fix: should use POST for safety #91
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node | |
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs | |
name: extension | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ "main" ] | |
paths-ignore: | |
- ".github/**" | |
pull_request: | |
branches: [ "main" ] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
node-version: [20.x] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
- run: npm ci --legacy-peer-deps | |
- run: npm run build --if-present | |
- name: Cache build files | |
uses: actions/cache@v4 | |
id: build-cache | |
with: | |
path: | | |
dist | |
key: nim-cache-build-${{ github.event.push.head.sha }} | |
test: | |
needs: build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
node-version: [20.x] | |
shard: [1, 2, 3, 4, 5] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
- name: Cache build files | |
uses: actions/cache@v4 | |
id: build-cache | |
with: | |
path: | | |
dist | |
key: nim-cache-build-${{ github.event.push.head.sha }} | |
- run: npm ci --legacy-peer-deps | |
- name: Build | |
if: steps.build-cache.outputs.cache-hit != 'true' | |
run: npm run build --if-present | |
- name: Update system (Ubuntu) | |
if: matrix.os == 'ubuntu-20.04' || matrix.os == 'ubuntu-18.04' | |
run: sudo apt update && sudo apt upgrade -y | |
- run: npx playwright install-deps | |
- run: npx playwright install | |
- run: xvfb-run npm run test -- --shard=${{ matrix.shard }}/${{ strategy.job-total }} | |
package: | |
needs: build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
node-version: [20.x] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
- name: Cache build files | |
uses: actions/cache@v4 | |
id: build-cache | |
with: | |
path: | | |
dist | |
key: nim-cache-build-${{ github.event.push.head.sha }} | |
- run: npm ci --legacy-peer-deps | |
- name: Build | |
if: steps.build-cache.outputs.cache-hit != 'true' | |
run: npm run build --if-present | |
- name: Update manifest | |
run: ./scripts/updateManifest.sh | |
shell: bash | |
- name: Set zip name | |
run: echo "ZIP_NAME=$(echo $GITHUB_SHA | cut -c 1-6)" >> $GITHUB_ENV | |
- name: Zip | |
run: zip -r ${ZIP_NAME}.zip ./dist ./src/*.js ./manifest.json ./_locales | |
shell: bash | |
- name: Upload zip artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
path: ${{ env.ZIP_NAME }}.zip | |
post-package-test: | |
needs: package | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
node-version: [20.x] | |
shard: [1, 2, 3, 4, 5] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
- name: Download package | |
uses: actions/download-artifact@v4 | |
with: | |
path: '/tmp' | |
- name: Unzip | |
run: unzip /tmp/artifact/*.zip -d /tmp/artifact | |
- name: Set PATH_TO_EXTENSION env | |
run: echo "PATH_TO_EXTENSION=/tmp/artifact" >> $GITHUB_ENV | |
- run: npm ci --legacy-peer-deps | |
- run: npx playwright install-deps | |
- run: npx playwright install | |
- run: ls ${{env.PATH_TO_EXTENSION}} | |
- run: export PATH_TO_EXTENSION=${{env.PATH_TO_EXTENSION}} && xvfb-run npm run test:post -- --shard=${{ matrix.shard }}/${{ strategy.job-total }} | |
deploy-edge: | |
needs: post-package-test | |
runs-on: ubuntu-latest | |
if: startsWith(${{ github.event.head_commit.message }}, 'deploy:') | |
steps: | |
- name: Download package | |
uses: actions/download-artifact@v4 | |
with: | |
path: '/tmp' | |
- name: Set zip name | |
run: echo "ZIP_NAME=$(echo $GITHUB_SHA | cut -c 1-6)" >> $GITHUB_ENV | |
- name: Publish using Microsoft Partner Center Publish API | |
run: | | |
certificationNotes=$(echo "{ | |
\"notes\": \"Submitted via GitHub Actions. $(git log -1 HEAD)\" | |
}") | |
ls -laR /tmp/artifact | |
response=$(curl https://login.microsoftonline.com/5c9eedce-81bc-42f3-8823-48ba6258b391/oauth2/v2.0/token \ | |
-H "Content-Type: application/x-www-form-urlencoded" \ | |
-d "client_id=${{ vars.MPC_CLIENT_ID }}" \ | |
-d "scope=https://api.addons.microsoftedge.microsoft.com/.default" \ | |
-d "client_secret=${{ secrets.MPC_CLIENT_SECRET }}" \ | |
-d "grant_type=client_credentials") | |
token=$(echo $response | jq -r '.access_token') | |
# Uploading a package to update an existing submission | |
echo "Uploading a package to update an existing submission" | |
response=$(curl -s -i -D /tmp/headers -w 'status: %{response_code}\n' -X POST https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions/draft/package \ | |
-H "Authorization: Bearer $token" \ | |
-H 'Content-Type: application/zip' \ | |
-T /tmp/artifact/${{ env.ZIP_NAME }}.zip) | |
if [ -n "$(echo $response | egrep "status:\s*202")" ]; then | |
operationID=$(cat /tmp/headers | egrep -i "location:\s*" | cut -f2 -d":" | awk '{$1=$1};1' | tr -d '\r') | |
# Checking the status of a package upload | |
echo "Checking the status of a package upload" | |
response=$(curl -s -w 'status: %{response_code}\n' -o /dev/null https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions/draft/package/operations/$operationID \ | |
-H "Authorization: Bearer $token") | |
echo $response | |
retries=0 | |
while [ -z $(echo $response | egrep "status:\s*200")]; do | |
if [ $retries -gt 10 ]; then | |
echo "Exiting (Checking the status of a package upload) after 10 retries!" | |
exit 1 | |
fi | |
sleep 5 | |
response=$(curl -w 'status: %{response_code}\n' -v https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions/draft/package/operations/$operationID \ | |
-H "Authorization: Bearer $token") | |
retries=$(($retries+1)) | |
done | |
# Publishing the submission | |
echo "Publishing the submission" | |
response=$(curl -s -i -D /tmp/headers2 -w 'status: %{response_code}\n' -o /dev/null https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions \ | |
-H "Authorization: Bearer $token" \ | |
-d "$certificationNotes") | |
if [ -n "$(echo $response | egrep "status:\s*202")" ]; then | |
operationID=$(cat /tmp/headers2 | egrep -i "location:\s*" | cut -f2 -d":" | awk '{$1=$1};1' | tr -d '\r') | |
# Checking the publishing status | |
response=$(curl -s -w 'status: %{response_code}\n' -o /dev/null https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions/operations/$operationID \ | |
-H "Authorization: Bearer $token") | |
retries=0 | |
while [ -z $(echo $response | egrep "status:\s*200")]; do | |
if [ $retries -gt 10 ]; then | |
echo "Exiting (Checking the publishing status) after 10 retries!" | |
exit 1 | |
fi | |
sleep 5 | |
response=$(curl -w 'status: %{response_code}\n' -v https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions/operations/$operationID \ | |
-H "Authorization: Bearer $token") | |
retries=$(($retries+1)) | |
done | |
fi | |
fi | |
exit 0 | |
shell: bash | |
deploy-chrome: | |
needs: post-package-test | |
runs-on: ubuntu-latest | |
if: startsWith(${{ github.event.head_commit.message }}, 'deploy:') | |
steps: | |
- name: Download package | |
uses: actions/download-artifact@v4 | |
with: | |
path: '/tmp' | |
- name: Set zip name | |
run: echo "ZIP_NAME=$(echo $GITHUB_SHA | cut -c 1-6)" >> $GITHUB_ENV | |
- name: Publish to Google Web Store | |
run: | | |
# Generate a JWT (JSON Web Token) | |
WEBSTORE_API_URL="https://www.googleapis.com/upload/chromewebstore/v1.1/items/${{vars.GOOGLE_APP_ID}}" | |
ACCESS_TOKEN=$(curl "https://accounts.google.com/o/oauth2/token" -d "client_id=${{ vars.GOOGLE_CLIENT_ID }}&client_secret=${{ secrets.GOOGLE_CLIENT_SECRET }}&refresh_token=${{ secrets.GOOGLE_REFRESH_TOKEN }}&grant_type=refresh_token&redirect_uri=urn:ietf:wg:oauth:2.0:oob" | jq -r .access_token) | |
curl -H "Authorization: Bearer ${ACCESS_TOKEN}" -H "x-goog-api-version: 2" -X PUT -T /tmp/artifact/${{ env.ZIP_NAME }}.zip -v "${WEBSTORE_API_URL}" | |
curl -H "Authorization: Bearer ${ACCESS_TOKEN}" -H "x-goog-api-version: 2" -H "Content-Length: 0" -X POST -v "${WEBSTORE_API_URL}/publish" | |
shell: bash |