tauri-latest-json

Generate a latest.json file for Tauri auto-updates, supporting multi-platform builds (Windows, macOS Intel/ARM, Linux). This CLI scans your Tauri bundle directory for installers and outputs a valid latest.json for the Tauri Updater.

Features

• Multi-platform detection: Automatically finds .msi, .exe, .dmg (Intel/ARM), .AppImage, .deb, .rpm, and .tar.gz artifacts.
• Interactive Mode: Prompts for missing information (download URL, release notes) if arguments aren't provided.
• Smart platform mapping: Maps artifacts to their respective Tauri platform keys (windows-x86_64, darwin-aarch64, etc.).
• Flexible Versioning: Reads version from package.json, Cargo.toml, or tauri.conf.json (supports both Tauri 1.0 and 2.0 structures).
• Root-run friendly: Can be run from your project root or src-tauri directory.
• Graceful Signature Handling: Automatically skips artifacts without .sig files (like .dmg which Tauri doesn't sign for updates) with a helpful warning.
• Verification Support: Optional built-in signature verification against your public key.

Installation

cargo install tauri-latest-json

Usage

1. Simple Interactive Mode (Recommended)

Just run the command from your Tauri project root. It will prompt you for the download URL and release notes:

tauri-latest-json

You can also run from src-tauri and the tool will still auto-detect config and bundle paths.

2. Command Line Arguments

Provide the download URL base and release notes directly:

tauri-latest-json <download_url_base> <notes...>

Example:

tauri-latest-json https://github.com/user/repo/releases/download/v0.4.4 "Fixed security vulnerabilities and improved performance."

3. CI-safe Non-interactive Usage

Use fully non-interactive arguments in CI/CD so jobs fail fast instead of waiting for prompts:

tauri-latest-json "https://github.com/user/repo/releases/download/v0.4.4" "Release notes from CI"

4. Root vs src-tauri

Both run modes are supported:

# From project root
tauri-latest-json "https://example.com/downloads" "release notes"

# From src-tauri
cd src-tauri
tauri-latest-json "https://example.com/downloads" "release notes"

5. What happens next?

The tool will:

1. Detect Version: Scans package.json, Cargo.toml, or tauri.conf.json.
2. Find Artifacts: Searches target/release/bundle for installers.
3. Verify Signatures: Matches installers with their .sig files (skipping .dmg as expected).
4. Generate Output: Creates a latest.json file in your current directory, ready for upload.

CLI Commands

tauri-latest-json help       # Show usage help
tauri-latest-json version    # Show version

Platform Detection Logic

The tool prioritizes updater-compatible artifacts:

Platform	Priority Artifact	Extension Fallbacks
Windows	.msi	.exe
macOS (Intel)	.app.tar.gz	.dmg (skipped for updates)
macOS (ARM)	.app.tar.gz	.dmg (skipped for updates)
Linux (x64)	.AppImage	.deb, .rpm, .tar.gz
Linux (ARM)	.AppImage	.deb, .rpm, .tar.gz

Note: Tauri doesn't generate .sig files for .dmg. This tool will warn you and skip them for the updater JSON, as they aren't used for auto-updates.

Requirements

• A valid Tauri project with tauri.conf.json.
• A configured updater plugin with a pubkey.
• Built artifacts in target/release/bundle or src-tauri/target/release/bundle.

Development & Testing

Running Tests

cargo test
make verify

Smoke Testing

Validate against a local real Tauri app:

make smoke-real-app
# Or specify a custom directory
REAL_APP_DIR=/path/to/your-app ./scripts/smoke-real-tauri-app.sh

Troubleshooting

• Could not detect bundle dir: Build your app first so target/*/bundle exists.
• No public key found in tauri.conf.json: Ensure updater pubkey is set in plugins.updater.pubkey (Tauri 2) or tauri.updater.pubkey (Tauri 1).
• Signature not found for platform ...: Ensure .sig exists for updater artifacts. .dmg is expected to be skipped.
• Argument '...' missing and not in a terminal: Provide full CLI args in CI/non-TTY environments.

License

MIT — see LICENSE.