Skip to content

Merge pull request #193 from fhem/renovate/ghcr.io-fhem-alexa-fhem-5 #852

Merge pull request #193 from fhem/renovate/ghcr.io-fhem-alexa-fhem-5

Merge pull request #193 from fhem/renovate/ghcr.io-fhem-alexa-fhem-5 #852

Workflow file for this run

name: Build, Test & push
on:
push:
pull_request:
release:
types:
- published
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository_owner }}/alexa-fhem
jobs:
test_build:
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checkout this repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get alexa-fhem Version from package.json
id: split_alexafhemV
run: |
echo "result=$(awk -F'"' '/"alexa-fhem": ".+"/{ print $4; exit; }' src/package.json | sed 's/\^//')" >> $GITHUB_OUTPUT
- name: Build image and run integrationtests (amd64)
id: build_and_run_integrationtest
uses: ./.github/actions/integrationtest
with:
PLATTFORM: linux/amd64
ALEXAFHEM_VERSION: ${{ steps.split_alexafhemV.outputs.result }}
published_build:
runs-on: ubuntu-latest
needs: test_build
permissions:
contents: write
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checkout this repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get alexa-fhem Version from package.json
id: split_alexafhemV
run: |
echo "result=$(awk -F'"' '/"alexa-fhem": ".+"/{ print $4; exit; }' src/package.json | sed 's/\^//')" >> $GITHUB_OUTPUT
- name: Extract Image from Dockerfile
if: ${{ github.event_name == 'release' }}
id: extract_image
run: |
echo "image_name=$(grep '^FROM' Dockerfile | cut -d ' ' -f2 | cut -d ':' -f1)" >> $GITHUB_OUTPUT
echo "image_version=$(grep '^FROM' Dockerfile | cut -d ' ' -f2 | cut -d ':' -f2 | cut -d '.' -f1)" >> $GITHUB_OUTPUT
echo "image_base=$(grep '^FROM' Dockerfile | cut -d ' ' -f2 | cut -d ':' -f2 | cut -d '-' -f2,3)" >> $GITHUB_OUTPUT
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Docker Setup QEMU
uses: docker/[email protected]
# Login against a Docker registry if it is a release
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name == 'release'
uses: docker/[email protected]
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to DockerHub
if: github.event_name == 'release'
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/[email protected]
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
flavor: |
latest= ${{ fromJSON('["auto", "false"]')[github.event.release.prerelease == 1] }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}},enable=${{ github.event.release.prerelease == 0 }}
type=ref,event=branch
type=ref,event=pr
- name: Update docs
if: ${{ github.event_name == 'release' }}
run: |
sed -e "s/{ALEXAFHEM_VERSION}/${{ steps.split_alexafhemV.outputs.result}}/g" -e "s/{NODE_VERSION}/${{ steps.extract_image.outputs.image_version}}/g" -e "s/{DEBIAN_RELEASE}/${{ steps.extract_image.outputs.image_base}}/g" -e s/{IMAGE_TAG}/${DOCKER_METADATA_OUTPUT_VERSION}/g < README.tmpl > README.md
- name: Build and push Docker image for all plattforms
uses: docker/[email protected]
id: docker_build_runtime_cross
with:
context: .
load: false
file: ./Dockerfile
platforms: linux/amd64,linux/arm/v7,linux/arm64
push: ${{ github.event_name == 'release' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: |
type=gha,scope=verify_runtime_linux/amd64
type=gha,scope=publish_runtime_cross
cache-to: type=gha,mode=max,scope=publish_runtime_cross
build-args: |
BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
IMAGE_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
IMAGE_VCS_REF=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
ALEXAFHEM_VERSION=${{ steps.split_alexafhemV.outputs.result }}
L_USAGE=${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/README.md
L_VCS_URL=${{ github.server_url }}/${{ github.repository }}/
L_AUTHORS=${{ github.server_url }}/${{ github.repository }}/graphs/contributors
- name: Install cosign
uses: sigstore/[email protected]
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name == 'release' }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.docker_build_runtime_cross.outputs.digest }}
- name: git commit README.md
id: commit
if: ${{ github.event_name == 'release' }}
run: |
git config --global user.email "[email protected]"
git config --local user.name "GitHub Action"
git commit -m "README.md: Update Versions" -a && echo "status=true" >> $GITHUB_OUTPUT || true
- name: Push back to protected branch (main)
uses: CasperWA/push-protected@v2
if: ${{ github.event_name == 'release' }}
with:
token: ${{ secrets.BOT_PUSH_TOKEN }}
branch: dev
#unprotect_reviews: true