fleet/.github/workflows/release-fleetd-chrome-beta.yml

name: Release fleetd-chrome beta

# Build and upload the following files:
# - fleetd.crx
# - updates.xml
# - meta.json
# - archive/YYYY-MM-DD_HH-MM-SS/fleetd.crx
# - archive/YYYY-MM-DD_HH-MM-SS/updates.xml
# - archive/YYYY-MM-DD_HH-MM-SS/meta.json

on:
  push:
   tags:
     - 'fleetd-chrome-**-beta'

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

permissions:
  contents: read

jobs:
  release-fleetd-chrome-beta:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    env:
      BASE_URL: https://chrome-beta.fleetdm.com
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit

      - name: Checkout
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

      - name: Run test
        working-directory: ./ee/fleetd-chrome
        run: |
          npm install --no-save && npm run test          

      - name: Set the version
        working-directory: ./ee/fleetd-chrome
        run: |
          echo "FLEETD_CHROME_VERSION=$(npm pkg get version --workspaces=false | tr -d \")" >> $GITHUB_ENV          

      - name: Build & sign extension
        working-directory: ./ee/fleetd-chrome
        env:
          CHROME_SIGNING_KEY: ${{ secrets.FLEETD_CHROME_SIGNING_KEY_BETA }}
        run: |
          echo -e 'FLEET_URL=""\nFLEET_ENROLL_SECRET=""' > .env
          npm run build
          sed -i "s/FLEETD_CHROME_VERSION/${{ env.FLEETD_CHROME_VERSION }}/g" updates-beta.xml
          echo "$CHROME_SIGNING_KEY" > chrome.pem
          /usr/bin/google-chrome --pack-extension=./dist --pack-extension-key=chrome.pem          

      - name: Prepare files for upload
        id: prepare-files
        working-directory: ./ee/fleetd-chrome
        run: |
          mv dist.crx fleetd.crx
          mv updates-beta.xml updates.xml
          datedir=$(date -u +%Y-%m-%d_%H-%M-%S)
          mkdir -p archive/$datedir
          cp fleetd.crx archive/$datedir
          cp updates.xml archive/$datedir
          echo "{
            \"fleetd_crx_url\": \"${{ env.BASE_URL }}/archive/$datedir/fleetd.crx\",
            \"updates_xml\": \"${{ env.BASE_URL }}/archive/$datedir/updates.xml\",
            \"version\": \"$datedir\"
          }" > meta.json
          : # Check that meta.json is valid
          jq -e . >/dev/null 2>&1 <<< $(cat meta.json)
          cp meta.json archive/$datedir
          echo "datedir=$datedir" >> $GITHUB_OUTPUT          

      - name: Upload extension
        uses: ./.github/actions/r2-upload
        env:
          R2_ENDPOINT: ${{ secrets.R2_ENDPOINT }}
          R2_ACCESS_KEY_ID: ${{ secrets.R2_CHROME_BETA_ACCESS_KEY_ID }}
          R2_ACCESS_KEY_SECRET: ${{ secrets.R2_CHROME_BETA_ACCESS_KEY_SECRET }}
          R2_BUCKET: chrome-beta
        with:
          working-directory: ./ee/fleetd-chrome
          filenames: fleetd.crx,updates.xml,meta.json,archive/${{ steps.prepare-files.outputs.datedir }}/fleetd.crx,archive/${{ steps.prepare-files.outputs.datedir }}/updates.xml,archive/${{ steps.prepare-files.outputs.datedir }}/meta.json