Skip to content

publish-firefox-development #2

publish-firefox-development

publish-firefox-development #2

# For the Firefox development addon, people install it manually,
# and updates are distributed via the JSON file created in this
# action which is stored in the metadata branch of this repo.
name: publish-firefox-development
on:
workflow_dispatch:
inputs:
upload_url:
description: "The upload_url from the release created by create-prerelease-on-tag.yml"
required: true
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
environment: cd
permissions:
contents: write
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
steps:
- uses: robinraju/release-downloader@a96f54c1b5f5e09e47d9504526e96febd949d4c2 # [email protected]
with:
tag: ${{ github.ref_name }}
fileName: "*"
- name: Sign Firefox xpi for offline distribution
id: ffSignXpi
continue-on-error: true
uses: cardinalby/webext-buildtools-firefox-sign-xpi-action@6c31e947111a95f05682fc98c6340367cce49cdc # [email protected]
with:
timeoutMs: 1200000
extensionId: ${{ secrets.FF_OFFLINE_EXT_ID }}
zipFilePath: yomitan-firefox-dev.zip
xpiFilePath: yomitan-firefox-dev.xpi
jwtIssuer: ${{ secrets.FF_JWT_ISSUER }}
jwtSecret: ${{ secrets.FF_JWT_SECRET }}
- name: Abort on sign error
if: |
steps.ffSignXpi.outcome == 'failure' &&
steps.ffSignXpi.outputs.sameVersionAlreadyUploadedError != 'true'
run: exit 1
- name: Generate hashes
id: hash
run: |
echo "hashes=$(sha256sum yomitan-firefox-dev.xpi | base64 -w0)" >> "$GITHUB_OUTPUT"
- name: Upload offline xpi release asset
id: uploadReleaseAsset
if: steps.ffSignXpi.outcome == 'success'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ inputs.upload_url }}
asset_path: yomitan-firefox-dev.xpi
asset_name: yomitan-firefox-dev.xpi
asset_content_type: application/x-xpinstall
# update updates.json so that all people who have the dev version installed get the new update
- uses: actions/checkout@v4
with:
ref: metadata
- name: Recreate updates.json
run: |
cat > updates.json << EOF
{
"addons": {
"{2d13e145-294e-4ead-9bce-b4644b203a00}": {
"updates": [
{
"version": "${{ github.ref_name }}",
"update_link": "${{ steps.uploadReleaseAsset.outputs.browser_download_url }}"
}
]
}
}
}
EOF
- name: Commit files
continue-on-error: true
run: |
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git commit -a -m "${{ github.ref_name }}"
- name: Push changes
uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # pin@master
with:
branch: metadata
provenance:
needs: [build]
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
base64-subjects: "${{ needs.build.outputs.hashes }}"
upload-assets: true