I’m developing an unlisted add-on and was trying to automate the release process which involves signing, then taking the signed add-on and uploading it to my distribution endpoint and updating the update manifest with the new version. I’m having a problem in that if I use the production AMO signing API then I have to keep updating and pushing a new version of the add-on just to keep testing this workflow automation, but nothing is actually changing with the add-on. This is because you can only sign any given version of an add-on once. I’m doing this currently using the Mozilla sign-addon Node package and passing in the key (JWT issuer) and secret (JWT secret) listed on the https://addons.mozilla.org/en-US/developers/addon/api/key/ page.
It seems you can change the AMO API you’re using, so I’ve been trying to see if that’s an option. On https://addons-server.readthedocs.io/en/latest/topics/api/index.html#external-api it lists production, staging, and development versions but I’ve been unable to successfully see if I can sign against those other environments (if the signed artifact is not install-able in an actual browser, that’s fine for this purpose). I’m not sure how to set up an account in those environments to test this. Is that possible or is there a better option for this type of thing?