publish-firefox-development #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# For the Firefox development addon, people install it manually, | |
# and updates are distributed via the JSON file created in this | |
# action which is stored in the metadata branch of this repo. | |
name: publish-firefox-development | |
on: | |
workflow_dispatch: | |
inputs: | |
upload_url: | |
description: "The upload_url from the release created by create-prerelease-on-tag.yml" | |
required: true | |
permissions: | |
contents: read | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
environment: cd | |
permissions: | |
contents: write | |
outputs: | |
hashes: ${{ steps.hash.outputs.hashes }} | |
steps: | |
- uses: robinraju/release-downloader@a96f54c1b5f5e09e47d9504526e96febd949d4c2 # [email protected] | |
with: | |
tag: ${{ github.ref_name }} | |
fileName: "*" | |
- name: Sign Firefox xpi for offline distribution | |
id: ffSignXpi | |
continue-on-error: true | |
uses: cardinalby/webext-buildtools-firefox-sign-xpi-action@6c31e947111a95f05682fc98c6340367cce49cdc # [email protected] | |
with: | |
timeoutMs: 1200000 | |
extensionId: ${{ secrets.FF_OFFLINE_EXT_ID }} | |
zipFilePath: yomitan-firefox-dev.zip | |
xpiFilePath: yomitan-firefox-dev.xpi | |
jwtIssuer: ${{ secrets.FF_JWT_ISSUER }} | |
jwtSecret: ${{ secrets.FF_JWT_SECRET }} | |
- name: Abort on sign error | |
if: | | |
steps.ffSignXpi.outcome == 'failure' && | |
steps.ffSignXpi.outputs.sameVersionAlreadyUploadedError != 'true' | |
run: exit 1 | |
- name: Generate hashes | |
id: hash | |
run: | | |
echo "hashes=$(sha256sum yomitan-firefox-dev.xpi | base64 -w0)" >> "$GITHUB_OUTPUT" | |
- name: Upload offline xpi release asset | |
id: uploadReleaseAsset | |
if: steps.ffSignXpi.outcome == 'success' | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ inputs.upload_url }} | |
asset_path: yomitan-firefox-dev.xpi | |
asset_name: yomitan-firefox-dev.xpi | |
asset_content_type: application/x-xpinstall | |
# update updates.json so that all people who have the dev version installed get the new update | |
- uses: actions/checkout@v4 | |
with: | |
ref: metadata | |
- name: Recreate updates.json | |
run: | | |
cat > updates.json << EOF | |
{ | |
"addons": { | |
"{2d13e145-294e-4ead-9bce-b4644b203a00}": { | |
"updates": [ | |
{ | |
"version": "${{ github.ref_name }}", | |
"update_link": "${{ steps.uploadReleaseAsset.outputs.browser_download_url }}" | |
} | |
] | |
} | |
} | |
} | |
EOF | |
- name: Commit files | |
continue-on-error: true | |
run: | | |
git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
git config --local user.name "github-actions[bot]" | |
git commit -a -m "${{ github.ref_name }}" | |
- name: Push changes | |
uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # pin@master | |
with: | |
branch: metadata | |
provenance: | |
needs: [build] | |
permissions: | |
actions: read # To read the workflow path. | |
id-token: write # To sign the provenance. | |
contents: write # To add assets to a release. | |
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | |
with: | |
base64-subjects: "${{ needs.build.outputs.hashes }}" | |
upload-assets: true |