Conversation
📝 WalkthroughWalkthroughThis pull request adds a new GitHub Actions release workflow that automates the process of building, packaging, and submitting browser extensions to multiple stores with optional dry-run mode. Additionally, it updates the .gitignore file to exclude temporary files and environment configuration. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
Pre-merge checks and finishing touches❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
.github/workflows/release.yml (2)
28-31: Consider adding verification and artifact upload.The ZIP creation step lacks error handling and artifact storage. Consider:
- Verifying ZIP files exist before submission
- Uploading artifacts for debugging failed workflows
🔎 Suggested improvements
After the "Zip extensions" step, add:
- name: Verify ZIP files run: | ls -lh .output/*.zip test -f .output/*-chrome.zip || exit 1 test -f .output/*-firefox.zip || exit 1 test -f .output/*-sources.zip || exit 1 - name: Upload artifacts if: always() uses: actions/upload-artifact@v4 with: name: extension-zips path: .output/*.zip
33-71: Reduce duplication between submission steps.The dry-run and normal submission steps are nearly identical except for the
--dry-runflag. Consider refactoring to reduce maintenance burden.🔎 Suggested refactor using a composite action or environment variable
- name: Set dry run flag id: flags run: | if [[ "${{ inputs.dry_run }}" == "true" ]]; then echo "dry_run_flag=--dry-run" >> $GITHUB_OUTPUT else echo "dry_run_flag=" >> $GITHUB_OUTPUT fi - name: Submit to stores run: | pnpm wxt submit ${{ steps.flags.outputs.dry_run_flag }} \ --chrome-zip .output/*-chrome.zip \ --firefox-zip .output/*-firefox.zip --firefox-sources-zip .output/*-sources.zip \ --edge-zip .output/*-chrome.zip env: CHROME_EXTENSION_ID: ${{ secrets.CHROME_EXTENSION_ID }} CHROME_CLIENT_ID: ${{ secrets.CHROME_CLIENT_ID }} CHROME_CLIENT_SECRET: ${{ secrets.CHROME_CLIENT_SECRET }} CHROME_REFRESH_TOKEN: ${{ secrets.CHROME_REFRESH_TOKEN }} FIREFOX_EXTENSION_ID: ${{ secrets.FIREFOX_EXTENSION_ID }} FIREFOX_JWT_ISSUER: ${{ secrets.FIREFOX_JWT_ISSUER }} FIREFOX_JWT_SECRET: ${{ secrets.FIREFOX_JWT_SECRET }} EDGE_PRODUCT_ID: ${{ secrets.EDGE_PRODUCT_ID }} EDGE_CLIENT_ID: ${{ secrets.EDGE_CLIENT_ID }} EDGE_API_KEY: ${{ secrets.EDGE_API_KEY }} EDGE_ACCESS_TOKEN_URL: ${{ secrets.EDGE_ACCESS_TOKEN_URL }}
📜 Review details
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
.github/workflows/release.yml.gitignore
🔇 Additional comments (4)
.gitignore (1)
28-31: LGTM!The additions appropriately exclude temporary build artifacts and local environment files from version control, aligning with the new release workflow.
.github/workflows/release.yml (3)
1-10: LGTM!The workflow trigger configuration is well-structured with a clear dry-run option for safe testing before actual publication.
51-51: EDGE_ACCESS_TOKEN_URL is appropriately stored as a secret.Microsoft Edge Add-ons Partner Center generates account-specific OAuth2 token endpoint URLs that contain organizational identifiers and are tied to publisher credentials. These should remain confidential as they authenticate extension submissions, similar to the other authentication credentials (
EDGE_PRODUCT_ID,EDGE_CLIENT_ID,EDGE_API_KEY) already stored as secrets.
36-39: Use explicit filenames instead of wildcard patterns for clarity and robustness.While the wildcard patterns (
.output/*-chrome.zip,.output/*-firefox.zip,.output/*-sources.zip) are standard in WXT publishing examples and work fine in CI environments with fresh checkouts, explicitly specifying the full filenames (e.g.,.output/charognard-X.X.X-chrome.zip) would improve maintainability and prevent issues if the naming convention changes or multiple matches occur.
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.