chore: add copy-artifacts script and attach-artifacts workflow#5
Merged
Conversation
vitte-lang
added
the
security-review
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Chore: add script and Tag-driven attach-artifacts workflow\n\nThis PR moves packaging convenience to scripts and CI automation so releases can include ready-to-download browser binaries at the repository root. It contains:\n\n- : Node script that copies the produced artifacts from to the repository root and creates a copy for Firefox.\n- script: command to run the copy script locally or from CI.\n- : GitHub Actions workflow (trigger: to tags) that builds the extension (), runs the copy script, uploads workflow artifacts, and attaches / to the GitHub Release.\n- and updates describing the commands and packaging steps.\n\nTesting / How to verify locally:\n1. Scope: all 4 workspace projects
Already up to date
Done in 379ms using pnpm v11.5.1\n2. Building web extension from dist
Destination exists, overwriting: web-ext-artifacts/silentweb-1.4.2.zip
Your web extension is ready: web-ext-artifacts/silentweb-1.4.2.zip (or [build:assets] Copied public/ -> dist/
[build:assets] Copied packages/public/ -> dist/
[build:assets] Copied opus-recorder.min.js
[build:assets] Copied _locales/ -> dist/_locales/
[build:assets] Copied oreille-barree-256.png -> icon-48.png
[build:assets] Copied oreille-barree-512.png -> icon-128.png
[build:assets] Found dist/manifest.json at repo root)\n3. [ERR_PNPM_NO_SCRIPT] Missing script: copy:artifacts
Command "copy:artifacts" not found.\n4. Confirm that , and appear at the repository root.\n\nNotes and rationale:\n- Keeping the copy step separate avoids forcing web-ext output layout changes and makes the artifact transfer explicit and idempotent.\n- The workflow uses and Node 22 to match repo requirements; it's intentionally conservative to avoid breaking the signing flow.\n\nPlease review the workflow and scripts for style, security, and signing implications (AMO signing remains separate).\n\nChecklist de sécurité & signing\n- [ ] Vérifier que les secrets AMO (AMO_API_KEY / AMO_API_SECRET) sont stockés dans les du repo ou organisation.\n- [ ] S’assurer que le job de signature AMO est exécuté dans un workflow séparé approuvé (ex. ).\n- [ ] Revérifier les permissions du workflow ( scope minimal).\n- [ ] Valider que n’expose pas de secrets en clair dans les logs.\n- [ ] Documenter l’étape manuelle de revue avant publication finale sur AMO/Chrome Web Store.\n\nAdded SECURITY_CHECKLIST.md to the repository and linked issue: #6