Build & Publish #37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Publish | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - master | |
| pull_request: | |
| branches: | |
| - main | |
| - master | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| jobs: | |
| # -------------------------------------------------------------------- | |
| # 1) MANUAL TAG CREATION — triggers official release | |
| # -------------------------------------------------------------------- | |
| create_tag: | |
| name: Create Release Tag | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'workflow_dispatch' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # required to push tags | |
| - name: Read version from manifest.json | |
| id: manifest | |
| run: | | |
| VERSION=$(jq -r '.version' manifest.json) | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Create git tag | |
| run: | | |
| TAG="v${{ steps.manifest.outputs.version }}" | |
| echo "Creating tag: $TAG" | |
| # Check if tag already exists | |
| if git rev-parse "$TAG" >/dev/null 2>&1; then | |
| echo "::error::Tag $TAG already exists." | |
| exit 1 | |
| fi | |
| git config user.name "${{ github.actor }}" | |
| git config user.email "${{ github.actor }}@users.noreply.github.com" | |
| git tag "$TAG" | |
| git push origin "$TAG" | |
| # -------------------------------------------------------------------- | |
| # 2) BUILD JOB — runs for PRs, pushes, and tags | |
| # -------------------------------------------------------------------- | |
| build: | |
| name: Build XPI | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| major: ${{ steps.version.outputs.major }} | |
| minor: ${{ steps.version.outputs.minor }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Read version from manifest.json | |
| id: version | |
| run: | | |
| VERSION=$(jq -r '.version' manifest.json) | |
| MAJ=$(echo "$VERSION" | cut -d. -f1) | |
| MIN=$(echo "$VERSION" | cut -d. -f2) | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "major=$MAJ" >> $GITHUB_OUTPUT | |
| echo "minor=$MIN" >> $GITHUB_OUTPUT | |
| - name: Build extension | |
| id: web-ext-build | |
| uses: kewisch/action-web-ext@v1 | |
| with: | |
| cmd: build | |
| source: . | |
| filename: "{name}-{version}.xpi" | |
| ignoreFiles: '[ ]' | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: built-xpi | |
| path: ${{ steps.web-ext-build.outputs.target }} | |
| # -------------------------------------------------------------------- | |
| # 3) PRE-RELEASE JOB — only runs on main/master pushes (not tags) | |
| # -------------------------------------------------------------------- | |
| prerelease: | |
| name: Create Pre-Release | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: > | |
| github.event_name != 'workflow_dispatch' | |
| && github.ref_type == 'branch' && (github.ref_name == 'main' || github.ref_name == 'master') | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download built XPI | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: built-xpi | |
| path: xpi | |
| - name: Extract artifact if needed | |
| run: | | |
| if ls xpi/*.zip 1> /dev/null 2>&1; then | |
| unzip xpi/*.zip -d xpi/ | |
| fi | |
| - name: Read version from manifest.json | |
| id: version | |
| run: | | |
| VERSION="${{ needs.build.outputs.version }}" | |
| MAJ="${{ needs.build.outputs.major }}" | |
| MIN="${{ needs.build.outputs.minor }}" | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "major=$MAJ" >> $GITHUB_OUTPUT | |
| echo "minor=$MIN" >> $GITHUB_OUTPUT | |
| - name: Check if full release exists | |
| id: check_release | |
| run: | | |
| if gh release view "v${{ steps.version.outputs.version }}" >/dev/null 2>&1; then | |
| echo "exists=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "exists=false" >> $GITHUB_OUTPUT | |
| fi | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Fail if full release already exists | |
| if: steps.check_release.outputs.exists == 'true' | |
| run: | | |
| echo "Version ${{ steps.version.outputs.version }} is already released. Aborting prerelease." | |
| exit 1 | |
| - name: Generate prerelease tag | |
| id: prerelease_tag | |
| run: | | |
| VERSION=${{ steps.version.outputs.version }} | |
| TIMESTAMP=$(date +'%Y%m%d%H%M%S') | |
| TAG="pre-$VERSION-$TIMESTAMP" | |
| echo "tag=$TAG" >> $GITHUB_OUTPUT | |
| - name: Create Pre-Release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh release create ${{ steps.prerelease_tag.outputs.tag }} \ | |
| --prerelease \ | |
| --title "Pre-Release ${{ steps.prerelease_tag.outputs.tag }}" \ | |
| --notes "Automated prerelease" \ | |
| xpi/*.xpi | |
| # -------------------------------------------------------------------- | |
| # 4) OFFICIAL RELEASE — signing + AMO upload — only for tags | |
| # -------------------------------------------------------------------- | |
| release: | |
| name: Sign & Publish Release | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.event_name == 'workflow_dispatch' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # --- Generate changelog from commits since previous tag --- | |
| - name: Generate changelog | |
| id: changelog | |
| run: | | |
| LAST_TAG=$(git describe --tags --abbrev=0 --always HEAD^ 2>/dev/null || echo "") | |
| if [ -z "$LAST_TAG" ]; then | |
| echo "changelog=$(git log --pretty=format:'- %s')" >> $GITHUB_OUTPUT | |
| else | |
| echo "changelog=$(git log $LAST_TAG..HEAD --pretty=format:'- %s')" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Download built XPI | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: built-xpi | |
| path: xpi | |
| - name: Extract artifact if needed | |
| run: | | |
| if ls xpi/*.zip 1> /dev/null 2>&1; then | |
| unzip xpi/*.zip -d xpi/ | |
| fi | |
| - name: Determine XPI filename | |
| id: xpi | |
| run: | | |
| FILE=$(ls xpi/*.xpi | head -n 1) | |
| echo "file=$FILE" >> $GITHUB_OUTPUT | |
| - name: Sign extension (Firefox AMO) | |
| id: web-ext-sign | |
| uses: kewisch/action-web-ext@v1 | |
| with: | |
| cmd: sign | |
| source: ${{ steps.xpi.outputs.file }} | |
| channel: listed | |
| apiKey: ${{ secrets.FIREFOX_JWT_ISSUER }} | |
| apiSecret: ${{ secrets.FIREFOX_JWT_SECRET }} | |
| metaDataFile: amo_metadata.json | |
| approvalNotes: "Please find more information at https://github.com/tonur/music-link-redirection" | |
| releaseNotes: ${{ steps.changelog.outputs.changelog }} | |
| license: Unlicense | |
| licenseFile: LICENSE | |
| - name: Upload signed XPI to GitHub Release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh release create ${{ github.ref_name }} \ | |
| --title "${{ github.ref_name }}" \ | |
| --notes "${{ steps.changelog.outputs.changelog }}" \ | |
| "${{ steps.web-ext-sign.outputs.target }}" |