.github/workflows/build.yml

name: build and deploy

on:
  push:
  workflow_dispatch:


env:
  CHROME_APP_ID: gbagdbjhcmodnokmjfhkhagnhgmmpgan
  FIREFOX_WEB_EXT_ID: "{fa13934b-65d0-4632-b49e-5e4f6cba9168}"

jobs:
  build:
    strategy:
      matrix:
        target: [ "chrome", "firefox" ]

    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v1
        with:
          node-version: '16.x'
      - run: npm ci
      - run: npm run gen
      - run: npm test
      - run: npm run tscheck
      - run: npm run eslint
      - run: npm run build:${{ matrix.target }}
      - uses: actions/upload-artifact@v2
        with:
          name: dist-${{ matrix.target }}
          path: dist-${{ matrix.target }}/

  deploy-chrome:
    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
    needs:
      - build

    runs-on: ubuntu-latest

    steps:
      - uses: actions/download-artifact@v2
        with:
          name: dist-chrome
      - run: zip -r extension.zip .
      - id: access_token
        run: |
          ACCESS_TOKEN=$(curl -s "https://accounts.google.com/o/oauth2/token" -d "client_id=$CHROME_CLIENT_ID&client_secret=$CHROME_CLIENT_SECRET&refresh_token=$CHROME_REFRESH_TOKEN&grant_type=refresh_token&redirect_uri=urn:ietf:wg:oauth:2.0:oob")
          # the following lines are only required for multi line json
          ACCESS_TOKEN="${ACCESS_TOKEN//'%'/'%25'}"
          ACCESS_TOKEN="${ACCESS_TOKEN//$'\n'/'%0A'}"
          ACCESS_TOKEN="${ACCESS_TOKEN//$'\r'/'%0D'}"
          echo "::set-output name=ACCESS_TOKEN::$ACCESS_TOKEN"
        env:
          CHROME_CLIENT_ID: ${{ secrets.CHROME_CLIENT_ID }}
          CHROME_CLIENT_SECRET: ${{ secrets.CHROME_CLIENT_SECRET }}
          CHROME_REFRESH_TOKEN: ${{ secrets.CHROME_REFRESH_TOKEN }}
      - run: >
          curl -s
          -H "Authorization: Bearer $ACCESS_TOKEN"
          -H "x-goog-api-version: 2"
          -X PUT
          -T extension.zip
          -v https://www.googleapis.com/upload/chromewebstore/v1.1/items/$APP_ID
        env:
          APP_ID: ${{ env.CHROME_APP_ID }}
          ACCESS_TOKEN: ${{ fromJson(steps.access_token.outputs.ACCESS_TOKEN).access_token }}
      - run: >
          curl -s
          -H "Authorization: Bearer $ACCESS_TOKEN"
          -H "x-goog-api-version: 2"
          -H "Content-Length: 0"
          -X POST
          -v https://www.googleapis.com/upload/chromewebstore/v1.1/items/$APP_ID/publish
        env:
          APP_ID: ${{ env.CHROME_APP_ID }}
          ACCESS_TOKEN: ${{ fromJson(steps.access_token.outputs.ACCESS_TOKEN).access_token }}


  deploy-firefox:
    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
    needs:
      - build

    runs-on: ubuntu-latest

    steps:
      - uses: actions/download-artifact@v2
        with:
          name: dist-firefox
      - run: npx web-ext sign --source-dir ./ || true
        env:
          WEB_EXT_API_KEY: ${{ secrets.FIREFOX_JWT_ISSUER }}
          WEB_EXT_API_SECRET: ${{ secrets.FIREFOX_JWT_SECRET }}
          WEB_EXT_ID: ${{ env.FIREFOX_WEB_EXT_ID }}

      - run: >
          curl 
          https://github.com/${{ github.repository }}/zipball/${GITHUB_REF#refs/heads/}/ 
          -L 
          -o extension_src.zip
          -v

      - run: |
          echo "::set-output name=current::$(date +%s)"
          echo "::set-output name=later::$(date -d '5 minutes' +%s)"
        id: time

      - name: JWT Generator
        id: firefoxJWT0
        uses: morzzz007/github-actions-jwt-generator@1.0.1
        with:
          secret: ${{ secrets.FIREFOX_JWT_SECRET }}
          payload: '{"iss":"${{ secrets.FIREFOX_JWT_ISSUER }}", "jti": "${{ steps.time.outputs.current }}", "iat": ${{ steps.time.outputs.current }}, "exp": ${{ steps.time.outputs.later }} }'

      - run: >
          curl 
          -H "Authorization: JWT ${{ steps.firefoxJWT0.outputs.token }}"
          https://addons.mozilla.org/api/v5/addons/addon/%7B${{ env.FIREFOX_WEB_EXT_ID }}%7D/versions?filter=all_with_unlisted
          -L 
          -o response.json
          -v

      - run: echo "::set-output name=latest::$(cat response.json | jq .results[0].id)"
        id: version

      - name: JWT Generator
        id: firefoxJWT1
        uses: morzzz007/github-actions-jwt-generator@1.0.1
        with:
          secret: ${{ secrets.FIREFOX_JWT_SECRET }}
          payload: '{"iss":"${{ secrets.FIREFOX_JWT_ISSUER }}", "jti": "${{ steps.time.outputs.current }}", "iat": ${{ steps.time.outputs.current }}, "exp": ${{ steps.time.outputs.later }} }'

      - run: >
          curl
          -H "Authorization: JWT ${{ steps.firefoxJWT1.outputs.token }}"
          -X PATCH https://addons.mozilla.org/api/v5/addons/addon/%7B${{ env.FIREFOX_WEB_EXT_ID }}%7D/versions/${{ steps.version.outputs.latest }}/
          -F "source=@extension_src.zip"
          -L
          -v