Skip to content

Merge pull request #879 from DarkFlorist/injection-guard #103

Merge pull request #879 from DarkFlorist/injection-guard

Merge pull request #879 from DarkFlorist/injection-guard #103

on:
push:
tags:
- 'v\d+\.\d+\.\d+'
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/[email protected]
with:
fetch-depth: 0
- name: Derive Tag Name And Populate version.ts
id: derive_tag
run: |
VERSION_FILE=app/ts/version.ts
MANIFEST_V2_FILE=app/manifestV2.json
MANIFEST_V3_FILE=app/manifestV3.json
GIT_COMMIT_SHA="${{ github.sha }}"
TAG=$(basename "${{ github.ref }}")
VERSION=${TAG#v}
echo "TAG=$TAG" >> $GITHUB_OUTPUT
echo export const gitCommitSha = \"$GIT_COMMIT_SHA\" > $VERSION_FILE
echo export const version = \"$VERSION\" >> $VERSION_FILE
sed -i -e '/"version"/c\\t"version": "'$VERSION'",' -e '/^\t*\/\//d' $MANIFEST_V2_FILE $MANIFEST_V3_FILE
zip source.zip -r . -x '*.git*' -x source.zip
- name: Build Extension
working-directory: ./
run: |
docker image build --tag interceptor-extension .
docker container create --name temp interceptor-extension
docker container cp temp:/interceptor-firefox.zip .
docker container cp temp:/interceptor-chrome.zip .
docker container rm temp
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.derive_tag.outputs.TAG }}
release_name: ${{ steps.derive_tag.outputs.TAG }}
draft: false
prerelease: false
- name: Upload Chrome Extension to Release
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./interceptor-chrome.zip
asset_name: interceptor-chrome-${{ steps.derive_tag.outputs.TAG }}.zip
asset_content_type: application/zip
- name: Upload Firefox Extension to Release
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./interceptor-firefox.zip
asset_name: interceptor-firefox-${{ steps.derive_tag.outputs.TAG }}.zip
asset_content_type: application/zip
- name: Upload Source to Release
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./source.zip
asset_name: source-${{ steps.derive_tag.outputs.TAG }}.zip
asset_content_type: application/zip
- name: Save Artifacts for Upload Jobs
uses: actions/upload-artifact@v3
with:
name: artifacts
path: |
app/manifestV2.json
app/manifestV3.json
interceptor-firefox.zip
interceptor-chrome.zip
approve1:
runs-on: ubuntu-latest
environment: Approve1
needs: release
steps:
- name: No Op
id: no_op
run: |
echo Do Nothing
approve2:
runs-on: ubuntu-latest
environment: Approve2
needs: release
steps:
- name: No Op
id: no_op
run: |
echo Do Nothing
upload:
runs-on: ubuntu-latest
needs:
- approve1
- approve2
steps:
- uses: actions/github-script@v4
with:
script: |
// Get the approvals for this run
const approvals = await github.request('GET /repos/{owner}/{repo}/actions/runs/{run_id}/approvals', {
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.runId
})
const users = approvals.data.filter(approval => approval.user.type === 'User')
const distinctUsernames = Array.from(new Set(users.map(user => user.user.login)))
// Empty check
if (distinctUsernames.length < 2){
core.setFailed(`Did not receive the required 2 distinct approvals for this deployment. Approved Users: ${distinctUsernames.join(",")}`);
return;
}
- name: Load Artifacts from Release Job
uses: actions/download-artifact@v3
with:
name: artifacts
- name: Upload Firefox extension to mozilla addon
uses: DarkFlorist/firefox-addon@v1-body-size-increase
with:
uuid: '{3c236fbc-9114-43ed-a224-0cd1834aec4d}'
xpi: ./interceptor-firefox.zip
manifest: ./app/manifestV2.json
api-key: ${{ secrets.MOZILLA_ADDON_USER }}
api-secret: ${{ secrets.MOZILLA_ADDON_SECRET }}