From cd4fc2596ef78cd143612a4ab96fe05cbec57e01 Mon Sep 17 00:00:00 2001 From: Raymond Hill Date: Sun, 13 May 2018 19:18:09 -0400 Subject: [PATCH] update py scripts to publish in AMO/CWS --- dist/chromium/publish-beta.py | 192 ++++++++++++++++++++++++++++ dist/firefox/publish-signed-beta.py | 40 ++++-- 2 files changed, 223 insertions(+), 9 deletions(-) create mode 100755 dist/chromium/publish-beta.py diff --git a/dist/chromium/publish-beta.py b/dist/chromium/publish-beta.py new file mode 100755 index 0000000..ed3efea --- /dev/null +++ b/dist/chromium/publish-beta.py @@ -0,0 +1,192 @@ +#!/usr/bin/env python3 + +import datetime +import json +import jwt +import os +import re +import requests +import shutil +import subprocess +import sys +import tempfile +import time +import zipfile + +from distutils.version import StrictVersion +from string import Template + +# - Download target (raw) uMatrix.chromium.zip from GitHub +# - This is referred to as "raw" package +# - This will fail if not a dev build +# - Upload uMatrix.chromium.zip to Chrome store +# - Publish uMatrix.chromium.zip to Chrome store + +# Find path to project root +projdir = os.path.split(os.path.abspath(__file__))[0] +while not os.path.isdir(os.path.join(projdir, '.git')): + projdir = os.path.normpath(os.path.join(projdir, '..')) + +cs_extension_id = 'eckgcipdkhcfghnmincccnhpdmnbefki' +tmpdir = tempfile.TemporaryDirectory() +raw_zip_filename = 'uMatrix.chromium.zip' +raw_zip_filepath = os.path.join(tmpdir.name, raw_zip_filename) +github_owner = 'gorhill' +github_repo = 'uMatrix' + +# We need a version string to work with +if len(sys.argv) >= 2 and sys.argv[1]: + version = sys.argv[1] +else: + version = input('Github release version: ') +version.strip() +if not re.search('^\d+\.\d+\.\d+(b|rc)\d+$', version): + print('Error: Invalid version string.') + exit(1) + +# Load/save auth secrets +# The build directory is excluded from git +ubo_secrets = dict() +ubo_secrets_filename = os.path.join(projdir, 'dist', 'build', 'ubo_secrets') +if os.path.isfile(ubo_secrets_filename): + with open(ubo_secrets_filename) as f: + ubo_secrets = json.load(f) + +def input_secret(prompt, token): + if token in ubo_secrets: + prompt += ' ✔' + prompt += ': ' + value = input(prompt).strip() + if len(value) == 0: + if token not in ubo_secrets: + print('Token error:', token) + exit(1) + value = ubo_secrets[token] + elif token not in ubo_secrets or value != ubo_secrets[token]: + ubo_secrets[token] = value + exists = os.path.isfile(ubo_secrets_filename) + with open(ubo_secrets_filename, 'w') as f: + json.dump(ubo_secrets, f, indent=2) + if not exists: + os.chmod(ubo_secrets_filename, 0o600) + return value + + +# GitHub API token +github_token = input_secret('Github token', 'github_token') +github_auth = 'token ' + github_token + +# +# Get metadata from GitHub about the release +# + +# https://developer.github.com/v3/repos/releases/#get-a-single-release +print('Downloading release info from GitHub...') +release_info_url = 'https://api.github.com/repos/{0}/{1}/releases/tags/{2}'.format(github_owner, github_repo, version) +headers = { 'Authorization': github_auth, } +response = requests.get(release_info_url, headers=headers) +if response.status_code != 200: + print('Error: Release not found: {0}'.format(response.status_code)) + exit(1) +release_info = response.json() + +# +# Extract URL to raw package from metadata +# + +# Find url for uMatrix.chromium.zip +raw_zip_url = '' +for asset in release_info['assets']: + if asset['name'] == raw_zip_filename: + raw_zip_url = asset['url'] +if len(raw_zip_url) == 0: + print('Error: Release asset URL not found') + exit(1) + +# +# Download raw package from GitHub +# + +# https://developer.github.com/v3/repos/releases/#get-a-single-release-asset +print('Downloading raw zip package from GitHub...') +headers = { + 'Authorization': github_auth, + 'Accept': 'application/octet-stream', +} +response = requests.get(raw_zip_url, headers=headers) +# Redirections are transparently handled: +# http://docs.python-requests.org/en/master/user/quickstart/#redirection-and-history +if response.status_code != 200: + print('Error: Downloading raw package failed -- server error {0}'.format(response.status_code)) + exit(1) +with open(raw_zip_filepath, 'wb') as f: + f.write(response.content) +print('Downloaded raw package saved as {0}'.format(raw_zip_filepath)) + +# +# Upload to Chrome store +# + +# Auth tokens +cs_id = input_secret('Chrome store id', 'cs_id') +cs_secret = input_secret('Chrome store secret', 'cs_secret') +cs_refresh = input_secret('Chrome store refresh token', 'cs_refresh') + +print('Uploading to Chrome store...') +with open(raw_zip_filepath, 'rb') as f: + print('Generating access token...') + auth_url = 'https://accounts.google.com/o/oauth2/token' + auth_payload = { + 'client_id': cs_id, + 'client_secret': cs_secret, + 'grant_type': 'refresh_token', + 'refresh_token': cs_refresh, + } + auth_response = requests.post(auth_url, data=auth_payload) + if auth_response.status_code != 200: + print('Error: Auth failed -- server error {0}'.format(auth_response.status_code)) + print(auth_response.text) + exit(1) + response_dict = auth_response.json() + if 'access_token' not in response_dict: + print('Error: Auth failed -- no access token') + exit(1) + # Prepare access token + cs_auth = 'Bearer ' + response_dict['access_token'] + headers = { + 'Authorization': cs_auth, + 'x-goog-api-version': '2', + } + # Upload + print('Uploading package...') + upload_url = 'https://www.googleapis.com/upload/chromewebstore/v1.1/items/{0}'.format(cs_extension_id) + upload_response = requests.put(upload_url, headers=headers, data=f) + f.close() + if upload_response.status_code != 200: + print('Upload failed -- server error {0}'.format(upload_response.status_code)) + print(upload_response.text) + exit(1) + response_dict = upload_response.json(); + if 'uploadState' not in response_dict or response_dict['uploadState'] != 'SUCCESS': + print('Upload failed -- server error {0}'.format(response_dict['uploadState'])) + exit(1) + print('Upload succeeded.') + # Publish + print('Publishing package...') + publish_url = 'https://www.googleapis.com/chromewebstore/v1.1/items/{0}/publish'.format(cs_extension_id) + headers = { + 'Authorization': cs_auth, + 'x-goog-api-version': '2', + 'Content-Length': '0', + } + publish_response = requests.post(publish_url, headers=headers) + if publish_response.status_code != 200: + print('Error: Chrome store publishing failed -- server error {0}'.format(publish_response.status_code)) + exit(1) + response_dict = publish_response.json(); + if 'status' not in response_dict or response_dict['status'][0] != 'OK': + print('Publishing failed -- server error {0}'.format(response_dict['status'])) + exit(1) + print('Publishing succeeded.') + +print('All done.') diff --git a/dist/firefox/publish-signed-beta.py b/dist/firefox/publish-signed-beta.py index dc3dfce..8714179 100755 --- a/dist/firefox/publish-signed-beta.py +++ b/dist/firefox/publish-signed-beta.py @@ -62,12 +62,35 @@ if not re.search('^\d+\.\d+\.\d+(b|rc)\d+$', version): print('Error: Invalid version string.') exit(1) +# Load/save auth secrets +# The build directory is excluded from git +ubo_secrets = dict() +ubo_secrets_filename = os.path.join(projdir, 'dist', 'build', 'ubo_secrets') +if os.path.isfile(ubo_secrets_filename): + with open(ubo_secrets_filename) as f: + ubo_secrets = json.load(f) + +def input_secret(prompt, token): + if token in ubo_secrets: + prompt += ' ✔' + prompt += ': ' + value = input(prompt).strip() + if len(value) == 0: + if token not in ubo_secrets: + print('Token error:', token) + exit(1) + value = ubo_secrets[token] + elif token not in ubo_secrets or value != ubo_secrets[token]: + ubo_secrets[token] = value + exists = os.path.isfile(ubo_secrets_filename) + with open(ubo_secrets_filename, 'w') as f: + json.dump(ubo_secrets, f, indent=2) + if not exists: + os.chmod(ubo_secrets_filename, 0o600) + return value + # GitHub API token -# TODO: support as environment variable? (see os.environ) -github_token = input("Github token: ").strip() -if len(github_token) == 0: - print('Error: invalid GitHub token') - exit(1) +github_token = input_secret('Github token', 'github_token') github_auth = 'token ' + github_token # @@ -145,9 +168,8 @@ with zipfile.ZipFile(raw_xpi_filepath, 'r') as zipin: print('Ask AMO to sign self-hosted xpi package...') with open(unsigned_xpi_filepath, 'rb') as f: - # TODO: support use of env variables for key/secret? - amo_api_key = input("AMO API key: ").strip() - amo_secret = input("AMO API secret: ").strip() + amo_api_key = input_secret('AMO API key', 'amo_api_key') + amo_secret = input_secret('AMO API secret', 'amo_secret') amo_nonce = os.urandom(8).hex() jwt_payload = { 'iss': amo_api_key, @@ -251,7 +273,7 @@ with open(updates_json_filepath) as f: f.close() previous_version = updates_json['addons'][extension_id]['updates'][0]['version'] if LooseVersion(version) > LooseVersion(previous_version): - with open(os.path.join(projdir, 'platform', 'webext', 'updates.template.json')) as f: + with open(os.path.join(projdir, 'dist', 'firefox', 'updates.template.json')) as f: template_json = Template(f.read()) f.close() updates_json = template_json.substitute(version=version)