From 45ea4d4dfa1eb62f7e6be6afbb612f2b1295ff50 Mon Sep 17 00:00:00 2001 From: Franck Nijhof Date: Tue, 9 Nov 2021 17:08:31 +0100 Subject: [PATCH] Switch to centralized GitHub Action Workflows (#118) --- .github/workflows/ci.yaml | 195 +------------------ .github/workflows/deploy.yaml | 250 +------------------------ .github/workflows/labels.yaml | 22 +-- .github/workflows/lock.yaml | 15 +- .github/workflows/pr-labels.yaml | 23 +-- .github/workflows/release-drafter.yaml | 12 +- .github/workflows/stale.yaml | 34 +--- 7 files changed, 37 insertions(+), 514 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d9cb5e7..adf12e4 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -12,194 +12,7 @@ on: workflow_dispatch: jobs: - information: - name: Gather add-on information - runs-on: ubuntu-latest - outputs: - architectures: ${{ steps.information.outputs.architectures }} - build: ${{ steps.information.outputs.build }} - description: ${{ steps.information.outputs.description }} - name: ${{ steps.information.outputs.name }} - slug: ${{ steps.information.outputs.slug }} - target: ${{ steps.information.outputs.target }} - steps: - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿš€ Run add-on information action - id: information - uses: frenck/action-addon-information@v1.2.2 - - lint-addon: - name: Lint Add-on - needs: - - information - runs-on: ubuntu-latest - steps: - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿš€ Run Add-on Lint - uses: frenck/action-addon-linter@v2.4.1 - with: - community: true - path: "./${{ needs.information.outputs.target }}" - - lint-hadolint: - name: Hadolint - needs: - - information - runs-on: ubuntu-latest - steps: - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿš€ Run Hadolint - uses: brpaz/hadolint-action@v1.5.0 - with: - dockerfile: "./${{ needs.information.outputs.target }}/Dockerfile" - - lint-json: - name: JSON Lint - runs-on: ubuntu-latest - steps: - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿš€ Run JQ - run: | - shopt -s globstar - cat **/*.json | jq '.' - - lint-markdown: - name: MarkdownLint - runs-on: ubuntu-latest - steps: - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿš€ Run mdl - uses: actionshub/markdownlint@2.0.2 - - lint-shellcheck: - name: Shellcheck - runs-on: ubuntu-latest - steps: - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿš€ Run Shellcheck - uses: ludeeus/action-shellcheck@1.1.0 - env: - SHELLCHECK_OPTS: -s bash - - lint-yamllint: - name: YAMLLint - runs-on: ubuntu-latest - steps: - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿš€ Run YAMLLint - uses: frenck/action-yamllint@v1.1 - - lint-prettier: - name: Prettier - runs-on: ubuntu-latest - steps: - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿš€ Run Prettier - uses: creyD/prettier_action@v4.0 - with: - prettier_options: --write **/*.{json,js,md,yaml} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - build: - name: Build ${{ matrix.architecture }} - needs: - - information - - lint-addon - - lint-hadolint - - lint-json - - lint-markdown - - lint-prettier - - lint-shellcheck - - lint-yamllint - runs-on: ubuntu-latest - strategy: - matrix: - architecture: ${{ fromJson(needs.information.outputs.architectures) }} - steps: - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿ— Set up build cache - id: cache - uses: actions/cache@v2.1.6 - with: - path: /tmp/.docker-cache - key: docker-${{ matrix.architecture }}-${{ github.sha }} - restore-keys: | - docker-${{ matrix.architecture }} - - name: ๐Ÿ— Set up QEMU - uses: docker/setup-qemu-action@v1.2.0 - - name: ๐Ÿ— Set up Docker Buildx - uses: docker/setup-buildx-action@v1.6.0 - - name: ๐Ÿ— Set up CodeNotary - run: bash <(curl https://getvcn.codenotary.com -L) - - name: โ„น๏ธ Compose build flags - id: flags - run: | - echo "::set-output name=date::$(date +"%Y-%m-%dT%H:%M:%SZ")" - from=$(jq --raw-output ".build_from.${{ matrix.architecture }}" "${{ needs.information.outputs.build }}") - echo "::set-output name=from::${from}" - - if [[ "${{ matrix.architecture}}" = "amd64" ]]; then - echo "::set-output name=platform::linux/amd64" - elif [[ "${{ matrix.architecture }}" = "i386" ]]; then - echo "::set-output name=platform::linux/386" - elif [[ "${{ matrix.architecture }}" = "armhf" ]]; then - echo "::set-output name=platform::linux/arm/v6" - elif [[ "${{ matrix.architecture }}" = "armv7" ]]; then - echo "::set-output name=platform::linux/arm/v7" - elif [[ "${{ matrix.architecture }}" = "aarch64" ]]; then - echo "::set-output name=platform::linux/arm64/v8" - else - echo "::error ::Could not determine platform for architecture ${{ matrix.architecture }}" - exit 1 - fi - - name: โคต๏ธ Download base image - run: docker pull "${{ steps.flags.outputs.from }}" - - name: โœ… Verify authenticity of base image - run: | - vcn authenticate \ - "docker://${{ steps.flags.outputs.from }}" - vcn authenticate \ - --output json \ - --signerID 0x03e406879fd89e52f38f4aab0061266d1183980a \ - "docker://${{ steps.flags.outputs.from }}" \ - | jq \ - --exit-status \ - '.verification.status == 0' - - name: ๐Ÿš€ Build - uses: docker/build-push-action@v2.7.0 - with: - push: false - context: ${{ needs.information.outputs.target }} - file: ${{ needs.information.outputs.target }}/Dockerfile - cache-from: | - type=local,src=/tmp/.docker-cache - ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:edge - cache-to: type=local,mode=max,dest=/tmp/.docker-cache-new - platforms: ${{ steps.flags.outputs.platform }} - build-args: | - BUILD_ARCH=${{ matrix.architecture }} - BUILD_DATE=${{ steps.flags.outputs.date }} - BUILD_DESCRIPTION=${{ needs.information.outputs.description }} - BUILD_FROM=${{ steps.flags.outputs.from }} - BUILD_NAME=${{ needs.information.outputs.name }} - BUILD_REF=${{ github.sha }} - BUILD_REPOSITORY=${{ github.repository }} - BUILD_VERSION=edge - # This ugly bit is necessary, or our cache will grow forever... - # Well until we hit GitHub's limit of 5GB :) - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: ๐Ÿšš Swap build cache - run: | - rm -rf /tmp/.docker-cache - mv /tmp/.docker-cache-new /tmp/.docker-cache + workflows: + uses: hassio-addons/workflows/.github/workflows/addon-ci.yaml@main + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 28d04e2..208af26 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -13,248 +13,8 @@ on: - completed jobs: - information: - if: | - github.event_name == 'release' - || ( - github.event_name == 'workflow_run' - && github.event.workflow_run.conclusion == 'success' - ) - name: โ„น๏ธ Gather add-on information - runs-on: ubuntu-latest - outputs: - architectures: ${{ steps.information.outputs.architectures }} - build: ${{ steps.information.outputs.build }} - description: ${{ steps.information.outputs.description }} - environment: ${{ steps.release.outputs.environment }} - name: ${{ steps.information.outputs.name }} - slug: ${{ steps.information.outputs.slug }} - target: ${{ steps.information.outputs.target }} - version: ${{ steps.release.outputs.version }} - steps: - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿš€ Run add-on information action - id: information - uses: frenck/action-addon-information@v1.2.2 - - name: โ„น๏ธ Gather version and environment - id: release - run: | - sha="${{ github.sha }}" - environment="edge" - version="${sha:0:7}" - if [[ "${{ github.event_name }}" = "release" ]]; then - version="${{ github.event.release.tag_name }}" - version="${version,,}" - version="${version#v}" - environment="stable" - if [[ "${{ github.event.release.prerelease }}" = "true" ]]; then - environment="beta" - fi - fi - - echo "::set-output name=environment::${environment}" - echo "::set-output name=version::${version}" - - deploy: - name: ๐Ÿ‘ท Build & Deploy ${{ matrix.architecture }} - needs: information - runs-on: ubuntu-latest - strategy: - matrix: - architecture: ${{ fromJson(needs.information.outputs.architectures) }} - steps: - - name: ๐Ÿ”‚ Wait for other runs to complete - uses: softprops/turnstyle@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿ— Set up build cache - id: cache - uses: actions/cache@v2.1.6 - with: - path: /tmp/.docker-cache - key: docker-${{ matrix.architecture }}-${{ github.sha }} - restore-keys: | - docker-${{ matrix.architecture }} - - name: ๐Ÿ— Set up QEMU - uses: docker/setup-qemu-action@v1.2.0 - - name: ๐Ÿ— Set up Docker Buildx - uses: docker/setup-buildx-action@v1.6.0 - - name: ๐Ÿ— Set up CodeNotary - run: bash <(curl https://getvcn.codenotary.com -L) - - name: โ„น๏ธ Compose build flags - id: flags - run: | - echo "::set-output name=date::$(date +"%Y-%m-%dT%H:%M:%SZ")" - from=$(jq --raw-output ".build_from.${{ matrix.architecture }}" "${{ needs.information.outputs.build }}") - echo "::set-output name=from::${from}" - - if [[ "${{ matrix.architecture}}" = "amd64" ]]; then - echo "::set-output name=platform::linux/amd64" - elif [[ "${{ matrix.architecture }}" = "i386" ]]; then - echo "::set-output name=platform::linux/386" - elif [[ "${{ matrix.architecture }}" = "armhf" ]]; then - echo "::set-output name=platform::linux/arm/v6" - elif [[ "${{ matrix.architecture }}" = "armv7" ]]; then - echo "::set-output name=platform::linux/arm/v7" - elif [[ "${{ matrix.architecture }}" = "aarch64" ]]; then - echo "::set-output name=platform::linux/arm64/v8" - else - echo "::error ::Could not determine platform for architecture ${{ matrix.architecture }}" - exit 1 - fi - - name: ๐Ÿ— Login to GitHub Container Registry - uses: docker/login-action@v1.10.0 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: โคต๏ธ Download base image - run: docker pull "${{ steps.flags.outputs.from }}" - - name: โœ… Verify authenticity of base image - run: | - vcn authenticate \ - "docker://${{ steps.flags.outputs.from }}" - vcn authenticate \ - --output json \ - --signerID 0x03e406879fd89e52f38f4aab0061266d1183980a \ - "docker://${{ steps.flags.outputs.from }}" \ - | jq \ - --exit-status \ - '.verification.status == 0' - - name: ๐Ÿš€ Build - uses: docker/build-push-action@v2.7.0 - with: - load: true - # yamllint disable rule:line-length - tags: | - ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.environment }} - ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }} - # yamllint enable rule:line-length - context: ${{ needs.information.outputs.target }} - file: ${{ needs.information.outputs.target }}/Dockerfile - cache-from: | - type=local,src=/tmp/.docker-cache - ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:edge - cache-to: type=local,mode=max,dest=/tmp/.docker-cache-new - platforms: ${{ steps.flags.outputs.platform }} - build-args: | - BUILD_ARCH=${{ matrix.architecture }} - BUILD_DATE=${{ steps.flags.outputs.date }} - BUILD_DESCRIPTION=${{ needs.information.outputs.description }} - BUILD_FROM=${{ steps.flags.outputs.from }} - BUILD_NAME=${{ needs.information.outputs.name }} - BUILD_REF=${{ github.sha }} - BUILD_REPOSITORY=${{ github.repository }} - BUILD_VERSION=${{ needs.information.outputs.version }} - # This ugly bit is necessary, or our cache will grow forever... - # Well until we hit GitHub's limit of 5GB :) - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: ๐Ÿšš Swap build cache - run: | - rm -rf /tmp/.docker-cache - mv /tmp/.docker-cache-new /tmp/.docker-cache - - name: ๐Ÿ” Notarize - # yamllint disable rule:line-length - run: | - if vcn authenticate \ - --output json \ - "docker://ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}" \ - | jq \ - --exit-status \ - '.verification.status != 0'; - then - vcn login - vcn notarize \ - --public \ - "docker://ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}" - fi - env: - VCN_USER: ${{ secrets.VCN_USER }} - VCN_PASSWORD: ${{ secrets.VCN_PASSWORD }} - VCN_NOTARIZATION_PASSWORD: ${{ secrets.VCN_NOTARIZATION_PASSWORD }} - VCN_OTP_EMPTY: true - - name: ๐Ÿš€ Push - # yamllint disable rule:line-length - run: | - docker push \ - "ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.environment }}" - docker push \ - "ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}" - - publish-edge: - name: ๐Ÿ“ข Publish to edge repository - if: needs.information.outputs.environment == 'edge' - needs: - - information - - deploy - environment: - name: ${{ needs.information.outputs.environment }} - runs-on: ubuntu-latest - steps: - - name: ๐Ÿš€ Dispatch repository updater update signal - uses: peter-evans/repository-dispatch@v1.1.3 - with: - token: ${{ secrets.DISPATCH_TOKEN }} - repository: hassio-addons/repository-edge - event-type: update - client-payload: > - { - "addon": "${{ needs.information.outputs.slug }}", - "name": "${{ needs.information.outputs.name }}", - "repository": "${{ github.repository }}", - "version": "${{ needs.information.outputs.version }}" - } - - publish-beta: - name: ๐Ÿ“ข Publish to beta repository - if: | - needs.information.outputs.environment == 'beta' || - needs.information.outputs.environment == 'stable' - needs: - - information - - deploy - environment: - name: ${{ needs.information.outputs.environment }} - runs-on: ubuntu-latest - steps: - - name: ๐Ÿš€ Dispatch repository updater update signal - uses: peter-evans/repository-dispatch@v1.1.3 - with: - token: ${{ secrets.DISPATCH_TOKEN }} - repository: hassio-addons/repository-beta - event-type: update - client-payload: > - { - "addon": "${{ needs.information.outputs.slug }}", - "name": "${{ needs.information.outputs.name }}", - "repository": "${{ github.repository }}", - "version": "${{ github.event.release.tag_name }}" - } - - publish-stable: - name: ๐Ÿ“ข Publish to stable repository - if: needs.information.outputs.environment == 'stable' - needs: - - information - - deploy - environment: - name: ${{ needs.information.outputs.environment }} - runs-on: ubuntu-latest - steps: - - name: ๐Ÿš€ Dispatch repository updater update signal - uses: peter-evans/repository-dispatch@v1.1.3 - with: - token: ${{ secrets.DISPATCH_TOKEN }} - repository: hassio-addons/repository - event-type: update - client-payload: > - { - "addon": "${{ needs.information.outputs.slug }}", - "name": "${{ needs.information.outputs.name }}", - "repository": "${{ github.repository }}", - "version": "${{ github.event.release.tag_name }}" - } + workflows: + uses: hassio-addons/workflows/.github/workflows/addon-deploy.yaml@main + secrets: + DISPATCH_TOKEN: ${{ secrets.DISPATCH_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/labels.yaml b/.github/workflows/labels.yaml index d1b2dbe..23a272f 100644 --- a/.github/workflows/labels.yaml +++ b/.github/workflows/labels.yaml @@ -3,20 +3,12 @@ name: Sync labels # yamllint disable-line rule:truthy on: - push: - branches: - - main - paths: - - .github/labels.yml + schedule: + - cron: "34 5 * * *" + workflow_dispatch: jobs: - labels: - name: โ™ป๏ธ Sync labels - runs-on: ubuntu-latest - steps: - - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v2.3.5 - - name: ๐Ÿš€ Run Label Syncer - uses: micnncim/action-label-syncer@v1.3.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + workflows: + uses: hassio-addons/workflows/.github/workflows/labels.yaml@main + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lock.yaml b/.github/workflows/lock.yaml index 2f5e1c8..1d278d1 100644 --- a/.github/workflows/lock.yaml +++ b/.github/workflows/lock.yaml @@ -8,14 +8,7 @@ on: workflow_dispatch: jobs: - lock: - name: ๐Ÿ”’ Lock closed issues and PRs - runs-on: ubuntu-latest - steps: - - uses: dessant/lock-threads@v3.0.0 - with: - github-token: ${{ github.token }} - issue-inactive-days: "30" - issue-lock-reason: "" - pr-inactive-days: "1" - pr-lock-reason: "" + workflows: + uses: hassio-addons/workflows/.github/workflows/lock.yaml@main + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr-labels.yaml b/.github/workflows/pr-labels.yaml index cdb62ab..bc96029 100644 --- a/.github/workflows/pr-labels.yaml +++ b/.github/workflows/pr-labels.yaml @@ -4,19 +4,14 @@ name: PR Labels # yamllint disable-line rule:truthy on: pull_request_target: - types: [opened, labeled, unlabeled, synchronize] + types: + - opened + - labeled + - unlabeled + - synchronize jobs: - pr_labels: - name: Verify - runs-on: ubuntu-latest - steps: - - name: ๐Ÿท Verify PR has a valid label - uses: jesusvasquez333/verify-pr-label-action@v1.4.0 - with: - pull-request-number: "${{ github.event.pull_request.number }}" - github-token: "${{ secrets.GITHUB_TOKEN }}" - valid-labels: >- - breaking-change, bugfix, documentation, enhancement, refactor, - performance, new-feature, maintenance, ci, dependencies - disable-reviews: true + workflows: + uses: hassio-addons/workflows/.github/workflows/pr-labels.yaml@main + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-drafter.yaml b/.github/workflows/release-drafter.yaml index 06cc26a..ce377ad 100644 --- a/.github/workflows/release-drafter.yaml +++ b/.github/workflows/release-drafter.yaml @@ -8,11 +8,7 @@ on: - main jobs: - update_release_draft: - name: โœ๏ธ Draft release - runs-on: ubuntu-latest - steps: - - name: ๐Ÿš€ Run Release Drafter - uses: release-drafter/release-drafter@v5.15.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + workflows: + uses: hassio-addons/workflows/.github/workflows/release-drafter.yaml@main + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index e066c74..a063b17 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -8,33 +8,7 @@ on: workflow_dispatch: jobs: - stale: - name: ๐Ÿงน Clean up stale issues and PRs - runs-on: ubuntu-latest - steps: - - name: ๐Ÿš€ Run stale - uses: actions/stale@v4 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - days-before-stale: 30 - days-before-close: 7 - remove-stale-when-updated: true - stale-issue-label: "stale" - exempt-issue-labels: "no-stale,help-wanted" - stale-issue-message: > - There hasn't been any activity on this issue recently, so we - clean up some of the older and inactive issues. - - Please make sure to update to the latest version and - check if that solves the issue. Let us know if that works for you - by leaving a comment ๐Ÿ‘ - - This issue has now been marked as stale and will be closed if no - further activity occurs. Thanks! - stale-pr-label: "stale" - exempt-pr-labels: "no-stale" - stale-pr-message: > - There hasn't been any activity on this pull request recently. This - pull request has been automatically marked as stale because of that - and will be closed if no further activity occurs within 7 days. - Thank you for your contributions. + workflows: + uses: hassio-addons/workflows/.github/workflows/stale.yaml@main + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}