electron · matos-ed · Jan 8, 2026 · Jan 8, 2026 · Jan 8, 2026 · Jan 8, 2026
@@ -1,20 +1,23 @@
 ## publisher-s3
 
-`@electron-forge/publisher-s3` publishes all your artifacts to an Amazon S3 bucket where users will be able to download them.
+`@electron-forge/publisher-s3` publishes all your artifacts to Amazon S3 or Cloudflare R2 buckets where users will be able to download them.
 
 By default, all files are positioned at the following key:
 
-${config.folder || appVersion}/${artifactName}
+${config.folder || appName}/${platform}/${arch}/${artifactName}
 
 Configuration options are documented in [PublisherS3Config](https://js.electronforge.io/interfaces/_electron_forge_publisher_s3.PublisherS3Config.html).
 
+### AWS S3 Usage
+
 ```javascript title=forge.config.js
 module.exports = {
   // ...
   publishers: [
     {
       name: '@electron-forge/publisher-s3',
       config: {
+        provider: 's3', // optional, 's3' is the default
         bucket: 'my-bucket',
         public: true
       }
@@ -23,8 +26,58 @@ module.exports = {
 };
 ```
 
-If you run publish twice with the same version on the same platform, it is possible for your old artifacts to get overwritten in S3. It is your responsibility to ensure that you don't overwrite your own releases.
-
-### Authentication
+#### Authentication
 
 It is recommended to follow the [Amazon AWS guide](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/setting-credentials-node.html) and set either a shared credentials guide or the proper environment variables. However, if that is not possible, the publisher config allows the setting of the accessKeyId and secretAccessKey configuration options.
+
+### Cloudflare R2 Usage
+
+```javascript title=forge.config.js
+module.exports = {
+  // ...
+  publishers: [
+    {
+      name: '@electron-forge/publisher-s3',
+      config: {
+        provider: 'r2',
+        bucket: 'my-bucket',
+        accountId: 'your-cloudflare-account-id',
+        accessKeyId: 'your-r2-access-key-id',
+        secretAccessKey: 'your-r2-secret-access-key'
+      }
+    }
+  ]
+};
+```
+
+#### Authentication
+
+This publisher uses Cloudflare R2's S3-compatible API. You need to provide R2 API credentials:
+
+1. **Account ID**: Found in the Cloudflare dashboard URL or on the R2 overview page
+2. **API Tokens**: Create R2 API tokens from the R2 dashboard:
+   - Go to R2 → Manage R2 API Tokens
+   - Click "Create API token"
+   - Select permissions (Read & Write)
+   - Copy the `Access Key ID` and `Secret Access Key`
+
+#### Public Access
+
+To make your artifacts publicly accessible, configure a custom domain for your R2 bucket in the Cloudflare dashboard under R2 → Settings → Public Access.
+
+### Custom Key Resolver
+
+You can customize the key for uploaded artifacts by providing a `keyResolver` function:
+
+```javascript
+config: {
+  bucket: 'my-bucket',
+  keyResolver: (fileName, platform, arch) => {
+    return `releases/${platform}/${arch}/${fileName}`;
+  }
+}
+```
+
+### Notes
+
+If you run publish twice with the same version on the same platform, it is possible for your old artifacts to get overwritten. It is your responsibility to ensure that you don't overwrite your own releases.
@@ -1,7 +1,7 @@
 {
   "name": "@electron-forge/publisher-s3",
   "version": "7.11.0",
-  "description": "S3 publisher for Electron Forge",
+  "description": "S3 and R2 publisher for Electron Forge",
   "repository": "https://github.com/electron/forge",
   "author": "Samuel Attard",
   "license": "MIT",
@@ -16,7 +16,8 @@
     "@aws-sdk/types": "^3.654.0",
     "@electron-forge/publisher-static": "7.11.0",
     "@electron-forge/shared-types": "7.11.0",
-    "debug": "^4.3.1"
+    "debug": "^4.3.1",
+    "mime-types": "^2.1.25"
   },
   "publishConfig": {
     "access": "public"

@@ -16,6 +16,20 @@ import { PublisherS3, PublisherS3Config } from '../src/PublisherS3';
 vi.mock('@aws-sdk/client-s3');
 vi.mock('@aws-sdk/lib-storage');
 vi.mock('node:fs');
+vi.mock('mime-types', () => ({
+  default: {
+    lookup: vi.fn((filePath: string) => {
+      if (filePath.endsWith('.dmg')) return 'application/x-apple-diskimage';
+      if (filePath.endsWith('.exe')) return 'application/x-msdownload';
+      return 'application/octet-stream';
+    }),
+  },
+  lookup: vi.fn((filePath: string) => {
+    if (filePath.endsWith('.dmg')) return 'application/x-apple-diskimage';
+    if (filePath.endsWith('.exe')) return 'application/x-msdownload';
+    return 'application/octet-stream';
+  }),
+}));
 
 describe('PublisherS3', () => {
   let publisher: PublisherS3;
@@ -494,4 +508,172 @@ describe('PublisherS3', () => {
       expect(result).toBe('test_example.com_path_to_file');
     });
   });
+
+  describe('R2 Provider', () => {
+    let mockMakeResults: ForgeMakeResult[];
+    const mockForgeConfig = {} as ResolvedForgeConfig;
+    const mockSetStatusLine = vi.fn();
+
+    beforeEach(() => {
+      mockMakeResults = [
+        {
+          artifacts: [path.join(tmpDir, 'test-app-1.0.0.dmg')],
+          packageJSON: {
+            name: 'test-app',
+            version: '1.0.0',
+          },
+          platform: 'darwin',
+          arch: 'arm64',
+        },
+      ];
+    });
+
+    it('should throw error when accountId is not provided for R2', async () => {
+      const config: PublisherS3Config = {
+        provider: 'r2',
+        bucket: 'test-bucket',
+      };
+      publisher = new PublisherS3(config);
+
+      await expect(
+        publisher.publish({
+          makeResults: mockMakeResults,
+          dir: tmpDir,
+          forgeConfig: mockForgeConfig,
+          setStatusLine: mockSetStatusLine,
+        }),
+      ).rejects.toThrow(
+        'In order to publish to R2, you must set the "accountId" property',
+      );
+    });
+
+    it('should throw error when accessKeyId is not provided for R2', async () => {
+      const config: PublisherS3Config = {
+        provider: 'r2',
+        bucket: 'test-bucket',
+        accountId: 'test-account-id',
+      };
+      publisher = new PublisherS3(config);
+
+      await expect(
+        publisher.publish({
+          makeResults: mockMakeResults,
+          dir: tmpDir,
+          forgeConfig: mockForgeConfig,
+          setStatusLine: mockSetStatusLine,
+        }),
+      ).rejects.toThrow(
+        'In order to publish to R2, you must set the "accessKeyId" property',
+      );
+    });
+
+    it('should throw error when secretAccessKey is not provided for R2', async () => {
+      const config: PublisherS3Config = {
+        provider: 'r2',
+        bucket: 'test-bucket',
+        accountId: 'test-account-id',
+        accessKeyId: 'test-access-key',
+      };
+      publisher = new PublisherS3(config);
+
+      await expect(
+        publisher.publish({
+          makeResults: mockMakeResults,
+          dir: tmpDir,
+          forgeConfig: mockForgeConfig,
+          setStatusLine: mockSetStatusLine,
+        }),
+      ).rejects.toThrow(
+        'In order to publish to R2, you must set the "secretAccessKey" property',
+      );
+    });
+
+    it('should successfully publish to R2 with all required config', async () => {
+      const config: PublisherS3Config = {
+        provider: 'r2',
+        bucket: 'test-bucket',
+        accountId: 'test-account-id',
+        accessKeyId: 'test-access-key',
+        secretAccessKey: 'test-secret-key',
+      };
+      publisher = new PublisherS3(config);
+
+      await publisher.publish({
+        makeResults: mockMakeResults,
+        dir: tmpDir,
+        forgeConfig: mockForgeConfig,
+        setStatusLine: mockSetStatusLine,
+      });
+
+      // Verify S3Client was called with R2 endpoint
+      expect(S3Client).toHaveBeenCalledWith(
+        expect.objectContaining({
+          endpoint: 'https://test-account-id.r2.cloudflarestorage.com',
+          region: 'auto',
+          credentials: {
+            accessKeyId: 'test-access-key',
+            secretAccessKey: 'test-secret-key',
+          },
+        }),
+      );
+
+      // Verify Upload was called with ContentType for R2
+      expect(Upload).toHaveBeenCalledWith(
+        expect.objectContaining({
+          params: expect.objectContaining({
+            ContentType: expect.any(String),
+          }),
+        }),
+      );
+    });
+
+    it('should use custom endpoint for R2 if provided', async () => {
+      const config: PublisherS3Config = {
+        provider: 'r2',
+        bucket: 'test-bucket',
+        accountId: 'test-account-id',
+        accessKeyId: 'test-access-key',
+        secretAccessKey: 'test-secret-key',
+        endpoint: 'https://custom-r2-endpoint.com',
+      };
+      publisher = new PublisherS3(config);
+
+      await publisher.publish({
+        makeResults: mockMakeResults,
+        dir: tmpDir,
+        forgeConfig: mockForgeConfig,
+        setStatusLine: mockSetStatusLine,
+      });
+
+      // Verify S3Client was called with custom endpoint
+      expect(S3Client).toHaveBeenCalledWith(
+        expect.objectContaining({
+          endpoint: 'https://custom-r2-endpoint.com',
+        }),
+      );
+    });
+
+    it('should not set ACL for R2 provider', async () => {
+      const config: PublisherS3Config = {
+        provider: 'r2',
+        bucket: 'test-bucket',
+        accountId: 'test-account-id',
+        accessKeyId: 'test-access-key',
+        secretAccessKey: 'test-secret-key',
+        public: true, // This should be ignored for R2
+      };
+      publisher = new PublisherS3(config);
+
+      await publisher.publish({
+        makeResults: mockMakeResults,
+        dir: tmpDir,
+        forgeConfig: mockForgeConfig,
+        setStatusLine: mockSetStatusLine,
+      });
+
+      // Verify Upload params do not contain ACL
+      const uploadCall = vi.mocked(Upload).mock.calls[0][0];
+      expect(uploadCall.params).not.toHaveProperty('ACL');
+    });
+  });
 });