Signing in development when automating release process


I’m developing an unlisted add-on and was trying to automate the release process which involves signing, then taking the signed add-on and uploading it to my distribution endpoint and updating the update manifest with the new version. I’m having a problem in that if I use the production AMO signing API then I have to keep updating and pushing a new version of the add-on just to keep testing this workflow automation, but nothing is actually changing with the add-on. This is because you can only sign any given version of an add-on once. I’m doing this currently using the Mozilla sign-addon Node package and passing in the key (JWT issuer) and secret (JWT secret) listed on the page.

It seems you can change the AMO API you’re using, so I’ve been trying to see if that’s an option. On it lists production, staging, and development versions but I’ve been unable to successfully see if I can sign against those other environments (if the signed artifact is not install-able in an actual browser, that’s fine for this purpose). I’m not sure how to set up an account in those environments to test this. Is that possible or is there a better option for this type of thing?

Hey @AzverAlherath, thanks for reaching out!

Just wondering – are you using web-ext sign --channel=unlisted as described here?

I’m not sure how to set up an account in those environments to test this.

You’ll need a separate Firefox Account to test on -dev. (Edit: -stage uses the same Firefox Account server as production.) You should be able to use the instructions on the README and add -dev- to the hostname. (Edit: the host name for stage is

As a quick heads up, -dev and stage use a different signature than production, so if you try to install an .xpi submitted to one of those channels it won’t work out of the box. :slight_smile:

Let us know if this works or if we can provide any additional help!