An Electron application with React and TypeScript that showcases free updates using GitHub.
$ bun install$ bun run dev# For windows
$ bun run build:win
# For macOS
$ bun run build:mac
# For Linux
$ bun run build:linux$ cp .env.sample .env- Generate a Personal Access Token (PAT) A Personal Access Token (PAT) is
required for automated processes, such as GitHub Actions, to authenticate and
interact with your GitHub repository on your behalf.
- Navigate to the GitHub Personal Access Tokens page. (Path: GitHub > Settings > Developer settings > Personal access tokens).
- Select either "Fine-grained repo-scoped tokens" (recommended for granular control) or "Tokens (classic)".
- Click the "Generate new token" button.
- Provide a descriptive name for the token (e.g.,
electron-github-updater-release). - Configure the token's expiration date. Choose a duration based on your security policy.
- Define the necessary scopes (permissions) for the token. For release
automation via Actions, typical requirements include:
repo(Required for accessing and managing private repositories)public_repo(Required for accessing and managing public repositories)workflow(Allows triggering and managing workflow runs)write:packages(Needed if the workflow uploads packages to GitHub Packages)actions(Specify read/write access for workflow management)contents(Specify read/write access for releases)- For basic release creation (without package uploads or workflow
triggers), the
reposcope is often sufficient. Apply the principle of least privilege by selecting only the scopes required for the workflow's function.
- Click "Generate token".
- Critically: Immediately copy the generated token value. For security reasons, GitHub will not display the token again after you leave this page. Store it temporarily in a secure location before the next step.
- Add the Token as a Repository Secret Store the generated PAT securely as
a repository secret within GitHub. This prevents exposing the token directly
in workflow files and makes it available to your GitHub Actions securely.
- Go to the main page of your target repository on GitHub.
- Click the "Settings" tab in the top menu bar.
- In the left-hand sidebar, navigate to "Secrets and variables", then select "Actions".
- Click the "New repository secret" button.
- Assign a name that precisely matches the environment variable used to
reference the token within your workflow YAML file. Use
REPO_ACCESS_TOKENfor the token. Note: Secret names prefixed withGITHUB_are reserved by GitHub and will result in an error. - Paste the token value copied in step 1.8 into the "Value" field.
- Click "Add secret" to finalize.
-
Tag Your Code and Push the Tag
-
The release process is initiated by pushing a Git tag matching a specific pattern (e.g.,
v1.0.0) configured in your workflow file to your GitHub repository. -
Example commands to create and push an annotated tag:
git tag v1.0.0 git push origin v1.0.0
-
-
GitHub Actions Workflow Runs
- Upon detecting the tagged push, GitHub automatically triggers the workflow
defined in
.github/workflows/release.yml. - This automated workflow executes a series of steps:
- Clones the repository content.
- Installs project dependencies using Bun.
- Executes build scripts to generate application artifacts for target operating systems (Linux, macOS, Windows).
- Collects the generated build artifacts (e.g.,
.exe,.dmg,.AppImage, etc.). - Utilizes the
softprops/action-gh-releaseaction to programmatically create a new draft release on GitHub associated with the pushed tag, and uploads the collected build artifacts as release assets. - Authenticates API calls to GitHub using the
REPO_ACCESS_TOKENrepository secret made available to the workflow run.
- Upon detecting the tagged push, GitHub automatically triggers the workflow
defined in
-
Draft Release Created
- Upon successful workflow completion, a draft release entry is generated on your GitHub repository's Releases page.
- This is designated as a draft due to the
draft: trueparameter configured within the release action step in your workflow definition. - Finalization requires manual review, potential addition of release notes, and explicit publishing via the "Releases" section on GitHub.
If you want to build and publish your Electron app as a Snap package using Snapcraft in CI (e.g., GitHub Actions), you need to authenticate Snapcraft non-interactively. Here’s how:
-
Create a Snapcraft Account
- Go to https://snapcraft.io/ and sign up or log in with your Ubuntu One account.
-
Register Your Snap Name (if you haven't already)
- Follow the instructions at https://snapcraft.io/docs/registering-your-app-name. All snap names are currently subject to a manual review.. Follow this link to submit a name request for your snap.
-
Install Snapcraft Locally
- On Ubuntu:
sudo snap install snapcraft --classic
- On macOS (with Homebrew):
brew install snapcraft
- On Ubuntu:
-
Generate Snapcraft Store Credentials
- Run the following, replacing
<your-snap-name>with your app's snap name:snapcraft export-login --snaps <your-snap-name> --channels stable - | tee snapcraft_credentials.json
- This will create a
snapcraft_credentials.jsonfile containing your credentials.
- Run the following, replacing
-
Add Credentials to GitHub Secrets
- Open your repo on GitHub.
- Go to Settings > Secrets and variables > Actions.
- Click New repository secret.
- Name it:
SNAPCRAFT_STORE_CREDENTIALS - Paste the contents of
snapcraft_credentials.jsonas the value.
-
Reference the Secret in Your Workflow
- The workflow is already set up to use this secret for Snapcraft publishing on Linux builds.
-
Security Note
- Never commit your credentials file to the repository. Only store it in GitHub Secrets or your local
.envfile (for local testing).
- Never commit your credentials file to the repository. Only store it in GitHub Secrets or your local