Apply updated repository structure & CI workflow (#53)

.github/pr-labels.yaml

@@ -0,0 +1,21 @@
+---
+name: PR Labels
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request:
+    types: [opened, labeled, unlabeled, synchronize]
+
+jobs:
+  pr_labels:
+    name: Verify
+    runs-on: ubuntu-latest
+    steps:
+      - name: 🏷 Verify PR has a valid label
+        uses: jesusvasquez333/verify-pr-label-action@v1.4.0
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          valid-labels: >-
+            breaking-change, bugfix, documentation, enhancement, refactor,
+            performance, new-feature, maintenance, ci, dependencies
+          disable-reviews: true

.github/workflows/ci.yaml

@@ -50,7 +50,7 @@ jobs:
       - name: ⤵️ Check out code from GitHub
         uses: actions/checkout@v2.3.4
       - name: 🚀 Run Hadolint
-        uses: brpaz/hadolint-action@v1.3.1
+        uses: brpaz/hadolint-action@v1.4.0
         with:
           dockerfile: "./${{ needs.information.outputs.target }}/Dockerfile"
 
@@ -81,7 +81,7 @@ jobs:
       - name: ⤵️ Check out code from GitHub
         uses: actions/checkout@v2.3.4
       - name: 🚀 Run Shellcheck
-        uses: ludeeus/action-shellcheck@1.0.0
+        uses: ludeeus/action-shellcheck@1.1.0
         env:
           SHELLCHECK_OPTS: -s bash
 
@@ -127,14 +127,14 @@ jobs:
         uses: actions/checkout@v2.3.4
       - name: 🏗 Set up build cache
         id: cache
-        uses: actions/cache@v2.1.4
+        uses: actions/cache@v2.1.5
         with:
           path: /tmp/.docker-cache
           key: docker-${{ github.ref }}-${{ matrix.architecture }}-${{ github.sha }}
           restore-keys: |
             docker-${{ github.ref }}-${{ matrix.architecture }}
       - name: 🏗 Set up QEMU
-        uses: docker/setup-qemu-action@v1.0.1
+        uses: docker/setup-qemu-action@v1.0.2
       - name: 🏗 Set up QEMU User Static for aarch64
         if: ${{ matrix.architecture == 'aarch64' }}
         run: |
@@ -148,7 +148,7 @@ jobs:
             "https://github.com/hassio-addons/qemu-user-static/releases/download/v5.0.0/qemu-arm-static.tar.gz" | \
             tar zxvf - -C "${{ needs.information.outputs.target }}/rootfs/usr/bin/"
       - name: 🏗 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1.1.1
+        uses: docker/setup-buildx-action@v1.1.2
       - name: ℹ️ Compose build flags
         id: flags
         run: |
@@ -171,7 +171,7 @@ jobs:
             exit 1
           fi
       - name: 🚀 Build
-        uses: docker/build-push-action@v2.3.0
+        uses: docker/build-push-action@v2.4.0
         with:
           push: false
           context: ${{ needs.information.outputs.target }}

.github/workflows/deploy.yaml

@@ -62,32 +62,41 @@ jobs:
       matrix:
         architecture: ${{ fromJson(needs.information.outputs.architectures) }}
     steps:
+      - name: 🔂 Wait for other runs to complete
+        uses: softprops/turnstyle@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: ⤵️ Check out code from GitHub
         uses: actions/checkout@v2.3.4
       - name: 🏗 Set up build cache
         id: cache
-        uses: actions/cache@v2.1.4
+        uses: actions/cache@v2.1.5
         with:
           path: /tmp/.docker-cache
-          key: docker-${{ github.ref }}-${{ matrix.architecture }}-${{ github.sha }}
+          key:
+            docker-${{ github.ref }}-${{ matrix.architecture }}-${{ github.sha
+            }}
           restore-keys: |
             docker-${{ github.ref }}-${{ matrix.architecture }}
       - name: 🏗 Set up QEMU
-        uses: docker/setup-qemu-action@v1.0.1
+        uses: docker/setup-qemu-action@v1.0.2
       - name: 🏗 Set up QEMU User Static for aarch64
         if: ${{ matrix.architecture == 'aarch64' }}
         run: |
           curl -L -s \
             "https://github.com/hassio-addons/qemu-user-static/releases/download/v5.0.0/qemu-aarch64-static.tar.gz" | \
             tar zxvf - -C "${{ needs.information.outputs.target }}/rootfs/usr/bin/"
       - name: 🏗 Set up QEMU User Static for armhf/armv7
-        if: ${{ matrix.architecture == 'armhf' || matrix.architecture == 'armv7' }}
+        if: ${{ matrix.architecture == 'armhf' || matrix.architecture == 'armv7'
+          }}
         run: |
           curl -L -s \
             "https://github.com/hassio-addons/qemu-user-static/releases/download/v5.0.0/qemu-arm-static.tar.gz" | \
             tar zxvf - -C "${{ needs.information.outputs.target }}/rootfs/usr/bin/"
       - name: 🏗 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1.1.1
+        uses: docker/setup-buildx-action@v1.1.2
+      - name: 🏗 Set up CodeNotary
+        run: bash <(curl https://getvcn.codenotary.com -L)
       - name: ℹ️ Compose build flags
         id: flags
         run: |
@@ -113,12 +122,12 @@ jobs:
         uses: docker/login-action@v1.8.0
         with:
           registry: ghcr.io
-          username: ${{ secrets.GHCR_USERNAME }}
-          password: ${{ secrets.GHCR_PASSWORD }}
-      - name: 🚀 Build and push
-        uses: docker/build-push-action@v2.3.0
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: 🚀 Build
+        uses: docker/build-push-action@v2.4.0
         with:
-          push: true
+          load: true
           # yamllint disable rule:line-length
           tags: |
             ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.environment }}
@@ -138,3 +147,30 @@ jobs:
             BUILD_REF=${{ github.sha }}
             BUILD_REPOSITORY=${{ github.repository }}
             BUILD_VERSION=${{ needs.information.outputs.version }}
+      - name: 🔏 Notarize
+        # yamllint disable rule:line-length
+        run: |
+          if vcn authenticate \
+            --output json \
+            "docker://ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}" \
+            | jq \
+              --exit-status \
+              '.verification.status != 0';
+          then
+            vcn login
+            vcn notarize \
+              --public \
+              "docker://ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}"
+          fi
+        env:
+          VCN_USER: ${{ secrets.VCN_USER }}
+          VCN_PASSWORD: ${{ secrets.VCN_PASSWORD }}
+          VCN_NOTARIZATION_PASSWORD: ${{ secrets.VCN_NOTARIZATION_PASSWORD }}
+          VCN_OTP_EMPTY: true
+      - name: 🚀 Push
+        # yamllint disable rule:line-length
+        run: |
+          docker push \
+            "ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.environment }}"
+          docker push \
+            "ghcr.io/hassio-addons/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:${{ needs.information.outputs.version }}"

.github/workflows/release-drafter.yaml

@@ -13,6 +13,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 🚀 Run Release Drafter
-        uses: release-drafter/release-drafter@v5.14.0
+        uses: release-drafter/release-drafter@v5.15.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stale.yaml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 🚀 Run stale
-        uses: actions/stale@v3.0.16
+        uses: actions/stale@v3.0.18
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           days-before-stale: 30