chore: fix provenance #12617
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: [pull_request, push] | |
permissions: | |
contents: write | |
pull-requests: write | |
jobs: | |
ci: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
if: (github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push' | |
with: | |
# Required for `release: merge dev -> master and promote dev` | |
token: ${{secrets.GH_TOKEN}} | |
- uses: actions/checkout@v4 | |
if: ((github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push') == false | |
- uses: pnpm/action-setup@v4 | |
with: | |
version: 9 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
registry-url: https://registry.npmjs.org/ | |
cache: pnpm | |
- name: Install dependencies | |
run: pnpm i --frozen-lockfile | |
- name: Build | |
run: pnpm run build | |
- name: Lint | |
run: | | |
pnpm run pretty:check | |
pnpm run eslint | |
- name: Test | |
run: pnpm run test-with-coverage | |
- name: Docker login | |
if: (github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push' | |
run: echo ${{ secrets.DOCKER_KEY }} | docker login -u koenkk --password-stdin | |
- name: Docker login ghcr.io | |
if: (github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push' | |
run: echo ${{ secrets.GH_TOKEN }} | docker login ghcr.io -u koenkk --password-stdin | |
- name: Docker setup - QEMU | |
if: (github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push' | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: all | |
- name: Docker setup - Buildx | |
if: (github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push' | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
version: latest | |
- name: 'dev: Docker build' | |
if: github.ref == 'refs/heads/dev' && github.event_name == 'push' | |
run: | | |
docker buildx build \ | |
--build-arg COMMIT=$(git rev-parse --short HEAD) \ | |
--platform linux/arm64/v8,linux/386,linux/amd64,linux/arm/v6,linux/arm/v7 \ | |
-f docker/Dockerfile \ | |
--push \ | |
-t koenkk/zigbee2mqtt:latest-dev -t ghcr.io/koenkk/zigbee2mqtt:latest-dev \ | |
. | |
- name: 'release: Docker build' | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
run: | | |
TAG="$(git describe --tags)" | |
docker buildx build \ | |
--build-arg COMMIT=$(git rev-parse --short HEAD) \ | |
--platform linux/arm64/v8,linux/386,linux/amd64,linux/arm/v6,linux/arm/v7 \ | |
-f docker/Dockerfile \ | |
--push \ | |
-t koenkk/zigbee2mqtt:latest -t "koenkk/zigbee2mqtt:$TAG" -t ghcr.io/koenkk/zigbee2mqtt:latest -t "ghcr.io/koenkk/zigbee2mqtt:$TAG" \ | |
. | |
- name: 'release: Publish to npm' | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
run: pnpm publish --no-git-checks | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN }} | |
- name: 'dev: Trigger zigbee2mqtt/hassio-zigbee2mqtt build' | |
if: github.ref == 'refs/heads/dev' && github.event_name == 'push' | |
run: | | |
curl \ | |
-X POST \ | |
-H "Authorization: token ${{ secrets.GH_TOKEN }}" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
https://api.github.com/repos/zigbee2mqtt/hassio-zigbee2mqtt/actions/workflows/ci.yml/dispatches \ | |
-d '{"ref":"master","inputs":{}}' | |
- name: 'release: Trigger zigbee2mqtt/hassio-zigbee2mqtt build' | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
run: | | |
TAG=${GITHUB_REF#refs/*/} | |
echo "Triggering with tag '$TAG'" | |
curl \ | |
-X POST \ | |
-H "Authorization: token ${{ secrets.GH_TOKEN }}" \ | |
-H "Accept: application/vnd.github.everest-preview+json" \ | |
-H "Content-Type: application/json" \ | |
https://api.github.com/repos/zigbee2mqtt/hassio-zigbee2mqtt/dispatches \ | |
--data "{\"event_type\": \"release\", \"client_payload\": { \"version\": \"$TAG-1\"}}" | |
- name: 'release: Trigger zigbee2mqtt-chart image update' | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
run: | | |
TAG=${GITHUB_REF#refs/*/} | |
echo "Triggering with tag '$TAG'" | |
curl -L \ | |
-X POST \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
https://api.github.com/repos/Koenkk/zigbee2mqtt-chart/actions/workflows/on_zigbee2mqtt_release.yaml/dispatches \ | |
--data "{\"ref\": \"main\", \"inputs\": { \"zigbee2mqtt_version\": \"$TAG\"}}" | |
- name: 'release: merge dev -> master and promote dev' | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
run: | | |
TAG=${GITHUB_REF#refs/*/} | |
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git config --local user.name "github-actions[bot]" | |
git fetch --unshallow | |
git fetch origin | |
git checkout master | |
git merge --ff-only origin/dev | |
git push origin master | |
git checkout dev | |
jq --indent 4 ".version = \"$TAG-dev\"" package.json > package.json.tmp | |
jq --indent 4 ".version = \"$TAG-dev\"" package-lock.json > package-lock.json.tmp | |
mv package.json.tmp package.json | |
mv package-lock.json.tmp package-lock.json | |
git add -A | |
git commit -m "chore: promote to dev" | |
git push origin dev | |
tests: | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
node: [18, 20, 22] | |
runs-on: ${{ matrix.os }} | |
continue-on-error: true | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: pnpm/action-setup@v4 | |
with: | |
version: 9 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node }} | |
cache: pnpm | |
- name: Install dependencies | |
# --ignore-scripts prevents the serialport build which often fails on Windows | |
run: pnpm i --frozen-lockfile --ignore-scripts | |
- name: Build | |
run: pnpm run build | |
- name: Test | |
run: pnpm run test-with-coverage |