How can I implement an automatic update mechanism for my frozen Python GUI app using GitHub?

Below is an overview of strategies and sample code to help you design a self-updating mechanism for your Python GUI application. The key points to consider are:

1. Separation of Concerns
   A running executable generally cannot overwrite itself while it’s running. Instead, use a two-step process:

   • A primary application checks for available updates (by comparing the local version in your version.txt to the one on the server).
   • If an update is available, the application spawns an external updater process which handles the download and replacement. Once the updater is done, it relaunches the new version.

2. Version Checking
   Your main application should check a remote version number (for example, by fetching a version.txt file from GitHub using authenticated API calls). Compare this with the local version number and, if an update is detected, prompt the user.

3. Downloading the Executable
   Since you’re hosting on a GitHub Enterprise repository, use the proper authenticated API endpoints to download a release asset. Note that if you use a URL that leads to an HTML login page (or a webpage) that’s not the file, you’ll get invalid data. Instead, use the GitHub REST API to retrieve a signed URL for the asset download (which will bypass issues with authentication redirects).

4. Updater Script
   Create a separate updater script (or use a bootstrapper EXE) whose only job is to:

   • Wait until the main process exits.
   • Replace the old executable with the newly downloaded one.
   • Restart the main application.

   This updater can be a small Python script that’s frozen into its own executable. Here’s an example outline:

   Main Application:

   PYTHONCopied
   import os
   import sys
   import subprocess
   import requests
   
   # URL endpoints for version and executable
   VERSION_URL = "https://github.build.company/user/repo/raw/main/version.txt"
   EXECUTABLE_URL = "https://api.github.build.company/repos/user/repo/releases/assets/<asset_id>"
   
   # Your API token (preferably read from a secure location or environment variable)
   HEADERS = {"Authorization": "token YOUR_GITHUB_TOKEN"}
   
   def get_remote_version():
       r = requests.get(VERSION_URL, headers=HEADERS)
       r.raise_for_status()
       return r.text.strip()
   
   def download_new_version(tmp_path):
       r = requests.get(EXECUTABLE_URL, headers=HEADERS, stream=True)
       r.raise_for_status()
       with open(tmp_path, "wb") as f:
           for chunk in r.iter_content(chunk_size=8192):
               f.write(chunk)
   
   def main():
       local_version = "1.0.0"  # read this from your local version.txt file
       try:
           remote_version = get_remote_version()
       except Exception as e:
           print("Version check failed:", e)
           remote_version = local_version
   
       if remote_version != local_version:
           response = input("New version available. Update now? (y/n): ")
           if response.lower() == "y":
               tmp_exe = os.path.join(os.getcwd(), "update_tmp.exe")
               try:
                   download_new_version(tmp_exe)
               except Exception as e:
                   print("Update download failed:", e)
                   return
   
               # Launch updater passing the current executable path and the tmp updated executable
               subprocess.Popen(["updater.exe", sys.executable, tmp_exe])
               sys.exit(0)
   
       # ... rest of your application logic ...
       print("Running application...")
   
   if __name__ == "__main__":
       main()

   Updater Script:

   PYTHONCopied
   import os
   import shutil
   import sys
   import time
   import subprocess
   
   def main():
       if len(sys.argv) != 3:
           print("Usage: updater.exe <path_to_old_exe> <path_to_new_exe>")
           sys.exit(1)
   
       old_exe = sys.argv[1]
       new_exe = sys.argv[2]
   
       # Wait for the main application process to terminate
       time.sleep(2)  # Increase if necessary
   
       try:
           # Replace the old executable with the new one
           shutil.copy2(new_exe, old_exe)
       except Exception as e:
           print("Failed to update:", e)
           sys.exit(1)
       
       # Optionally delete the temporary downloaded file
       try:
           os.remove(new_exe)
       except Exception:
           pass
   
       # Relaunch the main application
       subprocess.Popen([old_exe])
       sys.exit(0)
   
   if __name__ == "__main__":
       main()

5. Better Practices for Distribution
   While your current approach of freezing the application and pushing to a GitHub repo can work, consider the following enhancements:

   • Use GitHub Releases:
     Releases (with assets) are designed for distributing binaries. Use the GitHub API to upload an executable asset. This method often allows you to retrieve a proper download URL that bypasses HTML pages.

   • Signed URLs & API Endpoints:
     Make sure you’re using the proper authenticated endpoints to retrieve the asset. The GitHub API lets you get a redirect URL that points directly to the binary download. Look into the "Releases" API documentation for details.

   • Installer Technologies:
     For more robust update scenarios, consider installer/updater frameworks (like PyUpdater, Squirrels.Windows, or NSIS-based installers) that automate the updating process, rollback on failure, and support versioning.

By separating the update mechanism from the running application, using proper endpoints from GitHub Releases, and employing a dedicated updater process, you can provide a smooth and reliable auto-update experience for your non-technical users.