blob: 37098a4611b7ef4a25b474e04f1b84b83ac2dbb6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
# For the Firefox development addon, people install it manually,
# and updates are distributed via the JSON file created in this
# action which is stored in the metadata branch of this repo.
name: publish-firefox-development
on:
workflow_dispatch:
inputs:
upload_url:
description: "The upload_url from the release created by create-prerelease-on-tag.yml"
required: true
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
environment: cd
permissions:
contents: write
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
steps:
- uses: robinraju/release-downloader@c39a3b234af58f0cf85888573d361fb6fa281534 # pin@v1.10
with:
tag: ${{ github.ref_name }}
fileName: "*"
- name: Sign Firefox xpi for offline distribution
id: ffSignXpi
continue-on-error: true
uses: cardinalby/webext-buildtools-firefox-sign-xpi-action@6c31e947111a95f05682fc98c6340367cce49cdc # pin@v1.0.8
with:
timeoutMs: 1200000
extensionId: ${{ secrets.FF_OFFLINE_EXT_ID }}
zipFilePath: yomitan-firefox-dev.zip
xpiFilePath: yomitan-firefox-dev.xpi
jwtIssuer: ${{ secrets.FF_JWT_ISSUER }}
jwtSecret: ${{ secrets.FF_JWT_SECRET }}
- name: Abort on sign error
if: |
steps.ffSignXpi.outcome == 'failure' &&
steps.ffSignXpi.outputs.sameVersionAlreadyUploadedError != 'true'
run: exit 1
- name: Generate hashes
id: hash
run: |
echo "hashes=$(sha256sum yomitan-firefox-dev.xpi | base64 -w0)" >> "$GITHUB_OUTPUT"
- name: Upload offline xpi release asset
id: uploadReleaseAsset
if: steps.ffSignXpi.outcome == 'success'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ inputs.upload_url }}
asset_path: yomitan-firefox-dev.xpi
asset_name: yomitan-firefox-dev.xpi
asset_content_type: application/x-xpinstall
# update updates.json so that all people who have the dev version installed get the new update
- uses: actions/checkout@v4
with:
ref: metadata
- name: Recreate updates.json
run: |
cat > updates.json << EOF
{
"addons": {
"{2d13e145-294e-4ead-9bce-b4644b203a00}": {
"updates": [
{
"version": "${{ github.ref_name }}",
"update_link": "${{ steps.uploadReleaseAsset.outputs.browser_download_url }}"
}
]
}
}
}
EOF
- name: Commit files
continue-on-error: true
run: |
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git commit -a -m "${{ github.ref_name }}"
- name: Push changes
uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # pin@master
with:
branch: metadata
provenance:
needs: [build]
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: "${{ needs.build.outputs.hashes }}"
upload-assets: true
|