lightbeam-we icon indicating copy to clipboard operation
lightbeam-we copied to clipboard
verified publisher icon mozilla

Make Lightbeam WE available to non-developers to try out

Open biancadanforth opened this issue 8 years ago • 5 comments

Another Mozillian made a great observation that we should make the new Lightbeam WE available to community members for download and testing without a CLI (Node, web-ext run, etc. from the README).

One idea here is to have a releases page on our GitHub repo. Here's an example for Containers. Here's a helpful GitHub article about how to set these up.

I believe we need to get the add-on signed and then can upload an XPI, though using an XPI requires using about:config.

@groovecoder Could you explain a little more about the signing process and how the user would install the add-on in Firefox after they download the file? Are there any additional files we would need to make or steps to enable this?

biancadanforth avatar Aug 15 '17 16:08 biancadanforth

From @groovecoder:

With about:addons + Install Add-On from File, they need to select the .xpi file. Which means you’ll have to use web-ext build to build the .xpi file, and host it. (Usually it’s hosted on AMO, but you can also host it on GitHub releases. I can show you how I do this for Containers)

The Add-on still has to be signed. You can use web-ext sign command to do that for each release. https://developer.mozilla.org/en-US/Add-ons/WebExtensions/web-ext_command_reference#web-ext_sign but you’ll need API access as an author/maintainer of the add-on on AMO, which takes a while to get the add-on through review.

You can build an un-signed .xpi file with web-ext build. (In fact web-ext sign does this first, then POSTs the un-signed .xpi to AMO for signing.) You can publish the un-signed .xpi file wherever you want, but it will only work on Aurora, Nightly, or un-branded builds of Firefox with xpinstall.signatures.required set to false in about:config.When AMO signs the add-on, yes - it essentially verifies that the .xpi was submitted thru the AMO process by an authorized developer of the add-on.

biancadanforth avatar Aug 15 '17 16:08 biancadanforth

Since this is a web extension, I think we can just zip up all the resources we need, and then sign them. You can use the web-ext tool to use that, but you need creds first. If we just want to do it occasionally, it might just be easier to use the developer interface to manually sign the zip file as an unlisted (self-hosted) extension.

IE something like:

zip lightbeam.zip js/* images/* css/* shavar-prod-lists/* index.html manifest.json node_modules/d3/build/d3.min.js

And then uploading this zipfile here: https://addons.mozilla.org/en-US/developers/addon/submit/distribution

pauljt avatar Aug 16 '17 03:08 pauljt

But we should create an "npm run build" or something which pulls the lists of files from somewhere or something more maintainable than what I said above :)

pauljt avatar Aug 16 '17 03:08 pauljt

BTW i just tested the above approach and it seems to work.

  1. Create a new AMO account
  2. Choose "Submit a new addon" on the website
  3. Choose the self hosted option
  4. Upload the zip file and then choose to sign it
  5. download the signed .xpi file, and host it somewhere

And you end up with something like http://misuse.co/lightbeam/lightbeam-1.0-an+fx-windows.xpi

Which is installable in Firefox (both release and nightly wfm). We could try to automate this or have it built into the commit-hooks but not sure it neccessary given that this is temporary until we overide the old addon.

pauljt avatar Aug 16 '17 03:08 pauljt

This webextension is now available on AMO. Is this issue still valid?

Flaburgan avatar Dec 10 '17 17:12 Flaburgan