extension: Sign the Firefox add-on #4021
Conversation
Herschel
force-pushed
the
ff-extension-sign
branch
from
ea2d137 to
cf988a7
Compare
| .substr(0, 10); | ||
| // The extension marketplaces require the version to monotonically increase, | ||
| // so append the build date onto the end of the manifest version. | ||
| const version = `${packageVersion}.${buildDate.replace( |
There was a problem hiding this comment.
buildDate.replaceAll("-", "") can be used, though replaceAll is available only since Node.js 15.
There was a problem hiding this comment.
CI is running node 14 currently, so let's keep this for now.
| @@ -220,7 +220,7 @@ jobs: | |||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |||
| with: | |||
| upload_url: ${{ needs.create-nightly-release.outputs.upload_url }} | |||
| asset_path: ./web/packages/extension/dist/firefox_unsigned.xpi | |||
| asset_path: ./web/packages/extension/dist/firefox.xpi | |||
There was a problem hiding this comment.
I see mentions to firefox_unsigned.xpi in package.json. Should they be changed to firefox.xpi?
There was a problem hiding this comment.
The first steps still create firefox_unsigned.xpi:
node tools/zip.js dist/firefox_unsigned.xpi
firefox_unsigned.xpi is uploaded to the Mozilla server where it is signed, and then the signed copy is downloaded into firefox.xpi:
node tools/sign_xpi.js dist/firefox_unsigned.xpi dist/firefox.xpi
There was a problem hiding this comment.
So don't you need to provide the MOZILLA_API_KEY, MOZILLA_API_SECRET and FIREFOX_EXTENSION_ID environment variables, so that sign_xpi.js actually signs the extension?
There was a problem hiding this comment.
Yep, I'll set those as secrets in the GitHub settings for the Ruffle org. They'll be passed along to the CI environment.
|
It's really cool that Mozilla's add-on linter caught something. Maybe we should add it as part of the CI (not necessarily in this PR). |
Herschel
force-pushed
the
ff-extension-sign
branch
from
cf988a7 to
fefe5b0
Compare
A rename will fail if the destination is on a different mount (happened to me!). Instead, copy the file to the destination, then delete the old file.
Herschel
force-pushed
the
ff-extension-sign
branch
from
fefe5b0 to
15c78e0
Compare
| @@ -54,4 +57,8 @@ async function sign( | |||
| "Skipping signing of Firefox extension. To enable this, please provide MOZILLA_API_KEY, MOZILLA_API_SECRET and FIREFOX_EXTENSION_ID environment variables" | |||
There was a problem hiding this comment.
I wanted to comment few lines above but GitHub doesn't allow.
const { version } = require("../assets/manifest.json");Can be rewritten to:
const version = process.env.npm_package_version;There was a problem hiding this comment.
Actually we need the version from the manifest, because it has the build date appended (0.1.0.20120415), and this is necessary for the Mozilla add-on service to accept it (version # must be unique). There may be a better way to pass this into the signing code, though.
Herschel
force-pushed
the
ff-extension-sign
branch
from
15c78e0 to
3349f63
Compare
Properly catch errors from the `sign-addon` package and bail out immediately. This will display better output from the Mozilla validation service.
The Chrome/Firefox marketplaces require the version number of an extension to increase with each upload, so append the build date to the version in `manifest.json`. Add `versionName` with the more readable version (`0.1 nightly 2010-15-04` for nightly builds).
Herschel
force-pushed
the
ff-extension-sign
branch
from
3349f63 to
a5a2a29
Compare
Sign the Firefox add-on so that it can be more easily installed.
0.1.0.20120415)version_nameto the manifest for a more readable version (0.1 nightly 2012-04-15for nightly builds)After signing, the add-on will still remain unlisted on the MAO site, but we download the signed package and upload that to GitHub releases. The Mozilla API keys will be added to the Ruffle GitHub org.