ci: add winget releaser workflow

[sitiom]

Continuation of #637

This action automatically generates manifests for Winget Community Repository (microsoft/winget-pkgs) and submits them.

Before merging this:

1. Ensure the ${{ secrets.DEPLOY_KEY }} token has the public_repo permission:

2. Fork microsoft/winget-pkgs under @zen-browser. The action will use that fork for making a branch and creating a PR with the upstream winget-pkgs repository on every release.
3. Install Pull on the winget-pkgs fork to ensure that it is constantly updated.

If you want to see an example of a PR created using this action, see microsoft/winget-pkgs/pulls (Pull request has been created with WinGet Releaser).

[mr-cheffy]

And how does it get approved? Can anyone change it then?

[UnownPlain]

A Winget moderator will approve it. Anyone can make changes to the package through a PR but it needs to be approved by a moderator.

https://learn.microsoft.com/en-us/windows/package-manager/package/repository#submission-process

[UnownPlain]

@sitiom I've added the arm installer to the package in microsoft/winget-pkgs#194819. Can you change the regex to also match the arm installers?

zen\.installer-(?:generic|arm64)\.exe$ should work

[sitiom]

@sitiom I've added the arm installer to the package in microsoft/winget-pkgs#194819. Can you change the regex to also match the arm installers?

zen\.installer-(?:generic|arm64)\.exe$ should work

Done

[larziwau]

Could you add a space between the actions? so it can look like the entire action

[UnownPlain]

Optimized builds have been removed with version 1.0.2-b.4

https://github.com/zen-browser/desktop/wiki/Why-have-optimized-builds-been-removed%3F

[vikingnope]

I just added Twilight builds to Winget and started writing the whole code for a PR, only to find out that this PR was opened🤣.

I would recommend changing your code to something like the following:

  winget-release:
  name: Winget Release
  runs-on: ubuntu-latest
  needs: [build-data, release]
  steps:
    - name: Winget Twilight Release
      if: ${{ inputs.update_branch == 'twilight' }}
      uses: vedantmgoyal2009/winget-releaser@a3ac67b0c3026bc335a33b722188e3ec769d6a64
      with:
        identifier: Zen-Team.Zen-Browser.Twilight
        version: ${{ needs.build-data.outputs.version }}
        max-versions-to-keep: 1
        installers-regex: 'zen\.installer(-arm64)?\.exe$'
        token: ${{ secrets.WINGET_TOKEN }}

    - name: Winget Stable Release
      if: ${{ inputs.update_branch == 'release' }}
      uses: vedantmgoyal2009/winget-releaser@a3ac67b0c3026bc335a33b722188e3ec769d6a64
      with:
        identifier: Zen-Team.Zen-Browser
        version: ${{ needs.build-data.outputs.version }}
        installers-regex: 'zen\.installer(-arm64)?\.exe$'
        token: ${{ secrets.WINGET_TOKEN }}

[vikingnope]

For security reasons I would recommend this change for both releases, this ensures that if any malicious code is committed to the workflow, it should not affect this repo:

uses: vedantmgoyal9/winget-releaser@a3ac67b0c3026bc335a33b722188e3ec769d6a64

[sitiom]

For security reasons I would recommend this change for both releases, this ensures that if any malicious code is committed to the workflow, it should not affect this repo:

uses: vedantmgoyal9/winget-releaser@a3ac67b0c3026bc335a33b722188e3ec769d6a64

The same could apply to the other actions pinned against a tag; I'm just following the code in the workflow. So it would be up to @mauro-balades

[blu3berryys]

This can be done by using dependabot aswell

[UnownPlain]

Updates:

• Komac currently doesn't detect Zen's x64 installer architecture correctly ([Feature]: Implement analysis for 7zip self extracting installers russellbanks/Komac#1036).
  • I would recommend changing the installer name from zen.installer.exe to zen.installer-x86_64 as a workaround so Komac can pick up the correct architecture from the file name.
• The Pull App is redundant. Winget Releaser will automatically update the fork.

[6639835]

Approved.