Comments (6)
private async Task<UpdateManager> GitHubUpdateManager(string repository)
{
var uri = new Uri(repository);
var api = $"https://api.github.com/repos{uri.AbsolutePath}/releases";
var jsonStream = await Http.GetStreamAsync(api).ConfigureAwait(false);
var releases = await System.Text.Json.JsonSerializer.DeserializeAsync<List<GithubRelease>>(jsonStream).ConfigureAwait(false);
var latest = releases.Where(r => !r.Prerelease).OrderByDescending(r => r.PublishedAt).First();
var latestUrl = latest.HtmlUrl.Replace("/tag/", "/download/");
var client = new WebClient { Proxy = Http.WebProxy };
var downloader = new FileDownloader(client);
var manager = new UpdateManager(latestUrl, urlDownloader: downloader);
return manager;
}
from flow.launcher.pluginsmanifest.
Here are some idea.
- Remove the version number in plugin.json, since it will not be updated here.
- Add JsonDeserilization in PluginManager like what has done in Updater.cs.
- Only add the project url in pluginmanifest instead of the direct downloadurl.
from flow.launcher.pluginsmanifest.
Here are some idea.
- Remove the version number in plugin.json, since it will not be updated here.
- Add JsonDeserilization in PluginManager like what has done in Updater.cs.
- Only add the project url in pluginmanifest instead of the direct downloadurl.
I think we can follow the way
Updater.cs
checking the newest update for Flow to automatically get the newest update for plugins instead of storing the direct download link in plugin.json.
This can avoid updating pluginsmanifest every time plugins update. Or checking the update is also part of the review process?
hmm the reason i included version is so we dont have a scenario where malicious actor creates a plugin, gets approved, then uploads another zip file, and our code just looks for the latest and updates user's plugin to the malicious new release. At lease we can say on the day of our approval, we approved this version as at this date, any subsequent uploads to the same version we will not be able to be responsible. If we just approve the plugin once, subsequent uploads we won't know about.
What do you think?
from flow.launcher.pluginsmanifest.
Only add the project url in pluginmanifest instead of the direct downloadurl.
Project url/website, code url and direct download url are separated in the case where people may decide to have a website for the plugin different to where the code lives, eg GitLab
from flow.launcher.pluginsmanifest.
Only add the project url in pluginmanifest instead of the direct downloadurl.
Project url/website, code url and direct download url are separated in the case where people may decide to have a website for the plugin different to where the code lives, eg GitLab
You are right, but manually pr every update may be quite significant works when Plugins become more... Maybe we can provide different way of doing that. By providing direct url, we won't support auto update, while we can support auto update for github or gitlab.
from flow.launcher.pluginsmanifest.
Maybe we can use CI to automatically check for new update, and update the file.
from flow.launcher.pluginsmanifest.
Related Issues (20)
- Update test python plugin ci to find python plugin that does not have tested field HOT 1
- Last publish release action is not included in the manifest HOT 1
- Is it safe to store the password in the Flow.Launcher? HOT 2
- How do I add a plugin...?
- Plugin update in plugin store HOT 1
- Installed number HOT 4
- Update Plugin
- Missed auto-update HOT 1
- Discord webhook fails to send if release notes are too long HOT 1
- Auto Update CI do not update plugin version HOT 1
- Plugin auto update paused
- Re-order plugin entries by downloads count HOT 5
- Add id check to auto checker HOT 5
- Install of standard plugins HOT 5
- What's the difference between wox and flow? HOT 2
- Figure out a way to pass status check without no touching plugins.json HOT 1
- BUG: updater can't work well to Timestamp
- Update plugin runner web URL to be the repo url
- Add IcoPath to plugin manifest
- Python-passed workflow failing HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flow.launcher.pluginsmanifest.