Something will eventually be here! ๐
trmcnvn / firefox-addon Goto Github PK
View Code? Open in Web Editor NEW๐ฆ GitHub action to update/create firefox addons
License: MIT License
๐ฆ GitHub action to update/create firefox addons
License: MIT License
Using webpack I build a zip file for the extension but this action uses xpi extension, is there a way I can use a zip file?
Thank you for this addon!
When using it here I got a Request failed with status code 400
Run trmcnvn/firefox-addon@v1
with:
uuid: {87477736-c9f4-44c4-8eee-7fdfaaf750e9}
xpi: packages/qownnotes-web-companion.v20.8.3.firefox.xpi.zip
manifest: dist/firefox/manifest.json
api-key: ***
api-secret: ***
env:
VERSION: 20.8.3
TAG: v20.8.3
RELEASE_TEXT: ## 20.8.3
- Firefox store releasing is now done via GitHub Actions
##[error]Request failed with status code 400
Is there a way to find out what causes the error?
I got this review, because I use minified sources:
This version contains minified, concatenated or otherwise machine-generated code. Please provide the original sources, together with instructions on how to generate the final XPI. Source code must be provided as an archive and uploaded using the source code upload field, which can be done during submission or on the version page in the developer hub.
Please read through the instructions at https://extensionworkshop.com/documentation/publish/source-code-submission/ .
How can I upload the source with this action?
Btw. amazing work on this! This action makes publishing really easy.
nevermind
Hi, this action asks for a key and secret but the page linked says JWT issuer and JWT secret.
Using them as key secret respectively doesn't seem to be working.
Just looking for some clarification, I know this action is 2 years old
There are other fields that can be submitted such as Release Notes using the AMO webform. It'd be nice to also be able to submit updated data through this action.
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token permissions for their workflows, they can use this knowledge-base instead of trying to research permissions needed by each GitHub Action they use.
Below you can see the KB of your GITHUB Action.
name: 'Firefox Addon Action' # trmcnvn/firefox-addon
# GITHUB_TOKEN not used
If you think this information is not accurate, or if in the future your GitHub Action starts using a different set of permissions, please create an issue at https://github.com/step-security/secure-workflows/issues to let us know.
This issue is automatically created by our analysis bot, feel free to close after reading :)
GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.
Setting minimum token permissions is also checked for by Open Source Security Foundation (OpenSSF) Scorecards. Scorecards recommend using https://github.com/step-security/secure-workflows so developers can fix this issue in an easier manner.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.