Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Github Action to Deploy to Webstores #631

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add Github Action to Deploy to Webstores #631

wants to merge 1 commit into from

Conversation

ColdSauce
Copy link

Hiya, we made a Github action to make it easier to deploy to each of the web stores. This PR integrates the ascii doctor browser ext to our Github action so you can deploy directly from the Github UI.

Currently supporting Chrome, Firefox, Edge, and Opera (Safari support coming soon too)

The only thing you would need to create is a SUBMIT_KEYS GitHub repository secret.

This secret is a JSON, with the schema defined here.

Here's a sample key:

{
  "$schema": "https://raw.githubusercontent.com/plasmo-corp/bpp/v1/keys.schema.json",
  "chrome": {
    "clientId": "123",
    "clientSecret": "456",
    "refreshToken": "789",
    "extId": "abcd"
  },
  "firefox": {
    "apiKey": "123",
    "apiSecret": "abcd",
    "extId": "foobar"
  }
}

You can find instructions on how to get those keys in the schema, or if you use vscode, the schema should provide hint/intelisense when hovering over the json properties. If you need any help in setting up the keys, feel free to @ me.

Otherwise, if this doesn't seem necessary, feel free to close the PR!

@ggrossetie
Copy link
Member

Sounds interesting!
I didn't know that it was possible to publish to the Chrome WebStore using an API. It seems that you are using Puppeteer to automate the process for Opera and Edge? No API available?

To be honest, I'm a bit reluctant to use this GitHub actions for security reasons: https://julienrenaux.fr/2019/12/20/github-actions-security-risk/
It seems legit but I don't have time to do a thorough review of bpp, cwu, bms...

@ColdSauce
Copy link
Author

It seems that you are using Puppeteer to automate the process for Opera and Edge? No API available?

At least for Opera, there is a private API that I'm currently reverse engineering to take advantage of. I reached out to the program manager of the Edge store to see how we can have a better workflow for Edge. Tracking Opera task here and Edge task here

To be honest, I'm a bit reluctant to use this GitHub actions for security reasons

As a former security engineer, it makes me happy to see people are skeptical of random Github Actions that are close to their deployment :)

If you'd like I can pin the version to the SHA-1 of our latest commit, but I understand your point about not having enough time to check through all the code. If there's anything else I can do to minimize your risk and ease your concerns, please let me know. We feel like this is a useful piece of software and we'd love for people to use it, but we want people feeling safe when they do so!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ColdSauce @ggrossetie