laranail/product-updater

Self-update engine for licensed Laravel products — checks an update source, downloads and verifies release archives, extracts files, runs migrations and publishes assets. License-gated via laranail/license-verifier.

Maintainers

Package info

github.com/laranail/product-updater

Homepage

Documentation

pkg:composer/laranail/product-updater

Transparency log

Statistics

Installs: 0

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

v0.1.0 2026-07-06 22:27 UTC

This package is auto-updated.

Last update: 2026-07-09 00:12:17 UTC


README

Latest version on Packagist Tests Static analysis License: MIT

License-gated self-update engine for Laravel products — checks an update source (a generic HTTP endpoint or Envato/CodeCanyon), downloads and verifies release archives, then applies them safely (rejects .env/corrupt zips, backs up .env, runs migrations + asset publishing, clears caches). Refuses to update without a valid license.

Requires PHP ^8.4 || ^8.5, Laravel ^13, and laranail/license-verifier.

Install

composer require laranail/product-updater
php artisan vendor:publish --tag=product-updater-config

The service provider and the ProductUpdater facade are auto-discovered.

Quick start

Point the updater at your release source and product identity in .env:

PRODUCT_UPDATER_SOURCE=http          # http | envato
PRODUCT_UPDATER_URL=https://releases.example.com/api
PRODUCT_UPDATER_API_KEY=...
PRODUCT_UPDATER_PRODUCT_ID=my-product
PRODUCT_UPDATER_VERSION=1.2.0

Then check and update:

php artisan product:update-check     # is a newer release available?
php artisan product:update           # download + verify + apply (refuses when unlicensed)
php artisan product:update-doctor    # diagnose source, license, paths, permissions

The canonical command names are laranail::product-updater.check / .update / .doctor; the product:* names above are their short aliases.

The pipeline

product:update runs one guarded pipeline: license gate (via laranail/license-verifier) → download to paths.download → verify (rejects .env files and corrupt zips) → back up .env → extract into paths.base → optional migrate + publish steps → cache clear. Every stage fires lifecycle events. See Architecture.

Documentation

Full documentation is at opensource.simtabi.com/documentation/laranail/product-updater — getting started, update sources, the safe-apply pipeline, license gating, and configuration.

Guides

  • Installation — requirements, install, publishing the config.
  • Getting started — configure a source and run your first update.
  • Configuration — every key in config/product-updater.php.
  • Architecture — how a self-update is checked, verified, and applied.
  • Release — versioning and how releases are cut.

Reference

  • Commandslaranail::product-updater.* and the product:* aliases.

Stability

Semver. The package is on the 0.x line — minor versions may contain breaking changes until 1.0; pin to a patch range and read the CHANGELOG before upgrading.

Local development

composer install
composer test    # pest
composer lint    # pint + phpstan + rector --dry-run

Sister packages

The laranail licensing family:

Package What it is
laranail/license-kit Server-side licensing — activation keys, polymorphic assignment, expirations/renewals, seat control.
laranail/license-verifier Headless, provider-agnostic verification client — PASETO/Ed25519 offline verification, fingerprinting, seats, grace periods.
laranail/license-verifier-ui UI engine for the verifier — scaffolds owned, themeable preset packages (Blade, Livewire, Filament, Vue).
laranail/demo-mode License-aware demo / sandbox controller — write guards, feature gating, resets, visitor isolation.

Community

Questions, bug reports, and ideas go to GitHub Issues.

Contributing & security

Issues and PRs are welcome — see CONTRIBUTING.md. Report vulnerabilities per SECURITY.md (opensource@simtabi.com); participation follows the Code of Conduct.

License

MIT © Simtabi LLC. See LICENSE.