Skip to content

fix: should use POST for safety #91

fix: should use POST for safety

fix: should use POST for safety #91

Workflow file for this run

# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs
name: extension
on:
workflow_dispatch:
push:
branches: [ "main" ]
paths-ignore:
- ".github/**"
pull_request:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [20.x]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci --legacy-peer-deps
- run: npm run build --if-present
- name: Cache build files
uses: actions/cache@v4
id: build-cache
with:
path: |
dist
key: nim-cache-build-${{ github.event.push.head.sha }}
test:
needs: build
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [20.x]
shard: [1, 2, 3, 4, 5]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Cache build files
uses: actions/cache@v4
id: build-cache
with:
path: |
dist
key: nim-cache-build-${{ github.event.push.head.sha }}
- run: npm ci --legacy-peer-deps
- name: Build
if: steps.build-cache.outputs.cache-hit != 'true'
run: npm run build --if-present
- name: Update system (Ubuntu)
if: matrix.os == 'ubuntu-20.04' || matrix.os == 'ubuntu-18.04'
run: sudo apt update && sudo apt upgrade -y
- run: npx playwright install-deps
- run: npx playwright install
- run: xvfb-run npm run test -- --shard=${{ matrix.shard }}/${{ strategy.job-total }}
package:
needs: build
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [20.x]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Cache build files
uses: actions/cache@v4
id: build-cache
with:
path: |
dist
key: nim-cache-build-${{ github.event.push.head.sha }}
- run: npm ci --legacy-peer-deps
- name: Build
if: steps.build-cache.outputs.cache-hit != 'true'
run: npm run build --if-present
- name: Update manifest
run: ./scripts/updateManifest.sh
shell: bash
- name: Set zip name
run: echo "ZIP_NAME=$(echo $GITHUB_SHA | cut -c 1-6)" >> $GITHUB_ENV
- name: Zip
run: zip -r ${ZIP_NAME}.zip ./dist ./src/*.js ./manifest.json ./_locales
shell: bash
- name: Upload zip artifact
uses: actions/upload-artifact@v4
with:
path: ${{ env.ZIP_NAME }}.zip
post-package-test:
needs: package
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [20.x]
shard: [1, 2, 3, 4, 5]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Download package
uses: actions/download-artifact@v4
with:
path: '/tmp'
- name: Unzip
run: unzip /tmp/artifact/*.zip -d /tmp/artifact
- name: Set PATH_TO_EXTENSION env
run: echo "PATH_TO_EXTENSION=/tmp/artifact" >> $GITHUB_ENV
- run: npm ci --legacy-peer-deps
- run: npx playwright install-deps
- run: npx playwright install
- run: ls ${{env.PATH_TO_EXTENSION}}
- run: export PATH_TO_EXTENSION=${{env.PATH_TO_EXTENSION}} && xvfb-run npm run test:post -- --shard=${{ matrix.shard }}/${{ strategy.job-total }}
deploy-edge:
needs: post-package-test
runs-on: ubuntu-latest
if: startsWith(${{ github.event.head_commit.message }}, 'deploy:')
steps:
- name: Download package
uses: actions/download-artifact@v4
with:
path: '/tmp'
- name: Set zip name
run: echo "ZIP_NAME=$(echo $GITHUB_SHA | cut -c 1-6)" >> $GITHUB_ENV
- name: Publish using Microsoft Partner Center Publish API
run: |
certificationNotes=$(echo "{
\"notes\": \"Submitted via GitHub Actions. $(git log -1 HEAD)\"
}")
ls -laR /tmp/artifact
response=$(curl https://login.microsoftonline.com/5c9eedce-81bc-42f3-8823-48ba6258b391/oauth2/v2.0/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=${{ vars.MPC_CLIENT_ID }}" \
-d "scope=https://api.addons.microsoftedge.microsoft.com/.default" \
-d "client_secret=${{ secrets.MPC_CLIENT_SECRET }}" \
-d "grant_type=client_credentials")
token=$(echo $response | jq -r '.access_token')
# Uploading a package to update an existing submission
echo "Uploading a package to update an existing submission"
response=$(curl -s -i -D /tmp/headers -w 'status: %{response_code}\n' -X POST https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions/draft/package \
-H "Authorization: Bearer $token" \
-H 'Content-Type: application/zip' \
-T /tmp/artifact/${{ env.ZIP_NAME }}.zip)
if [ -n "$(echo $response | egrep "status:\s*202")" ]; then
operationID=$(cat /tmp/headers | egrep -i "location:\s*" | cut -f2 -d":" | awk '{$1=$1};1' | tr -d '\r')
# Checking the status of a package upload
echo "Checking the status of a package upload"
response=$(curl -s -w 'status: %{response_code}\n' -o /dev/null https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions/draft/package/operations/$operationID \
-H "Authorization: Bearer $token")
echo $response
retries=0
while [ -z $(echo $response | egrep "status:\s*200")]; do
if [ $retries -gt 10 ]; then
echo "Exiting (Checking the status of a package upload) after 10 retries!"
exit 1
fi
sleep 5
response=$(curl -w 'status: %{response_code}\n' -v https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions/draft/package/operations/$operationID \
-H "Authorization: Bearer $token")
retries=$(($retries+1))
done
# Publishing the submission
echo "Publishing the submission"
response=$(curl -s -i -D /tmp/headers2 -w 'status: %{response_code}\n' -o /dev/null https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions \
-H "Authorization: Bearer $token" \
-d "$certificationNotes")
if [ -n "$(echo $response | egrep "status:\s*202")" ]; then
operationID=$(cat /tmp/headers2 | egrep -i "location:\s*" | cut -f2 -d":" | awk '{$1=$1};1' | tr -d '\r')
# Checking the publishing status
response=$(curl -s -w 'status: %{response_code}\n' -o /dev/null https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions/operations/$operationID \
-H "Authorization: Bearer $token")
retries=0
while [ -z $(echo $response | egrep "status:\s*200")]; do
if [ $retries -gt 10 ]; then
echo "Exiting (Checking the publishing status) after 10 retries!"
exit 1
fi
sleep 5
response=$(curl -w 'status: %{response_code}\n' -v https://api.addons.microsoftedge.microsoft.com/v1/products/${{ vars.MPC_PRODUCT_ID }}/submissions/operations/$operationID \
-H "Authorization: Bearer $token")
retries=$(($retries+1))
done
fi
fi
exit 0
shell: bash
deploy-chrome:
needs: post-package-test
runs-on: ubuntu-latest
if: startsWith(${{ github.event.head_commit.message }}, 'deploy:')
steps:
- name: Download package
uses: actions/download-artifact@v4
with:
path: '/tmp'
- name: Set zip name
run: echo "ZIP_NAME=$(echo $GITHUB_SHA | cut -c 1-6)" >> $GITHUB_ENV
- name: Publish to Google Web Store
run: |
# Generate a JWT (JSON Web Token)
WEBSTORE_API_URL="https://www.googleapis.com/upload/chromewebstore/v1.1/items/${{vars.GOOGLE_APP_ID}}"
ACCESS_TOKEN=$(curl "https://accounts.google.com/o/oauth2/token" -d "client_id=${{ vars.GOOGLE_CLIENT_ID }}&client_secret=${{ secrets.GOOGLE_CLIENT_SECRET }}&refresh_token=${{ secrets.GOOGLE_REFRESH_TOKEN }}&grant_type=refresh_token&redirect_uri=urn:ietf:wg:oauth:2.0:oob" | jq -r .access_token)
curl -H "Authorization: Bearer ${ACCESS_TOKEN}" -H "x-goog-api-version: 2" -X PUT -T /tmp/artifact/${{ env.ZIP_NAME }}.zip -v "${WEBSTORE_API_URL}"
curl -H "Authorization: Bearer ${ACCESS_TOKEN}" -H "x-goog-api-version: 2" -H "Content-Length: 0" -X POST -v "${WEBSTORE_API_URL}/publish"
shell: bash