From cf03c01b75c2acb156148c07b6d1b8a4e1c1f4ec Mon Sep 17 00:00:00 2001 From: lucaronin Date: Thu, 14 May 2026 17:04:36 +0200 Subject: [PATCH] fix: use stock appimage packaging in release --- .github/workflows/release-stable.yml | 4 ---- .github/workflows/release.yml | 4 ---- docs/ABSTRACTIONS.md | 4 ++-- docs/ARCHITECTURE.md | 12 ++++++------ docs/GETTING-STARTED.md | 10 +++------- 5 files changed, 11 insertions(+), 23 deletions(-) diff --git a/.github/workflows/release-stable.yml b/.github/workflows/release-stable.yml index 9f4fd618..22210ce1 100644 --- a/.github/workflows/release-stable.yml +++ b/.github/workflows/release-stable.yml @@ -327,9 +327,6 @@ jobs: run: | rm -rf src-tauri/target/x86_64-unknown-linux-gnu/release/bundle - - name: Prepare AppImage symlink launcher patch - run: node scripts/appimage-launcher-tools.mjs prepare-plugin - - name: Set version run: | VERSION="${{ needs.version.outputs.version }}" @@ -377,7 +374,6 @@ jobs: echo "::error::Linux build produced no updater signature (.sig) artifact." exit 1 fi - node scripts/appimage-launcher-tools.mjs validate-appimages "${appimages[@]}" - name: Upload Linux bundles uses: actions/upload-artifact@v4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b39a89b9..c9dc24c9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -383,9 +383,6 @@ jobs: run: | rm -rf src-tauri/target/x86_64-unknown-linux-gnu/release/bundle - - name: Prepare AppImage symlink launcher patch - run: node scripts/appimage-launcher-tools.mjs prepare-plugin - - name: Set version run: | VERSION="${{ needs.version.outputs.version }}" @@ -433,7 +430,6 @@ jobs: echo "::error::Linux build produced no updater signature (.sig) artifact." exit 1 fi - node scripts/appimage-launcher-tools.mjs validate-appimages "${appimages[@]}" - name: Upload Linux bundles uses: actions/upload-artifact@v4 diff --git a/docs/ABSTRACTIONS.md b/docs/ABSTRACTIONS.md index 29ba24fd..5c4f0700 100644 --- a/docs/ABSTRACTIONS.md +++ b/docs/ABSTRACTIONS.md @@ -906,6 +906,6 @@ Managed by `useSettings` hook and `SettingsPanel` component. `theme_mode` is ins - **`download_and_install_app_update`** — Channel-aware download/install with streamed progress events. ### CI/CD -- **`.github/workflows/release.yml`** — Alpha prereleases from every push to `main` using calendar-semver technical versions (`YYYY.M.D-alpha.N`) and clean `Alpha YYYY.M.D.N` release names. GitHub alpha tags zero-pad the prerelease sequence (`alpha-vYYYY.M.D-alpha.NNNN`) so GitHub release ordering stays chronological while the shipped app version remains `YYYY.M.D-alpha.N`. Publishes `alpha/latest.json` with macOS Apple Silicon/Intel, Linux x64, and Windows x64 updater entries, then refreshes the legacy `latest.json` / `latest-canary.json` aliases to the alpha feed. The Linux job pre-seeds Tauri's AppImage output plugin with `scripts/appimage-launcher-tools.mjs` so linuxdeploy's generated AppRun wrapper follows `$0` before taking `dirname`, then extracts the sealed AppImage launcher to validate symlink-safe direct, absolute-symlink, and relative-symlink launch support. The docs/release Pages job reads the stable manifest from the latest stable release asset instead of copying the live Pages URL, uploads the built site as a Pages artifact, and deploys it with GitHub's official Pages action so the public updater JSON changes as part of the release workflow. macOS release assets use `Tolaria__macOS_Silicon` and `Tolaria__macOS_Intel` base names. Packaged builds pass the computed version as `VITE_SENTRY_RELEASE`, which is retained as a diagnostic build-version tag but not registered as a normal Sentry release for alpha builds. -- **`.github/workflows/release-stable.yml`** — Stable releases from `stable-vYYYY.M.D` tags. Publishes `stable/latest.json`, macOS Apple Silicon and Intel DMG/updater artifacts, Windows x64 installers/updater bundles, Linux x86_64 `.deb` / `.rpm` / AppImage artifacts, and a static public download page that starts the selected installer without replacing the page with a blank download navigation. The Linux job uses the same AppImage symlink-safe launcher patch and sealed-AppImage validation as alpha releases. The Pages job reads the alpha manifest from the latest alpha release asset instead of copying the live Pages URL, uploads the built site as a Pages artifact, and deploys it with GitHub's official Pages action so stable and alpha manifests stay fresh. Stable macOS DMG/updater assets use the same `Tolaria__macOS_Silicon` and `Tolaria__macOS_Intel` base names. Packaged builds pass the computed stable version as `VITE_SENTRY_RELEASE`, which is registered as Sentry's release. +- **`.github/workflows/release.yml`** — Alpha prereleases from every push to `main` using calendar-semver technical versions (`YYYY.M.D-alpha.N`) and clean `Alpha YYYY.M.D.N` release names. GitHub alpha tags zero-pad the prerelease sequence (`alpha-vYYYY.M.D-alpha.NNNN`) so GitHub release ordering stays chronological while the shipped app version remains `YYYY.M.D-alpha.N`. Publishes `alpha/latest.json` with macOS Apple Silicon/Intel, Linux x64, and Windows x64 updater entries, then refreshes the legacy `latest.json` / `latest-canary.json` aliases to the alpha feed. The Linux job uses Tauri's stock linuxdeploy AppImage output plugin and validates that installer and updater-signature artifacts exist before upload. The docs/release Pages job reads the stable manifest from the latest stable release asset instead of copying the live Pages URL, uploads the built site as a Pages artifact, and deploys it with GitHub's official Pages action so the public updater JSON changes as part of the release workflow. macOS release assets use `Tolaria__macOS_Silicon` and `Tolaria__macOS_Intel` base names. Packaged builds pass the computed version as `VITE_SENTRY_RELEASE`, which is retained as a diagnostic build-version tag but not registered as a normal Sentry release for alpha builds. +- **`.github/workflows/release-stable.yml`** — Stable releases from `stable-vYYYY.M.D` tags. Publishes `stable/latest.json`, macOS Apple Silicon and Intel DMG/updater artifacts, Windows x64 installers/updater bundles, Linux x86_64 `.deb` / `.rpm` / AppImage artifacts, and a static public download page that starts the selected installer without replacing the page with a blank download navigation. The Linux job uses the same stock Tauri/linuxdeploy AppImage packaging and artifact validation as alpha releases. The Pages job reads the alpha manifest from the latest alpha release asset instead of copying the live Pages URL, uploads the built site as a Pages artifact, and deploys it with GitHub's official Pages action so stable and alpha manifests stay fresh. Stable macOS DMG/updater assets use the same `Tolaria__macOS_Silicon` and `Tolaria__macOS_Intel` base names. Packaged builds pass the computed stable version as `VITE_SENTRY_RELEASE`, which is registered as Sentry's release. - **Beta cohorts** are handled in PostHog targeting only. There is no beta updater feed. diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md index 180b5087..1d988e3c 100644 --- a/docs/ARCHITECTURE.md +++ b/docs/ARCHITECTURE.md @@ -234,7 +234,7 @@ The main Tauri window also persists its last normal size and screen position in Tauri setup keeps launch-time filesystem and subprocess work off the window creation critical path. Legacy `~/Laputa` housekeeping and the initial persisted-vault MCP bridge sync run on named background threads, so large legacy vaults, stale active-vault paths, or slow process startup cannot beachball the macOS app before React mounts. React still resyncs the bridge from `useVaultSwitcher` after the persisted selection loads, and no selected vault stops the bridge. The HTML bootstrap also installs a Tauri-only one-shot watchdog: React reports readiness from an effect after the root commits, and if that readiness signal never arrives the WebView reloads once instead of leaving macOS users in an inert rendered shell. Linux uses custom React-rendered window chrome instead of the native Tauri menu bar. `setup_linux_window_chrome()` drops server-side decorations on the main window, `openNoteInNewWindow()` does the same for detached note windows, and `LinuxTitlebar`/`LinuxMenuButton` route both window controls and menu actions back through the same shared command pipeline that the desktop native menus use. The native app menu keeps macOS-only Services/Hide entries off Windows and Linux, registers the macOS Window submenu with Tauri's reserved `WINDOW_SUBMENU_ID` so NSApp can add system window-management and window-list items, registers a window-scoped menu event handler on Windows where Tauri delivers menu clicks through the main `WebviewWindow`, and cross-platform custom items such as Check for Updates emit Tolaria command IDs with visible updater feedback. -On Linux, `run()` applies WebKitGTK startup safeguards before Tauri creates the webview. Native Wayland launches and AppImage launches inject `WEBKIT_DISABLE_DMABUF_RENDERER=1` and `WEBKIT_DISABLE_COMPOSITING_MODE=1` independently unless the user already set either variable, covering compositor-specific WebKit crashes without changing native X11 launches. AppImage launches keep the additional AppImage-only safeguards: on Wayland sessions Tolaria re-execs once with the first architecture-matching system `libwayland-client.so` in `LD_PRELOAD` when the user has not provided their own preload. The candidate order prefers Fedora-style `lib64` and Debian-style `x86_64-linux-gnu` paths before generic `/usr/lib`, and the ELF header is checked so a 64-bit Tolaria process does not retry with a 32-bit Wayland client library. Linux release jobs install `fcitx5-frontend-gtk3`, the AppImage output-plugin shim copies the GTK3 fcitx immodule and client library into the AppDir before sealing, and runtime startup writes a mount-path-specific `GTK_IM_MODULE_FILE` cache when fcitx is configured via `GTK_IM_MODULE=fcitx` or common fcitx environment hints. If the user has not already chosen `GTK_IM_MODULE`, Tolaria sets `GTK_IM_MODULE=fcitx` before WebKit starts, so both Wayland and X11 AppImage launches can load the bundled module instead of depending on host GTK module caches. The same AppImage path checks whether `fc-match` resolves the default emoji font to `Noto-COLRv1.ttf`; when the user has not provided `FONTCONFIG_FILE` or `FONTCONFIG_PATH`, Tolaria writes a cache-local fontconfig file that rejects only that matched font file and exports it before WebKit starts. The rendering overrides keep WebViews from blanking or crashing after accelerated compositing/DMA-BUF failures, the re-exec addresses AppImage library-order failures that can surface as `Could not create default EGL display: EGL_BAD_PARAMETER`, the fcitx GTK bundle preserves Chinese/Japanese/Korean IME composition for affected AppImage users, and the fontconfig guard avoids known WebKit crashes in COLRv1 emoji font rendering while leaving other emoji fonts available. +On Linux, `run()` applies WebKitGTK startup safeguards before Tauri creates the webview. Native Wayland launches and AppImage launches inject `WEBKIT_DISABLE_DMABUF_RENDERER=1` and `WEBKIT_DISABLE_COMPOSITING_MODE=1` independently unless the user already set either variable, covering compositor-specific WebKit crashes without changing native X11 launches. AppImage launches keep the additional AppImage-only safeguards: on Wayland sessions Tolaria re-execs once with the first architecture-matching system `libwayland-client.so` in `LD_PRELOAD` when the user has not provided their own preload. The candidate order prefers Fedora-style `lib64` and Debian-style `x86_64-linux-gnu` paths before generic `/usr/lib`, and the ELF header is checked so a 64-bit Tolaria process does not retry with a 32-bit Wayland client library. Runtime startup writes a mount-path-specific `GTK_IM_MODULE_FILE` cache when fcitx is configured via `GTK_IM_MODULE=fcitx` or common fcitx environment hints; release packaging currently uses Tauri's stock linuxdeploy AppImage output plugin instead of Tolaria's experimental output-plugin shim. If the user has not already chosen `GTK_IM_MODULE`, Tolaria sets `GTK_IM_MODULE=fcitx` before WebKit starts. The same AppImage path checks whether `fc-match` resolves the default emoji font to `Noto-COLRv1.ttf`; when the user has not provided `FONTCONFIG_FILE` or `FONTCONFIG_PATH`, Tolaria writes a cache-local fontconfig file that rejects only that matched font file and exports it before WebKit starts. The rendering overrides keep WebViews from blanking or crashing after accelerated compositing/DMA-BUF failures, the re-exec addresses AppImage library-order failures that can surface as `Could not create default EGL display: EGL_BAD_PARAMETER`, and the fontconfig guard avoids known WebKit crashes in COLRv1 emoji font rendering while leaving other emoji fonts available. ## Multi-Window (Note Windows) @@ -926,9 +926,9 @@ push to main → pnpm install, stamp version, tauri build --target x86_64-pc-windows-msvc --bundles nsis → upload NSIS installer, optional MSI artifacts, and signed Windows updater bundles → build-linux job: - → pnpm install, prepare AppImage symlink-safe launcher patch, stamp version + → pnpm install, stamp version → tauri build --target x86_64-unknown-linux-gnu --bundles deb,rpm,appimage - → extract the sealed AppImage AppRun and verify linuxdeploy resolves $0 before dirname + → verify Linux installer and updater-signature artifacts exist → upload .deb, .rpm, .AppImage, and signed Linux updater bundles → release job: → generate alpha-latest.json with darwin-aarch64, darwin-x86_64, Linux, and Windows updater URLs @@ -952,9 +952,9 @@ push stable-vYYYY.M.D tag → pnpm install, stamp version, pnpm build, tauri build --target x86_64-apple-darwin → upload signed Apple Silicon and Intel .app.tar.gz + .sig and .dmg artifacts named Tolaria__macOS_Silicon and Tolaria__macOS_Intel → build-linux job: - → pnpm install, prepare AppImage symlink-safe launcher patch, stamp version + → pnpm install, stamp version → tauri build --target x86_64-unknown-linux-gnu --bundles deb,rpm,appimage - → extract the sealed AppImage AppRun and verify linuxdeploy resolves $0 before dirname + → verify Linux installer and updater-signature artifacts exist → upload .deb, .rpm, .AppImage, and signed Linux updater bundles → build-windows job: → pnpm install, stamp version, tauri build --target x86_64-pc-windows-msvc --bundles nsis @@ -971,7 +971,7 @@ push stable-vYYYY.M.D tag → deploy to gh-pages ``` -Linux AppImage release jobs run `scripts/appimage-launcher-tools.mjs prepare-plugin` before Tauri packaging. The script pre-seeds Tauri's Linux tools cache with a small `linuxdeploy-plugin-appimage` shim. When linuxdeploy is about to seal the AppImage, that shim patches linuxdeploy's generated GTK AppRun wrapper from `dirname "$0"`-then-`readlink -f` to `readlink -f "$0"`-then-`dirname`, preserving direct launches while allowing absolute and relative symlinks such as `/usr/local/bin/tolaria -> Tolaria.AppImage`. The validation step then extracts `AppRun` from every produced AppImage and fails the release if the symlink-safe resolver is missing. +Linux AppImage release jobs use Tauri's stock linuxdeploy AppImage output plugin. `scripts/appimage-launcher-tools.mjs` remains available for local experiments with symlink-safe AppRun patching and fcitx module bundling, but release packaging does not pre-seed that shim because linuxdeploy currently exits before sealing the AppImage when the shim replaces the stock output plugin in Tauri's tools cache. ### Versioning diff --git a/docs/GETTING-STARTED.md b/docs/GETTING-STARTED.md index dfafd95c..edeb5e20 100644 --- a/docs/GETTING-STARTED.md +++ b/docs/GETTING-STARTED.md @@ -47,17 +47,13 @@ If your distribution stores the 64-bit library elsewhere, use that path instead, ### Linux AppImage packaging checks -Linux release CI prepares Tauri's AppImage tools cache before `pnpm tauri build`: +Linux release CI currently uses Tauri's stock linuxdeploy AppImage output plugin: ```bash -node scripts/appimage-launcher-tools.mjs prepare-plugin +pnpm tauri build --target x86_64-unknown-linux-gnu --bundles deb,rpm,appimage ``` -That step patches linuxdeploy's generated GTK `AppRun` wrapper before the AppImage is sealed so direct launches, absolute symlinks, and relative symlinks resolve the real AppRun path before choosing its directory. Linux release jobs also install `fcitx5-frontend-gtk3`; the same AppImage output-plugin wrapper copies the GTK3 fcitx immodule and client library into the AppDir so Chinese/Japanese/Korean input does not depend on host GTK module cache paths. After build, CI extracts every produced AppImage launcher and verifies the symlink-safe resolver plus the bundled fcitx files: - -```bash -node scripts/appimage-launcher-tools.mjs validate-appimages src-tauri/target/x86_64-unknown-linux-gnu/release/bundle/appimage/*.AppImage -``` +Release validation verifies that the Linux job produced an AppImage, at least one installer bundle, and updater signature artifacts. The experimental AppImage output-plugin shim in `scripts/appimage-launcher-tools.mjs` is retained for local investigation, but it is not wired into release packaging because linuxdeploy currently exits before sealing the AppImage when the shim is pre-seeded in Tauri's tools cache. ## Quick Start