-
Notifications
You must be signed in to change notification settings - Fork 14
191 lines (169 loc) · 7.1 KB
/
sign-and-release-to-github.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
name: continuous prerelease to GitHub
on:
push:
branches: [ "*" ]
# When pushing version number tags (not prefixed with a v):
tags: [ "[0-9]+.[0-9]+.[0-9]+" ]
workflow_dispatch:
jobs:
prepare-deployment:
runs-on: ubuntu-latest
outputs:
deployment-id: ${{ fromJson(steps.create-deployment.outputs.result).data.id }}
steps:
- name: Create GitHub Deployment
id: create-deployment
uses: actions/github-script@v5
with:
script: |
return await github.rest.repos.createDeployment({
owner: context.repo.owner,
repo: context.repo.repo,
ref: context.sha,
environment: "review",
transient_environment: true,
auto_merge: false,
// The deployment runs in parallel with CI, so status checks will never have succeeded yet:
required_contexts: [],
});
sign-tag-release:
runs-on: ubuntu-latest
needs: [prepare-deployment]
steps:
- name: Mark GitHub Deployment as in progress
id: start-deployment
uses: actions/github-script@v5
env:
DEPLOYMENT_ID: "${{ needs.prepare-deployment.outputs.deployment-id }}"
with:
script: |
return await github.rest.repos.createDeploymentStatus({
owner: context.repo.owner,
repo: context.repo.repo,
deployment_id: process.env.DEPLOYMENT_ID,
description: "Building add-on",
environment: "review",
log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`,
state: "in_progress",
});
- name: "Checkout"
uses: actions/checkout@v2
- name: "Update translations"
run: git submodule update --init --recursive --remote
- name: "Set up node"
uses: actions/[email protected]
with:
node-version: 16
cache: 'npm'
- name: "Install"
run: npm install
- name: "Lint"
run: npm run lint
# The l10n submodule .github folder breaks web-ext linting so remove it
- name: "Remove locales .github folder"
run: npm run remove-locales-github
- name: "Configure add-on for the stage site"
run: npm run config:stage
if: github.ref_type == 'branch'
- name: "Configure add-on for the production site"
run: npm run config:prod
if: github.ref_type == 'tag'
- name: "Set the version"
id: version
run: |
# For regular pushes, mark the version as YYYY.MM.DD.minutes:
if [ $REF_TYPE == "branch" ];
then
export VERSION="$(date +%Y.%-m.%-d.)$(echo $(( $(date '+%-H *60 + %-M') )))";
jq ".version = \"$VERSION\"" src/manifest.json > manifest.json~;
mv manifest.json~ src/manifest.json;
git diff;
echo "version=$VERSION" >> $GITHUB_OUTPUT;
# But when pushing a tag, just pass on the manifest.json version to other steps:
else
export VERSION=$(jq ".version" src/manifest.json);
echo "version=${VERSION//\"/}" >> $GITHUB_OUTPUT;
fi
env:
REF_TYPE: ${{ github.ref_type }}
- name: "Sign"
run: ./node_modules/.bin/web-ext sign -s src --channel=unlisted --api-key=${{ secrets.AMO_API_KEY }} --api-secret=${{ secrets.AMO_API_SECRET }}
if: github.ref_type == 'branch'
- name: "Tag"
run: |
git config user.name "GitHub Action: Sign, Tag, Release"
git config user.email "<>"
git tag ${{ steps.version.outputs.version }}
git push origin --tags
if: github.ref_type == 'branch'
- name: "Make release notes"
id: release_notes
run: echo 'release_notes=$(git log --no-merges --pretty=format:"%h %s" ${{ steps.version.outputs.version }}^..${{ steps.version.outputs.version }})' >> $GITHUB_OUTPUT;
- uses: actions/upload-artifact@v2
with:
name: fx-private-relay-stage.xpi
path: web-ext-artifacts/private_relay-${{ steps.version.outputs.version }}.xpi
- name: "Configure manifest.json for Chrome build"
run: npm run config:chrome
- uses: actions/upload-artifact@v2
with:
name: fx-private-relay-extension.zip
path: src/
- name: Mark GitHub Deployment as successful
uses: actions/github-script@v5
with:
script: |
return await github.rest.repos.createDeploymentStatus({
owner: context.repo.owner,
repo: context.repo.repo,
deployment_id: parseInt(process.env.DEPLOYMENT_ID, 10),
description: "Add-on built successfully.",
environment: "review",
log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`,
state: "success",
});
env:
DEPLOYMENT_ID: "${{ needs.prepare-deployment.outputs.deployment-id }}"
- name: Mark GitHub Deployment as failed
uses: actions/github-script@v5
if: failure()
with:
script: |
return await github.rest.repos.createDeploymentStatus({
owner: context.repo.owner,
repo: context.repo.repo,
deployment_id: parseInt(process.env.DEPLOYMENT_ID, 10),
description: "Build the add-on failed. Review the GitHub Actions log for more information.",
log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`,
environment: "review",
state: "failure",
});
env:
DEPLOYMENT_ID: "${{ needs.prepare-deployment.outputs.deployment-id }}"
## This should theoretically be enough to publish the extension as a GitHub Release,
## except for sending the actual .xpi in the body of a request using octokit/request-action.
## Left in as documentation in case someone wants to finish this up:
# - name: "Release"
# id: create_release
# uses: octokit/[email protected]
# with:
# route: POST /repos/{owner}/{repo}/releases
# owner: mozilla
# repo: fx-private-relay-add-on
# prerelease: true
# tag_name: ${{ steps.version.outputs.version }}
# body: ${{ steps.release_notes.outputs.release_notes }}
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# - name: "Upload extension"
# uses: octokit/[email protected]
# with:
# route: POST /repos/{owner}/{repo}/releases/{release_id}/assets
# owner: mozilla
# repo: fx-private-relay-add-on
# release_id: ${{ fromJson(steps.create_release.outputs.data).id }}
# body: # TODO: Figure out how to pass the binary data of
# # ./web-ext-artifacts/private_relay-${{ steps.version.outputs.version }}.xpi
# # here.
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}