97 lines
4.0 KiB
YAML
97 lines
4.0 KiB
YAML
name: extension
|
|
on:
|
|
push:
|
|
branches: [dev, main]
|
|
# Self-retriggering: include the workflow file itself so edits to
|
|
# this workflow (filename-glob fixes, env tweaks, etc.) run the
|
|
# sign-and-publish dance on next push without needing a manual
|
|
# Forgejo dispatch. Side-effect commits (`ext: publish signed XPI`)
|
|
# only touch frontend/public/extension/ so they DON'T re-trigger.
|
|
paths:
|
|
- 'extension/**'
|
|
- '.forgejo/workflows/extension.yml'
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
lint:
|
|
runs-on: python-ci
|
|
container:
|
|
image: node:22-bookworm-slim
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Install web-ext
|
|
run: cd extension && npm install --no-save --no-audit --no-fund
|
|
- name: Lint
|
|
run: cd extension && npm run lint
|
|
|
|
sign-and-publish:
|
|
needs: lint
|
|
if: github.ref == 'refs/heads/main'
|
|
runs-on: python-ci
|
|
container:
|
|
image: node:22-bookworm-slim
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
token: ${{ secrets.RELEASE_TOKEN }}
|
|
- name: Install web-ext + git
|
|
run: |
|
|
apt-get update && apt-get install -y --no-install-recommends git ca-certificates
|
|
cd extension && npm install --no-save --no-audit --no-fund
|
|
- name: Sign XPI
|
|
run: cd extension && npm run sign
|
|
env:
|
|
WEB_EXT_API_KEY: ${{ secrets.MOZILLA_AMO_JWT_KEY }}
|
|
WEB_EXT_API_SECRET: ${{ secrets.MOZILLA_AMO_JWT_SECRET }}
|
|
- name: Commit signed XPI to frontend/public/extension/
|
|
run: |
|
|
set -ex
|
|
# AMO renames signed XPIs using its internal addon-id-safe-string
|
|
# (e.g. 997017ca3e104e30a75a-1.0.1.xpi), NOT our gecko ID. Match
|
|
# any *.xpi in the artifacts dir — fresh CI runner means there's
|
|
# exactly one — and rename it on copy so the FC server's
|
|
# whitelist (backend/app/frontend.py expects 'fabledcurator-*.xpi')
|
|
# keeps working.
|
|
# Diagnostic instrumentation 2026-05-25: a prior run (id 1731)
|
|
# reported success without producing an `ext: publish signed XPI`
|
|
# commit on main. Tracing the cwd, artifacts dir, version
|
|
# extraction, staging state, and push response so the next run's
|
|
# log explains the gap.
|
|
echo "=== cwd ==="
|
|
pwd
|
|
echo "=== ref / branch ==="
|
|
echo "ref: ${GITHUB_REF:-unset} sha: ${GITHUB_SHA:-unset}"
|
|
git log --oneline -3 || true
|
|
echo "=== artifacts dir ==="
|
|
ls -la extension/web-ext-artifacts/ 2>&1 || echo "(dir missing)"
|
|
XPI=$(ls extension/web-ext-artifacts/*.xpi 2>/dev/null | head -1)
|
|
echo "XPI=$XPI"
|
|
if [ -z "$XPI" ]; then
|
|
echo "No XPI produced by web-ext sign — exiting"
|
|
exit 1
|
|
fi
|
|
VERSION=$(grep -E '"version"' extension/package.json | head -1 | sed -E 's/.*"version"[[:space:]]*:[[:space:]]*"([^"]+)".*/\1/')
|
|
echo "VERSION=$VERSION"
|
|
DEST="frontend/public/extension/fabledcurator-${VERSION}.xpi"
|
|
echo "DEST=$DEST"
|
|
mkdir -p frontend/public/extension
|
|
# Wipe any prior versions so the directory doesn't grow each release.
|
|
rm -f frontend/public/extension/fabledcurator-*.xpi
|
|
cp "$XPI" "$DEST"
|
|
cp "$XPI" "frontend/public/extension/fabledcurator-latest.xpi"
|
|
echo "=== frontend/public/extension/ after copy ==="
|
|
ls -la frontend/public/extension/
|
|
git config user.name "FC extension CI"
|
|
git config user.email "noreply@fabledsword.com"
|
|
git add frontend/public/extension/
|
|
echo "=== git status after add ==="
|
|
git status --short
|
|
echo "=== diff --cached --stat ==="
|
|
git diff --cached --stat || true
|
|
if git diff --cached --quiet; then
|
|
echo "No changes to commit (frontend/public/extension/ matches HEAD)"
|
|
else
|
|
git commit -m "ext: publish signed XPI fabledcurator-${VERSION}.xpi"
|
|
git push -v origin HEAD:main
|
|
fi
|