How I Updated Every Branch Without Touching A Single Machine
I built an internal desktop tool using Electron. It runs on machines across many branch offices. These offices have different networks and different levels of IT skill.
Last week, I needed to ship a fix to every machine immediately. I did not visit any branch. I did not email setup files. I did not ask anyone to click install.
I ran two commands in my terminal and walked away. By the next morning, every machine had the update.
This worked because I built an auto-update system using electron-updater months ago.
When you ship software to remote locations, you face these problems:
- You cannot rely on users to run installers.
- You cannot assume IT support is on-site.
- Remote access does not scale.
- Manual distribution becomes your biggest bottleneck.
The fix is to remove the installer from the loop.
My system uses a generic HTTP provider. I host updates on a private web server via SFTP. This keeps internal software out of public repositories like GitHub.
The process has four layers:
- Build and publish: Compile the app and upload files to the server.
- Main process: Check for new versions and download them silently.
- Preload bridge: Relay update events to the UI safely.
- Renderer UI: Show the user the progress without letting them stop it.
Here is how the update flows:
- I run a publish script. It builds the app and uploads the files.
- The app uses a latest.yml file to check for updates. This file contains the version and a security hash.
- On launch, the app checks the server.
- If a new version exists, it downloads it automatically.
- Once the download finishes, the app quits and installs the update.
I use autoDownload: true. This means users do not have to click anything. I also show a progress bar in the UI. This gives users visibility without making them make a decision.
Lessons for building internal desktop software:
- Use a generic HTTP provider for full control.
- Always overwrite metadata files during upload.
- Build resume logic into your upload script for flaky connections.
- Use silent downloads but show a visible progress bar.
- Always verify updates with a SHA-512 hash.
Building this pipeline early saved me days of manual work.
