npm

Check out our latest tech talk, "JavaScript Supply Chain Security" presented by VP of Security, Adam Baldwin.Watch it here »

This package has been deprecated

Author message:

use cws-publish instead

@hemulit/cws-publish

1.0.5 • Public • Published

CWS Publish

This package lets you upload chrome extension (.zip) to Chrome Web Store using continuous integration.

This package exists because chrome web store is not an existing travis-ci deploy target, and the scripts that do exist to manage this process are meant for running from CLI locally.

Table of Contents
  1. Usage
  2. Inputs
  3. Advanced Usage
  4. Random Notes

1 Usage

npm install --save-dev @hemulit/cws-publish

in .travis.yml:

A) if you want to upload your release as a draft - manual publish from developer console is still required:

after_deploy:
  - npx cws-upload $client_id $client_secret $refresh_token ZIP_FILE EXTENSION_ID

B) if you want immediately publish your release:

after_deploy:
  - npx cws-publish $client_id $client_secret $refresh_token ZIP_FILE EXTENSION_ID

C) if you want immediately publish your release to TESTERS:

after_deploy:
  - npx cws-publish $client_id $client_secret $refresh_token ZIP_FILE EXTENSION_ID --testers

2 Inputs

Required params Instructions Type
$client_id see 2.1 ENV vars
$client_secret see 2.1 ENV vars
$refresh_token see 2.1 ENV vars
ZIP_FILE see 2.2 String
EXTENSION_ID see 2.3 String

2.1 Obtaining Google API Credentials

Instructions on how to obtain these values are explained step-by-step in this guide:

https://developer.chrome.com/webstore/using_webstore_api#beforeyoubegin

The general process is:

  1. Enable Chrome Web Store API in Google API Console
  2. Create OAuth Credentials in Google Console - this will generate $client id and $client_secret
  3. Authorize Chrome Web Store API - from here you get the $refresh_token

Once you have $client_id $client_secret and $refresh_token save them as environment variables in you CI project settings.

NEVER share these values with anyone or commit them to your repository!

2.2 Obtaining ZIP_FILE

Generating a zip file is outside the scope of this package. It is assumed that you have already generated a zip file during previous build steps. Please see for example gulp-zip for instructions if necessary.

Once you know the location of the zip file, update your .travis.yml command and replace ZIP_FILE with path to file. If you file is located in the root directory the value could be for example ./my_extension.zip

2.3 Obtaining EXTENSION_ID

Go to chrome web store developer console and click "More info". Copy the item id and paste it to your .travis.yml command to replace EXTENSION_ID.

3 Advanced Usage Options

Run the deploy script based on a condition, for example to only run on tagged commits:

after_deploy:
  - if [ ! -z  "$TRAVIS_TAG" ]; then npx cws-upload $client_id $client_secret $refresh_token ZIP_FILE EXTENSION_ID; fi

4 Random Notes

Comments on API authentication

While creating this package, I explored many alternative ways to authenticate. Here is what I found out.

Q1: Can I use an API key to access chrome web store API?

This would be super easy to set up and ideal for CI, but the answer is no. See for example API Keys. When dealing with private user data simple access key will not suffice.

Q2: Can I use service account to access chrome web store API?

This would also be great for CI, but the answer is it depends. You can set up service account. You can get the necessary access tokens, but you can only impersonate a developer user if you are using G suite business account. Since that costs money and I don't have such account I was unable to test this but supposedly it works for G suite users. If your google developer account is a regular gmail account then no you cannot use service account here.

This ultimately leaves us with doing the oauth 2.0 dance to obtain the necessary credentials. It is quite a mess but luckily you only need to do it once. You can use the same credentials for all your extension projects.

References

install

npm i @hemulit/cws-publish

Downloadsweekly downloads

8

version

1.0.5

license

MIT

homepage

github.com

repository

Gitgithub

last publish

collaborators

  • avatar
Report a vulnerability