scriptos/keywarden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

feat: add automatic update checker with version injection
Some checks failed
PR Tests / Lint, Build & Test (pull_request) Successful in 5m45s
Details
Security Scan / Go Vulnerability Check (pull_request) Failing after 5m42s
Details

Browse Source 
- Add internal/updater package (queries Gitea releases API every 6h)

- Inject version at build time via -ldflags (-X main.Version)

- Show update badge in header for admin/owner users

- Show version on system info page

- Add VERSION build arg to Dockerfile

- Update docs (deployment, architecture, admin-guide, contributing, README)
This commit is contained in:
Patrick Asmus
2026-04-07 23:13:26 +02:00
parent 465a44fae9
commit 653592e68f
11 changed files with 269 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/admin-guide.md
View File

@@ -209,12 +209,19 @@ Deleting a user removes their SSH keys, server records, and all related data (CA
Navigate to **System** to view runtime information:
- Application version (with update badge if a newer release is available)
- Go version, OS, architecture
- CPU count, goroutine count
- Memory allocation
- Runtime environment (Docker or native)
- Hostname and uptime
## Update Notifications
Keywarden automatically checks for new releases in the background by querying the Gitea releases API. If a newer version is available, a yellow update badge is displayed in the top header for **Admin** and **Owner** users. The badge links directly to the release page on Gitea.
The update checker is only active when the application was built with a version tag (via `--build-arg VERSION=...`). Development builds (`dev`) skip the check entirely.
## Admin Settings (Owner Only)
See [Roles & Permissions](roles.md) for details on which settings are owner-only.

1
docs/architecture.md
View File

@@ -39,6 +39,7 @@ internal/
security/ ← CSRF, security headers, rate limiting, proxy detection
servers/ ← Server and server group management, access assignments
sshutil/ ← SSH key generation (RSA, Ed25519, Ed448)
updater/ ← Background update checker (Gitea releases API)
worker/ ← Background key enforcement worker (Bastillion-style)
web/
embed.go ← Go embed directives for templates and static files

6
docs/contributing.md
View File

@@ -42,6 +42,9 @@ go mod download
# Build
CGO_ENABLED=1 go build -o keywarden ./cmd/keywarden/
# Build with version (optional, enables update checker)
CGO_ENABLED=1 go build -ldflags="-X 'main.Version=v1.0.0'" -o keywarden ./cmd/keywarden/
# Run
./keywarden
```
@@ -82,7 +85,8 @@ keywarden/
│ │ ├── ratelimit.go # IP-based rate limiting middleware
│ │ └── sizelimit.go # Request body size limit middleware
│ ├── servers/servers.go # Server and group management, access assignments
── sshutil/keygen.go # SSH key generation (RSA, Ed25519, Ed448)
── sshutil/keygen.go # SSH key generation (RSA, Ed25519, Ed448)
│ └── updater/updater.go # Background update checker (Gitea releases API)
├── web/
│ ├── embed.go # Go embed directives
│ ├── static/ # CSS, JS, fonts (Tabler UI)

5
docs/deployment.md
View File

@@ -32,6 +32,9 @@ docker compose build
# Or build manually
docker build -t keywarden .
# Build with a specific version tag (recommended for releases)
docker build --build-arg VERSION=v1.0.0 -t keywarden:v1.0.0 .
```
### Multi-Stage Build
@@ -43,6 +46,8 @@ The Dockerfile uses a two-stage build:
The runtime container runs as a non-root user (`keywarden`).
The build accepts an optional `VERSION` build arg (e.g. `--build-arg VERSION=v1.0.0`) which is injected into the binary via `-ldflags`. This enables the built-in update checker to compare the running version against the latest Gitea release. If omitted, the version defaults to `dev` and the update checker is disabled.
### Docker Compose
A complete `docker-compose.yml`: