From 7e4d11016d2a747e2df15240ea8361acdcb7bab4 Mon Sep 17 00:00:00 2001
From: MrSphay <lefiwilkens@gmail.com>
Date: Fri, 15 May 2026 23:40:43 +0200
Subject: [PATCH] Allow installer builds before updater signing secrets

---
 .gitea/workflows/build.yml | 63 +++++++++++++++++++++-----------------
 1 file changed, 35 insertions(+), 28 deletions(-)

diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index 752c6c2e3..4c7fae0c4 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -69,14 +69,14 @@ jobs:
       - name: Prepare Modrinth Plus update metadata
         shell: bash
         run: |
-          if [ -z "${TAURI_SIGNING_PRIVATE_KEY}" ] || [ -z "${TAURI_SIGNING_PUBLIC_KEY}" ]; then
-            echo "::error::TAURI_SIGNING_PRIVATE_KEY and TAURI_SIGNING_PUBLIC_KEY secrets are required for self-updating builds."
-            exit 1
-          fi
-
           build_version="1.0.${GITHUB_RUN_NUMBER}"
           node -e "const fs=require('fs'); const path='apps/app-frontend/package.json'; const pkg=JSON.parse(fs.readFileSync(path,'utf8')); pkg.version=process.argv[1]; fs.writeFileSync(path, JSON.stringify(pkg,null,'\\t')+'\\n');" "${build_version}"
-          node -e "const fs=require('fs'); const path='apps/app/tauri-release.conf.json'; const config=JSON.parse(fs.readFileSync(path,'utf8')); config.plugins.updater.pubkey=process.env.TAURI_SIGNING_PUBLIC_KEY; fs.writeFileSync(path, JSON.stringify(config,null,'\\t')+'\\n');"
+          if [ -n "${TAURI_SIGNING_PRIVATE_KEY}" ] && [ -n "${TAURI_SIGNING_PUBLIC_KEY}" ]; then
+            node -e "const fs=require('fs'); const path='apps/app/tauri-release.conf.json'; const config=JSON.parse(fs.readFileSync(path,'utf8')); config.plugins.updater.pubkey=process.env.TAURI_SIGNING_PUBLIC_KEY; fs.writeFileSync(path, JSON.stringify(config,null,'\\t')+'\\n');"
+          else
+            echo "::warning::TAURI_SIGNING_PRIVATE_KEY and TAURI_SIGNING_PUBLIC_KEY are not set. Building installer without publishing self-update metadata."
+            node -e "const fs=require('fs'); const path='apps/app/tauri-release.conf.json'; const config=JSON.parse(fs.readFileSync(path,'utf8')); config.plugins.updater.pubkey='dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDIwMzM5QkE0M0FCOERBMzkKUldRNTJyZzZwSnN6SUdPRGdZREtUUGxMblZqeG9OVHYxRUlRTzJBc2U3MUNJaDMvZDQ1UytZZmYK'; fs.writeFileSync(path, JSON.stringify(config,null,'\\t')+'\\n');"
+          fi
 
       - name: Build Windows desktop client
         run: pnpm --filter @modrinth/app exec tauri build --runner cargo-xwin --target x86_64-pc-windows-msvc
@@ -110,45 +110,52 @@ jobs:
           fi
 
           mapfile -d '' updater_bundles < <(find target/x86_64-pc-windows-msvc/release/bundle/nsis -maxdepth 1 -type f -name '*.nsis.zip' -print0)
-          if [ "${#updater_bundles[@]}" -eq 0 ]; then
-            echo "No Windows updater bundle found to publish"
-            exit 1
-          fi
-
-          updater_bundle="${updater_bundles[0]}"
-          updater_signature="${updater_bundle}.sig"
-          if [ ! -f "${updater_signature}" ]; then
-            echo "No Windows updater signature found at ${updater_signature}"
-            exit 1
+          updater_bundle=""
+          updater_signature=""
+          if [ "${#updater_bundles[@]}" -gt 0 ]; then
+            updater_bundle="${updater_bundles[0]}"
+            updater_signature="${updater_bundle}.sig"
+            if [ ! -f "${updater_signature}" ]; then
+              echo "::warning::No Windows updater signature found at ${updater_signature}; skipping self-update metadata publishing."
+              updater_bundle=""
+            fi
+          else
+            echo "::warning::No Windows updater bundle found; skipping self-update metadata publishing."
           fi
 
           rm -rf "${package_dir}"
           mkdir -p "${package_dir}/versioned" "${package_dir}/latest"
           cp "${artifacts[0]}" "${package_dir}/versioned/Modrinth-Plus-Windows-Setup-${package_version}.exe"
-          cp "${updater_bundle}" "${package_dir}/versioned/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip"
 
           curl --fail-with-body \
             --user "${repository_owner}:${REGISTRY_TOKEN}" \
             --upload-file "${package_dir}/versioned/Modrinth-Plus-Windows-Setup-${package_version}.exe" \
             "${gitea_server}/api/packages/${repository_owner}/generic/${package_name}/${package_version}/Modrinth-Plus-Windows-Setup-${package_version}.exe"
 
-          update_url="${gitea_server}/api/packages/${repository_owner}/generic/${package_name}/${package_version}/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip"
-          curl --fail-with-body \
-            --user "${repository_owner}:${REGISTRY_TOKEN}" \
-            --upload-file "${package_dir}/versioned/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip" \
-            "${update_url}"
+          if [ -n "${updater_bundle}" ]; then
+            cp "${updater_bundle}" "${package_dir}/versioned/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip"
+            update_url="${gitea_server}/api/packages/${repository_owner}/generic/${package_name}/${package_version}/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip"
+            curl --fail-with-body \
+              --user "${repository_owner}:${REGISTRY_TOKEN}" \
+              --upload-file "${package_dir}/versioned/Modrinth-Plus-Windows-Update-${package_version}.nsis.zip" \
+              "${update_url}"
+          fi
 
           curl --silent --show-error --user "${repository_owner}:${REGISTRY_TOKEN}" --request DELETE "${latest_url}" || true
           cp "${artifacts[0]}" "${package_dir}/latest/Modrinth-Plus-Windows-Setup.exe"
-          signature="$(cat "${updater_signature}")"
-          node -e "const fs=require('fs'); const [version, url, signature]=process.argv.slice(1); const metadata={version, notes:'Modrinth Plus launcher update', pub_date:new Date().toISOString(), platforms:{'windows-x86_64':{signature,url}}}; fs.writeFileSync('package-registry/latest/latest.json', JSON.stringify(metadata,null,2)+'\\n');" "${app_version}" "${update_url}" "${signature}"
+          if [ -n "${updater_bundle}" ]; then
+            signature="$(cat "${updater_signature}")"
+            node -e "const fs=require('fs'); const [version, url, signature]=process.argv.slice(1); const metadata={version, notes:'Modrinth Plus launcher update', pub_date:new Date().toISOString(), platforms:{'windows-x86_64':{signature,url}}}; fs.writeFileSync('package-registry/latest/latest.json', JSON.stringify(metadata,null,2)+'\\n');" "${app_version}" "${update_url}" "${signature}"
+          fi
 
           curl --fail-with-body \
             --user "${repository_owner}:${REGISTRY_TOKEN}" \
             --upload-file "${package_dir}/latest/Modrinth-Plus-Windows-Setup.exe" \
             "${latest_url}/Modrinth-Plus-Windows-Setup.exe"
 
-          curl --fail-with-body \
-            --user "${repository_owner}:${REGISTRY_TOKEN}" \
-            --upload-file "${package_dir}/latest/latest.json" \
-            "${latest_url}/latest.json"
+          if [ -f "${package_dir}/latest/latest.json" ]; then
+            curl --fail-with-body \
+              --user "${repository_owner}:${REGISTRY_TOKEN}" \
+              --upload-file "${package_dir}/latest/latest.json" \
+              "${latest_url}/latest.json"
+          fi