Skip to content

Commit

Permalink
Apply updated repository structure & CI workflow (#156)
Browse files Browse the repository at this point in the history
  • Loading branch information
@frenck
frenck authored Apr 20, 2021
1 parent d2a553f commit e59c75b
Show file tree
Hide file tree
Showing 7 changed files with 1,931 additions and 25 deletions.
19 changes: 0 additions & 19 deletions .editorconfig
View file

This file was deleted.

0 CODE_OF_CONDUCT.md → .github/CODE_OF_CONDUCT.md
View file
File renamed without changes.
0 CONTRIBUTING.md → .github/CONTRIBUTING.md
View file
File renamed without changes.
1,839 changes: 1,839 additions & 0 deletions .github/SECURITY.md
View file

Large diffs are not rendered by default.

19 changes: 18 additions & 1 deletion .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,13 +132,17 @@ jobs:
uses: actions/cache@v2.1.5
with:
path: /tmp/.docker-cache
key: docker-${{ github.ref }}-${{ matrix.architecture }}-${{ github.sha }}
key:
docker-${{ github.ref }}-${{ matrix.architecture }}-${{ github.sha
}}
restore-keys: |
docker-${{ github.ref }}-${{ matrix.architecture }}
- name: 🏗 Set up QEMU
uses: docker/setup-qemu-action@v1.0.2
- name: 🏗 Set up Docker Buildx
uses: docker/setup-buildx-action@v1.1.2
- name: 🏗 Set up CodeNotary
run: bash <(curl https://getvcn.codenotary.com -L)
- name: ℹ️ Compose build flags
id: flags
run: |
Expand All @@ -160,6 +164,19 @@ jobs:
echo "::error ::Could not determine platform for architecture ${{ matrix.architecture }}"
exit 1
fi
- name: ⤵️ Download base image
run: docker pull "${{ steps.flags.outputs.from }}"
- name: ✅ Verify authenticity of base image
run: |
vcn authenticate \
"docker://${{ steps.flags.outputs.from }}"
vcn authenticate \
--output json \
--signerID 0x03e406879fd89e52f38f4aab0061266d1183980a \
"docker://${{ steps.flags.outputs.from }}" \
| jq \
--exit-status \
'.verification.status == 0'
- name: 🚀 Build
uses: docker/build-push-action@v2.4.0
with:
Expand Down
58 changes: 53 additions & 5 deletions .github/workflows/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,20 +64,28 @@ jobs:
matrix:
architecture: ${{ fromJson(needs.information.outputs.architectures) }}
steps:
- name: 🔂 Wait for other runs to complete
uses: softprops/turnstyle@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: ⤵️ Check out code from GitHub
uses: actions/checkout@v2.3.4
- name: 🏗 Set up build cache
id: cache
uses: actions/cache@v2.1.5
with:
path: /tmp/.docker-cache
key: docker-${{ github.ref }}-${{ matrix.architecture }}-${{ github.sha }}
key:
docker-${{ github.ref }}-${{ matrix.architecture }}-${{ github.sha
}}
restore-keys: |
docker-${{ github.ref }}-${{ matrix.architecture }}
- name: 🏗 Set up QEMU
uses: docker/setup-qemu-action@v1.0.2
- name: 🏗 Set up Docker Buildx
uses: docker/setup-buildx-action@v1.1.2
- name: 🏗 Set up CodeNotary
run: bash <(curl https://getvcn.codenotary.com -L)
- name: ℹ️ Compose build flags
id: flags
run: |
Expand All @@ -103,12 +111,25 @@ jobs:
uses: docker/login-action@v1.8.0
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_PASSWORD }}
- name: 🚀 Build and push
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: ⤵️ Download base image
run: docker pull "${{ steps.flags.outputs.from }}"
- name: ✅ Verify authenticity of base image
run: |
vcn authenticate \
"docker://${{ steps.flags.outputs.from }}"
vcn authenticate \
--output json \
--signerID 0x03e406879fd89e52f38f4aab0061266d1183980a \
"docker://${{ steps.flags.outputs.from }}" \
| jq \
--exit-status \
'.verification.status == 0'
- name: 🚀 Build
uses: docker/build-push-action@v2.4.0
with:
push: true
load: true
# yamllint disable rule:line-length
tags: |
ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.environment }}
Expand All @@ -130,6 +151,33 @@ jobs:
BUILD_REF=${{ github.sha }}
BUILD_REPOSITORY=${{ github.repository }}
BUILD_VERSION=${{ needs.information.outputs.version }}
- name: 🔏 Notarize
# yamllint disable rule:line-length
run: |
if vcn authenticate \
--output json \
"docker://ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}" \
| jq \
--exit-status \
'.verification.status != 0';
then
vcn login
vcn notarize \
--public \
"docker://ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}"
fi
env:
VCN_USER: ${{ secrets.VCN_USER }}
VCN_PASSWORD: ${{ secrets.VCN_PASSWORD }}
VCN_NOTARIZATION_PASSWORD: ${{ secrets.VCN_NOTARIZATION_PASSWORD }}
VCN_OTP_EMPTY: true
- name: 🚀 Push
# yamllint disable rule:line-length
run: |
docker push \
"ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.environment }}"
docker push \
"ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}"
publish-edge:
name: 📢 Publish to edge repository
Expand Down
21 changes: 21 additions & 0 deletions .github/workflows/pr-labels.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
name: PR Labels

# yamllint disable-line rule:truthy
on:
pull_request:
types: [opened, labeled, unlabeled, synchronize]

jobs:
pr_labels:
name: Verify
runs-on: ubuntu-latest
steps:
- name: 🏷 Verify PR has a valid label
uses: jesusvasquez333/verify-pr-label-action@v1.4.0
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
valid-labels: >-
breaking-change, bugfix, documentation, enhancement, refactor,
performance, new-feature, maintenance, ci, dependencies
disable-reviews: true

0 comments on commit e59c75b

Please sign in to comment.