How I Updated Every Branch Without Touching A Single Machine

I built an internal desktop tool using Electron. It runs on machines across many branch offices. These offices have different networks and different levels of IT skill.

Last week, I needed to ship a fix to every machine immediately. I did not visit any branch. I did not email setup files. I did not ask anyone to click install.

I ran two commands in my terminal and walked away. By the next morning, every machine had the update.

This worked because I built an auto-update system using electron-updater months ago.

When you ship software to remote locations, you face these problems:

  • You cannot rely on users to run installers.
  • You cannot assume IT support is on-site.
  • Remote access does not scale.
  • Manual distribution becomes your biggest bottleneck.

The fix is to remove the installer from the loop.

My system uses a generic HTTP provider. I host updates on a private web server via SFTP. This keeps internal software out of public repositories like GitHub.

The process has four layers:

  • Build and publish: Compile the app and upload files to the server.
  • Main process: Check for new versions and download them silently.
  • Preload bridge: Relay update events to the UI safely.
  • Renderer UI: Show the user the progress without letting them stop it.

Here is how the update flows:

  1. I run a publish script. It builds the app and uploads the files.
  2. The app uses a latest.yml file to check for updates. This file contains the version and a security hash.
  3. On launch, the app checks the server.
  4. If a new version exists, it downloads it automatically.
  5. Once the download finishes, the app quits and installs the update.

I use autoDownload: true. This means users do not have to click anything. I also show a progress bar in the UI. This gives users visibility without making them make a decision.

Lessons for building internal desktop software:

  • Use a generic HTTP provider for full control.
  • Always overwrite metadata files during upload.
  • Build resume logic into your upload script for flaky connections.
  • Use silent downloads but show a visible progress bar.
  • Always verify updates with a SHA-512 hash.

Building this pipeline early saved me days of manual work.

Source: https://dev.to/vinniharu/how-i-pushed-a-critical-update-to-every-company-branch-without-touching-a-single-machine-electron-4pk1