Skip to content
Publish on AMO

Bump version to v1.2.2 #19

Sign in to view logs

Bump version to v1.2.2

Bump version to v1.2.2 #19

Workflow file for this run

.github/workflows/publish.yml at 3cfedd1
name: Publish on AMO
on:
push:
tags:
- v*.*.*
jobs:
publish:
name: Publish web extension
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Node.js
uses: actions/setup-node@v4
with:
cache: npm
- name: Install dependencies
run: npm ci
- name: Build web extension source
run: npm run build
env:
WEB_EXT_FILENAME: icloud_passwords.zip
- name: Upload web extension source
uses: actions/upload-artifact@v4
with:
name: web-ext-source
path: ./web-ext-artifacts/icloud_passwords.zip
compression-level: 0
- name: Submit web extension
run: npx web-ext sign
env:
WEB_EXT_USE_SUBMISSION_API: true
WEB_EXT_CHANNEL: listed
WEB_EXT_API_KEY: ${{ vars.WEB_EXT_API_KEY }}
WEB_EXT_API_SECRET: ${{ secrets.WEB_EXT_API_SECRET }}
WEB_EXT_NO_INPUT: true
- name: Rename signed web extension file
working-directory: ./web-ext-artifacts
run: mv *.xpi icloud_passwords.xpi
- name: Upload signed web extension
uses: actions/upload-artifact@v4
with:
name: web-ext
path: ./web-ext-artifacts/icloud_passwords.xpi
compression-level: 0
helpers:
name: Build install helpers
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v5
with:
cache-dependency-path: ./scripts/install/go.sum
- name: Build install helper
working-directory: ./scripts/install
run: ./build.sh
- name: Upload install helper artifact
uses: actions/upload-artifact@v4
with:
name: web-ext-install-helpers
path: ./scripts/install/dist/*
release:
name: Release on GitHub
runs-on: ubuntu-latest
needs:
- publish
- helpers
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download artifacts
uses: actions/download-artifact@v4
with:
path: ./web-ext-artifacts
merge-multiple: true
- name: Create GitHub release
run: |
if gh release view "${{ github.ref_name }}" >/dev/null 2>&1
then
echo "Release ${{ github.ref_name }} already exists, skipping..."
exit 0
fi
gh release create \
"${{ github.ref_name }}" \
--title "${{ github.ref_name }}" \
--verify-tag
env:
GH_TOKEN: ${{ github.token }}
- name: Attach artifacts to release
run: |
gh release upload \
"${{ github.ref_name }}" \
./web-ext-artifacts/* \
--clobber
env:
GH_TOKEN: ${{ github.token }}
provenance:
name: Attest build provenance
runs-on: ubuntu-latest
needs:
- release
permissions:
contents: write
id-token: write
attestations: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download artifacts to attest
uses: actions/download-artifact@v4
with:
pattern: web-ext-*
path: ./web-ext-artifacts
merge-multiple: true
- name: Generate artifact attestation
id: attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: ./web-ext-artifacts
- name: Attach bundle to release
run: |
gh release upload \
"${{ github.ref_name }}" \
${{ steps.attestation.outputs.bundle-path }} \
--clobber
env:
GH_TOKEN: ${{ github.token }}
sbom:
name: Attest SBOM
runs-on: ubuntu-latest
needs:
- release
permissions:
contents: write
id-token: write
attestations: write
steps:
- name: Download artifacts to attest
uses: actions/download-artifact@v4
with:
pattern: web-ext-*
path: ./web-ext-artifacts
merge-multiple: true
- name: Generate SBOM
uses: anchore/sbom-action@v0
with:
path: ./web-ext-artifacts
upload-artifact: false
output-file: ./sbom.spdx.json
- name: Generate SBOM attestation
uses: actions/attest-sbom@v1
with:
subject-path: ./web-ext-artifacts
sbom-path: ./sbom.spdx.json