feat(packaging): add flatpak manifest for flathub#164
Merged
Conversation
Add a `default = ["updater"]` cargo feature in src-tauri/Cargo.toml so distribution channels that own their own update flow (Flatpak, future MAS/MS Store) can compile out `tauri-plugin-updater` with `--no-default-features`. The capability registration is generated/removed by build.rs since tauri-build auto-discovers `capabilities/*.json` and rejects dangling permission references at compile time.
Ship a Flathub-ready manifest at packaging/flatpak/. Built end-to-end against org.gnome.Platform//50 which carries webkit2gtk-4.1 + libsoup3 natively, so Tauri 2 needs no custom webkit module. libayatana-appindicator (system tray) ships from a vendored copy of the Flathub shared-modules libappindicator subtree to keep the main repo submodule-free. Cargo + npm dependencies are vendored offline via packaging/flatpak/generate-sources.sh (wraps flatpak-cargo-generator and flatpak-node-generator at a pinned upstream commit). The build invocation passes --no-bundle --no-sign --no-default-features so flatpak update — not the in-app updater — owns the upgrade flow. Verified: 41 MB stripped binary links against the runtime's webkit2gtk-4.1 / gtk-3 / libsoup-3.0 / javascriptcoregtk-4.1; app launches inside the sandbox, runs SQLite migrations, opens a cpal F32@44.1 kHz output stream.
The Flatpak generator caches a Python venv under packaging/flatpak/.cache/ that includes embedded .js shipped by pip deps (urllib3 emscripten worker, flatpak-node-generator's flatpak-yarn.js). They're not part of the repo and have nothing to do with the app, but eslint walks them anyway. Same for the vendored shared-modules subtree.
InstaZDLL
added
scope: frontend
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (4)
📝 WalkthroughWalkthroughPR ajoute le packaging Flatpak complet (manifeste, desktop/metainfo, modules partagés, script de génération offline) et rend la feature Tauri "updater" optionnelle avec synchronisation du fichier capabilities/updater.json et gate d'activation en release. ChangesUpdater feature gating et Flatpak packaging
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Suggested labels
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning Review ran into problems🔥 ProblemsGit: Failed to clone repository. Please run the Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packaging/flatpak/app.waveflow.WaveFlow.metainfo.xml`:
- Around line 112-115: Mettre à jour la balise <internet> sous <recommends> dans
app.waveflow.WaveFlow.metainfo.xml : remplacer la valeur "offline-only" par
"always" si les fonctionnalités réseau sont optionnelles mais peuvent dégrader
l’expérience sans Internet, ou par "first-run" si le réseau n’est utilisé
uniquement au premier lancement; assurez-vous d’éditer la balise <internet> qui
se trouve à l’intérieur de l’élément <recommends> et de conserver le reste du
bloc intact.
In `@packaging/flatpak/app.waveflow.WaveFlow.yaml`:
- Line 44: Supprime l'entrée --device=all (trop large) et remplace-la par
permissions minimales pour audio/portals : retire la ligne contenant
'--device=all' et ajoute au manifest des sockets ciblés comme
'--socket=pulseaudio' et/ou '--socket=pipewire' et, si nécessaire pour l'accès
aux fichiers ou dialogues, les portals correspondants (ex. Flatpak portals) afin
de limiter le scope tout en conservant l'accès audio requis par le selecteur
ALSA/cpal.
In `@src-tauri/build.rs`:
- Around line 45-50: The write error to capabilities file currently only emits a
cargo:warning and should instead fail the build; change the fs::write error
handling in build.rs (the if let Err(err) = fs::write(&path, contents) block) to
call panic! or use expect with a clear message including path.display() and the
err so the build aborts on failure; apply the same change to the second similar
block (the Err handling at the 53-58 region) so both file-write failures cause a
hard failure rather than a warning.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 465625b0-f107-4fe1-8181-e8fd84656a81
⛔ Files ignored due to path filters (3)
packaging/flatpak/generated/cargo-sources.jsonis excluded by!**/generated/**packaging/flatpak/generated/node-sources.jsonis excluded by!**/generated/**packaging/flatpak/generated/package-lock.jsonis excluded by!**/package-lock.json,!**/generated/**
📒 Files selected for processing (18)
.gitignoreeslint.config.jspackaging/flatpak/app.waveflow.WaveFlow.desktoppackaging/flatpak/app.waveflow.WaveFlow.metainfo.xmlpackaging/flatpak/app.waveflow.WaveFlow.yamlpackaging/flatpak/generate-sources.shpackaging/flatpak/shared-modules/dbus-glib/dbus-glib.jsonpackaging/flatpak/shared-modules/intltool/intltool-0.51.jsonpackaging/flatpak/shared-modules/intltool/intltool-perl5.26-regex-fixes.patchpackaging/flatpak/shared-modules/libappindicator/libappindicator-gtk3-12.10.jsonpackaging/flatpak/shared-modules/libappindicator/patches/0001-libappindicator-ftbfs.patchpackaging/flatpak/shared-modules/libappindicator/patches/0002-libappindicator-no-python.patchpackaging/flatpak/shared-modules/libappindicator/patches/0003-libappindicator-fix-crash-from-incorrect-signal-emission.patchpackaging/flatpak/shared-modules/libappindicator/patches/0004-libappindicator-fix-crash-iterating-icon-themes.patchsrc-tauri/Cargo.tomlsrc-tauri/build.rssrc-tauri/capabilities/default.jsonsrc-tauri/src/lib.rs
💤 Files with no reviewable changes (1)
- src-tauri/capabilities/default.json
Long-standing Tauri 2 / wry / tauri-bundler issues keep biting us (GTK3 chrome via webkit2gtk-4.1, AppImage sidecars, etc.). Capture the active ones, our workarounds, and a sober decision tree for when to wait / patch out-of-tree / PR upstream / walk away — so the default reaction stops being "let's fork the whole stack" when frustration peaks. Also documents the existing [patch.crates-io] vendor protocol we already use for glib-0.18.5, so future patches follow the same audit-friendly layout.
…ty sync Two narrow fixes from review: - Drop --device=all from the Flatpak finish-args. The PA socket already routes through PipeWire on every modern Linux desktop; raw /dev/snd access only buys us nicer device labels in the ALSA picker and is exactly the kind of permission Flathub reviewers reject on sight. - Make src-tauri/build.rs panic when it can't write or remove the generated updater capability file. A silent miss resurfaced later as a tauri-build "unknown permission updater:default" error that was painful to map back to its real cause. Skipped the suggested <internet> change in the AppStream metainfo: per the spec, offline-only means "does not require internet". WaveFlow plays local files without any network; Deezer / Last.fm / LRCLIB are optional enhancements. The suggestion would have inverted the semantic.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
packaging/flatpak/with a Flathub-ready manifest, .desktop, AppStream metainfo, and offline-built cargo + npm source manifests so the build runs without network in the Flatpak sandbox.tauri-plugin-updaterbehind a default-on cargo feature so the Flatpak (and any future app-store) build can compile it out; the in-app updater would otherwise fightflatpak updateon the read-only/appmount.webkit2gtk-4.1+libsoup3natively — no custom webkit module needed.libayatana-appindicatorships from a vendored Flathubshared-modulessubtree to keep the main repo submodule-free.How I tested
flatpak-builderend-to-end: every module commits cleanly (intltool → dbus-glib → libdbusmenu → libindicator → libappindicator → waveflow). Final 41 MB stripped binary in/app/bin/waveflow.lddon the binary confirms it links against the runtime'slibwebkit2gtk-4.1.so.0,libgtk-3.so.0,libsoup-3.0.so.0,libjavascriptcoregtk-4.1.so.0.flatpak run --user app.waveflow.WaveFlow: app starts, SQLite migrations run, default profile is created,cpalopens an F32 @ 44.1 kHz output stream.cargo check --no-default-features --all-targets: passes (confirms the updater plugin is properly excluded from the dep graph when the feature is off).cargo check --all-targets(default features): passes, updater plugin present, capability auto-regenerated.appstreamcli validate --pedantic+desktop-file-validate: clean (one informational note about uppercase inapp.waveflow.WaveFlowwhich is AppStream-spec-compliant, seeorg.kde.Kdenlive,tv.plex.PlexDesktop).Screenshots / clips
The visual chrome is GTK3-era (window decorations) because Tauri 2.11 hard-links against
webkit2gtk-4.1(the GTK3 variant); see tauri-apps/tauri#3961. Not a Flatpak regression — same chrome on AUR/COPR builds. Will catch up when Tauri ships awebkitgtk-6-0feature.Checklist
type(scope): subject, kebab-case scope)bun run lint+bun run typecheckpass locallycargo check --manifest-path src-tauri/Cargo.toml --all-targetspasses locallysrc/i18n/locales/updated (none touched)CLAUDE.mdanddocs/updated (packaging-only; will document in a follow-up after the first Flathub release)Follow-ups (not in this PR)
commit:SHA at each release tag (will be automated viarelease.yml).<internet>offline-only</internet>in metainfo →limited(cosmetic, doesn't block submission).useUpdater/UpdateBannerinvoke the plugin via Tauri command; on Flatpak the invoke returns an error. Currently silent — should be gated on a runtime "is Flatpak" check so the banner never tries.Summary by CodeRabbit
New Features
Bug Fixes
Chores
Documentation