-
-
Notifications
You must be signed in to change notification settings - Fork 38
121 lines (104 loc) · 3.6 KB
/
release-extension.yml
File metadata and controls
121 lines (104 loc) · 3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: 构建扩展并发布
on:
release:
types:
- published
workflow_dispatch:
inputs:
release_tag:
description: 已存在的 release tag,留空则自动按 manifest.json 版本拼成 v{version}
required: false
type: string
permissions:
contents: write
jobs:
package:
name: 打包浏览器扩展
runs-on: ubuntu-latest
steps:
- name: 检出仓库
uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: 10
- name: 安装 Node
uses: actions/setup-node@v4
with:
node-version: 20
cache: pnpm
- name: 安装依赖
run: pnpm install --frozen-lockfile
- name: 构建扩展
run: pnpm run build
- name: 读取版本号并校验
id: meta
shell: bash
env:
EVENT_TAG: ${{ github.event.release.tag_name }}
INPUT_TAG: ${{ inputs.release_tag }}
run: |
set -euo pipefail
version="$(node -p "require('./dist/manifest.json').version")"
tag="${EVENT_TAG:-${INPUT_TAG:-}}"
if [ -z "$tag" ]; then
tag="v${version}"
fi
normalized_tag="${tag#v}"
if [ "$normalized_tag" != "$version" ]; then
echo "::error::Release tag $tag 与 dist/manifest.json 中的版本号 $version 不一致。"
exit 1
fi
echo "version=$version" >> "$GITHUB_OUTPUT"
echo "tag=$tag" >> "$GITHUB_OUTPUT"
echo "zip_name=stackprism-v${version}.zip" >> "$GITHUB_OUTPUT"
echo "crx_name=stackprism-v${version}.crx" >> "$GITHUB_OUTPUT"
- name: 打包 zip
shell: bash
run: |
set -euo pipefail
mkdir -p release
(
cd dist
zip -r "../release/${{ steps.meta.outputs.zip_name }}" .
)
sha256sum "release/${{ steps.meta.outputs.zip_name }}" > "release/${{ steps.meta.outputs.zip_name }}.sha256"
- name: 签名 crx
id: crx
shell: bash
env:
EXTENSION_PRIVATE_KEY: ${{ secrets.EXTENSION_PRIVATE_KEY }}
run: |
set -euo pipefail
if [ -z "${EXTENSION_PRIVATE_KEY:-}" ]; then
echo "::warning::secrets.EXTENSION_PRIVATE_KEY 未配置,跳过 crx 生成。zip 仍会上传。"
echo "skipped=true" >> "$GITHUB_OUTPUT"
exit 0
fi
printf '%s' "$EXTENSION_PRIVATE_KEY" > extension.pem
npx --yes crx3 --keyPath extension.pem --crxPath "release/${{ steps.meta.outputs.crx_name }}" dist
sha256sum "release/${{ steps.meta.outputs.crx_name }}" > "release/${{ steps.meta.outputs.crx_name }}.sha256"
rm -f extension.pem
echo "skipped=false" >> "$GITHUB_OUTPUT"
- name: 上传产物到 release
shell: bash
env:
GH_TOKEN: ${{ github.token }}
run: |
set -euo pipefail
assets=(
"release/${{ steps.meta.outputs.zip_name }}"
"release/${{ steps.meta.outputs.zip_name }}.sha256"
)
if [ -f "release/${{ steps.meta.outputs.crx_name }}" ]; then
assets+=(
"release/${{ steps.meta.outputs.crx_name }}"
"release/${{ steps.meta.outputs.crx_name }}.sha256"
)
fi
gh release upload "${{ steps.meta.outputs.tag }}" "${assets[@]}" --clobber
- name: 归档产物
uses: actions/upload-artifact@v4
with:
name: stackprism-v${{ steps.meta.outputs.version }}
path: release/