melonDS icon indicating copy to clipboard operation
melonDS copied to clipboard

Published 20 hours ago verified publisher icon melonDS-emu

Create a melonDS Updater

Open RayyanAnsari opened this issue 4 years ago • 10 comments

This adds support for downloading the latest melonDS.

  • It uses the GitHub Artifacts API to get the latest release for the current platform. If it is newer than the current version, it downloads the latest release. It uses Qt's Network module and it's JSON support.

To-do list

  • [x] Get the GitHub access token from users
  • [x] Add Azure Pipelines support
  • [x] Figure out a way to get the current artifact version - maybe use commit hash?
  • [x] Add support for getting stable updates.

RayyanAnsari avatar Aug 25 '20 15:08 RayyanAnsari

Get the GitHub access token from users

It should be seamless IMO. If GitHub can't offer that then better host the current version + release packages on the official site.

rzumer avatar Aug 25 '20 16:08 rzumer

Found a way to get commit messages and other info, and make sure that the build is from this repository, not any forks. Will do this tomorrow.

  • cURL https://api.github.com/repos/Arisotura/melonDS/actions/runs (Workflows API)
  • Parse it
  • Interate over json[workflow_runs]
  • see if obj[head_repositry][name] is Arisotura/melonDS if not, skip.
  • cURL obj[artifacts_url], parse, and see if name is current platform. If not, skip.
  • If name is current platform, get obj[head_commit][message]. This is the commit message.
  • Now prompt user to update, if yes, use the old obj[artifacts_url] and cURL the file.

Note: outdated, GitHub has API parameters.

RayyanAnsari avatar Aug 26 '20 20:08 RayyanAnsari

I have two main concerns over this:

  1. make it optional and opt-in. I abhor forced updates.
  2. there is a security concern with this, we need to ensure it's not possible for an attacker to feed bogus binaries through the updater.

Arisotura avatar Aug 01 '21 19:08 Arisotura

I have two main concerns over this:

1. make it optional and opt-in. I abhor forced updates.

2. there is a security concern with this, we need to ensure it's not possible for an attacker to feed bogus binaries through the updater.

It only checks for updates when the menu item is clicked. It downloads the melonDS.zip for the user to extract later. Currently this only downloads from GitHub Actions, but I will add stable releases and Azure soon.

RayyanAnsari avatar Aug 01 '21 19:08 RayyanAnsari

~~only thing that's needed now is to get the current commit. perhaps #1117 could be useful.~~ done.

RayyanAnsari avatar Aug 07 '21 13:08 RayyanAnsari

As an average user, I am not really a fan of this PR in its current state. Here's a comparison with Dolphin's updater from a user perspective, in order to update to the latest dev version:

Dolphin

  1. After opening Dophin, the below window pops up: image

  2. The user clicks the "Install update" button and after that the updater does everything it is needed (downloads the latest dev version, extracts and replaces the old files and launches Dolphin again).

So, it is just one click.

MelonDS

  1. After opening MelonDS, the user navigates to About>Update Channel and select "Development".

  2. About>Check for updates, the below window pops up: image

  3. The average user won't know what this means. So the user either gives up or googles it (I googled). So, to create the token you need a Github account (the average user won't have one), then go to Github Settings>Developer settings>Personal access tokens>Generate new token, then give a name, then change the expiration to "no date" (so it will not expire in the future), then select the "public_repo" scope, then "Generate token" and finally copy the token to the updater.

  4. After all that, the below window pops up: image Click "Yes" image

  5. So now in the melonDS directory there are these: image The user needs to extract the exe from the zip and replace the old one. Finally, we made it!

PS: Do you want to update melonDS again in the future? You should have kept the token! MelonDS does not save it and github only shows it once when you generate it. So If you didn't kept it, you must generate a new one.

TLDR: It is easier to just download from Github the latest dev version than using the updater. The user should be able to update with just a few clicks, not creating accounts, generating tokens and extracting zips.

I really hope I am not being too harsh on this, I am just trying to help :)

KostaSaizo7 avatar Aug 25 '21 07:08 KostaSaizo7

PS: Do you want to update melonDS again in the future? You should have kept the token! MelonDS does not save it and github only shows it once when you generate it. So If you didn't kept it, you must generate a new one.

I was planning on adding that, but I have been busy the past few days.

RayyanAnsari avatar Aug 25 '21 10:08 RayyanAnsari

Error when trying to update to stable image It creates a 0kb melonDS_0.9.3_win64.7z file in the directory

KostaSaizo7 avatar Sep 02 '21 04:09 KostaSaizo7

Arisotura changed the naming scheme.

RayyanAnsari avatar Sep 02 '21 09:09 RayyanAnsari

nightly.link would bypass the need for a token

RainbowTabitha avatar Nov 08 '22 02:11 RainbowTabitha