Alternative app installation locations for dev versions #4385
Conversation
There was a problem hiding this comment.
I'd like to point out that, in the 91 days since we started using our current code signing certificate, we've consumed 51 out of 1,000 allotted yearly signatures. That averages out to about 0.54 signatures per day. Our DigiCert signatures pack lasts for 362 days (not a full year, oddly enough), which means we can use up to 2.76 signatures per day without incurring extra costs, which is roughly five times our current usage rate.
While this definitely gives us some breathing room and may seem like a lot at a first glance, we should still be cautious on how we approach scaling signing operations. At the moment, we have around 40 active feature branches, each branch would generate a build whenever changes are pushed, and it's reasonable to expect that some branches will see multiple pushes per day. Left unchecked, this could lead to hundreds of dollars in unplanned extra signatures pack acquisition costs and/or potentially a degraded signing process or reduced end-user security experience, if as a consequence binaries end up not being signed for some days while the situation is resolved.
To avoid the headache-inducing situation outlined above, I suggest adjusting the workflow so binaries for Windows aren't signed for feature branches, or at least restrict signing to branches whose name signals that they contain changes relevant to the app that are worth signing. (Alternatively, we could plan for buying extended signature packs anyway, but I'm honestly not too keen on giving certificate authorities that much amount of money for a "seal of approval" stamp that the technically-inclined, sort of insider users of these CI builds will have other means of achieving anyway.)
(As far as I know, macOS binaries are not affected by the situation described above, so we can sign however frequently we want, within the realm of reasonable use.)
|
Good shout, I think I'll just outright disable Windows signing for branches that aren't main and only trigger the app build workflow on |
* fix(app): properly show all versions and notify loaders * fix lint
…#4396) * fix: hide versions checkbox depending on what game versions are avail * refactor: use set instead of map
* feat: temporary tax compliance impl * fix: lint & intl * Update banner, reload page on submit, and fix withdraw button disabled state --------- Co-authored-by: Prospector <6166773+Prospector@users.noreply.github.com>
* feat: subscription tax change email * feat: wording * feat: subscription id var for support & finalize tax change email script
* Allow users to manage their own affiliate codes * Add a badge to restrict access to affiliate codes * sqlx prepare and clippy
* don't parse datetime * fix import * update comments
* Only update the PaymentMethod ID if not using placeholder ID * comment * Create Anrok transactions for all charges * Fix comment * Prefer using payment method's address rather than customer address * chore: query cache, clippy, fmt
…reation (#4426) * chore(labrinth): set `DELPHI_URL` to a valid default in `.env.local` * feat(labrinth): make orgs not publicly visible until they meet some conditions * Revert "Org disabled frontend (#4424)" This reverts commit 2492b11. * changelog: update for re-enabling organization creation * chore: run `sqlx prepare` * chore(labrinth): tweak tests to work with new org changes * tweak: apply @triphora's suggestion Co-authored-by: Emma Alexia <emma@modrinth.com> Signed-off-by: Alejandro González <7822554+AlexTMjugador@users.noreply.github.com> * tweak: document `is_visible_organization` relationship with `Project#is_searchable` --------- Signed-off-by: Alejandro González <7822554+AlexTMjugador@users.noreply.github.com> Co-authored-by: Emma Alexia <emma@modrinth.com>
* Only update the PaymentMethod ID if not using placeholder ID * comment * Create Anrok transactions for all charges * Fix comment * Prefer using payment method's address rather than customer address * chore: query cache, clippy, fmt * Retrieve stripe address from PM * chore: query cache, clippy, fmt * fmt * bring back the query cache
* implement backend limits on project creation * implement collection, org creation hard caps * Fix limit api * Fix clippy * Fix limits * Update sqlx queries * Address PR comments on user limit structure * sqlx prepare and clippy * fix test maybe
* draft: layout for alert * feat: simplify * feat: remove dummy data * fix: lint and widths * feat: use chips rather than dropdown select * feat: remove gap from admonition header v body * Revert "feat: remove gap from admonition header v body" This reverts commit 46cce52. * fix: niche fixes * feat: update for new backend structure * fix: i18n
* Only update the PaymentMethod ID if not using placeholder ID * comment * Create Anrok transactions for all charges * Fix comment * Prefer using payment method's address rather than customer address * chore: query cache, clippy, fmt * Retrieve stripe address from PM * chore: query cache, clippy, fmt * fmt * bring back the query cache * Better address retrieval for updating tax amounts, always update tax_last_updated * chore: query cache, clippy, fmt * Don't set PM in ctoken interactive session for new PIs
* Make theseus capable of logging messages from the `log` crate * Move update checking entirely into JS and open a modal if an update is available * Fix formatjs on Windows and run formatjs * Add in the buttons and body * Fix lint * Show update size in modal * Fix update not being rechecked if the update modal was directly dismissed * Slight UI tweaks * Fix lint * Implement skipping the update * Implement the Update Now button * Implement updating at next exit * Turn download progress into an error bar on failure * Restore 5 minute update check instead of 30 seconds * Fix PendingUpdateData being seen as a unit struct * Fix lint * Make CI also lint updater code * feat: create AppearingProgressBar component * feat: polish update available modal * feat: add error handling * Open changelog with tauri-plugin-opener * Run intl:extract * Update completion toasts (#3978) * Use single LAUNCHER_USER_AGENT constant for all user agents * Fix build on Mac * Request the update size with HEAD instead of GET * UI tweaks * lint * Fix lint * fix: hide modal header & add "Hide update reminder" button w/ tooltip * Run intl:extract * fix: lint issues * fix: merge issues * notifications.js no longer exists * Add metered network checking * Add a timeout to macOS is_network_metered * Fix tauri.conf.json * vibe debugging * Set a dispatch queue * Have a popup that asks you if you'd like to disable automatic file downloads if you're on a metered network * Move UpdateModal to modal package * Fix lint * Add a toggle for automatic downloads * Fix type Co-authored-by: Alejandro González <7822554+AlexTMjugador@users.noreply.github.com> Signed-off-by: Josiah Glosson <soujournme@gmail.com> * Redo updating UI and experience * lint * fix unlistener issue * remove unneeded translation keys * Fix expose issue * temp disable cranelift, tweak some messages * change version back * Clean up App.vue * move toast to top right * update reload icon * Fixed the bug!!!!!!!!!!!! * improve messages * intl:extract * Add liquid glass icon file * not you! * use dependency injection * lint on apple icon * Fix imports, move download size to button * change update check back to 5 mins * lint + move to providers * intl:extract --------- Signed-off-by: Cal H. <hendersoncal117@gmail.com> Signed-off-by: Josiah Glosson <soujournme@gmail.com> Co-authored-by: Calum <calum@modrinth.com> Co-authored-by: Prospector <prospectordev@gmail.com> Co-authored-by: Cal H. <hendersoncal117@gmail.com> Co-authored-by: Prospector <6166773+Prospector@users.noreply.github.com> Co-authored-by: Alejandro González <7822554+AlexTMjugador@users.noreply.github.com>
`cargo sqlx prepare` should be run in the directory of the crate that contains the database queries instead, as that's what we're documenting and have standarized on.
* adjustments * chore: query cache, clippy, fmt
This is a follow-up to PR #4426. I initially didn't consider the organizations an user belongs to as worth hiding, but given that user profiles can be public, I suppose there technically is a way to exploit them for SEO abuse. Overall, it also seems more consistent to hide them here too.
…#4446) * Skip succeeded txns with no payment platform ID * chore: query cache, clippy, fmt
* chore(package): replace motd parser package with maintained version Signed-off-by: Kevin Zheng <dev@sfirew.com> * changelog * fix import --------- Signed-off-by: Kevin Zheng <dev@sfirew.com> Co-authored-by: Prospector <6166773+Prospector@users.noreply.github.com>
* Add blog post * Add 451 handling * lint
Co-authored-by: Alejandro González <7822554+AlexTMjugador@users.noreply.github.com> Signed-off-by: François-Xavier Talbot <108630700+fetchfern@users.noreply.github.com>
This modifies CI to always build the app, using a generated
tauri-dev.conf.jsonwhen building from feature branches with a different identifier and product name containing the git hash.This also modifies the app backend's logic finding the root configuration directory: it uses
identifierfromtauri::Configinstead of hardcodingModrinthApp. The logic is kind of ugly—I'm not super familiar with development of the app so open to suggestions on improving it.As a result, CI on feature branches outputs app installers which install the app completely isolated from the normal app, using a different configuration directory and identifier. This is useful for non-technical peeps trying to test out development versions of the app, so they don't need to build it themselves.
Doesn't work on Windows currentlybuilds now but I can't test, but works on Linux and works+tested on MacOS.Since this leads to a lot of extra CI runs, it may be best to only run app builds on
workflow_dispatch? MacOS runners especially are costly.