Implement entitlement reset #2181
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: WebExtension Lint, Build, Release, Publish | |
on: | |
push: | |
branches: | |
- master | |
- dev | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
- labeled | |
workflow_dispatch: | |
inputs: | |
branch: | |
type: choice | |
description: "Branch" | |
options: | |
- nightly | |
- stable | |
default: nightly | |
stage-host: | |
type: boolean | |
default: false | |
description: "Use stage-host" | |
store-upload: | |
type: boolean | |
default: false | |
description: "Upload to CWS/AMO" | |
deploy: | |
type: boolean | |
default: false | |
description: "Deploy Hosted Build" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.branch }} | |
env: | |
ARTIFACT_NAME: 7tv-webextension | |
EXTENSION_ID_CWS: ammjkodgmmoknidbanneddgankgfejfh | |
EXTENSION_ID_AMO: "[email protected]" | |
NIGHTLY_EXTENSION_ID_CWS: fphegifdehlodcepfkgofelcenelpedj | |
NIGHTLY_EXTENSION_ID_AMO: "[email protected]" | |
IS_MASTER_COMMIT: ${{ github.event_name == 'push' && github.ref_type == 'branch' && github.ref_name == 'master' }} | |
jobs: | |
ci: | |
name: WebExtension Lint, Build, Test | |
runs-on: ubuntu-latest | |
env: | |
installable: ${{ secrets.WEB_EXTENSION_CRX }} | |
concurrency: | |
group: ${{ github.workflow }}-ci-${{ github.ref }} | |
cancel-in-progress: true | |
steps: | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "18" | |
- name: Install Yarn | |
run: npm install -g yarn | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Node Modules Cache | |
uses: actions/cache@v3 | |
with: | |
path: node_modules | |
key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }} | |
- name: Install Dependencies | |
run: | | |
yarn | |
- name: Run Linter | |
run: yarn lint | |
- name: Build App | |
env: | |
BRANCH: ${{ (inputs.branch != 'stable' && 'nightly') || '' }} | |
EXTENSION_ID_MOZ: ${{ (inputs.branch == 'stable' && env.EXTENSION_ID_AMO) || env.NIGHTLY_EXTENSION_ID_AMO }} | |
run: | | |
OUT_DIR=mv3 yarn build:prod | |
OUT_DIR=mv2 MOZILLA_ID=${{ env.EXTENSION_ID_MOZ }} MV2=true yarn build:prod | |
- name: Create Build Archives | |
run: | | |
apt-get update && apt-get install -y zip | |
cd dist/mv3 && zip -r ../mv3.zip . && cd ../../ | |
cd dist/mv2 && zip -r ../mv2.zip . | |
# CRX is Chromium installer | |
- name: Create CRX (Chromium) | |
if: ${{ env.installable }} | |
uses: cardinalby/webext-buildtools-chrome-crx-action@v2 | |
with: | |
zipFilePath: dist/mv3.zip | |
crxFilePath: dist/ext.crx | |
privateKey: ${{ secrets.WEB_EXTENSION_CRX }} | |
# XPI is Firefox installer | |
- name: Create XPI (Firefox) | |
if: ${{ env.installable }} | |
id: web-ext-build | |
uses: kewisch/action-web-ext@v1 | |
with: | |
cmd: build | |
source: dist/mv2 | |
filename: ext.xpi | |
- name: Move XPI (Firefox) | |
if: ${{ env.installable }} | |
run: mv ${{ steps.web-ext-build.outputs.target }} dist/ext.xpi | |
- name: Structure Files | |
run: | | |
mkdir -p dist/manifest | |
cp dist/mv2/manifest.json dist/manifest/manifest.mv2.json | |
cp dist/mv3/manifest.json dist/manifest/manifest.mv3.json | |
- name: "Upload Artifact: Installable" | |
if: ${{ env.installable }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: installable | |
retention-days: 60 | |
path: | | |
dist/ext.crx | |
dist/ext.xpi | |
- name: "Upload Artifact: Unpacked" | |
uses: actions/upload-artifact@v3 | |
with: | |
name: build | |
retention-days: 60 | |
path: | | |
dist/mv3.zip | |
dist/mv2.zip | |
- name: Upload Manifest | |
uses: actions/upload-artifact@v3 | |
with: | |
name: manifest | |
path: dist/manifest | |
release: | |
name: Create Release | |
runs-on: ubuntu-latest | |
needs: [ci] | |
if: ${{ (inputs.branch) || (github.event_name == 'push' && github.ref_type == 'branch' && github.ref_name == 'master') }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Download Artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: build | |
path: ext | |
- name: Download Artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: installable | |
path: ext | |
- name: File Names | |
run: | | |
cd ext/ | |
for file in *; do | |
mv "$file" "7tv-webextension-$file" | |
done | |
- run: | | |
echo 'PACKAGE_JSON<<EOF' >> $GITHUB_ENV | |
cat ./package.json >> $GITHUB_ENV | |
echo 'EOF' >> $GITHUB_ENV | |
- name: Define Release Tag | |
id: release-tag | |
run: | | |
echo "VERSION=${{ fromJson(env.PACKAGE_JSON).version }}" >> $GITHUB_OUTPUT | |
echo "DEV_VERSION=${{ fromJson(env.PACKAGE_JSON).dev_version }}" >> $GITHUB_OUTPUT | |
if [[ "${{ inputs.branch == 'nightly' || env.IS_MASTER_COMMIT == 'true' }}" == "true" ]]; then | |
echo "RELEASE_TAG=nightly-release" >> $GITHUB_OUTPUT | |
exit 0 | |
fi | |
echo "RELEASE_TAG=${{ format('v{0}', fromJson(env.PACKAGE_JSON).version) }}" >> $GITHUB_OUTPUT | |
- name: Create Nightly Release | |
if: ${{ inputs.branch == 'nightly' || env.IS_MASTER_COMMIT == 'true' }} | |
id: create_nightly_release | |
uses: ncipollo/[email protected] | |
with: | |
removeArtifacts: true | |
allowUpdates: true | |
artifactErrorsFailBuild: true | |
artifacts: "ext/*" | |
body: ${{ github.event.head_commit.message }} | |
prerelease: true | |
name: Nightly Release | |
tag: ${{ steps.release-tag.outputs.RELEASE_TAG }} | |
- name: Update Nightly Tag | |
if: ${{ inputs.branch == 'nightly' || env.IS_MASTER_COMMIT == 'true' }} | |
run: | | |
git tag -f nightly-release | |
git push -f origin nightly-release | |
- name: Create Release | |
if: ${{ inputs.branch == 'stable' }} | |
id: create_release | |
uses: ncipollo/[email protected] | |
with: | |
artifactErrorsFailBuild: true | |
artifacts: "ext/*" | |
allowUpdates: true | |
prerelease: false | |
draft: true | |
omitBodyDuringUpdate: true | |
omitDraftDuringUpdate: true | |
omitNameDuringUpdate: true | |
omitPrereleaseDuringUpdate: true | |
replacesArtifacts: true | |
body: ${{ github.event.head_commit.message }} | |
name: ${{ steps.release-tag.outputs.RELEASE_TAG }} | |
tag: ${{ steps.release-tag.outputs.RELEASE_TAG }} | |
outputs: | |
release_tag: ${{ steps.release-tag.outputs.RELEASE_TAG }} | |
version: ${{ steps.release-tag.outputs.VERSION }} | |
dev_version: ${{ steps.release-tag.outputs.DEV_VERSION }} | |
deploy: | |
name: Deploy Hosted Build | |
runs-on: ubuntu-latest | |
needs: [ci, release] | |
if: ${{ inputs.deploy || (github.event_name == 'push' && github.ref_type == 'branch' && github.ref_name == 'master') }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "18" | |
- name: Install Yarn | |
run: npm install -g yarn | |
- name: Install Dependencies | |
run: | | |
yarn | |
- name: Build (Hosted) | |
env: | |
BRANCH: ${{ (inputs.branch != 'stable' && 'nightly') || '' }} | |
MANIFEST_NAME: ${{ (inputs.stage-host && 'Stage') || ''}} | |
run: | | |
yarn build-hosted:prod | |
- name: Upload to Host | |
uses: shallwefootball/s3-upload-action@master | |
with: | |
endpoint: ${{ secrets.R2_API_ENDPOINT }} | |
aws_key_id: ${{ secrets.R2_API_AK }} | |
aws_secret_access_key: ${{ secrets.R2_API_SECRET }} | |
aws_bucket: 7tv-extension | |
source_dir: "dist-hosted/" | |
destination_dir: "" | |
push: | |
name: Submit to CWS / Sign XPI | |
runs-on: aws-runner | |
needs: [ci, release] | |
if: ${{ inputs.store-upload && inputs.branch }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "18" | |
# Retrieve the non-CRX MV3 zip to be uploaded to CWS | |
- name: Download Artifact (Build) | |
uses: actions/download-artifact@v3 | |
with: | |
name: build | |
path: ext | |
- name: Download Artifact (Installable) | |
uses: actions/download-artifact@v3 | |
with: | |
name: installable | |
path: ext | |
# Get the XPI File for Firefox | |
# It will be uploaded to AMO | |
- name: Download Manifest | |
uses: actions/download-artifact@v3 | |
with: | |
name: manifest | |
path: manifest | |
- name: CLI Setup | |
run: | | |
npm install -g chrome-webstore-upload-cli | |
- name: Upload to CWS | |
continue-on-error: true | |
env: | |
CREDENTIALS: ${{ secrets.CWS }} | |
EXTENSION_ID: ${{ (inputs.branch == 'stable' && env.EXTENSION_ID_CWS) || env.NIGHTLY_EXTENSION_ID_CWS }} | |
run: | | |
echo "${{ env.CREDENTIALS }}" >> c | |
chrome-webstore-upload upload \ | |
--source ext/mv3.zip \ | |
--extension-id $EXTENSION_ID \ | |
--client-id "$(sed '1q;d' c)" \ | |
--client-secret "$(sed '2q;d' c)" \ | |
--refresh-token "$(sed '3q;d' c)" | |
- name: Copy Unsigned XPI | |
run: | | |
cp ext/ext.xpi ext/ext-signable.xpi | |
mkdir web-ext-artifacts/ | |
- name: Sign XPI (Firefox) | |
id: xpi-sign | |
continue-on-error: true | |
uses: kewisch/action-web-ext@v1 | |
with: | |
cmd: sign | |
source: ext/ext-signable.xpi | |
channel: unlisted | |
apiKey: ${{ secrets.AMO_API_KEY }} | |
apiSecret: ${{ secrets.AMO_API_SECRET }} | |
timeout: 900000 | |
- name: Move Signed XPI (Firefox) | |
if: ${{ steps.xpi-sign.outputs.target }} | |
run: mv ${{ steps.xpi-sign.outputs.target }} ext/ext-signed.xpi | |
- name: "Upload Artifact: Signed XPI" | |
if: ${{ steps.xpi-sign.outputs.target }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: installable | |
retention-days: 60 | |
path: | | |
ext/ext-signed.xpi | |
- name: "Rename Signed Artifact" | |
if: ${{ steps.xpi-sign.outputs.target }} | |
run: cp ext/ext-signed.xpi ext/7tv-webextension-ext-signed.xpi | |
- name: Update Release | |
if: ${{ steps.xpi-sign.outputs.target && needs.release.outputs.release_tag }} | |
uses: ncipollo/[email protected] | |
with: | |
allowUpdates: true | |
artifacts: "ext/7tv-webextension-ext-signed.xpi" | |
body: ${{ github.event.head_commit.message }} | |
omitNameDuringUpdate: true | |
omitPrereleaseDuringUpdate: true | |
omitDraftDuringUpdate: true | |
omitBodyDuringUpdate: true | |
tag: ${{ needs.release.outputs.release_tag }} |