feat: add version check notifications and self-update command#6
Merged
feat: add version check notifications and self-update command#6
Conversation
- Add HTTP status check in fetchLatestVersion (CRITICAL-1) - Add 1MB response limit on GitHub API body (IMPORTANT-2) - Add 100MB limit on httpGet for archive downloads (CRITICAL-2) - Add 200MB limit on tar/zip extraction to prevent decompression bombs (CRITICAL-3) - Skip version check notification when running 'update' command (IMPORTANT-5) - Guard .bak cleanup to Windows only (IMPORTANT-6) - Compute checksum in memory instead of temp file (MINOR-3)
Return a RefreshDone channel from CheckForUpdate so callers can wait for the goroutine. PostRunE blocks on it to guarantee the cache is populated for the next run.
…lans documentation
…n handling - Changed LoadGlobal to return *GlobalConfig directly instead of (*GlobalConfig, error). - Updated NewRootCmd to use cobra.OnFinalize for update notification, ensuring it runs even on errors. - Removed PersistentPostRunE in favor of the new finalizer approach for better cleanup. - Enhanced error handling in update checks and cache refresh logic.
- Added support for release signing with minisign, enhancing security during self-update. - Updated .goreleaser.yml to include signing configuration for checksums. - Modified self-update logic to verify checksums.txt signatures before proceeding with updates. - Enhanced documentation to reflect the new release signing feature and its implications for self-update.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds automatic version check notifications and a
contextception updateself-update command.Version Check:
--no-update-checkflag,CONTEXTCEPTION_NO_UPDATE_CHECK=1env var, or global configSelf-Update (
contextception update):Global Config:
os.UserConfigDir()/contextception/config.yamlTest Coverage
28 tests across 4 test files:
internal/config/global_test.go(4 tests): config loading, defaults, malformed YAMLinternal/update/check_test.go(13 tests): semver comparison, cache, GitHub API mock, notification suppressioninternal/update/selfupdate_test.go(10 tests): install detection, checksum, archive extraction, full self-update mockinternal/update/integration_test.go(1 test): full multi-run flowAll paths covered. Coverage gate: PASS.
Pre-Landing Review
2 informational issues found, both auto-fixed:
SelfUpdateentry pointtime.Sleepwith channel-based synchronization)Test plan
-race(23 packages, 0 failures)go vetcleangolangci-lint0 issues🤖 Generated with Claude Code