From 428f56c9d4543cb83258b3b84bd115980036ab7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien?= Date: Sat, 11 May 2024 16:38:35 +0200 Subject: [PATCH] Create publish GitHub Actions workflow --- .github/workflows/publish.yml | 159 ++++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..8c99815 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,159 @@ +name: Publish on AMO + +on: + push: + tags: + - v*.*.* + +jobs: + build: + name: Build web extension + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Node.js + uses: actions/setup-node@v3 + with: + cache: npm + + - name: Install dependencies + run: npm ci + + - name: Build web extension source + run: npm run build + + - name: Upload web extension source + uses: actions/upload-artifact@v4 + with: + name: web-ext-source + path: ./web-ext-artifacts/*.zip + + sign: + name: Sign web extension + needs: + - build + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Cosign + uses: sigstore/cosign-installer@v3 + + - name: Download web extension source + uses: actions/download-artifact@v4 + with: + name: web-ext-source + path: ./web-ext-artifacts/ + + - name: Sign web extension source + run: | + cosign sign-blob \ + ./web-ext-artifacts/*.zip \ + --bundle ./web-ext-artifacts/cosign.bundle \ + --yes + + - name: Upload web extension sign + uses: actions/upload-artifact@v4 + with: + name: cosign-bundle + path: ./web-ext-artifacts/cosign.bundle + + helpers: + name: Build install helpers + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Node.js + uses: actions/setup-node@v3 + with: + cache: npm + + - name: Install dependencies + run: npm ci + + - name: Build install helper + workdir: ./scripts/install/ + run: ./build.sh + + - name: Upload install helper artifact + uses: actions/upload-artifact@v4 + with: + name: install-helper + path: ./scripts/install/dist/* + + publish: + name: Publish web extension + needs: + - build + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Node.js + uses: actions/setup-node@v3 + with: + cache: npm + + - name: Install dependencies + run: npm ci + + - name: Download web extension source + uses: actions/download-artifact@v4 + with: + name: web-ext-source + path: ./web-ext-artifacts/ + + - name: Submit web extension + run: web-ext sign + env: + WEB_EXT_USE_SUBMISSION_API: true + WEB_EXT_CHANNEL: listed + WEB_EXT_API_KEY: ${{ vars.WEB_EXT_API_KEY }} + WEB_EXT_API_SECRET: ${{ secrets.WEB_EXT_API_SECRET }} + WEB_EXT_NO_INPUT: true + + - name: Upload signed web extension + uses: actions/upload-artifact@v4 + with: + name: web-ext + path: ./web-ext-artifacts/*.xpi + + release: + name: Release on GitHub + needs: + - publish + - helpers + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + path: ./web-ext-artifacts/ + merge-multiple: true + + - name: Create GitHub release + run: | + if gh release view "${{ github.ref_name }}" >/dev/null 2>&1 + then + echo "Release ${{ github.ref_name }} already exists, skipping..." + exit 0 + fi + + gh release create \ + "${{ github.ref_name }}" \ + --title "${{ github.ref_name }}" \ + --verify-tag + + - name: Attach artifacts to release + run: | + gh release upload \ + "${{ github.ref_name }}" \ + ./web-ext-artifacts/* \ + --clobber