Release #40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| extension: | |
| description: Publish extension to testers | |
| type: boolean | |
| default: true | |
| push: | |
| branches: [main] | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| jobs: | |
| snapshot: | |
| if: github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| cache: pnpm | |
| registry-url: https://registry.npmjs.org | |
| - run: pnpm install --frozen-lockfile | |
| - name: Version packages (snapshot) | |
| run: pnpm changeset version --snapshot snapshot | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build | |
| run: pnpm build | |
| env: | |
| BUILD_NUMBER: ${{ github.run_number }} | |
| SNAPSHOT: 'true' | |
| - name: Publish npm snapshots | |
| run: pnpm changeset publish --tag snapshot | |
| env: | |
| NPM_CONFIG_PROVENANCE: true | |
| - name: Zip Chrome extension | |
| if: inputs.extension | |
| working-directory: packages/devtools-extension | |
| run: cd dist && zip -r ../extension-chrome.zip . | |
| - name: Publish Chrome extension to testers | |
| if: inputs.extension | |
| env: | |
| EXTENSION_ID: ${{ secrets.CHROME_EXTENSION_ID }} | |
| CLIENT_ID: ${{ secrets.CHROME_CLIENT_ID }} | |
| CLIENT_SECRET: ${{ secrets.CHROME_CLIENT_SECRET }} | |
| REFRESH_TOKEN: ${{ secrets.CHROME_REFRESH_TOKEN }} | |
| run: | | |
| # Get access token | |
| TOKEN=$(curl -s -X POST https://oauth2.googleapis.com/token \ | |
| -d "client_id=$CLIENT_ID" \ | |
| -d "client_secret=$CLIENT_SECRET" \ | |
| -d "refresh_token=$REFRESH_TOKEN" \ | |
| -d "grant_type=refresh_token" | jq -r '.access_token') | |
| # Upload | |
| UPLOAD=$(curl -s \ | |
| -H "Authorization: Bearer $TOKEN" \ | |
| -H "x-goog-api-version: 2" \ | |
| -X PUT \ | |
| -T packages/devtools-extension/extension-chrome.zip \ | |
| "https://www.googleapis.com/upload/chromewebstore/v1.1/items/$EXTENSION_ID") | |
| echo "Upload response: $UPLOAD" | |
| echo "$UPLOAD" | jq -e '.uploadState == "SUCCESS"' || exit 1 | |
| # Publish to trusted testers | |
| PUBLISH=$(curl -s \ | |
| -H "Authorization: Bearer $TOKEN" \ | |
| -H "x-goog-api-version: 2" \ | |
| -H "Content-Length: 0" \ | |
| -X POST \ | |
| "https://www.googleapis.com/chromewebstore/v1.1/items/$EXTENSION_ID/publish?publishTarget=trustedTesters") | |
| echo "Publish response: $PUBLISH" | |
| echo "$PUBLISH" | jq -e '.status[0] == "OK"' || { echo "::error::Publish failed — see response above"; exit 1; } | |
| - name: Build Firefox extension | |
| if: inputs.extension | |
| working-directory: packages/devtools-extension | |
| run: node --experimental-strip-types build.mjs --target=firefox | |
| env: | |
| BUILD_NUMBER: ${{ github.run_number }} | |
| SNAPSHOT: 'true' | |
| - name: Zip Firefox extension | |
| if: inputs.extension | |
| working-directory: packages/devtools-extension | |
| run: cd dist && zip -r ../extension-firefox.zip . | |
| - name: Zip source for AMO review | |
| if: inputs.extension | |
| run: zip -r source.zip . -x 'node_modules/*' '*/node_modules/*' '*/dist/*' '.git/*' '*.zip' | |
| - name: Publish Firefox extension (unlisted) | |
| if: inputs.extension | |
| uses: trmcnvn/firefox-addon@0d05671269b82c69c3f22ed86d8e772e89d47cf4 # v1 | |
| with: | |
| uuid: oidc-devtool@wolfcola | |
| xpi: packages/devtools-extension/extension-firefox.zip | |
| manifest: packages/devtools-extension/dist/manifest.json | |
| api-key: ${{ secrets.AMO_JWT_ISSUER }} | |
| api-secret: ${{ secrets.AMO_JWT_SECRET }} | |
| - name: Publish VS Code extension (pre-release) | |
| if: inputs.extension | |
| working-directory: packages/vscode-extension | |
| run: pnpm vsce publish --no-dependencies --pre-release --pat "$VSCE_PAT" | |
| env: | |
| VSCE_PAT: ${{ secrets.VSCE_PAT }} | |
| release: | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| cache: pnpm | |
| registry-url: https://registry.npmjs.org | |
| - run: pnpm install --frozen-lockfile | |
| - name: Build | |
| run: pnpm build | |
| env: | |
| BUILD_NUMBER: ${{ github.run_number }} | |
| - name: Create release PR or publish | |
| uses: changesets/action@63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b # v1.8.0 | |
| with: | |
| publish: pnpm release | |
| version: pnpm run version | |
| title: 'chore: version packages' | |
| commit: 'chore: version packages' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_CONFIG_PROVENANCE: true | |
| BUILD_NUMBER: ${{ github.run_number }} |