I have a signed addon that I use personally but would like to experiment with making it distributable via AMO. I have already uploaded the initial version through the Developer Hub, and I'm now hoping to be able to include an automated release through a CI pipeline.
I've been investigating how to do this for a while now, having found this article and API doc but haven't had much luck. I'm definitely able to connect with my JWT properly, as I get either a 301 (I assume this is because the API described in the article has been changed in the last two years) but then a 400 when I follow the redirects.
Every request returns Missing "upload" key in multipart file data. I believe this is to do with the endpoint being a PUT but expecting a multipart form (all my research points to this being supported by POST only). I've tried several different approaches, both with cURL and with various Python libraries - including PyCurl to try and use the multipart in a POST request and override only the method to PUT - but just don't seem to be getting anywhere.
I haven't been able to find any recent documentation on this, as the older articles imply it's a deprecated API but the newer docs don't seem to have the answers I'm looking for. Issues like this one suggest it's still possible, and I've seen mention of web-ext but I think I'm just missing how to put the pieces together.
My request is:
curl -XPUT https://addons.mozilla.org/api/v3/addons/{myId}/versions/0.2 -F 'upload=../toolbox.api' -H 'Authorization: JWT <myToken>' -v -L
Has anyone tried to do this and have any advice on how to move forward? Or conversely know that it's definitely not possible?
Thanks in advance!
You can use the node.js based command web-ext to sign extensions from command line.
Like with the curl approach you obtain the issuer/secret, then use those as given arguments or environment variables:
web-ext sign --api-key=$AMO_JWT_ISSUER --api-secret=$AMO_JWT_SECRET
If you need to use a proxy:
web-ext sign --api-key=... --api-secret=... --api-proxy=https://yourproxy:6000
Please see the linked article for details (and its other features).