ProcessStartInfo(e.Uri) { UseShellExecute = true });
         };
+        webView.CoreWebView2.NewWindowRequested += (_, e) =>
+        {
+            // Prevent new windows from being launched (e.g. target="_blank").
+            e.Handled = true;
+            // Launch HTTP or HTTPS URLs in the default browser.
+            if (Uri.TryCreate(e.Uri, UriKind.Absolute, out var uri) && uri is { Scheme: "http" or "https" })
+                Process.Start(new ProcessStartInfo(e.Uri) { UseShellExecute = true });
+        };
 
         var html = await ChangelogHtml(CurrentItem);
         webView.NavigateToString(html);
diff --git a/scripts/Create-AppCastSigningKey.ps1 b/scripts/Create-AppCastSigningKey.ps1
@@ -0,0 +1,27 @@
+# This is mostly just here for reference.
+#
+# Usage: Create-AppCastSigningKey.ps1 -outputKeyPath <path>
+param (
+    [Parameter(Mandatory = $true)]
+    [string] $outputKeyPath
+)
+
+$ErrorActionPreference = "Stop"
+
+& openssl.exe genpkey -algorithm ed25519 -out $outputKeyPath
+if ($LASTEXITCODE -ne 0) { throw "Failed to generate ED25519 private key" }
+
+# Export the public key in DER format
+$pubKeyDerPath = "$outputKeyPath.pub.der"
+& openssl.exe pkey -in $outputKeyPath -pubout -outform DER -out $pubKeyDerPath
+if ($LASTEXITCODE -ne 0) { throw "Failed to export ED25519 public key" }
+
+# Remove the DER header to get the actual key bytes
+$pubBytes = [System.IO.File]::ReadAllBytes($pubKeyDerPath)[-32..-1]
+Remove-Item $pubKeyDerPath
+
+# Base64 encode and print
+Write-Output "NetSparkle formatted public key:"
+Write-Output ([Convert]::ToBase64String($pubBytes))
+Write-Output ""
+Write-Output "Private key written to $outputKeyPath"
diff --git a/scripts/Get-Mutagen.ps1 b/scripts/Get-Mutagen.ps1
@@ -5,6 +5,8 @@ param (
     [string] $arch
 )
 
+$ErrorActionPreference = "Stop"
+
 function Download-File([string] $url, [string] $outputPath, [string] $etagFile) {
     Write-Host "Downloading '$url' to '$outputPath'"
     # We use `curl.exe` here because `Invoke-WebRequest` is notoriously slow.
diff --git a/scripts/Get-WindowsAppSdk.ps1 b/scripts/Get-WindowsAppSdk.ps1
@@ -5,6 +5,8 @@ param (
     [string] $arch
 )
 
+$ErrorActionPreference = "Stop"
+
 function Download-File([string] $url, [string] $outputPath, [string] $etagFile) {
     Write-Host "Downloading '$url' to '$outputPath'"
     # We use `curl.exe` here because `Invoke-WebRequest` is notoriously slow.
diff --git a/scripts/Update-AppCast.ps1 b/scripts/Update-AppCast.ps1

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,8 @@ param (`
`5`	`5`	`[string] $arch`
`6`	`6`	`)`
`7`	`7`
	`8`	`+$ErrorActionPreference = "Stop"`
	`9`	`+`
`8`	`10`	`function Download-File([string] $url, [string] $outputPath, [string] $etagFile) {`
`9`	`11`	`Write-Host "Downloading '$url' to '$outputPath'"`
`10`	`12`	# We use `curl.exe` here because `Invoke-WebRequest` is notoriously slow.