superset-sh · Sandman-Ren · Feb 19, 2026 · Feb 19, 2026 · Feb 19, 2026 · Feb 19, 2026
diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
@@ -92,6 +92,7 @@ jobs:
           NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL }}
           NEXT_PUBLIC_DOCS_URL: ${{ secrets.NEXT_PUBLIC_DOCS_URL }}
           NEXT_PUBLIC_STREAMS_URL: ${{ secrets.NEXT_PUBLIC_STREAMS_URL }}
+          NEXT_PUBLIC_ELECTRIC_URL: ${{ secrets.NEXT_PUBLIC_ELECTRIC_URL }}
           SENTRY_DSN_DESKTOP: ${{ secrets.SENTRY_DSN_DESKTOP }}
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SUPERSET_WORKSPACE_NAME: superset
@@ -234,3 +235,108 @@ jobs:
           path: apps/desktop/release/*-linux.yml
           retention-days: ${{ inputs.artifact_retention_days }}
           if-no-files-found: error
+
+  build-windows:
+    name: Build - Windows (x64)
+    runs-on: windows-latest
+    environment: production
+
+    steps:
+      - name: Enable long paths
+        run: git config --system core.longPaths true
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: "1.3.2"
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.bun/install/cache
+          key: ${{ runner.os }}-bun-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install dependencies
+        shell: bash
+        run: bun install --frozen
+
+      - name: Set version suffix
+        if: inputs.version_suffix != ''
+        shell: bash
+        working-directory: apps/desktop
+        run: |
+          CURRENT_VERSION=$(node -p "require('./package.json').version")
+          NEW_VERSION="${CURRENT_VERSION}${{ inputs.version_suffix }}"
+          echo "Setting version to: $NEW_VERSION"
+          node -e "
+            const fs = require('fs');
+            const pkg = require('./package.json');
+            pkg.version = '$NEW_VERSION';
+            fs.writeFileSync('./package.json', JSON.stringify(pkg, null, '\t') + '\n');
+          "
+          echo "Updated package.json version to $NEW_VERSION"
+
+      - name: Clean dev folder
+        shell: bash
+        working-directory: apps/desktop
+        run: bun run clean:dev
+
+      - name: Compile app with electron-vite
+        shell: bash
+        working-directory: apps/desktop
+        env:
+          NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
+          NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
+          GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
+          GH_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
+          NEXT_PUBLIC_WEB_URL: ${{ secrets.NEXT_PUBLIC_WEB_URL }}
+          NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL }}
+          NEXT_PUBLIC_DOCS_URL: ${{ secrets.NEXT_PUBLIC_DOCS_URL }}
+          NEXT_PUBLIC_STREAMS_URL: ${{ secrets.NEXT_PUBLIC_STREAMS_URL }}
+          NEXT_PUBLIC_ELECTRIC_URL: ${{ secrets.NEXT_PUBLIC_ELECTRIC_URL }}
+          SENTRY_DSN_DESKTOP: ${{ secrets.SENTRY_DSN_DESKTOP }}
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SUPERSET_WORKSPACE_NAME: superset
+        run: bun run compile:app
+
+      - name: Build Electron app
+        shell: bash
+        working-directory: apps/desktop
+        run: bun run package -- --publish never --config ${{ inputs.electron_builder_config }}
+
+      - name: Verify Windows installer + update manifest exist
+        shell: bash
+        working-directory: apps/desktop
+        run: |
+          ls -la release
+          test -n "$(ls -1 release/*.exe 2>/dev/null)" || {
+            echo "::error::No .exe installer generated in apps/desktop/release"
+            exit 1
+          }
+          # electron-builder names the Windows manifest latest.yml (no -win suffix)
+          test -f "release/latest.yml" || {
+            echo "::error::No Windows auto-update manifest (latest.yml) generated in apps/desktop/release"
+            exit 1
+          }
+
+      - name: Upload EXE artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_prefix }}-win-exe
+          path: apps/desktop/release/*.exe
+          retention-days: ${{ inputs.artifact_retention_days }}
+          if-no-files-found: error
+
+      - name: Upload Windows auto-update manifest
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_prefix }}-win-update-manifest
+          path: apps/desktop/release/latest.yml
+          retention-days: ${{ inputs.artifact_retention_days }}
+          if-no-files-found: error
diff --git a/.github/workflows/release-desktop-canary.yml b/.github/workflows/release-desktop-canary.yml
@@ -106,6 +106,13 @@ jobs:
               echo "Created canary copy: Superset-Canary-${arch}.AppImage"
             fi
           done
+          for file in *.exe; do
+            if [[ -f "$file" ]]; then
+              arch=$(echo "$file" | sed -E 's/.*-([^-]+)\.exe$/\1/')
+              cp "$file" "Superset-Canary-${arch}.exe"
+              echo "Created canary copy: Superset-Canary-${arch}.exe"
+            fi
+          done
           # Prerelease builds may request canary-linux.yml; keep latest-linux.yml as fallback.
           for file in *-linux.yml; do
             if [[ -f "$file" && "$file" != "canary-linux.yml" && "$file" != "latest-linux.yml" ]]; then
@@ -115,6 +122,9 @@ jobs:
               break
             fi
           done
+          # Windows manifest is named latest.yml by electron-builder (no -win suffix).
+          # With generateUpdatesFilesForAllChannels, canary.yml is also generated.
+          # Both are already correctly named for electron-updater.
 
       - name: List artifacts
         run: |

diff --git a/.github/workflows/release-desktop.yml b/.github/workflows/release-desktop.yml
@@ -86,6 +86,14 @@ jobs:
               echo "Created stable copy: Superset-${arch}.AppImage"
             fi
           done
+          for file in *.exe; do
+            if [[ -f "$file" ]]; then
+              # Extract architecture from filename (e.g., Superset-0.0.1-x64.exe -> x64)
+              arch=$(echo "$file" | sed -E 's/.*-([^-]+)\.exe$/\1/')
+              cp "$file" "Superset-${arch}.exe"
+              echo "Created stable copy: Superset-${arch}.exe"
+            fi
+          done
           # Keep Linux updater manifest at a stable filename for generic provider lookups.
           for file in *-linux.yml; do
             if [[ -f "$file" && "$file" != "latest-linux.yml" ]]; then
@@ -94,6 +102,8 @@ jobs:
               break
             fi
           done
+          # Windows manifest is already named latest.yml by electron-builder
+          # (no -win suffix, unlike macOS/Linux). No stable copy needed.
           echo "Release artifacts:"
           ls -la
 

diff --git a/apps/desktop/electron.vite.config.ts b/apps/desktop/electron.vite.config.ts
@@ -15,6 +15,7 @@ import {
 	defineEnv,
 	devPath,
 	htmlEnvTransformPlugin,
+	stripCrossOriginPlugin,
 } from "./vite/helpers";
 
 // override: true ensures .env values take precedence over inherited env vars
@@ -223,6 +224,7 @@ export default defineConfig({
 			}),
 			reactPlugin(),
 			htmlEnvTransformPlugin(),
+			stripCrossOriginPlugin(),
 		],
 
 		worker: {

diff --git a/apps/desktop/scripts/copy-native-modules.ts b/apps/desktop/scripts/copy-native-modules.ts
@@ -46,8 +46,13 @@ function copyModuleIfSymlink(
 		console.log(`  ${moduleName}: symlink -> replacing with real files`);
 		console.log(`    Real path: ${realPath}`);
 
-		// Remove the symlink
-		rmSync(modulePath);
+		// Windows uses junctions (directory-like) instead of symlinks;
+		// rmSync needs { recursive: true } to remove them.
+		if (process.platform === "win32") {
+			rmSync(modulePath, { recursive: true });
+		} else {
+			rmSync(modulePath);
+		}
 
 		// Copy the actual files
 		cpSync(realPath, modulePath, { recursive: true });

diff --git a/apps/desktop/src/lib/electron-app/factories/app/setup.ts b/apps/desktop/src/lib/electron-app/factories/app/setup.ts
@@ -56,7 +56,10 @@ export async function makeAppSetup(
 	return window;
 }
 
-PLATFORM.IS_LINUX && app.disableHardwareAcceleration();
+// Disable GPU hardware acceleration on Linux and Windows to prevent black/blank
+// screens caused by GPU driver incompatibilities with Chromium's compositor.
+// macOS uses a separate set of GPU workarounds (see below and MainWindow).
+(PLATFORM.IS_LINUX || PLATFORM.IS_WINDOWS) && app.disableHardwareAcceleration();
 
 // macOS Sequoia+: occluded window throttling can corrupt GPU compositor layers
 if (PLATFORM.IS_MAC) {

diff --git a/apps/desktop/src/main/windows/main.ts b/apps/desktop/src/main/windows/main.ts
@@ -220,6 +220,23 @@ export async function MainWindow() {
 		});
 	}
 
+	// Forward renderer warning/error messages to main process stdout for Windows debugging.
+	// Run the packaged app from a terminal to see these messages.
+	if (PLATFORM.IS_WINDOWS) {
+		window.webContents.on(
+			"console-message",
+			(_event, level, message, line, sourceId) => {
+				if (level < 2) return;
+				const levelStr =
+					["verbose", "info", "warning", "error"][level] ?? "unknown";
+				const source = sourceId ? ` (${sourceId}:${line})` : "";
+				const formatted = `[renderer:${levelStr}] ${message}${source}`;
+				if (level === 3) console.error(formatted);
+				else console.warn(formatted);
+			},
+		);
+	}
+
 	window.webContents.on("did-finish-load", async () => {
 		console.log("[main-window] Renderer loaded successfully");
 		if (initialBounds.isMaximized) {

diff --git a/apps/desktop/vite/helpers.ts b/apps/desktop/vite/helpers.ts
@@ -62,6 +62,25 @@ export function copyResourcesPlugin(): Plugin {
 	};
 }
 
+/**
+ * Strips the `crossorigin` attribute that Vite adds to script/link tags.
+ * Windows-only: Electron's ASAR file:// handler doesn't support CORS on
+ * Windows, so crossorigin causes scripts/styles to silently fail to load
+ * (black screen). macOS and Linux are unaffected.
+ */
+export function stripCrossOriginPlugin(): Plugin {
+	return {
+		name: "strip-crossorigin",
+		transformIndexHtml: {
+			order: "post",
+			handler(html) {
+				if (process.platform !== "win32") return html;
+				return html.replace(/ crossorigin(?:="[^"]*")?/g, "");
+			},
+		},
+	};
+}
-export function stripCrossOriginPlugin(): Plugin {
-	return {
-		name: "strip-crossorigin",
-		transformIndexHtml: {
-			order: "post",
-			handler(html) {
-				if (process.platform !== "win32") return html;
-				return html.replace(/ crossorigin(?:="[^"]*")?/g, "");
-			},
-		},
-	};
-}
+export function stripCrossOriginPlugin(): Plugin {
+	return {
+		name: "strip-crossorigin",
+		transformIndexHtml: {
+			order: "post",
+			handler(html) {
+				// NOTE: evaluated at Vite build time, not Electron runtime.
+				// For cross-compilation, set TARGET_PLATFORM=win32 explicitly.
+				const platform = process.env.TARGET_PLATFORM ?? process.platform;
+				if (platform !== "win32") return html;
+				return html.replace(/ crossorigin(?:="[^"]*")?/g, "");
+			},
+		},
+	};
+}
-export function stripCrossOriginPlugin(): Plugin {
-	return {
-		name: "strip-crossorigin",
-		transformIndexHtml: {
-			order: "post",
-			handler(html) {
-				if (process.platform !== "win32") return html;
-				return html.replace(/ crossorigin(?:="[^"]*")?/g, "");
-			},
-		},
-	};
-}
+export function stripCrossOriginPlugin(): Plugin {
+	return {
+		name: "strip-crossorigin",
+		transformIndexHtml: {
+			order: "post",
+			handler(html) {
+				// NOTE: evaluated at Vite build time, not Electron runtime.
+				// For cross-compilation, set TARGET_PLATFORM=win32 explicitly.
+				const platform = process.env.TARGET_PLATFORM ?? process.platform;
+				if (platform !== "win32") return html;
+				return html.replace(/ crossorigin(?:="[^"]*")?/g, "");
+			},
+		},
+	};
+}
+
 /**
  * Injects environment variables into index.html CSP.
  */

diff --git a/package.json b/package.json
@@ -29,7 +29,7 @@
 		"format:check": "biome format .",
 		"typecheck": "turbo typecheck",
 		"ui-add": "turbo run ui-add",
-		"postinstall": "./scripts/postinstall.sh",
+		"postinstall": "node scripts/postinstall.mjs",
 		"clean": "git clean -xdf node_modules",
 		"clean:workspaces": "turbo clean",
 		"release:desktop": "./apps/desktop/create-release.sh",

diff --git a/scripts/postinstall.mjs b/scripts/postinstall.mjs
@@ -0,0 +1,31 @@
+/**
+ * Cross-platform postinstall script.
+ *
+ * Replaces the bash-only postinstall.sh so that `bun install` works on
+ * Windows, macOS and Linux without special flags.
+ *
+ * Steps:
+ *  1. Guard against infinite recursion (electron-builder install-app-deps
+ *     can trigger nested bun installs which would re-run this script).
+ *  2. Run sherif for workspace validation.
+ *  3. Install native dependencies for the desktop app.
+ */
+
+import { execSync } from "node:child_process";
+
+// Prevent infinite recursion during postinstall
+if (process.env.SUPERSET_POSTINSTALL_RUNNING) {
+	process.exit(0);
+}
+process.env.SUPERSET_POSTINSTALL_RUNNING = "1";
+
+/** Run a command, inheriting stdio so output is visible. */
+function run(cmd) {
+	execSync(cmd, { stdio: "inherit" });
+}
+
+// Run sherif for workspace validation
+run("sherif");
+
+// Install native dependencies for desktop app
+run("bun run --filter=@superset/desktop install:deps");