fix: 补齐 updater bundler 配置并加固元数据生成

[zouyonghe]

概述

这个 PR 基于已合并的桌面运行时重构与 updater 接入工作，补充两个后续修复：

• 让 updater bundler 配置在本地和 CI 构建时都能稳定通过
• 提升 updater 元数据生成脚本与后端 HTTP 测试 helper 的健壮性

变更内容

1. 修复 updater bundler 对 pubkey 的配置要求

Tauri bundler 在解析 updater 配置时要求 tauri.conf.json 中显式存在 plugins.updater.pubkey。此前仅靠 runtime 侧动态注入并不能满足 bundler 的解析阶段，因此本地 make build 会在 bundler settings 阶段失败。

这个 PR：

• 在 src-tauri/tauri.conf.json 中显式配置 updater pubkey
• 删除 src-tauri/src/app_runtime.rs 中冗余的 runtime 环境变量注入逻辑

这样配置来源更单一，也避免 bundler 和 runtime 对 pubkey 来源理解不一致。

2. 加固 updater metadata 生成脚本

scripts/ci/generate-tauri-latest-json.py 现在：

• 对 Windows/macOS 工件命名有更明确的注释和错误语义
• 对未知 .sig 工件改为忽略并输出 warning，而不是直接让整个 release job 失败

这可以避免未来 release 目录里新增其他签名资产时，latest.json 生成被非 updater 工件误伤。

3. 修复 backend HTTP 测试 helper 的缓冲区安全问题

src-tauri/src/backend/http.rs 中的 TimeoutReader 测试 helper 现在会按 buf.len() 截断复制长度，避免在不同缓冲区大小下潜在的越界 panic。

验证

• cargo test --manifest-path src-tauri/Cargo.toml --locked
• pnpm run test:prepare-resources
• cargo fmt --manifest-path src-tauri/Cargo.toml --all -- --check
• python3 -m py_compile scripts/ci/generate-tauri-latest-json.py
• 本地 make build 已越过 updater pubkey 缺失导致的 bundler 配置报错

Summary by Sourcery

稳定 Tauri 更新程序（updater）的配置，并强化相关工具和测试，以实现更安全的构建和发布流程。

Bug 修复：

• 确保 updater 插件使用配置中静态定义的公钥，从而避免本地和 CI 构建因缺少 pubkey 而失败。
• 修复 HTTP TimeoutReader 测试辅助工具，使其遵守目标缓冲区大小，避免潜在的越界 panic。

增强：

• 简化 updater 插件初始化逻辑，仅依赖配置而不是运行时环境变量。
• 提高更新元数据生成脚本的健壮性，对于不支持的签名产物不再导致发布任务失败，而是给出明确的警告并忽略这些文件。

构建：

• 统一 tauri.conf.json 中 updater 打包器（bundler）的配置，使打包在不同环境中都能稳定成功。

CI：

• 强化 CI 中更新元数据生成步骤，对未知签名文件保持容忍，同时输出诊断信息。

测试：

• 通过修正 TimeoutReader 辅助工具中的缓冲区处理方式，提高后端 HTTP 测试的可靠性。

Original summary in English

Summary by Sourcery

Stabilize the Tauri updater configuration and harden associated tooling and tests for safer builds and releases.

Bug Fixes:

• Ensure the updater plugin uses the statically defined public key from configuration so local and CI builds no longer fail due to missing pubkey.
• Fix the HTTP TimeoutReader test helper to respect the target buffer size and avoid potential out-of-bounds panics.

Enhancements:

• Simplify updater plugin initialization by relying solely on configuration instead of runtime environment variables.
• Make the updater metadata generation script more robust by ignoring unsupported signature artifacts with a clear warning instead of failing the release job.

Build:

• Align updater bundler configuration in tauri.conf.json so bundling succeeds consistently across environments.

CI:

• Harden the updater metadata generation step in CI by tolerating unknown signature files while emitting diagnostics.

Tests:

• Improve reliability of backend HTTP tests by correcting buffer handling in the TimeoutReader helper.

Bug 修复：

• 确保更新器打包配置在 tauri.conf.json 中使用静态定义的公钥，使本地和 CI 构建不再因缺少公钥而失败。
• 修复 TimeoutReader HTTP 测试辅助工具，使其遵守目标缓冲区大小，避免潜在的越界 panic。

增强功能：

• 简化更新器插件的初始化过程，改为依赖 tauri.conf.json 中的配置，而不是运行时环境变量。
• 使更新器元数据生成脚本更加健壮，对无法识别或不受支持的签名产物给出清晰警告并忽略，而不是让发布任务失败。

Original summary in English

Summary by Sourcery

稳定 Tauri 更新程序（updater）的配置，并强化相关工具和测试，以实现更安全的构建和发布流程。

Bug 修复：

• 确保 updater 插件使用配置中静态定义的公钥，从而避免本地和 CI 构建因缺少 pubkey 而失败。
• 修复 HTTP TimeoutReader 测试辅助工具，使其遵守目标缓冲区大小，避免潜在的越界 panic。

增强：

• 简化 updater 插件初始化逻辑，仅依赖配置而不是运行时环境变量。
• 提高更新元数据生成脚本的健壮性，对于不支持的签名产物不再导致发布任务失败，而是给出明确的警告并忽略这些文件。

构建：

• 统一 tauri.conf.json 中 updater 打包器（bundler）的配置，使打包在不同环境中都能稳定成功。

CI：

• 强化 CI 中更新元数据生成步骤，对未知签名文件保持容忍，同时输出诊断信息。

测试：

• 通过修正 TimeoutReader 辅助工具中的缓冲区处理方式，提高后端 HTTP 测试的可靠性。

Original summary in English

Summary by Sourcery

Stabilize the Tauri updater configuration and harden associated tooling and tests for safer builds and releases.

Bug Fixes:

• Ensure the updater plugin uses the statically defined public key from configuration so local and CI builds no longer fail due to missing pubkey.
• Fix the HTTP TimeoutReader test helper to respect the target buffer size and avoid potential out-of-bounds panics.

Enhancements:

• Simplify updater plugin initialization by relying solely on configuration instead of runtime environment variables.
• Make the updater metadata generation script more robust by ignoring unsupported signature artifacts with a clear warning instead of failing the release job.

Build:

• Align updater bundler configuration in tauri.conf.json so bundling succeeds consistently across environments.

CI:

• Harden the updater metadata generation step in CI by tolerating unknown signature files while emitting diagnostics.

Tests:

• Improve reliability of backend HTTP tests by correcting buffer handling in the TimeoutReader helper.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

此 PR 旨在提升桌面应用程序构建和发布流程的稳定性与健壮性。它解决了 updater bundler 在配置公钥时的兼容性问题，增强了 updater 元数据生成脚本的容错能力，并修复了后端 HTTP 测试辅助函数中的一个潜在缓冲区安全漏洞，从而确保了更可靠的开发和部署体验。

Highlights

• Updater Bundler 配置: 修复了 Tauri bundler 对 pubkey 的配置要求，通过在 tauri.conf.json 中显式配置 pubkey，并移除了 app_runtime.rs 中冗余的运行时环境变量注入逻辑，确保本地和 CI 构建的稳定性。
• Updater 元数据生成脚本: 加固了 generate-tauri-latest-json.py 脚本，为 Windows/macOS 工件命名提供了更明确的注释和错误语义，并将对未知 .sig 工件的处理改为忽略并输出警告，而非直接导致发布任务失败，提升了脚本的健壮性。
• 后端 HTTP 测试 Helper: 修复了 src-tauri/src/backend/http.rs 中 TimeoutReader 测试 helper 的缓冲区安全问题，现在会根据 buf.len() 截断复制长度，避免潜在的越界 panic。

Changelog

• scripts/ci/generate-tauri-latest-json.py
  • 引入 sys 模块以支持错误输出到标准错误流。
  • 改进了对 macOS 工件名称的识别逻辑，当遇到无法识别的签名文件时，会打印警告信息并忽略，而不是抛出错误导致脚本中断。
  • 增加了对所有不支持的签名文件类型的通用警告处理。
• src-tauri/src/app_runtime.rs
  • 移除了从环境变量动态注入 updater 公钥的逻辑，现在公钥将通过 tauri.conf.json 进行配置，简化了配置来源。
• src-tauri/src/backend/http.rs
  • 在 TimeoutReader 的 read 方法中，修改了字节复制逻辑，确保复制长度不超过目标缓冲区的大小，从而修复了潜在的越界 panic 问题。
• src-tauri/tauri.conf.json
  • 在 plugins.updater 配置中显式添加了 pubkey 字段，以满足 Tauri bundler 的配置要求。

Activity

• 目前没有记录到任何人工活动（如评论、评审或进度更新）。

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey - 我发现了 1 个问题，并给出了一些整体性的反馈：

• 在 collect_platforms 中，新添加的 print(f"[generate-tauri-latest-json] Ignoring unsupported signature file: {sig_name}", ...) 放在各平台分支处理之后且是无条件执行的；按当前写法，它也会对已成功解析的签名运行（除非前面的分支 continue），因此建议通过显式的 elif/else 或一个 handled 标志来重构逻辑，以确保只有真正未识别的 .sig 文件才会触发“unsupported”警告。

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `collect_platforms` the new `print(f"[generate-tauri-latest-json] Ignoring unsupported signature file: {sig_name}", ...)` is unconditional after the platform-specific handling; as written it will also run for successfully parsed signatures (unless earlier branches `continue`), so consider restructuring with explicit `elif`/`else` or a `handled` flag to ensure the "unsupported" warning only fires for truly unrecognized `.sig` files.

## Individual Comments

### Comment 1
<location path="scripts/ci/generate-tauri-latest-json.py" line_range="70-75" />
<code_context>
-                raise ValueError(
-                    "Unexpected macOS artifact name: "
-                    f"{zip_name}. Expected format: <name>_<version>_macos_<arch>.zip"
+                print(
+                    "[generate-tauri-latest-json] Ignoring unrecognized macOS signature file: "
+                    f"{zip_name}. Expected format: <name>_<version>_macos_<arch>.zip",
+                    file=sys.stderr,
                 )
+                continue
             platform_key = platform_key_for_macos(match.group("arch"))
             platforms[platform_key] = {
</code_context>
<issue_to_address>
**issue (bug_risk):** Soft-failing on malformed macOS artifact names may hide CI/configuration issues.

Previously, an unexpected macOS artifact name caused the job to fail, making misconfigurations visible. Now we only log and continue, which can silently omit a platform from `latest.json` and cause users on that platform to miss updates.

If we need to ignore noise artifacts, we could instead tighten the matching (e.g., stricter pattern or allowlist) and still fail on truly invalid names, or at least exit non‑zero when no valid macOS artifacts are found.
</issue_to_address>

---

Sourcery 对开源项目免费 —— 如果你觉得我们的评审有帮助，欢迎分享 ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{帮我变得更有用！请对每条评论点 👍 或 👎，我会根据你的反馈改进评审质量。}

Original comment in English

Hey - I've found 1 issue, and left some high level feedback:

• In collect_platforms the new print(f"[generate-tauri-latest-json] Ignoring unsupported signature file: {sig_name}", ...) is unconditional after the platform-specific handling; as written it will also run for successfully parsed signatures (unless earlier branches continue), so consider restructuring with explicit elif/else or a handled flag to ensure the "unsupported" warning only fires for truly unrecognized .sig files.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `collect_platforms` the new `print(f"[generate-tauri-latest-json] Ignoring unsupported signature file: {sig_name}", ...)` is unconditional after the platform-specific handling; as written it will also run for successfully parsed signatures (unless earlier branches `continue`), so consider restructuring with explicit `elif`/`else` or a `handled` flag to ensure the "unsupported" warning only fires for truly unrecognized `.sig` files.

## Individual Comments

### Comment 1
<location path="scripts/ci/generate-tauri-latest-json.py" line_range="70-75" />
<code_context>
-                raise ValueError(
-                    "Unexpected macOS artifact name: "
-                    f"{zip_name}. Expected format: <name>_<version>_macos_<arch>.zip"
+                print(
+                    "[generate-tauri-latest-json] Ignoring unrecognized macOS signature file: "
+                    f"{zip_name}. Expected format: <name>_<version>_macos_<arch>.zip",
+                    file=sys.stderr,
                 )
+                continue
             platform_key = platform_key_for_macos(match.group("arch"))
             platforms[platform_key] = {
</code_context>
<issue_to_address>
**issue (bug_risk):** Soft-failing on malformed macOS artifact names may hide CI/configuration issues.

Previously, an unexpected macOS artifact name caused the job to fail, making misconfigurations visible. Now we only log and continue, which can silently omit a platform from `latest.json` and cause users on that platform to miss updates.

If we need to ignore noise artifacts, we could instead tighten the matching (e.g., stricter pattern or allowlist) and still fail on truly invalid names, or at least exit non‑zero when no valid macOS artifacts are found.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): 对格式错误的 macOS 制品名称进行“软失败”处理，可能会掩盖 CI / 配置问题。

之前，遇到意外的 macOS 制品名称会导致任务失败，从而暴露配置错误。现在我们只记录日志并继续执行，这可能会悄悄地在 latest.json 中漏掉某个平台，导致该平台的用户收不到更新。

如果确实需要忽略噪声制品，可以考虑收紧匹配条件（例如更严格的模式或白名单），同时仍然对真正无效的名称失败，或者在未找到任何有效的 macOS 制品时至少以非零状态退出。

Original comment in English

issue (bug_risk): Soft-failing on malformed macOS artifact names may hide CI/configuration issues.

Previously, an unexpected macOS artifact name caused the job to fail, making misconfigurations visible. Now we only log and continue, which can silently omit a platform from latest.json and cause users on that platform to miss updates.

If we need to ignore noise artifacts, we could instead tighten the matching (e.g., stricter pattern or allowlist) and still fail on truly invalid names, or at least exit non‑zero when no valid macOS artifacts are found.

[gemini-code-assist]

Code Review

这个 PR 的修改方向是正确的，有效地提升了 updater 功能的稳定性和代码的健壮性。主要有三点：

1. 将 updater 的 pubkey 配置从运行时环境注入改为在 tauri.conf.json 中静态配置，简化了逻辑，统一了配置来源。
2. 增强了 generate-tauri-latest-json.py 脚本，使其在遇到无法识别的签名文件时能够打印警告并继续执行，而不是直接失败。这是一个很好的健壮性提升。
3. 修复了 src-tauri/src/backend/http.rs 中测试辅助工具 TimeoutReader 的一个缓冲区溢出隐患，提升了测试代码的安全性。

代码修改清晰，符合 PR 描述。我有一个关于 generate-tauri-latest-json.py 脚本一致性的小建议，请查看具体的 review comment。

[gemini-code-assist]

此处的修改将无法识别的 macOS 工件的处理方式从抛出异常改为了打印警告并继续，增强了脚本的健壮性。然而，在文件前面处理 Windows 工件的部分（52-57行）仍然使用 raise ValueError 的方式。为了保持处理逻辑的一致性，建议对 Windows 工件也应用类似的健壮性处理，即打印警告而非使整个脚本失败。

[zouyonghe]

@sourcery-ai review

[sourcery-ai]

嘿，我已经审查了你的修改，一切看起来都很棒！

---

Sourcery 对开源项目是免费的——如果你觉得我们的评审有帮助，欢迎帮忙分享 ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{帮我变得更有用吧！请在每条评论上点 👍 或 👎，我会根据你的反馈来改进之后的评审。}

Original comment in English

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}