Skip to content

Add pre-built bundle download support for faster app installation#438

Merged
shannah merged 4 commits intomasterfrom
claude/prebuilt-bundle-download-SbnZm
Mar 13, 2026
Merged

Add pre-built bundle download support for faster app installation#438
shannah merged 4 commits intomasterfrom
claude/prebuilt-bundle-download-SbnZm

Conversation

@shannah
Copy link
Copy Markdown
Owner

@shannah shannah commented Mar 13, 2026

Summary

This PR adds support for downloading and installing pre-built application bundles (signed binaries) from artifact repositories, enabling faster installation without requiring compilation or code generation.

Key Changes

Core Implementation

  • PrebuiltBundleDownloader: New service that downloads JAR artifacts containing pre-built bundles, verifies SHA-256 integrity, extracts contents, and replaces the installed application

    • Handles HTTP redirects (up to 5 levels) for GitHub release URLs
    • Implements safe replacement with automatic backup and rollback on failure
    • Supports both single-file bundles (.exe, binaries) and directory structures (.app bundles)
    • Includes progress reporting via InstallationForm
    • Protects against zip slip attacks during extraction

  • PrebuiltArtifactInfo: Data class representing artifact metadata from package.json

    • Stores URL and SHA-256 hash for main bundle
    • Optionally stores separate CLI artifact metadata (Windows-specific)
    • Factory method to parse from JSON configuration

Integration

  • NPMPackageVersion: Extended to parse and retrieve pre-built artifact information from package.json jdeploy.artifacts section
  • Main.java: Integrated pre-built bundle download into installation flow, attempting download before falling back to generated bundles

Testing

  • PrebuiltBundleDownloaderTest: Unit tests for SHA-256 verification, JAR extraction, and error handling
  • PrebuiltArtifactInfoTest: Tests for artifact metadata parsing
  • PrebuiltBundleDownloadMockNetworkTest: Comprehensive integration tests using WireMock to simulate real HTTP scenarios:
    • Successful download and replacement of single-file and .app bundles
    • SHA-256 mismatch detection with original preservation
    • HTTP error handling (404) with rollback
    • HTTP redirect following
    • CLI artifact handling on Windows
    • Concurrent download scenarios

Test Infrastructure

  • WireMockAdminClient: Lightweight HTTP client for WireMock Admin API
    • Supports binary content serving via base64 encoding
    • Stub management and request verification
    • No external WireMock library dependency (uses plain HttpURLConnection)
  • Updated CI/CD workflows and Docker test runner to build installer module and run mock network tests

Notable Implementation Details

  • Downloads to temporary files with automatic cleanup
  • Creates backups before replacement and restores on failure
  • SHA-256 verification is case-insensitive
  • Extracts only non-META-INF entries from JAR
  • Supports Windows CLI artifact as separate optional download
  • Graceful degradation: if pre-built download fails, installation continues with generated bundle

https://claude.ai/code/session_01DSJ3y91ADTjSiUqvVJmDdX

claude added 4 commits March 10, 2026 01:34
@claude
feat: add pre-built bundle download support to installer
ba236d8 
After the normal install completes, the installer now checks for
pre-built bundles in jdeploy.artifacts (package.json). If available
for the current platform, downloads the JAR, verifies SHA-256, extracts
the native bundle, and replaces the generated one with the signed/
notarized version.

- PrebuiltArtifactInfo: model for artifact URL, SHA-256, and CLI variant
- PrebuiltBundleDownloader: download/verify/extract/replace service with
  progress UI, backup/restore on failure, zip-slip protection
- NPMPackageVersion.getPrebuiltArtifact(): accessor for artifact config
- Main.install(): integration after platform-specific install blocks

https://claude.ai/code/session_01DSJ3y91ADTjSiUqvVJmDdX
@claude
Merge remote-tracking branch 'origin/master' into claude/prebuilt-bun…
f392f03 
…dle-download-SbnZm
@claude
test: add WireMock integration tests for pre-built bundle download
36e761f 
Adds mock-network integration tests that verify the full pre-built
bundle download flow using WireMock to serve real JAR files over HTTP.

Test scenarios:
- Download and replace installed binary (single file)
- Download and replace installed .app bundle (directory structure)
- SHA-256 mismatch keeps original bundle intact
- HTTP 404/500 errors keep original bundle intact
- HTTP 302 redirect following (GitHub release URL pattern)
- No download when artifacts missing or wrong platform
- Progress UI updated during download
- Source package.json with only "enabled" flag (no url) is skipped

Infrastructure:
- WireMockAdminClient for installer module with binary content stubs
- Updated Dockerfile to build+test installer module
- Updated run-mock-network-tests.sh for local installer tests
- Updated GitHub Actions workflow with installer test step

https://claude.ai/code/session_01DSJ3y91ADTjSiUqvVJmDdX
@claude
fix: use fully qualified test class name and allow skipped tests in s…
353bb9a 
…urefire

Surefire's -Dtest glob pattern `*` doesn't match nested packages.
Use the fully qualified class name instead. Also add
-Dsurefire.failIfNoSpecifiedTests=false so that Assumptions-skipped
tests don't cause a build failure.

https://claude.ai/code/session_01DSJ3y91ADTjSiUqvVJmDdX
@shannah shannah merged commit c65de67 into master Mar 13, 2026
26 of 27 checks passed
@shannah shannah deleted the claude/prebuilt-bundle-download-SbnZm branch March 13, 2026 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shannah @claude