Skip to content

Remove redundant gitignore entry #55

Remove redundant gitignore entry

Remove redundant gitignore entry #55

name: Publish Extension
on:
push:
branches:
- main
permissions:
contents: read
jobs:
detect:
runs-on: ubuntu-latest
outputs:
should_publish: ${{ steps.release.outputs.should_publish }}
publish_chrome: ${{ steps.release.outputs.publish_chrome }}
publish_firefox: ${{ steps.release.outputs.publish_firefox }}
replace_chrome: ${{ steps.release.outputs.replace_chrome }}
current_version: ${{ steps.release.outputs.current_version }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect release target and version change
id: release
shell: bash
run: |
set -euo pipefail
current_version="$(python3 - <<'PY'
import json
with open("manifest.json", "r", encoding="utf-8") as f:
print(json.load(f)["version"])
PY
)"
before_sha="${{ github.event.before }}"
previous_version=""
if [ "$before_sha" != "0000000000000000000000000000000000000000" ] && git cat-file -e "${before_sha}:manifest.json" 2>/dev/null; then
previous_version="$(git show "${before_sha}:manifest.json" | python3 -c 'import json, sys; print(json.load(sys.stdin)["version"])')"
fi
commit_message="$(git log -1 --pretty=%B)"
publish_chrome=false
publish_firefox=false
replace_chrome=false
if grep -qi '\[chrome+firefox\]' <<< "$commit_message"; then
publish_chrome=true
publish_firefox=true
fi
if grep -qi '\[chrome\]' <<< "$commit_message"; then
publish_chrome=true
fi
if grep -qi '\[firefox\]' <<< "$commit_message"; then
publish_firefox=true
fi
if grep -qi '\[replace-chrome\]' <<< "$commit_message"; then
publish_chrome=true
replace_chrome=true
fi
echo "current_version=$current_version" >> "$GITHUB_OUTPUT"
echo "previous_version=$previous_version" >> "$GITHUB_OUTPUT"
echo "publish_chrome=$publish_chrome" >> "$GITHUB_OUTPUT"
echo "publish_firefox=$publish_firefox" >> "$GITHUB_OUTPUT"
echo "replace_chrome=$replace_chrome" >> "$GITHUB_OUTPUT"
if [ "$publish_chrome" != "true" ] && [ "$publish_firefox" != "true" ]; then
echo "should_publish=false" >> "$GITHUB_OUTPUT"
echo "No release keyword found. Use [chrome], [firefox], [chrome+firefox], or [replace-chrome] to publish."
exit 0
fi
if [ -n "$previous_version" ] && [ "$previous_version" = "$current_version" ]; then
echo "Release keyword found, but manifest version is still $current_version."
echo "Bump manifest.json before publishing to a store."
exit 1
fi
echo "should_publish=true" >> "$GITHUB_OUTPUT"
echo "Publishing version $current_version. Chrome=$publish_chrome Firefox=$publish_firefox ReplaceChrome=$replace_chrome"
- name: Build packages
if: steps.release.outputs.should_publish == 'true'
run: python3 build.py
- name: Upload build artifacts
if: steps.release.outputs.should_publish == 'true'
uses: actions/upload-artifact@v4
with:
name: dist
path: |
dist/
amo-metadata.json
publish-chrome:
needs: detect
if: needs.detect.outputs.should_publish == 'true' && needs.detect.outputs.publish_chrome == 'true'
runs-on: ubuntu-latest
env:
CHROME_EXTENSION_ID: aojjnbkipebndcbnojlliplfbhnpidhk
steps:
- uses: actions/download-artifact@v4
with:
name: dist
- name: Refresh Chrome Web Store access token
id: token
shell: bash
env:
CLIENT_ID: ${{ secrets.CWS_CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.CWS_CLIENT_SECRET }}
REFRESH_TOKEN: ${{ secrets.CWS_REFRESH_TOKEN }}
run: |
set -euo pipefail
response="$(curl -sS https://oauth2.googleapis.com/token \
-d "client_id=$CLIENT_ID" \
-d "client_secret=$CLIENT_SECRET" \
-d "refresh_token=$REFRESH_TOKEN" \
-d "grant_type=refresh_token")"
access_token="$(python3 - <<'PY' "$response"
import json, sys
data = json.loads(sys.argv[1])
if "access_token" not in data:
raise SystemExit(json.dumps(data))
print(data["access_token"])
PY
)"
echo "::add-mask::$access_token"
echo "access_token=$access_token" >> "$GITHUB_OUTPUT"
- name: Cancel pending Chrome review
if: needs.detect.outputs.replace_chrome == 'true'
shell: bash
env:
ACCESS_TOKEN: ${{ steps.token.outputs.access_token }}
PUBLISHER_ID: ${{ secrets.CWS_PUBLISHER_ID }}
run: |
set -euo pipefail
response=$(curl -sS -w "\n%{http_code}" \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-X POST \
"https://chromewebstore.googleapis.com/v2/publishers/$PUBLISHER_ID/items/$CHROME_EXTENSION_ID:cancelSubmission")
http_code=$(echo "$response" | tail -1)
body=$(echo "$response" | head -n -1)
if [ "$http_code" -ge 200 ] && [ "$http_code" -lt 300 ]; then
echo "Canceled pending Chrome submission."
exit 0
fi
if [ "$http_code" = "400" ] || [ "$http_code" = "404" ]; then
echo "No cancelable Chrome submission found, or cancel was not needed."
echo "$body"
exit 0
fi
echo "$body"
exit 1
- name: Upload to Chrome Web Store
id: upload
shell: bash
env:
ACCESS_TOKEN: ${{ steps.token.outputs.access_token }}
PUBLISHER_ID: ${{ secrets.CWS_PUBLISHER_ID }}
VERSION: ${{ needs.detect.outputs.current_version }}
run: |
set -euo pipefail
response=$(curl -sS -w "\n%{http_code}" \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-X POST \
-T "dist/ketuvia-chrome-$VERSION.zip" \
"https://chromewebstore.googleapis.com/upload/v2/publishers/$PUBLISHER_ID/items/$CHROME_EXTENSION_ID:upload")
http_code=$(echo "$response" | tail -1)
body=$(echo "$response" | head -n -1)
if [ "$http_code" = "400" ]; then
reason=$(python3 -c 'import json,sys; d=json.load(sys.stdin); print(d.get("error",{}).get("reason",""))' <<< "$body" 2>/dev/null || echo "")
if [ "$reason" = "NOT_UPDATEABLE" ]; then
echo "Chrome item is currently in review. Use [replace-chrome] on a new version commit to cancel the pending review first."
echo "skipped=true" >> "$GITHUB_OUTPUT"
exit 0
fi
echo "$body"; exit 1
fi
if [ "$http_code" -ge 400 ] 2>/dev/null; then
echo "$body"; exit 1
fi
echo "skipped=false" >> "$GITHUB_OUTPUT"
- name: Publish Chrome submission
if: steps.upload.outputs.skipped != 'true'
shell: bash
env:
ACCESS_TOKEN: ${{ steps.token.outputs.access_token }}
PUBLISHER_ID: ${{ secrets.CWS_PUBLISHER_ID }}
run: |
set -euo pipefail
curl -sS --fail-with-body \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-X POST \
"https://chromewebstore.googleapis.com/v2/publishers/$PUBLISHER_ID/items/$CHROME_EXTENSION_ID:publish"
publish-firefox:
needs: detect
if: needs.detect.outputs.should_publish == 'true' && needs.detect.outputs.publish_firefox == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
name: dist
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Publish to Firefox Add-ons (AMO)
shell: bash
env:
AMO_JWT_ISSUER: ${{ secrets.AMO_JWT_ISSUER }}
AMO_JWT_SECRET: ${{ secrets.AMO_JWT_SECRET }}
run: |
set -uo pipefail
output=$(npx --yes web-ext@8 sign \
--source-dir=dist/firefox \
--channel=listed \
--api-key="$AMO_JWT_ISSUER" \
--api-secret="$AMO_JWT_SECRET" \
--amo-metadata=amo-metadata.json \
--approval-timeout=0 2>&1) && echo "$output" || {
echo "$output"
echo "$output" | grep -q "already exists" && { echo "Version already submitted to AMO - skipping."; exit 0; }
exit 1
}