Bump version to v1.2.2 #22
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish on AMO | |
on: | |
push: | |
tags: | |
- v*.*.* | |
jobs: | |
publish: | |
name: Publish web extension | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
cache: npm | |
- name: Install dependencies | |
run: npm ci | |
- name: Build web extension source | |
run: npm run build | |
env: | |
WEB_EXT_FILENAME: icloud_passwords.zip | |
- name: Upload web extension source | |
uses: actions/upload-artifact@v4 | |
with: | |
name: src | |
path: ./web-ext-artifacts/icloud_passwords.zip | |
compression-level: 0 | |
- name: Submit web extension | |
run: npx web-ext sign | |
env: | |
WEB_EXT_USE_SUBMISSION_API: true | |
WEB_EXT_CHANNEL: listed | |
WEB_EXT_API_KEY: ${{ vars.WEB_EXT_API_KEY }} | |
WEB_EXT_API_SECRET: ${{ secrets.WEB_EXT_API_SECRET }} | |
WEB_EXT_NO_INPUT: true | |
- name: Rename signed web extension file | |
working-directory: ./web-ext-artifacts | |
run: mv *.xpi icloud_passwords.xpi | |
- name: Upload signed web extension | |
uses: actions/upload-artifact@v4 | |
with: | |
name: xpi | |
path: ./web-ext-artifacts/icloud_passwords.xpi | |
compression-level: 0 | |
helpers: | |
name: Build install helpers | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
cache-dependency-path: ./scripts/install/go.sum | |
- name: Build install helper | |
working-directory: ./scripts/install | |
run: ./build.sh | |
- name: Upload install helper artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: helpers | |
path: ./scripts/install/dist/* | |
release: | |
name: Release on GitHub | |
runs-on: ubuntu-latest | |
needs: | |
- publish | |
- helpers | |
permissions: | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Download XPI artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: xpi | |
path: ./web-ext-artifacts | |
- name: Download install helpers artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: helpers | |
path: ./web-ext-artifacts | |
- name: Create GitHub release | |
run: | | |
if gh release view "${{ github.ref_name }}" >/dev/null 2>&1 | |
then | |
echo "Release ${{ github.ref_name }} already exists, skipping..." | |
exit 0 | |
fi | |
gh release create \ | |
"${{ github.ref_name }}" \ | |
--title "${{ github.ref_name }}" \ | |
--verify-tag | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: Attach artifacts to release | |
run: | | |
gh release upload \ | |
"${{ github.ref_name }}" \ | |
./web-ext-artifacts/* \ | |
--clobber | |
env: | |
GH_TOKEN: ${{ github.token }} | |
attest: | |
name: Attest build provenance | |
runs-on: ubuntu-latest | |
needs: | |
- release | |
permissions: | |
contents: write | |
id-token: write | |
attestations: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Download source artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: src | |
path: ./web-ext-artifacts | |
- name: Download install helpers artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: helpers | |
path: ./web-ext-artifacts | |
- name: Generate artifact attestation | |
id: provenance | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: ./web-ext-artifacts | |
- name: Generate SBOM | |
uses: anchore/sbom-action@v0 | |
with: | |
path: ./web-ext-artifacts | |
upload-artifact: false | |
output-file: ./sbom.spdx.json | |
- name: Generate SBOM attestation | |
id: sbom | |
uses: actions/attest-sbom@v1 | |
with: | |
subject-path: ./web-ext-artifacts | |
sbom-path: ./sbom.spdx.json | |
- name: Merge attestations | |
run: | | |
cat "${{ steps.provenance.outputs.bundle-path }}" >> ./attestation.jsonl | |
cat "${{ steps.sbom.outputs.bundle-path }}" >> ./attestation.jsonl | |
- name: Attach attestation to release | |
run: | | |
gh release upload \ | |
"${{ github.ref_name }}" \ | |
./attestation.jsonl \ | |
--clobber | |
env: | |
GH_TOKEN: ${{ github.token }} |