From 1f9dc28f076221b33273d89dd6f4c265cac4c8f3 Mon Sep 17 00:00:00 2001
From: "DESKTOP-RTLN3BA\\$punk" <vermarohanfinal@gmail.com>
Date: Tue, 9 Jun 2026 23:54:37 -0700
Subject: [PATCH 1/2] chore(Dockerfile): add git dependency for fumadocs-mdx
 plugin during build

---
 surfsense_web/Dockerfile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/surfsense_web/Dockerfile b/surfsense_web/Dockerfile
index 0e3ed11de..d851cf045 100644
--- a/surfsense_web/Dockerfile
+++ b/surfsense_web/Dockerfile
@@ -26,6 +26,12 @@ RUN pnpm i --frozen-lockfile
 FROM base AS builder
 WORKDIR /app
 
+# git is required by the fumadocs-mdx lastModified plugin during `next build`.
+# The .git directory is dockerignored, so git commands exit non-zero and the
+# plugin falls back gracefully — but the binary itself must exist to avoid
+# "spawn git ENOENT" failures.
+RUN apk add --no-cache git
+
 # Enable pnpm
 RUN corepack enable pnpm
 

From 52f035f344f93e856ebec42137f4868d0af2a07c Mon Sep 17 00:00:00 2001
From: "DESKTOP-RTLN3BA\\$punk" <vermarohanfinal@gmail.com>
Date: Tue, 9 Jun 2026 23:58:47 -0700
Subject: [PATCH 2/2] fix(build): disable npm rebuild for non-macOS platforms
 in release workflow

---
 .github/workflows/desktop-release.yml | 8 ++++++++
 surfsense_desktop/package.json        | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/desktop-release.yml b/.github/workflows/desktop-release.yml
index ad1c128bc..4fcc8c597 100644
--- a/.github/workflows/desktop-release.yml
+++ b/.github/workflows/desktop-release.yml
@@ -121,6 +121,14 @@ jobs:
             --publish "${{ inputs.publish || 'always' }}" \
             -c.extraMetadata.version="${{ steps.version.outputs.VERSION }}")
 
+          # node-mac-permissions is the only native dependency and is darwin-only.
+          # electron-builder's internal rebuild would try to node-gyp compile it on
+          # Windows (no Visual Studio) and Linux, so skip the rebuild there. On macOS
+          # the rebuild must stay enabled for per-arch (x64/arm64) builds.
+          if [ "${{ matrix.platform }}" != "--mac" ]; then
+            CMD+=(-c.npmRebuild=false)
+          fi
+
           if [ "${{ steps.sign.outputs.enabled }}" = "true" ]; then
             CMD+=(-c.win.azureSignOptions.publisherName="$WINDOWS_PUBLISHER_NAME")
             CMD+=(-c.win.azureSignOptions.endpoint="$AZURE_CODESIGN_ENDPOINT")
diff --git a/surfsense_desktop/package.json b/surfsense_desktop/package.json
index 147d8d16b..433e33315 100644
--- a/surfsense_desktop/package.json
+++ b/surfsense_desktop/package.json
@@ -11,7 +11,7 @@
     "pack:dir:linux": "pnpm build && electron-builder --dir --linux --config electron-builder.yml -c.npmRebuild=false",
     "dist": "pnpm build && electron-builder --config electron-builder.yml",
     "dist:mac": "pnpm build && electron-builder --mac --config electron-builder.yml",
-    "dist:win": "pnpm build && electron-builder --win --config electron-builder.yml",
+    "dist:win": "pnpm build && electron-builder --win --config electron-builder.yml -c.npmRebuild=false",
     "dist:linux": "pnpm build && electron-builder --linux --config electron-builder.yml -c.npmRebuild=false",
     "typecheck": "tsc --noEmit",
     "postinstall": "node scripts/postinstall-rebuild.mjs"