diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..1c3f8ef --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,32 @@ +name: CI + +on: + push: + branches: [master] + pull_request: + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Validate manifest JSON + run: | + python3 -c "import json,sys; json.load(open('manifest.json'))" + python3 -c "import json,sys; json.load(open('manifest.firefox.json'))" + + - name: Manifest versions must match + run: | + C=$(python3 -c "import json; print(json.load(open('manifest.json'))['version'])") + F=$(python3 -c "import json; print(json.load(open('manifest.firefox.json'))['version'])") + [ "$C" = "$F" ] || { echo "Chrome=$C Firefox=$F"; exit 1; } + + - name: Build runs cleanly + run: bash scripts/build.sh + + - name: Install web-ext + run: npm install -g web-ext + + - name: web-ext lint (Firefox) + run: web-ext lint --source-dir dist/firefox --self-hosted diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..2bfc42e --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,71 @@ +name: Release + +on: + push: + tags: + - "v*" + workflow_dispatch: + inputs: + tag: + description: "Tag to build (e.g. v2.1.0). Leave blank to build current ref." + required: false + +permissions: + contents: write + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + ref: ${{ github.event.inputs.tag || github.ref }} + + - name: Read version from manifest + id: meta + run: | + VERSION=$(grep '"version"' manifest.json | head -1 | sed 's/.*: *"\([^"]*\)".*/\1/') + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + echo "tag=v$VERSION" >> "$GITHUB_OUTPUT" + + - name: Verify tag matches manifest version + if: startsWith(github.ref, 'refs/tags/v') + run: | + TAG="${GITHUB_REF#refs/tags/}" + if [ "$TAG" != "${{ steps.meta.outputs.tag }}" ] && [ "$TAG" != "${{ steps.meta.outputs.tag }}-firefox" ]; then + echo "Tag $TAG does not match manifest version ${{ steps.meta.outputs.tag }}" + exit 1 + fi + + - name: Build Chrome + Firefox zips + run: bash scripts/build.sh + + - name: Compute checksums + working-directory: dist + run: | + shasum -a 256 keyfinder-v${{ steps.meta.outputs.version }}-chrome.zip > keyfinder-v${{ steps.meta.outputs.version }}-chrome.zip.sha256 + shasum -a 256 keyfinder-v${{ steps.meta.outputs.version }}-firefox.zip > keyfinder-v${{ steps.meta.outputs.version }}-firefox.zip.sha256 + + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + with: + name: keyfinder-v${{ steps.meta.outputs.version }} + path: | + dist/keyfinder-v${{ steps.meta.outputs.version }}-chrome.zip + dist/keyfinder-v${{ steps.meta.outputs.version }}-firefox.zip + dist/keyfinder-v${{ steps.meta.outputs.version }}-chrome.zip.sha256 + dist/keyfinder-v${{ steps.meta.outputs.version }}-firefox.zip.sha256 + if-no-files-found: error + + - name: Attach to GitHub Release + if: startsWith(github.ref, 'refs/tags/v') + uses: softprops/action-gh-release@v2 + with: + files: | + dist/keyfinder-v${{ steps.meta.outputs.version }}-chrome.zip + dist/keyfinder-v${{ steps.meta.outputs.version }}-firefox.zip + dist/keyfinder-v${{ steps.meta.outputs.version }}-chrome.zip.sha256 + dist/keyfinder-v${{ steps.meta.outputs.version }}-firefox.zip.sha256 + generate_release_notes: true + fail_on_unmatched_files: true