mitmproxy/release/deploy-microsoft-store.py

175 lines
5.5 KiB
Python
Raw Permalink Normal View History

#!/usr/bin/env python3
"""
This script submits a single MSIX installer to the Microsoft Store.
The client_secret will expire after 24 months and needs to be recreated (see docstring below).
References:
- https://docs.microsoft.com/en-us/windows/uwp/monetize/manage-app-submissions
- https://docs.microsoft.com/en-us/windows/uwp/monetize/python-code-examples-for-the-windows-store-submission-api
- https://docs.microsoft.com/en-us/windows/uwp/monetize/python-code-examples-for-submissions-game-options-and-trailers
"""
Bump the github-actions group with 3 updates (#6701) Bumps the github-actions group with 3 updates: [install-pinned/ruff](https://github.com/install-pinned/ruff), [apple-actions/import-codesign-certs](https://github.com/apple-actions/import-codesign-certs) and [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action). Updates `install-pinned/ruff` from fe472defb50a6a2c00ea3a3982534e86e69991e8 to 38b373a3a8635c2be31d92314e816a491fda910a <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/install-pinned/ruff/commit/38b373a3a8635c2be31d92314e816a491fda910a"><code>38b373a</code></a> update README.md (ruff 0.3.0)</li> <li><a href="https://github.com/install-pinned/ruff/commit/06af3ea1c373cd2677585074ab30c71d85424629"><code>06af3ea</code></a> update pins (ruff 0.3.0)</li> <li><a href="https://github.com/install-pinned/ruff/commit/be1c354876e78dc826f323b569172d562e94c34a"><code>be1c354</code></a> update README.md (ruff 0.2.2)</li> <li><a href="https://github.com/install-pinned/ruff/commit/c9779bbd5bbeee0bd30ec6af46435bb50983da6e"><code>c9779bb</code></a> update pins (ruff 0.2.2)</li> <li><a href="https://github.com/install-pinned/ruff/commit/48831a86ce1ccf6386ae7e04eb47efc8780b4b5e"><code>48831a8</code></a> update README.md (ruff 0.2.1)</li> <li><a href="https://github.com/install-pinned/ruff/commit/6775b5f352f196b7b074ede5706349427b9598bf"><code>6775b5f</code></a> update pins (ruff 0.2.1)</li> <li><a href="https://github.com/install-pinned/ruff/commit/bc12a64c2f0fd73d270f1b96fecb9f7706478bff"><code>bc12a64</code></a> update README.md (ruff 0.2.0)</li> <li><a href="https://github.com/install-pinned/ruff/commit/3b8cceff45bcd350eb966a5122a8a258775944d3"><code>3b8ccef</code></a> update pins (ruff 0.2.0)</li> <li>See full diff in <a href="https://github.com/install-pinned/ruff/compare/fe472defb50a6a2c00ea3a3982534e86e69991e8...38b373a3a8635c2be31d92314e816a491fda910a">compare view</a></li> </ul> </details> <br /> Updates `apple-actions/import-codesign-certs` from 5565bb656f60c98c8fc515f3444dd8db73545dc2 to 493007ed063995cf2d4fbca064704150548f8bb5 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Apple-Actions/import-codesign-certs/commit/493007ed063995cf2d4fbca064704150548f8bb5"><code>493007e</code></a> Merge pull request <a href="https://redirect.github.com/apple-actions/import-codesign-certs/issues/62">#62</a> from himself65/patch-1</li> <li><a href="https://github.com/Apple-Actions/import-codesign-certs/commit/2e5aa07267146829e3b8877c13292e75e21b7c8d"><code>2e5aa07</code></a> Update README.md</li> <li>See full diff in <a href="https://github.com/apple-actions/import-codesign-certs/compare/5565bb656f60c98c8fc515f3444dd8db73545dc2...493007ed063995cf2d4fbca064704150548f8bb5">compare view</a></li> </ul> </details> <br /> Updates `docker/setup-buildx-action` from 3.0.0 to 3.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v3.1.0</h2> <ul> <li><code>cache-binary</code> input to enable/disable caching binary to GHA cache backend by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/300">docker/setup-buildx-action#300</a></li> <li>build(deps): bump <code>@​babel/traverse</code> from 7.17.3 to 7.23.2 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/282">docker/setup-buildx-action#282</a></li> <li>build(deps): bump <code>@​docker/actions-toolkit</code> from 0.12.0 to 0.17.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/281">docker/setup-buildx-action#281</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/284">docker/setup-buildx-action#284</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/299">docker/setup-buildx-action#299</a></li> <li>build(deps): bump uuid from 9.0.0 to 9.0.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/271">docker/setup-buildx-action#271</a></li> <li>build(deps): bump undici from 5.26.3 to 5.28.3 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/297">docker/setup-buildx-action#297</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.0.0...v3.1.0">https://github.com/docker/setup-buildx-action/compare/v3.0.0...v3.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/0d103c3126aa41d772a8362f6aa67afac040f80c"><code>0d103c3</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/300">#300</a> from crazy-max/cache-binary</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/f19477aacd2ccdd80bdd9fbec62762494a0a767e"><code>f19477a</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/a4180f835da34b09329293a0b481b5666f80fe81"><code>a4180f8</code></a> cache-binary input to enable/disable caching binary to GHA cache backend</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/524315340de4f701033248e1ee6a0197904b1134"><code>5243153</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/299">#299</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/3679a540239bdf202e26eeb4431159bcdea9c39c"><code>3679a54</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/37a22a2fb2c4ebcab21ecf45608143b890d732c1"><code>37a22a2</code></a> build(deps): bump <code>@​docker/actions-toolkit</code> from 0.14.0 to 0.17.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/65afe610a110d2c4d102a28949259935a323043c"><code>65afe61</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/297">#297</a> from docker/dependabot/npm_and_yarn/undici-5.28.3</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/fcb8f722fd7e9a83a2f57fc6c9124259661542f3"><code>fcb8f72</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/f62b9a17c0f199a60048d54f30e75f61af13aa85"><code>f62b9a1</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/298">#298</a> from crazy-max/bump-gha</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/74c5b717e5e6f00c85a46548cbc0bfd7016969c6"><code>74c5b71</code></a> bump codecov/codecov-action from 3 to 4</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/f95db51fddba0c2d1ec667646a06c2ce06100226...0d103c3126aa41d772a8362f6aa67afac040f80c">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2024-03-06 20:54:11 +00:00
import http.client
import json
import os
import sys
import tempfile
import urllib.parse
from zipfile import ZipFile
# Security: No third-party dependencies here!
assert (
os.environ["GITHUB_REF"].startswith("refs/tags/")
or os.environ["GITHUB_REF"] == "refs/heads/citest"
)
app_id = os.environ["MSFT_APP_ID"]
"""
The public application ID / product ID of the app.
For https://www.microsoft.com/store/productId/9NWNDLQMNZD7, the app id is 9NWNDLQMNZD7.
"""
app_flight = os.environ.get("MSFT_APP_FLIGHT", "")
"""
The application flight we want to target. This is useful to deploy ci test builds to a subset of users.
"""
tenant_id = os.environ["MSFT_TENANT_ID"]
"""
The tenant ID for the Azure AD application.
https://partner.microsoft.com/en-us/dashboard/account/v3/usermanagement
"""
client_id = os.environ["MSFT_CLIENT_ID"]
"""
The client ID for the Azure AD application.
https://partner.microsoft.com/en-us/dashboard/account/v3/usermanagement
"""
client_secret = os.environ["MSFT_CLIENT_SECRET"]
"""
The client secret. Expires every 24 months and needs to be recreated at
https://partner.microsoft.com/en-us/dashboard/account/v3/usermanagement
or at https://portal.azure.com/ -> App registrations -> Certificates & Secrets -> Client secrets.
"""
try:
_, msi_file = sys.argv
except ValueError:
print(f"Usage: {sys.argv[0]} installer.msix")
sys.exit(1)
if app_flight:
app_id = f"{app_id}/flights/{app_flight}"
pending_submission = "pendingFlightSubmission"
packages = "flightPackages"
else:
pending_submission = "pendingApplicationSubmission"
packages = "applicationPackages"
print("Obtaining auth token...")
auth = http.client.HTTPSConnection("login.microsoftonline.com")
auth.request(
"POST",
f"/{tenant_id}/oauth2/token",
body=urllib.parse.urlencode(
{
"grant_type": "client_credentials",
"client_id": client_id,
"client_secret": client_secret,
"resource": "https://manage.devcenter.microsoft.com",
}
),
headers={"Content-Type": "application/x-www-form-urlencoded; charset=utf-8"},
)
token = json.loads(auth.getresponse().read())["access_token"]
auth.close()
headers = {
"Authorization": f"Bearer {token}",
"Content-type": "application/json",
"User-Agent": "Python/mitmproxy",
}
def request(method: str, path: str, body: str = "") -> bytes:
print(f"{method} {path}")
conn.request(method, path, body, headers=headers)
resp = conn.getresponse()
data = resp.read()
print(f"{resp.status} {resp.reason}")
# noinspection PyUnreachableCode
if False:
assert "CI" not in os.environ
# This contains sensitive data such as the fileUploadUrl, so don't print it in production.
print(data.decode(errors="ignore"))
assert 200 <= resp.status < 300
return data
print("Getting app info...")
conn = http.client.HTTPSConnection("manage.devcenter.microsoft.com")
# print(request("GET", f"/v1.0/my/applications/{app_id}/listflights"))
app_info = json.loads(request("GET", f"/v1.0/my/applications/{app_id}"))
if pending_submission in app_info:
print("Deleting pending submission...")
request(
"DELETE",
f"/v1.0/my/applications/{app_id}/submissions/{app_info[pending_submission]['id']}",
)
print("Creating new submission...")
submission = json.loads(request("POST", f"/v1.0/my/applications/{app_id}/submissions"))
print("Updating submission...")
# Mark all existing packages for deletion.
for package in submission[packages]:
package["fileStatus"] = "PendingDelete"
submission[packages].append(
{
"fileName": f"installer.msix",
"fileStatus": "PendingUpload",
"minimumDirectXVersion": "None",
"minimumSystemRam": "None",
}
)
request(
"PUT",
f"/v1.0/my/applications/{app_id}/submissions/{submission['id']}",
json.dumps(submission),
)
conn.close()
print(f"Zipping {msi_file}...")
with tempfile.TemporaryFile() as zipfile:
with ZipFile(zipfile, "w") as f:
f.write(msi_file, f"installer.msix")
zip_size = zipfile.tell()
zipfile.seek(0)
print("Uploading zip file...")
host, _, path = submission["fileUploadUrl"].removeprefix("https://").partition("/")
upload = http.client.HTTPSConnection(host)
upload.request(
"PUT",
"/" + path,
zipfile,
{
"x-ms-blob-type": "BlockBlob",
"x-ms-version": "2019-12-12",
"Content-Length": str(zip_size),
},
)
resp = upload.getresponse()
resp.read()
print(resp.status, resp.reason)
assert 200 <= resp.status < 300
upload.close()
print("Publishing submission...")
# previous connection has timed out during upload.
conn = http.client.HTTPSConnection("manage.devcenter.microsoft.com")
request("POST", f"/v1.0/my/applications/{app_id}/submissions/{submission['id']}/commit")
# We could wait until it's published here, but CI is billed by the minute.
# resp = request("GET", f"/v1.0/my/applications/{app_id}/submissions/{submission['id']}/status")
conn.close()