publish-firefox-development #32
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# For the Firefox development addon, people install it manually, | ||
# and updates are distributed via the JSON file created in this | ||
# action which is stored in the metadata branch of this repo. | ||
name: publish-firefox-development | ||
on: | ||
workflow_dispatch: | ||
inputs: | ||
upload_url: | ||
description: "The upload_url from the release created by create-prerelease-on-tag.yml" | ||
required: true | ||
permissions: | ||
contents: read | ||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
environment: cd | ||
permissions: | ||
contents: write | ||
outputs: | ||
hashes: ${{ steps.hash.outputs.hashes }} | ||
steps: | ||
- uses: robinraju/release-downloader@a96f54c1b5f5e09e47d9504526e96febd949d4c2 # pin@v1.11 | ||
with: | ||
tag: ${{ github.ref_name }} | ||
fileName: "*" | ||
- name: Sign Firefox xpi for offline distribution | ||
id: ffSignXpi | ||
continue-on-error: true | ||
uses: cardinalby/webext-buildtools-firefox-sign-xpi-action@6c31e947111a95f05682fc98c6340367cce49cdc # pin@v1.0.8 | ||
with: | ||
timeoutMs: 1200000 | ||
extensionId: ${{ secrets.FF_OFFLINE_EXT_ID }} | ||
zipFilePath: rikaitan-firefox-dev.zip | ||
xpiFilePath: rikaitan-firefox-dev.xpi | ||
jwtIssuer: ${{ secrets.FF_JWT_ISSUER }} | ||
jwtSecret: ${{ secrets.FF_JWT_SECRET }} | ||
- name: Abort on sign error | ||
if: | | ||
steps.ffSignXpi.outcome == 'failure' && | ||
steps.ffSignXpi.outputs.sameVersionAlreadyUploadedError != 'true' | ||
run: exit 1 | ||
- name: Generate hashes | ||
id: hash | ||
run: | | ||
echo "hashes=$(sha256sum rikaitan-firefox-dev.xpi | base64 -w0)" >> "$GITHUB_OUTPUT" | ||
- name: Upload offline xpi release asset | ||
id: uploadReleaseAsset | ||
if: steps.ffSignXpi.outcome == 'success' | ||
uses: actions/upload-release-asset@v1 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
upload_url: ${{ github.event.release.upload_url }} | ||
upload_url: ${{ inputs.upload_url }} | ||
Check failure on line 59 in .github/workflows/publish-firefox-development.yml GitHub Actions / publish-firefox-developmentInvalid workflow file
|
||
asset_path: rikaitan-firefox-dev.xpi | ||
asset_name: rikaitan-firefox-dev.xpi | ||
asset_content_type: application/x-xpinstall | ||
# update updates.json so that all people who have the dev version installed get the new update | ||
- uses: actions/checkout@v4 | ||
with: | ||
ref: metadata | ||
- name: Recreate updates.json | ||
run: | | ||
cat > updates.json << EOF | ||
{ | ||
"addons": { | ||
"{2d13e145-294e-4ead-9bce-b4644b203a00}": { | ||
"updates": [ | ||
{ | ||
"version": "${{ github.ref_name }}", | ||
"update_link": "${{ steps.uploadReleaseAsset.outputs.browser_download_url }}" | ||
} | ||
] | ||
} | ||
} | ||
} | ||
EOF | ||
- name: Commit files | ||
continue-on-error: true | ||
run: | | ||
git config --local user.email "github-actions[bot]@users.noreply.github.com" | ||
git config --local user.name "github-actions[bot]" | ||
git commit -a -m "${{ github.ref_name }}" | ||
- name: Push changes | ||
uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # pin@master | ||
with: | ||
branch: metadata | ||
provenance: | ||
needs: [build] | ||
permissions: | ||
actions: read # To read the workflow path. | ||
id-token: write # To sign the provenance. | ||
contents: write # To add assets to a release. | ||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 | ||
with: | ||
base64-subjects: "${{ needs.build.outputs.hashes }}" | ||
upload-assets: true |