fix(container): remove modifying capabilities #13256
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: [pull_request, push] | |
permissions: | |
contents: write | |
pull-requests: write | |
jobs: | |
ci: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
if: (github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push' | |
with: | |
# Required for `release: merge dev -> master and promote dev` | |
token: ${{ secrets.GH_TOKEN }} | |
- uses: actions/checkout@v4 | |
if: ((github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push') == false | |
- uses: pnpm/action-setup@v4 | |
with: | |
version: 9 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
registry-url: https://registry.npmjs.org/ | |
cache: pnpm | |
- name: Install dependencies | |
run: pnpm i --frozen-lockfile | |
- name: Build | |
run: pnpm run build | |
- name: Lint | |
run: | | |
pnpm run pretty:check | |
pnpm run eslint | |
- name: Test | |
run: pnpm run test:coverage | |
- name: Log in to the Docker container registry | |
if: (github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push' | |
uses: docker/login-action@v3 | |
with: | |
username: koenkk | |
password: ${{ secrets.DOCKER_KEY }} | |
- name: Log in to the GitHub container registry | |
if: (github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: koenkk | |
password: ${{ secrets.GH_TOKEN }} | |
- name: Docker setup - QEMU | |
if: (github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push' | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: all | |
- name: Docker setup - Buildx | |
if: (github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/')) && github.event_name == 'push' | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
version: latest | |
- name: dev - Docker build and push | |
if: github.ref == 'refs/heads/dev' && github.event_name == 'push' | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: docker/Dockerfile | |
platforms: linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/riscv64,linux/386 | |
tags: koenkk/zigbee2mqtt:latest-dev,ghcr.io/koenkk/zigbee2mqtt:latest-dev | |
push: true | |
build-args: | | |
COMMIT=${{ github.sha }} | |
VERSION=dev | |
DATE=${{ github.event.repository.updated_at }} | |
- name: release - Docker build and push | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: docker/Dockerfile | |
provenance: false | |
platforms: linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/riscv64,linux/386 | |
tags: koenkk/zigbee2mqtt:latest,ghcr.io/koenkk/zigbee2mqtt:latest,koenkk/zigbee2mqtt:${{ github.ref_name }},ghcr.io/koenkk/zigbee2mqtt:${{ github.ref_name }} | |
push: true | |
build-args: | | |
COMMIT=${{ github.sha }} | |
VERSION=${{ github.ref_name }} | |
DATE=${{ github.event.repository.updated_at }} | |
- name: 'release: Publish to npm' | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
run: pnpm publish --no-git-checks | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN }} | |
- name: 'dev: Trigger zigbee2mqtt/hassio-zigbee2mqtt build' | |
if: github.ref == 'refs/heads/dev' && github.event_name == 'push' | |
run: | | |
curl \ | |
-X POST \ | |
-H "Authorization: token ${{ secrets.GH_TOKEN }}" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
https://api.github.com/repos/zigbee2mqtt/hassio-zigbee2mqtt/actions/workflows/ci.yml/dispatches \ | |
-d '{"ref":"master","inputs":{}}' | |
- name: 'release: Trigger zigbee2mqtt/hassio-zigbee2mqtt build' | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
run: | | |
TAG=${GITHUB_REF#refs/*/} | |
echo "Triggering with tag '$TAG'" | |
curl \ | |
-X POST \ | |
-H "Authorization: token ${{ secrets.GH_TOKEN }}" \ | |
-H "Accept: application/vnd.github.everest-preview+json" \ | |
-H "Content-Type: application/json" \ | |
https://api.github.com/repos/zigbee2mqtt/hassio-zigbee2mqtt/dispatches \ | |
--data "{\"event_type\": \"release\", \"client_payload\": { \"version\": \"$TAG-1\"}}" | |
- name: 'release: Trigger zigbee2mqtt-chart image update' | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
run: | | |
TAG=${GITHUB_REF#refs/*/} | |
echo "Triggering with tag '$TAG'" | |
curl -L \ | |
-X POST \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
https://api.github.com/repos/Koenkk/zigbee2mqtt-chart/actions/workflows/on_zigbee2mqtt_release.yaml/dispatches \ | |
--data "{\"ref\": \"main\", \"inputs\": { \"zigbee2mqtt_version\": \"$TAG\"}}" | |
- name: 'release: merge dev -> master and promote dev' | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
run: | | |
TAG=${GITHUB_REF#refs/*/} | |
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git config --local user.name "github-actions[bot]" | |
git fetch --unshallow | |
git fetch origin | |
git checkout master | |
git merge --ff-only origin/dev | |
git push origin master | |
git checkout dev | |
jq --indent 4 ".version = \"$TAG-dev\"" package.json > package.json.tmp | |
mv package.json.tmp package.json | |
git add -A | |
git commit -m "chore: promote to dev" | |
git push origin dev | |
tests: | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
node: [18, 20, 22] | |
runs-on: ${{ matrix.os }} | |
continue-on-error: true | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: pnpm/action-setup@v4 | |
with: | |
version: 9 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node }} | |
cache: pnpm | |
- name: Install dependencies | |
# --ignore-scripts prevents the serialport build which often fails on Windows | |
run: pnpm i --frozen-lockfile --ignore-scripts | |
- name: Build | |
run: pnpm run build | |
- name: Test | |
run: pnpm run test:coverage |