Remove redundant gitignore entry #55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Extension | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| detect: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| should_publish: ${{ steps.release.outputs.should_publish }} | |
| publish_chrome: ${{ steps.release.outputs.publish_chrome }} | |
| publish_firefox: ${{ steps.release.outputs.publish_firefox }} | |
| replace_chrome: ${{ steps.release.outputs.replace_chrome }} | |
| current_version: ${{ steps.release.outputs.current_version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Detect release target and version change | |
| id: release | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| current_version="$(python3 - <<'PY' | |
| import json | |
| with open("manifest.json", "r", encoding="utf-8") as f: | |
| print(json.load(f)["version"]) | |
| PY | |
| )" | |
| before_sha="${{ github.event.before }}" | |
| previous_version="" | |
| if [ "$before_sha" != "0000000000000000000000000000000000000000" ] && git cat-file -e "${before_sha}:manifest.json" 2>/dev/null; then | |
| previous_version="$(git show "${before_sha}:manifest.json" | python3 -c 'import json, sys; print(json.load(sys.stdin)["version"])')" | |
| fi | |
| commit_message="$(git log -1 --pretty=%B)" | |
| publish_chrome=false | |
| publish_firefox=false | |
| replace_chrome=false | |
| if grep -qi '\[chrome+firefox\]' <<< "$commit_message"; then | |
| publish_chrome=true | |
| publish_firefox=true | |
| fi | |
| if grep -qi '\[chrome\]' <<< "$commit_message"; then | |
| publish_chrome=true | |
| fi | |
| if grep -qi '\[firefox\]' <<< "$commit_message"; then | |
| publish_firefox=true | |
| fi | |
| if grep -qi '\[replace-chrome\]' <<< "$commit_message"; then | |
| publish_chrome=true | |
| replace_chrome=true | |
| fi | |
| echo "current_version=$current_version" >> "$GITHUB_OUTPUT" | |
| echo "previous_version=$previous_version" >> "$GITHUB_OUTPUT" | |
| echo "publish_chrome=$publish_chrome" >> "$GITHUB_OUTPUT" | |
| echo "publish_firefox=$publish_firefox" >> "$GITHUB_OUTPUT" | |
| echo "replace_chrome=$replace_chrome" >> "$GITHUB_OUTPUT" | |
| if [ "$publish_chrome" != "true" ] && [ "$publish_firefox" != "true" ]; then | |
| echo "should_publish=false" >> "$GITHUB_OUTPUT" | |
| echo "No release keyword found. Use [chrome], [firefox], [chrome+firefox], or [replace-chrome] to publish." | |
| exit 0 | |
| fi | |
| if [ -n "$previous_version" ] && [ "$previous_version" = "$current_version" ]; then | |
| echo "Release keyword found, but manifest version is still $current_version." | |
| echo "Bump manifest.json before publishing to a store." | |
| exit 1 | |
| fi | |
| echo "should_publish=true" >> "$GITHUB_OUTPUT" | |
| echo "Publishing version $current_version. Chrome=$publish_chrome Firefox=$publish_firefox ReplaceChrome=$replace_chrome" | |
| - name: Build packages | |
| if: steps.release.outputs.should_publish == 'true' | |
| run: python3 build.py | |
| - name: Upload build artifacts | |
| if: steps.release.outputs.should_publish == 'true' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: | | |
| dist/ | |
| amo-metadata.json | |
| publish-chrome: | |
| needs: detect | |
| if: needs.detect.outputs.should_publish == 'true' && needs.detect.outputs.publish_chrome == 'true' | |
| runs-on: ubuntu-latest | |
| env: | |
| CHROME_EXTENSION_ID: aojjnbkipebndcbnojlliplfbhnpidhk | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| - name: Refresh Chrome Web Store access token | |
| id: token | |
| shell: bash | |
| env: | |
| CLIENT_ID: ${{ secrets.CWS_CLIENT_ID }} | |
| CLIENT_SECRET: ${{ secrets.CWS_CLIENT_SECRET }} | |
| REFRESH_TOKEN: ${{ secrets.CWS_REFRESH_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| response="$(curl -sS https://oauth2.googleapis.com/token \ | |
| -d "client_id=$CLIENT_ID" \ | |
| -d "client_secret=$CLIENT_SECRET" \ | |
| -d "refresh_token=$REFRESH_TOKEN" \ | |
| -d "grant_type=refresh_token")" | |
| access_token="$(python3 - <<'PY' "$response" | |
| import json, sys | |
| data = json.loads(sys.argv[1]) | |
| if "access_token" not in data: | |
| raise SystemExit(json.dumps(data)) | |
| print(data["access_token"]) | |
| PY | |
| )" | |
| echo "::add-mask::$access_token" | |
| echo "access_token=$access_token" >> "$GITHUB_OUTPUT" | |
| - name: Cancel pending Chrome review | |
| if: needs.detect.outputs.replace_chrome == 'true' | |
| shell: bash | |
| env: | |
| ACCESS_TOKEN: ${{ steps.token.outputs.access_token }} | |
| PUBLISHER_ID: ${{ secrets.CWS_PUBLISHER_ID }} | |
| run: | | |
| set -euo pipefail | |
| response=$(curl -sS -w "\n%{http_code}" \ | |
| -H "Authorization: Bearer $ACCESS_TOKEN" \ | |
| -X POST \ | |
| "https://chromewebstore.googleapis.com/v2/publishers/$PUBLISHER_ID/items/$CHROME_EXTENSION_ID:cancelSubmission") | |
| http_code=$(echo "$response" | tail -1) | |
| body=$(echo "$response" | head -n -1) | |
| if [ "$http_code" -ge 200 ] && [ "$http_code" -lt 300 ]; then | |
| echo "Canceled pending Chrome submission." | |
| exit 0 | |
| fi | |
| if [ "$http_code" = "400" ] || [ "$http_code" = "404" ]; then | |
| echo "No cancelable Chrome submission found, or cancel was not needed." | |
| echo "$body" | |
| exit 0 | |
| fi | |
| echo "$body" | |
| exit 1 | |
| - name: Upload to Chrome Web Store | |
| id: upload | |
| shell: bash | |
| env: | |
| ACCESS_TOKEN: ${{ steps.token.outputs.access_token }} | |
| PUBLISHER_ID: ${{ secrets.CWS_PUBLISHER_ID }} | |
| VERSION: ${{ needs.detect.outputs.current_version }} | |
| run: | | |
| set -euo pipefail | |
| response=$(curl -sS -w "\n%{http_code}" \ | |
| -H "Authorization: Bearer $ACCESS_TOKEN" \ | |
| -X POST \ | |
| -T "dist/ketuvia-chrome-$VERSION.zip" \ | |
| "https://chromewebstore.googleapis.com/upload/v2/publishers/$PUBLISHER_ID/items/$CHROME_EXTENSION_ID:upload") | |
| http_code=$(echo "$response" | tail -1) | |
| body=$(echo "$response" | head -n -1) | |
| if [ "$http_code" = "400" ]; then | |
| reason=$(python3 -c 'import json,sys; d=json.load(sys.stdin); print(d.get("error",{}).get("reason",""))' <<< "$body" 2>/dev/null || echo "") | |
| if [ "$reason" = "NOT_UPDATEABLE" ]; then | |
| echo "Chrome item is currently in review. Use [replace-chrome] on a new version commit to cancel the pending review first." | |
| echo "skipped=true" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| echo "$body"; exit 1 | |
| fi | |
| if [ "$http_code" -ge 400 ] 2>/dev/null; then | |
| echo "$body"; exit 1 | |
| fi | |
| echo "skipped=false" >> "$GITHUB_OUTPUT" | |
| - name: Publish Chrome submission | |
| if: steps.upload.outputs.skipped != 'true' | |
| shell: bash | |
| env: | |
| ACCESS_TOKEN: ${{ steps.token.outputs.access_token }} | |
| PUBLISHER_ID: ${{ secrets.CWS_PUBLISHER_ID }} | |
| run: | | |
| set -euo pipefail | |
| curl -sS --fail-with-body \ | |
| -H "Authorization: Bearer $ACCESS_TOKEN" \ | |
| -X POST \ | |
| "https://chromewebstore.googleapis.com/v2/publishers/$PUBLISHER_ID/items/$CHROME_EXTENSION_ID:publish" | |
| publish-firefox: | |
| needs: detect | |
| if: needs.detect.outputs.should_publish == 'true' && needs.detect.outputs.publish_firefox == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Publish to Firefox Add-ons (AMO) | |
| shell: bash | |
| env: | |
| AMO_JWT_ISSUER: ${{ secrets.AMO_JWT_ISSUER }} | |
| AMO_JWT_SECRET: ${{ secrets.AMO_JWT_SECRET }} | |
| run: | | |
| set -uo pipefail | |
| output=$(npx --yes web-ext@8 sign \ | |
| --source-dir=dist/firefox \ | |
| --channel=listed \ | |
| --api-key="$AMO_JWT_ISSUER" \ | |
| --api-secret="$AMO_JWT_SECRET" \ | |
| --amo-metadata=amo-metadata.json \ | |
| --approval-timeout=0 2>&1) && echo "$output" || { | |
| echo "$output" | |
| echo "$output" | grep -q "already exists" && { echo "Version already submitted to AMO - skipping."; exit 0; } | |
| exit 1 | |
| } |