This is a Github Action that can be used to publish snap
packages to the Snap Store. In most cases, it
will be used with the snapcraft-build-action action to build the
package. The following workflow should be sufficient for Snapcraft 7 or later:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: snapcore/action-build@v1
id: build
- uses: snapcore/action-publish@v1
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.STORE_LOGIN }}
with:
snap: ${{ steps.build.outputs.snap }}
release: edgeAlternatively, on Snapcraft 6 and older:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: snapcore/action-build@v1
id: build
- uses: snapcore/action-publish@v1
with:
store_login: ${{ secrets.STORE_LOGIN }}
snap: ${{ steps.build.outputs.snap }}
release: edgeThis will build the project, upload the result to the store, and
release it to the edge channel. If the release input parameter is
omitted, then the build will not be uploaded but not released.
In order to upload to the store, the action requires login
credentials. Rather than a user name and password, the action expects
the data produced by the snapcraft export-login command.
As well as preventing the exposure of the password, it also allows the credentials to be locked down to only the access the action requires:
$ snapcraft export-login --snaps=PACKAGE_NAME \
--acls package_access,package_push,package_update,package_release \
exported.txtThis will produce a file exported.txt containing the login data.
The credentials can be restricted further with the --channels and
--expires arguments if desired.
In order to make the credentials available to the workflow, they should be stored as a repository secret:
- choose the "Settings" tab.
- choose "Secrets" from the menu on the left.
- click "Add a new secret".
- set the name to
STORE_LOGIN(or whatever is referenced in the workflow), and paste the contents ofexported.txtas the value.
