This is a process for releasing to self-hosted infrastructure. It follows the previous TD release process but allows you to have control over the infrastructure that has direct access to your end-users.
ToDesktop fires a webhook that is handled by release-relay hosted on your infrastructure but code is provided by us. The release-relay will consume the webhook, verify the payload, transfer the new release to your staging bucket, and create a PR in your GitHub repository. You can then manually review and merge the PR to trigger the promotion from the staging to the production bucket. You can enable branch protection rules in GitHub to require at least one/two specific reviewers (e.g., security lead or dev lead) to approve PRs before merging.
- Use an existing Cloudflare account or create a new one
- Click "Deploy to Cloudflare Workers" above
- Follow the instructions. At the end, this repo will be forked in your organization and the following will be created on your Cloudflare account:
release-relayworkerdesktop-cdnworkerdesktop-download-cdnworkerdesktop-app-distributables-stagingR2 bucketdesktop-app-distributablesR2 bucket
- Create a GitHub PAT (Personal Access Token) with the following scopes:
- Scope it to the
self-hostedrepo that has just been forked - Read access to repository Metadata
- Read and Write access to repository Pull Requests
- Read and Write access to repository Contents
- Scope it to the
- Create a "Release webhook" on ToDesktop.
- Go to https://www.todesktop.com/apps/{YOUR_APP_ID}/settings
- Scroll to "App webhooks"
- Click the
+button and select "Release webhook" - Enter the URL of the
new-release-webhookendpoint of therelease-relayworker. It may look like this: https://release-relay.your-org.workers.dev/new-release-webhook - Click "Save" and note the webhook secret
- Add the variables and secrets to the
release-relayworker:WEBHOOK_HMAC_KEY(SECRET) - the webhook secret from step 5GITHUB_TOKEN(SECRET) - a github token with the required scopes from step 4GITHUB_OWNER(VAR) - the owner of the forkedself-hostedrepoGITHUB_REPO(VAR) - the name of the forkedself-hostedrepo
- (Optional) Create custom domains for your self-hosted workers.
That's it!
- Make sure that you have the latest version of
@todesktop/cliinstalled. - Add
updateUrlBaseto yourtodesktop.jsonfile and set it to the URL of thedesktop-cdnworker. - Run
todesktop buildto build your app. - "Partially release" your app on ToDesktop to your local IP address (or multiple IPs if you wish to test the migration with multiple users).
- Merge the PR created by the
release-relayworker. - When you open the app then it should update to the new version. From now on, the app will check for updates on your self-hosted workers.
- Repeat steps 3-6 again to test a full update on your self-hosted workers.
- If all looks good, then do a full "Release" of your app on ToDesktop and merge the PR created by the
release-relayworker. - You may also update your download URLs to point to your
desktop-download-cdnworker.
Now every time you create a release on ToDesktop, the following will happen:
- The
release-relayworker will be triggered with the release data - It will upload the artifacts to the
desktop-app-distributables-stagingR2 bucket - It will create a pull request on the
self-hostedrepo with details of the release - If you choose to merge the PR, the artifacts will be uploaded to the
desktop-app-distributablesR2 bucket and your release will go live
There are three key Cloudflare Workers involved in this process and one GitHub action:
- release-relay worker – Handles incoming webhooks from ToDesktop, verifies metadata, initiates the file transfer process to staging bucket and creates the PR.
- GitHub action – Triggered on merge of PR and is responsible for safely copying files from the staging bucket to the production bucket
- desktop-cdn worker – Serves updates to end-users from production bucket.
- desktop-download-cdn worker – Serves downloads to end-users from production bucket.
| Secret Name | Where It's Stored | Used By | Permissions Needed |
|---|---|---|---|
| Cloudflare R2 Staging API Key | Binding in wrangler.toml |
release-relay | write access to desktop-app-distributables-staging |
| GitHub Token | Stored in release-relay as a secret | release-relay | write access to your GitHub repo |
| Webhook Secret | Stored in release-relay as a secret | release-relay | read from ToDesktop |
| GitHub Action Secret: Cloudflare R2 Production API Key | Stored in GitHub Actions Secrets | GitHub Action | read from desktop-app-distributables-staging, write to desktop-app-distributables |
See desktop-download-cdn/README.md for more details on how the download CDN works and available routes.
