Skip to content

oc: add oc update + update-available nag#190

Merged
motatoes merged 1 commit intomainfrom
feat/oc-update
Apr 24, 2026
Merged

oc: add oc update + update-available nag#190
motatoes merged 1 commit intomainfrom
feat/oc-update

Conversation

@motatoes
Copy link
Copy Markdown
Contributor

@motatoes motatoes commented Apr 24, 2026

Summary

Two CLI self-maintenance pieces.

1. oc update

Fetches the latest release from GitHub (diggerhq/opencomputer), picks the asset matching runtime.GOOS/GOARCH (oc-linux-amd64, oc-darwin-arm64, etc.), verifies its SHA256 against the release's checksums.txt, and atomically replaces the running binary via rename(2).

Flags:

  • --check — report whether an update is available, don't install
  • --yes — skip the confirmation prompt

Behavior:

  • Refuses to self-update a dev build (Version == "dev") — you'd overwrite your local dev binary with a published release, which is rarely what you want.
  • Clear error when the binary path isn't user-writable ("no write access to /usr/local/bin (re-run with sudo …)"); otherwise it would fail cryptically at rename time.
  • Uses os.WriteFile to a sibling .new path + os.Rename, so there's no window where the binary is half-written.

2. Background update-check

New PersistentPostRun hook that prints a one-line nag to stderr when a newer release is available:

A new oc release is available: v0.5.0.72 (current: v0.5.0.67). Run \`oc update\` to install. Disable this check with OC_NO_UPDATE_CHECK=1.

Rules:

  • Checks at most once per 24h. Result cached in $XDG_CACHE_HOME/opencomputer/update-check.json.
  • 2s network timeout — a slow or blocked GitHub API never slows down the CLI.
  • Silent on dev builds, non-TTY stderr (so CI/pipelines stay clean), and when OC_NO_UPDATE_CHECK=1.
  • Skipped for oc update, oc help, and shell-completion scaffolding.
  • Any error (network, parse, cache read/write) is swallowed — version checking must never surface failures to the user.

No server changes

The release pipeline (.github/workflows/release-cli.yml) already publishes oc-<os>-<arch> binaries + checksums.txt on every push to main. This PR is a pure client against that existing surface.

Test plan

  • oc update --check on a dev build → prints current/latest, "dev build — skipping update"
  • oc update --check on a build older than latest → prints "update available: run `oc update`..."
  • oc update --check on a build equal to latest → prints "already up to date"
  • oc update --yes on an older build → downloads, verifies SHA, replaces; oc --version reports the new version
  • oc update without --yes → prompts; empty input or "y" proceeds, anything else aborts
  • oc update on a read-only binary (e.g. system /usr/local/bin without sudo) → clear permission error, no partial write
  • oc sandbox ls in a real terminal with an older version → nag line appears on stderr once
  • oc sandbox ls 2>/dev/null → nag suppressed (non-TTY stderr)
  • OC_NO_UPDATE_CHECK=1 oc sandbox ls → nag suppressed
  • Second oc sandbox ls within 24h → uses cached check (no network call)
  • Run with network disabled → nag silent, no error surfaced

🤖 Generated with Claude Code

@motatoes @claude
oc: add oc update + opportunistic update-check nag
7c343a5 
Ships two pieces:

1. `oc update` — fetches the latest GitHub release (oc-<goos>-<goarch>
   asset), verifies its SHA256 against checksums.txt, and atomically
   replaces the running binary via rename(2). Flags:
     --check    report whether an update is available, don't install
     --yes      skip the confirmation prompt
   Refuses to self-update dev builds. Gives a clear error when the
   binary path isn't user-writable.

2. A background update-check hook in PersistentPostRun: once every 24h
   (cached to $XDG_CACHE_HOME/opencomputer/update-check.json), prints a
   one-line nag to stderr when a newer release is available. Silent for
   dev builds, non-TTY stderr, and when OC_NO_UPDATE_CHECK=1; skipped
   for `oc update`, `oc help`, and shell-completion scaffolding. 2s
   network timeout so a slow/blocked GitHub API never slows down the
   CLI.

No server changes. Release pipeline already produces the assets this
consumes (.github/workflows/release-cli.yml publishes oc-<os>-<arch>
binaries + checksums.txt on every push to main).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 24, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
opensandbox Ready Ready Preview, Comment Apr 24, 2026 10:58pm

Request Review

breardon2011
breardon2011 approved these changes Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@breardon2011 breardon2011 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approve

@motatoes motatoes merged commit 58807a6 into main Apr 24, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@breardon2011 breardon2011 breardon2011 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@motatoes @breardon2011