Skip to content

fix(install): resilient latest-version fetch (both installers) #946

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mdesmet wants to merge 1 commit into
base: feat/windows-powershell-installer
Choose a base branch
from
+82 −18
Open

fix(install): resilient latest-version fetch (both installers) #946

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 21 additions & 9 deletions install
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,11 +205,20 @@ else

if [ -z "$requested_version" ]; then
url="https://github.com/AltimateAI/altimate-code/releases/latest/download/$filename"
specific_version=$(curl -s https://api.github.com/repos/AltimateAI/altimate-code/releases/latest | sed -n 's/.*"tag_name": *"v\([^"]*\)".*/\1/p')

if [[ $? -ne 0 || -z "$specific_version" ]]; then
echo -e "${RED}Failed to fetch version information${NC}"
exit 1
# The download above resolves "latest" server-side, so this API call only
# feeds the version display and the already-installed short-circuit. A
# transient api.github.com blip or the unauthenticated rate limit
# (60/hr/IP) must NOT abort the install — retry a few times with --fail
# (so a 504 retries instead of parsing an error body), then proceed
# without the version string.
specific_version=""
for attempt in 1 2 3; do
specific_version=$(curl -fsSL https://api.github.com/repos/AltimateAI/altimate-code/releases/latest 2>/dev/null | sed -n 's/.*"tag_name": *"v\([^"]*\)".*/\1/p')

@sahrizvi sahrizvi Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One subtle interaction to flag here — under the script's set -euo pipefail (line 2), the retry loop may not iterate the way it reads.

When curl --fail is paired with pipefail + set -e, a non-zero curl exit (e.g. a real 504 or rate-limit 403) propagates through the pipeline → the command substitution → the assignment, and set -e exits the script before [ -n "$specific_version" ] && break is evaluated. The loop iterates at most once and the muted "installing latest anyway" notice doesn't get a chance to print.

I ran a quick repro against a local 504-serving stub using these exact lines and the script aborted at attempt 1 with curl's exit 22, never reaching the degrade path.

A one-line fix that lets the inner pipeline failure be absorbed cleanly:

Suggested change
specific_version=$(curl -fsSL https://api.github.com/repos/AltimateAI/altimate-code/releases/latest 2>/dev/null | sed -n 's/.*"tag_name": *"v\([^"]*\)".*/\1/p')
specific_version=$(curl -fsSL https://api.github.com/repos/AltimateAI/altimate-code/releases/latest 2>/dev/null | sed -n 's/.*"tag_name": *"v\([^"]*\)".*/\1/p' || true)

With || true appended, all three attempts iterate and the degrade banner prints on persistent failure.

One related note for a possible follow-up: packages/opencode/test/install/version-fetch-resilience.test.ts substring-matches the script source, so expect(BASH).toContain("for attempt in 1 2 3") passes regardless of whether the loop body actually runs. A small behavioural test that runs install against a stubbed 504 server and asserts the degrade banner appears would catch this kind of regression in CI.

[ -n "$specific_version" ] && break
[ "$attempt" -lt 3 ] && sleep "$attempt"
done
if [ -z "$specific_version" ]; then
echo -e "${MUTED}Could not resolve the latest version from GitHub (API unavailable) — installing the latest release anyway.${NC}"
fi
else
# Strip leading 'v' if present
Expand Down Expand Up @@ -255,11 +264,14 @@ check_version() {
if [ -n "$probe" ]; then
installed_version=$("$probe" --version 2>/dev/null || echo "")

if [[ "$installed_version" != "$specific_version" ]]; then
print_message info "${MUTED}Installed version: ${NC}$installed_version."
else
# Only short-circuit on a real version match. When the latest version
# couldn't be resolved (API unavailable → specific_version empty), never
# treat an empty==empty as "already installed" — fall through and reinstall.
if [ -n "$specific_version" ] && [[ "$installed_version" == "$specific_version" ]]; then
print_message info "${MUTED}Version ${NC}$specific_version${MUTED} already installed${NC}"
exit 0
elif [ -n "$installed_version" ]; then
print_message info "${MUTED}Installed version: ${NC}$installed_version."
fi
fi
}
Expand Down Expand Up @@ -357,7 +369,7 @@ download_with_progress() {
}

download_and_install() {
print_message info "\n${MUTED}Installing ${NC}altimate ${MUTED}version: ${NC}$specific_version"
print_message info "\n${MUTED}Installing ${NC}altimate ${MUTED}version: ${NC}${specific_version:-latest}"
local tmp_dir="${TMPDIR:-/tmp}/altimate_install_$$"
mkdir -p "$tmp_dir"

Expand Down
24 changes: 15 additions & 9 deletions install.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,16 +112,22 @@ function Test-Avx2 {
# ---------------------------------------------------------------------------
if ([string]::IsNullOrWhiteSpace($Version)) {
$useLatest = $true
try {
$rel = Invoke-RestMethod -Uri "https://api.github.com/repos/AltimateAI/altimate-code/releases/latest" -Headers @{ "User-Agent" = "altimate-install" }
$specificVersion = ($rel.tag_name -replace '^v', '')
} catch {
Write-Err "Failed to fetch version information"
exit 1
# The download below resolves "latest" server-side (releases/latest/download),
# so this API call only feeds the version-string display and the
# already-installed short-circuit. A transient api.github.com blip or the
# unauthenticated rate limit (60/hr/IP) must NOT abort the install — retry a
# few times, then proceed without the version string.
$specificVersion = ""
for ($attempt = 1; $attempt -le 3; $attempt++) {
try {
$rel = Invoke-RestMethod -Uri "https://api.github.com/repos/AltimateAI/altimate-code/releases/latest" -Headers @{ "User-Agent" = "altimate-install" }

@sahrizvi sahrizvi Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worth considering — neither retry sets an explicit HTTP timeout.

Invoke-RestMethod defaults to 100s on PS 5.1 and effectively unbounded on PS 7+, so a stuck/dead-air socket can hold each attempt for a long time. Across three back-to-back attempts that can add up to multi-minute apparent freezes during what's normally a quick irm | iex.

A short timeout here keeps the worst case bounded:

Suggested change
$rel = Invoke-RestMethod -Uri "https://api.github.com/repos/AltimateAI/altimate-code/releases/latest" -Headers @{ "User-Agent" = "altimate-install" }
$rel = Invoke-RestMethod -Uri "https://api.github.com/repos/AltimateAI/altimate-code/releases/latest" -Headers @{ "User-Agent" = "altimate-install" } -TimeoutSec 10

Same gap on the bash side at install:216 if you want to keep parity — curl -fsSL has a 60s connect-timeout default and no transfer cap, so --max-time 10 would be the matching knob there.

$specificVersion = ($rel.tag_name -replace '^v', '')
if (-not [string]::IsNullOrWhiteSpace($specificVersion)) { break }
} catch {}
if ($attempt -lt 3) { Start-Sleep -Seconds $attempt }
}
if ([string]::IsNullOrWhiteSpace($specificVersion)) {
Write-Err "Failed to fetch version information"
exit 1
Write-Muted "Could not resolve the latest version from GitHub (API unavailable) — installing the latest release anyway."

@dev-punia-altimate dev-punia-altimate Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[🟠 MEDIUM] By changing the API failure behavior from exit 1 to a fallback mechanism, $specificVersion can now safely be an empty string "".

However, this introduces a subtle bug further down in the script when it checks if the app is already installed:

  try { $installedVersion = (& $probe --version 2>$null | Select-Object -First 1).ToString().Trim() } catch {}
  if ($installedVersion -eq $specificVersion) {
    Write-Muted "Version $specificVersion already installed"
    exit 0
  }

If the GitHub API fails ($specificVersion = "") AND the local executable is missing or corrupted such that the --version command fails ($installedVersion defaults to ""), the condition "" -eq "" will evaluate to $true. The installer will output Version already installed and incorrectly short-circuit with exit 0 instead of downloading and replacing the broken installation.

To avoid this, you can explicitly reset $specificVersion = $null here when the API fails, which ensures the downstream string-comparison evaluates to $false.

Suggested change:

Suggested change
Write-Muted "Could not resolve the latest version from GitHub (API unavailable) — installing the latest release anyway."
Write-Muted "Could not resolve the latest version from GitHub (API unavailable) — installing the latest release anyway."
$specificVersion = $null

@sahrizvi sahrizvi Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A subtle interaction worth guarding against on the PS side: if this branch fires (API blip → $specificVersion = "") and the installed binary's --version probe also fails (corrupt/missing binary → catch absorbs → $installedVersion = ""), the downstream check at install.ps1:161 lands on "" -eq "" and the installer exits 0 with "Version already installed" instead of reinstalling.

For reference, the equivalent bash check at install:270 has the matching [ -n "$specific_version" ] guard — this is just to bring the PS side in line with it. (The Gemini reviewer flagged a similar concern on 2026-06-15 with a producer-side patch; same idea here:)

Suggested change
Write-Muted "Could not resolve the latest version from GitHub (API unavailable) — installing the latest release anyway."
Write-Muted "Could not resolve the latest version from GitHub (API unavailable) — installing the latest release anyway."
$specificVersion = $null

$null -eq "" evaluates $false in PowerShell, so the comparison at line 161 falls through cleanly. The "Installing $App version: ..." banner at line 186 still renders "latest" because if ($specificVersion) { ... } treats both "" and $null as falsy.

}
} else {
$useLatest = $false
Expand Down Expand Up @@ -177,7 +183,7 @@ function Install-Target {
}

Write-Host ""
Write-Host "Installing $App version: $specificVersion"
Write-Host "Installing $App version: $(if ($specificVersion) { $specificVersion } else { 'latest' })"

$tmpDir = Join-Path ([System.IO.Path]::GetTempPath()) "altimate_install_$PID"
New-Item -ItemType Directory -Force -Path $tmpDir | Out-Null
Expand Down
46 changes: 46 additions & 0 deletions packages/opencode/test/install/version-fetch-resilience.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
/**
* Latest-version resolution must be resilient, in BOTH installers.
*
* The `latest` install path hits api.github.com/.../releases/latest only for the
* version-string display + the already-installed short-circuit — the download
* itself uses releases/latest/download/<file> (server-side latest). A transient
* 504 or the 60/hr/IP unauthenticated rate limit must NOT abort the install:
* retry a few times, then degrade gracefully and install latest anyway.
*/
import { describe, test, expect } from "bun:test"
import { readFileSync } from "node:fs"
import { join } from "node:path"

const REPO_ROOT = join(import.meta.dir, "../../../..")
const BASH = readFileSync(join(REPO_ROOT, "install"), "utf-8")
const PS1 = readFileSync(join(REPO_ROOT, "install.ps1"), "utf-8")

describe("bash installer — latest-version fetch is non-fatal", () => {
test("retries the releases/latest API call", () => {
expect(BASH).toContain("for attempt in 1 2 3")
// --fail so a 504 errors out (and retries) instead of parsing an error body.
expect(BASH).toContain("curl -fsSL https://api.github.com")
})

test("degrades gracefully instead of exiting on API failure", () => {
expect(BASH).toContain("installing the latest release anyway")
// The old fatal hard-fail must be gone from the latest path.
expect(BASH).not.toContain("Failed to fetch version information")
})

test("only short-circuits as already-installed on a real version match", () => {
expect(BASH).toContain('[ -n "$specific_version" ] && [[ "$installed_version" == "$specific_version" ]]')
})
})

describe("PowerShell installer — latest-version fetch is non-fatal", () => {
test("retries the releases/latest API call", () => {
expect(PS1).toContain("for ($attempt = 1; $attempt -le 3; $attempt++)")
})

test("degrades gracefully instead of exiting on API failure", () => {
expect(PS1).toContain("installing the latest release anyway")
// The old fatal hard-fail must be gone.
expect(PS1).not.toContain("Failed to fetch version information")
})
})
Loading