Release and Publish for Browser Extension (#13) #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Browser Extension | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| browser: | ||
| description: Browser platform to build for as an array (e.g., '["chrome"]", '["firefox", "chrome"]') | ||
| required: false | ||
| default: '["chrome", "firefox"]' | ||
| type: string | ||
| tag: | ||
| description: Tag to deploy (e.g., "ecu-test-diff-1.0.0") | ||
| required: true | ||
| type: string | ||
| push: | ||
| tags: | ||
| - 'ecu-test-diff-[0-9]+.[0-9]+.[0-9]+' | ||
| jobs: | ||
| setup: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| tag-version: ${{ steps.set-tag.outputs.tag-version }} | ||
| steps: | ||
| - name: Set tag | ||
| id: set-tag | ||
| run: | | ||
| # determine if the workflow was triggered by a dispatch event or a tag push, and set the tag version accordingly | ||
| if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then | ||
| TAG_VERSION="${{ github.event.inputs.tag }}" | ||
| # validate tag version | ||
| if [[ ! $TAG_VERSION =~ ^ecu-test-diff-[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | ||
| echo "❌ Invalid tag version format. Expected format: ecu-test-diff-x.y.z" | ||
| exit 1 | ||
| fi | ||
| echo "tag-version=$TAG_VERSION" >> $GITHUB_OUTPUT | ||
| else | ||
| TAG_VERSION="${GITHUB_REF#refs/tags/}" | ||
| echo "tag-version=$TAG_VERSION" >> $GITHUB_OUTPUT | ||
| fi | ||
| version-check: | ||
| needs: set-tag | ||
|
Check failure on line 42 in .github/workflows/deploy.yml
|
||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| proceed: ${{ steps.version-check.outputs.proceed }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Check tag matches manifest version | ||
| id: version-check | ||
| run: | | ||
| sudo apt-get update -y | ||
| sudo apt-get install -y jq | ||
| TAG_VERSION="${{ needs.setup.outputs.tag-version }}" | ||
| MANIFEST_VERSION=$(jq -r '.version' static/manifest.json) | ||
| echo "Tag version: $TAG_VERSION" | ||
| echo "Manifest version: $MANIFEST_VERSION" | ||
| # check for beta versions first | ||
| if [[ "$MANIFEST_VERSION" == *-beta* ]]; then | ||
| echo "❌ Release workflow is not supported for beta versions. Manifest version ($MANIFEST_VERSION) is not ready for publishing." | ||
| echo "proceed=false" >> $GITHUB_OUTPUT | ||
| exit 1 | ||
| fi | ||
| # extract the version from the tag | ||
| TAG_VERSION=${TAG_VERSION#ecu-test-diff-} | ||
| if [ "$TAG_VERSION" != "$MANIFEST_VERSION" ]; then | ||
| echo "❌ Tag version ($TAG_VERSION) does not match manifest version ($MANIFEST_VERSION)." | ||
| echo "proceed=false" >> $GITHUB_OUTPUT | ||
| exit 1 | ||
| fi | ||
| echo "✅ Tag version matches manifest version." | ||
| echo "proceed=true" >> $GITHUB_OUTPUT | ||
| build: | ||
| needs: version-check | ||
| if: needs.version-check.outputs.proceed == 'true' | ||
| uses: ./.github/workflows/build.yml | ||
| with: | ||
| browser: ${{ fromJSON(github.event.inputs.browser || '["chrome", "firefox"]') }} | ||
| publish: | ||
| needs: [version-check, build] | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| browser: ${{ fromJSON(github.event.inputs.browser || '["chrome", "firefox"]') }} | ||
| steps: | ||
| - name: Get artifact from build job | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ matrix.browser }}-extension | ||
| - name: Set up Node v20 | ||
| if: ${{ matrix.browser == 'firefox' }} | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 20 | ||
| cache: 'npm' | ||
| cache-dependency-path: 'package-lock.json' | ||
| - name: Install web-ext | ||
| if: matrix.browser == 'firefox' | ||
| run: npm install -g web-ext | ||
| - name: Publish as Firefox add-on | ||
| if: ${{ matrix.browser == 'firefox' }} | ||
| env: | ||
| AMO_JWT_ISSUER: ${{ secrets.AMO_JWT_ISSUER }} | ||
| AMO_JWT_SECRET: ${{ secrets.AMO_JWT_SECRET }} | ||
| run: | | ||
| # extract artifact | ||
| mkdir -p "./${{ matrix.browser }}-extension" | ||
| unzip -o "${{ matrix.browser }}-extension.zip" -d "./${{ matrix.browser }}-extension" | ||
| # sign the extension | ||
| web-ext sign \ | ||
| --api-key="$AMO_JWT_ISSUER" \ | ||
| --api-secret="$AMO_JWT_SECRET" \ | ||
| --channel=listed \ | ||
| --source-dir="./${{ matrix.browser }}-extension" | ||
| - name: Publish to Chrome Web Store | ||
| if: ${{ matrix.browser == 'chrome' }} | ||
| uses: mnao305/chrome-extension-upload@v5.0.0 | ||
| with: | ||
| file-path: ${{ matrix.browser }}-extension.zip | ||
| extension-id: ${{ secrets.EXTENSION_ID }} | ||
| client-id: ${{ secrets.CLIENT_ID }} | ||
| client-secret: ${{ secrets.CLIENT_SECRET }} | ||
| refresh-token: ${{ secrets.REFRESH_TOKEN }} # or "trustedTesters" for internal testing | ||
