Fix publish workflow (#142)

Fixes the publish workflow for reproducible firefox builds.

Author: spalmurray

.github/workflows/publish.yml

@@ -7,60 +7,80 @@ on:
   release:
     types: [published]
 
+env:
+  VERSION: ${{ github.event.release.tag_name }}
+
 jobs:
-  publish:
-    runs-on: ubuntu-latest
+  publish-firefox:
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
+
       - uses: actions/setup-node@v4
         with:
           node-version: "22"
+
       - name: Generate source archive
         run: npm run archive
-        env:
-          VERSION: ${{ github.event.release.tag_name }}
+
+      - name: Upload source archive
+        uses: actions/upload-artifact@v4
+        with:
+          name: codecov-browser-extension-${{ github.event.release.tag_name }}.tar.gz
+          path: codecov-browser-extension-${{ github.event.release.tag_name }}.tar.gz
+
       - name: Install dependencies
         run: npm ci
-      - name: Build extension
-        run: npm run build
+
+      - name: Build Firefox extension
+        run: npm run build:firefox
         env:
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          VERSION: ${{ github.event.release.tag_name }}
-      - name: Prepare Firefox extension
-        run: |
-          cp -r dist dist-chrome
-          mv dist/manifest.firefox.json dist/manifest.json
-          npm run set-version
-          mv dist dist-firefox
-      - name: Upload built Chrome extension
-        uses: actions/upload-artifact@v4
-        with:
-          name: codecov-chrome-${{ github.event.release.tag_name }}
-          path: ./dist-chrome/
+
       - name: Upload built Firefox extension
         uses: actions/upload-artifact@v4
         with:
           name: codecov-firefox-${{ github.event.release.tag_name }}
-          path: ./dist-firefox/
-      - name: Upload source archive
+          path: ./dist/
+
+      - name: Publish to Firefox
+        working-directory: dist
+        run: npx web-ext sign
+        env:
+          WEB_EXT_API_KEY: ${{ secrets.WEB_EXT_JWT_ISSUER }}
+          WEB_EXT_API_SECRET: ${{ secrets.WEB_EXT_JWT_SECRET }}
+          WEB_EXT_CHANNEL: listed
+          WEB_EXT_UPLOAD_SOURCE_CODE: ../codecov-browser-extension-${{ github.event.release.tag_name }}.tar.gz
+          WEB_EXT_APPROVAL_TIMEOUT: 0 # Disable timeout for approval
+
+  publish-chrome:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build Chrome extension
+        run: npm run build
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+
+      - name: Upload built Chrome extension
         uses: actions/upload-artifact@v4
         with:
-          name: codecov-browser-extension-${{ github.event.release.tag_name }}.tar.gz
-          path: codecov-browser-extension-${{ github.event.release.tag_name }}.tar.gz
+          name: codecov-chrome-${{ github.event.release.tag_name }}
+          path: ./dist/
+
       - name: Publish to Chrome
-        working-directory: dist-chrome
+        working-directory: dist
         run: npx chrome-webstore-upload-cli@3
         env:
           EXTENSION_ID: "gedikamndpbemklijjkncpnolildpbgo"
           CLIENT_ID: ${{ secrets.GOOGLE_WEB_STORE_CLIENT_ID }}
           CLIENT_SECRET: ${{ secrets.GOOGLE_WEB_STORE_CLIENT_SECRET }}
           REFRESH_TOKEN: ${{ secrets.GOOGLE_WEB_STORE_REFRESH_TOKEN }}
-      - name: Publish to Firefox
-        working-directory: dist-firefox
-        run: npx web-ext sign
-        env:
-          WEB_EXT_API_KEY: ${{ secrets.WEB_EXT_JWT_ISSUER }}
-          WEB_EXT_API_SECRET: ${{ secrets.WEB_EXT_JWT_SECRET }}
-          WEB_EXT_CHANNEL: listed
-          WEB_EXT_UPLOAD_SOURCE_CODE: ../codecov-browser-extension-${{ github.event.release.tag_name }}.tar.gz
-          WEB_EXT_APPROVAL_TIMEOUT: 0 # Disable timeout for approval

README.md

@@ -88,8 +88,12 @@ These steps will build the extension in the `dist/` folder.
 
 Node 22, `npm` 10, `git`, and `jq` are required to build the extension.
 
+If you're a reviewer from Mozilla, hi! Please note that we have previously seen differences in build output between AMD64 and ARM64. In our CD pipeline we build on Ubuntu 24.04 AMD64, so please stick to that architecture if possible to eliminate any environment differences.
+
 ### Set Local Version
 
+If you're a reviewer from Mozilla, you don't need to do this.
+
 To override the local version of the extension, you can set the `VERSION` environment variable before building. This is useful for testing or development purposes.
 
 E.g.
@@ -99,20 +103,21 @@ $ export VERSION=1.0.0
 
 ### Use Development Sentry DSN
 
+If you're a reviewer from Mozilla, you don't need to do this.
+
 If you want to use Sentry while developing, you can override the DSN value by first copying the example config (`cp .env.example .env.local`) and then filling in the environment variable.
 
-### Chrome
+### Firefox
 
 ```sh
-$ npm install
-$ npm run build
+$ npm ci
+$ npm run build:firefox
 ```
-
-### Firefox
+### Chrome
 
 ```sh
-$ npm install
-$ npm run build:firefox
+$ npm ci
+$ npm run build
 ```
 
 ## About Codecov