Skip to content

Latest commit

 

History

History
54 lines (39 loc) · 2.79 KB

publishing.md

File metadata and controls

54 lines (39 loc) · 2.79 KB
Raw

Publishing Extension

Publishing a new version of the extension should be a very careful process. The extension is a hot wallet and custodies the user's encrypted seed phrase. If the publishing pipeline was compromised, a bad actor could upload malicious code.

Access to publish

#1 - Penumbra Labs google group

This entity is a group publisher. Members of the group have publish permissions. Note: For a group member to publish updates, that member must register as a Chrome Web Store developer and pay the one-time registration fee. Package uploads are done through the Chrome Web Store Developer Dashboard.

#2 - Github CI/CD

Upon a github release, the penumbra-zone/penumbra-labs github team will be pinged for a review of the release. Any one of the members can approve it. Upon doing so, the pipeline will trigger packaging and uploading the extension code on the main branch. See github action here.

Two versions of the extension will be uploaded:

  • Prax Wallet BETA: A private beta version of the extension, used to garner feedback from external contributors ( i.e. passionate discord members). Users can be added to this list in the prax-beta-testers google group.
  • Prax Wallet: The public, production version of the extension.

After the pipeline has run, one of the chrome publishers with dashboard access, should take these actions:

  1. Submit the BETA version for approval with immediate publishing. There is no risks on this end for breakage. After approval, test extensively for bugs.
  2. Submit the PRODUCTION version for approval but without publishing (should uncheck box that says "Publish Prax wallet automatically after it has passed review"). Once approved and BETA version is validated, it can be published and go live instantly.
Credentials

The credentials for this have been generated in the penumbra-web google cloud project. If the one who generated the credentials has been removed from the ownership google group (from #1 above), new credentials need to be generated for the ext-publish github environment:

  • GOOGLE_CLIENT_ID
  • GOOGLE_CLIENT_SECRET
  • GOOGLE_REFRESH_TOKEN

These can be generated by following the chrome webstore api guide.

Note: there is a Chrome review process that typically takes 1-2 days.