Repository structure & CI updates (#106)

* Remove .editorconfig * Move files to .github folder * Add security policy * Prettified Code! * Use temporary GITHUB_TOKEN for container deployments * Turnstyle deployments * Notarize resulting Docker image * Force having a label on PRs * No comment * Make YAMLLint shutup Co-authored-by: frenck <frenck@users.noreply.github.com>
2025-05-03 18:31:26 +00:00 · 2021-04-17 21:42:29 +02:00 · 2021-04-17 21:42:29 +02:00 · f4c9eab249
commit f4c9eab249
parent 64e5614811
6 changed files with 1893 additions and 23 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -1,19 +0,0 @@
-root = true
-
-[*]
-charset = utf-8
-end_of_line = lf
-indent_style = space
-insert_final_newline = true
-trim_trailing_whitespace = true
-ident_size = 4
-
-[*.md]
-ident_size = 2
-trim_trailing_whitespace = false
-
-[*.json]
-ident_size = 2
-
-[{.gitignore,.gitkeep,.editorconfig}]
-ident_size = 2
--- a/.github/CODE_OF_CONDUCT.md
+++ b/.github/CODE_OF_CONDUCT.md
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
--- a/.github/pr-labels.yaml
+++ b/.github/pr-labels.yaml
@ -0,0 +1,21 @@
+---
+name: PR Labels
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request:
+    types: [opened, labeled, unlabeled, synchronize]
+
+jobs:
+  pr_labels:
+    name: Verify
+    runs-on: ubuntu-latest
+    steps:
+      - name: 🏷 Verify PR has a valid label
+        uses: jesusvasquez333/verify-pr-label-action@v1.4.0
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          valid-labels: >-
+            breaking-change, bugfix, documentation, enhancement, refactor,
+            performance, new-feature, maintenance, ci, dependencies
+          disable-reviews: true
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@ -62,6 +62,10 @@ jobs:
      matrix:
        architecture: ${{ fromJson(needs.information.outputs.architectures) }}
    steps:
+      - name: 🔂 Wait for other runs to complete
+        uses: softprops/turnstyle@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: ⤵️ Check out code from GitHub
        uses: actions/checkout@v2.3.4
      - name: 🏗 Set up build cache
@ -69,7 +73,9 @@ jobs:
        uses: actions/cache@v2.1.5
        with:
          path: /tmp/.docker-cache
-          key: docker-${{ github.ref }}-${{ matrix.architecture }}-${{ github.sha }}
+          key:
+            docker-${{ github.ref }}-${{ matrix.architecture }}-${{ github.sha
+            }}
          restore-keys: |
            docker-${{ github.ref }}-${{ matrix.architecture }}
      - name: 🏗 Set up QEMU
@ -81,13 +87,16 @@ jobs:
            "https://github.com/hassio-addons/qemu-user-static/releases/download/v5.0.0/qemu-aarch64-static.tar.gz" | \
            tar zxvf - -C "${{ needs.information.outputs.target }}/rootfs/usr/bin/"
      - name: 🏗 Set up QEMU User Static for armhf/armv7
-        if: ${{ matrix.architecture == 'armhf' || matrix.architecture == 'armv7' }}
+        if: ${{ matrix.architecture == 'armhf' || matrix.architecture == 'armv7'
+          }}
        run: |
          curl -L -s \
            "https://github.com/hassio-addons/qemu-user-static/releases/download/v5.0.0/qemu-arm-static.tar.gz" | \
            tar zxvf - -C "${{ needs.information.outputs.target }}/rootfs/usr/bin/"
      - name: 🏗 Set up Docker Buildx
        uses: docker/setup-buildx-action@v1.1.2
+      - name: 🏗 Set up CodeNotary
+        run: bash <(curl https://getvcn.codenotary.com -L)
      - name: ℹ️ Compose build flags
        id: flags
        run: |
@ -113,8 +122,8 @@ jobs:
        uses: docker/login-action@v1.8.0
        with:
          registry: ghcr.io
-          username: ${{ secrets.GHCR_USERNAME }}
-          password: ${{ secrets.GHCR_PASSWORD }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
      - name: 🚀 Build and push
        uses: docker/build-push-action@v2.4.0
        with:
@ -138,3 +147,23 @@ jobs:
            BUILD_REF=${{ github.sha }}
            BUILD_REPOSITORY=${{ github.repository }}
            BUILD_VERSION=${{ needs.information.outputs.version }}
+      - name: 🔏 Notarize
+        # yamllint disable rule:line-length
+        run: |
+          if vcn authenticate \
+            --output json \
+            "docker://ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}" \
+            | jq \
+              --exit-status \
+              '.verification.status != 0';
+          then
+            vcn login
+            vcn notarize \
+              --public \
+              "docker://ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}"
+          fi
+        env:
+          VCN_USER: ${{ secrets.VCN_USER }}
+          VCN_PASSWORD: ${{ secrets.VCN_PASSWORD }}
+          VCN_NOTARIZATION_PASSWORD: ${{ secrets.VCN_NOTARIZATION_PASSWORD }}
+          VCN_OTP_EMPTY: true