Consider S0 inclusion in S2 capable network insecure #17108
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Z-Wave Bot: React to comments' | |
| on: | |
| issue_comment: | |
| types: [created] # edited, deleted | |
| jobs: | |
| # Publish a PR build when an authorized person comments "@zwave-js-bot pack this" | |
| publish-pr: | |
| if: | | |
| contains(github.event.issue.html_url, '/pull/') && | |
| contains(github.event.comment.body, '@zwave-js-bot pack this') && | |
| (github.event.comment.user.login == 'AlCalzone') | |
| runs-on: [ubuntu-latest] | |
| strategy: | |
| matrix: | |
| node-version: [18] # This should be LTS | |
| steps: | |
| - uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| script: | | |
| const options = { | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| }; | |
| const { data: pull } = await github.rest.pulls.get({ | |
| ...options, | |
| pull_number: context.payload.issue.number, | |
| }); | |
| if (!pull.mergeable || !pull.merge_commit_sha) { | |
| await github.rest.issues.createComment({ | |
| ...options, | |
| issue_number: context.payload.issue.number, | |
| body: `😥 Seems like this PR cannot be merged. Please fix the merge conflicts and try again.`, | |
| }); | |
| process.exit(1); | |
| } | |
| await github.rest.issues.createComment({ | |
| ...options, | |
| issue_number: context.issue.number, | |
| body: `👋 Hey @${context.payload.comment.user.login}! | |
| I've started to deploy this PR as a development build. | |
| You can monitor the progress [here](${context.payload.repository.html_url}/actions/runs/${context.runId}).` | |
| }) | |
| - name: Checkout merged code | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{secrets.BOT_TOKEN}} | |
| fetch-depth: 0 # We need the history for versioning with yarn | |
| ref: 'refs/pull/${{ github.event.issue.number }}/merge' | |
| - name: Switch to a branch | |
| run: git switch -c temp | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'yarn' | |
| - name: Install dependencies | |
| run: yarn install --immutable | |
| - name: Let the bot do its thing | |
| uses: ./.github/actions/zwave-js-bot | |
| with: | |
| githubToken: ${{ secrets.BOT_TOKEN }} | |
| npmToken: ${{ secrets.NPM_TOKEN }} | |
| task: publish-pr | |
| pr: ${{ github.event.issue.number }} | |
| # ######################################################################### | |
| # Fix lint errors when an authorized person posts "@zwave-js-bot fix lint" | |
| fix-lint: | |
| if: | | |
| contains(github.event.issue.html_url, '/pull/') && | |
| contains(github.event.comment.body, '@zwave-js-bot fix lint') && | |
| (github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]') | |
| runs-on: [ubuntu-latest] | |
| strategy: | |
| matrix: | |
| node-version: [18] # This should be LTS | |
| steps: | |
| - name: Checkout master branch | |
| uses: actions/checkout@v4 | |
| with: | |
| path: trusted | |
| - name: Check user's permissions to do this | |
| id: check-permissions | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| result-encoding: string | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/trusted/.github/bot-scripts/index.js`); | |
| return bot.checkAuthorized({github, context}); | |
| # These steps only run if the check was successful | |
| - name: Retrieve PR information | |
| if: steps.check-permissions.outputs.result == 'true' | |
| id: pr-info | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/trusted/.github/bot-scripts/index.js`); | |
| const result = await bot.getFixLintInfo({github, context}); | |
| console.dir(result); | |
| return result || {pending: true}; | |
| - name: Download Lint patch | |
| if: | | |
| steps.check-permissions.outputs.result == 'true' && | |
| !fromJSON(steps.pr-info.outputs.result).pending | |
| env: | |
| PATCH_URL: ${{ fromJSON(steps.pr-info.outputs.result).patchUrl }} | |
| run: | | |
| mkdir -p patch | |
| cd patch | |
| curl "$PATCH_URL" -o patch.zip | |
| unzip patch.zip | |
| - name: Checkout pull request side by side | |
| if: | | |
| steps.check-permissions.outputs.result == 'true' && | |
| !fromJSON(steps.pr-info.outputs.result).pending | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{secrets.BOT_TOKEN}} | |
| repository: ${{ fromJSON(steps.pr-info.outputs.result).repoName }} | |
| ref: ${{ fromJSON(steps.pr-info.outputs.result).headRef }} | |
| path: untrusted | |
| - name: Do the lint fix | |
| if: | | |
| steps.check-permissions.outputs.result == 'true' && | |
| !fromJSON(steps.pr-info.outputs.result).pending | |
| working-directory: ./untrusted | |
| id: fix | |
| run: | | |
| # Apply the patch | |
| if ! git apply ../patch/fix.patch ; then | |
| echo "result=error" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| # Check if something changed in the untrusted repo | |
| cd ../untrusted | |
| if ! git diff --quiet ; then | |
| git config user.email "bot@zwave-js.io" | |
| git config user.name "Z-Wave JS Bot" | |
| git add -A | |
| git reset -- .github | |
| git commit -m "style: fix lint" | |
| git push | |
| echo "result=ok" >> $GITHUB_OUTPUT | |
| else | |
| echo "result=unchanged" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| - name: Give feedback | |
| if: steps.check-permissions.outputs.result == 'true' | |
| uses: actions/github-script@v7 | |
| env: | |
| FEEDBACK: ${{ steps.fix.outputs.result }} | |
| PENDING: ${{ fromJSON(steps.pr-info.outputs.result).pending }} | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/trusted/.github/bot-scripts/index.js`); | |
| return bot.fixLintFeedback({github, context}); | |
| # ######################################################################### | |
| # Rebase PR onto its target branch when an authorized person posts "@zwave-js-bot rebase" | |
| rebase: | |
| if: | | |
| contains(github.event.issue.html_url, '/pull/') && | |
| contains(github.event.comment.body, '@zwave-js-bot rebase') && | |
| (github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]') | |
| runs-on: [ubuntu-latest] | |
| strategy: | |
| matrix: | |
| node-version: [18] # This should be LTS | |
| steps: | |
| - name: Checkout master branch | |
| uses: actions/checkout@v4 | |
| - name: Check user's permissions to do this | |
| id: check-permissions | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| result-encoding: string | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| return bot.checkAuthorized({github, context}); | |
| # These steps only run if the check was successful | |
| - name: Retrieve PR information | |
| if: steps.check-permissions.outputs.result == 'true' | |
| uses: actions/github-script@v7 | |
| id: get-pr | |
| with: | |
| script: | | |
| const request = { | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| pull_number: context.issue.number | |
| } | |
| core.info(`Getting PR #${request.pull_number} from ${request.owner}/${request.repo}`) | |
| try { | |
| const result = await github.rest.pulls.get(request) | |
| return result.data | |
| } catch (err) { | |
| core.setFailed(`Request failed with error ${err}`) | |
| } | |
| - name: Save our CI scripts | |
| if: steps.check-permissions.outputs.result == 'true' | |
| run: | | |
| mkdir -p /tmp/.github | |
| cp -r .github/* /tmp/.github | |
| - name: Checkout pull request | |
| if: steps.check-permissions.outputs.result == 'true' | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{secrets.BOT_TOKEN}} | |
| repository: ${{ fromJSON(steps.get-pr.outputs.result).head.repo.full_name }} | |
| ref: ${{ fromJSON(steps.get-pr.outputs.result).head.ref }} | |
| - name: Restore our CI scripts | |
| if: steps.check-permissions.outputs.result == 'true' | |
| run: | | |
| rm -rf .github | |
| cp -r /tmp/.github . | |
| - name: Rebase the branch | |
| env: | |
| # sanitize untrusted input by using an env variable | |
| BRANCH: ${{ fromJSON(steps.get-pr.outputs.result).base.ref }} | |
| if: steps.check-permissions.outputs.result == 'true' | |
| id: fix | |
| run: | | |
| # Try to rebase | |
| git fetch origin | |
| if git rebase "origin/$BRANCH" ; then | |
| # The rebase worked | |
| git config user.email "bot@zwave-js.io" | |
| git config user.name "Z-Wave JS Bot" | |
| git push -f | |
| else | |
| echo "result=error" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Give feedback | |
| if: steps.check-permissions.outputs.result == 'true' | |
| uses: actions/github-script@v7 | |
| env: | |
| FEEDBACK: ${{ steps.fix.outputs.result }} | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| return bot.rebaseFeedback({github, context}); | |
| # No longer needed | |
| # # ######################################################################### | |
| # # Rename the single commit of a PR to the title when an authorized person posts "@zwave-js-bot rename commit" | |
| # rename-commit: | |
| # if: | | |
| # contains(github.event.issue.html_url, '/pull/') && | |
| # contains(github.event.comment.body, '@zwave-js-bot rename commit') && | |
| # (github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]') | |
| # runs-on: [ubuntu-latest] | |
| # strategy: | |
| # matrix: | |
| # node-version: [18] # This should be LTS | |
| # steps: | |
| # - name: Checkout master branch | |
| # uses: actions/checkout@v4 | |
| # - name: Check permissions and necessity | |
| # id: check-permissions | |
| # uses: actions/github-script@v7 | |
| # with: | |
| # github-token: ${{secrets.BOT_TOKEN}} | |
| # result-encoding: string | |
| # script: | | |
| # const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| # return ( | |
| # (await bot.checkAuthorized({github, context})) && | |
| # (await bot.renameCommitCheck({github, context})) | |
| # ); | |
| # # These steps only run if the check was successful | |
| # - name: Retrieve PR information | |
| # if: steps.check-permissions.outputs.result == 'true' | |
| # uses: actions/github-script@v7 | |
| # id: get-pr | |
| # with: | |
| # script: | | |
| # const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| # return bot.renameCommitGetPRInfo({github, context}); | |
| # - name: Save our CI scripts | |
| # if: steps.check-permissions.outputs.result == 'true' | |
| # run: | | |
| # mkdir -p /tmp/.github | |
| # cp -r .github/* /tmp/.github | |
| # - name: Checkout pull request | |
| # if: steps.check-permissions.outputs.result == 'true' | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # fetch-depth: 0 # Fetch the history, or this action will break everything! | |
| # token: ${{secrets.BOT_TOKEN}} | |
| # repository: ${{ fromJSON(steps.get-pr.outputs.result).repo }} | |
| # ref: ${{ fromJSON(steps.get-pr.outputs.result).ref }} | |
| # - name: Restore our CI scripts | |
| # if: steps.check-permissions.outputs.result == 'true' | |
| # run: | | |
| # rm -rf .github | |
| # cp -r /tmp/.github . | |
| # - name: Rebase the branch | |
| # env: | |
| # # sanitize untrusted input by using an env variable | |
| # TITLE: ${{ fromJSON(steps.get-pr.outputs.result).title }} | |
| # if: steps.check-permissions.outputs.result == 'true' | |
| # id: fix | |
| # run: | | |
| # # Try to reword the commit | |
| # git config user.email "bot@zwave-js.io" | |
| # git config user.name "Z-Wave JS Bot" | |
| # if git commit --amend -m "$TITLE" ; then | |
| # # Amending the commit worked | |
| # git push -f | |
| # echo "result=success" >> $GITHUB_OUTPUT | |
| # else | |
| # echo "result=error" >> $GITHUB_OUTPUT | |
| # fi | |
| # - name: Give feedback | |
| # if: steps.check-permissions.outputs.result == 'true' | |
| # uses: actions/github-script@v7 | |
| # env: | |
| # FEEDBACK: ${{ steps.fix.outputs.result }} | |
| # with: | |
| # github-token: ${{secrets.BOT_TOKEN}} | |
| # script: | | |
| # const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| # return bot.renameCommitFeedback({github, context}); | |
| # ######################################################################### | |
| # Imports a config file when an authorized person posts "@zwave-js-bot import config <device-id> from <source>" | |
| import-config: | |
| if: | | |
| contains(github.event.issue.html_url, '/issues/') && | |
| contains(github.event.comment.body, '@zwave-js-bot import config') && | |
| (github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]') | |
| runs-on: [ubuntu-latest] | |
| strategy: | |
| matrix: | |
| node-version: [18] # This should be LTS | |
| steps: | |
| - name: Checkout master branch | |
| uses: actions/checkout@v4 | |
| - name: Check user's permissions to do this | |
| id: check-permissions | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| result-encoding: string | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| return bot.checkAuthorized({github, context}); | |
| # These steps only run if the check was successful | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| if: steps.check-permissions.outputs.result == 'true' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'yarn' | |
| - name: Install dependencies | |
| if: steps.check-permissions.outputs.result == 'true' | |
| run: yarn install --immutable | |
| - name: Compile TypeScript code | |
| if: steps.check-permissions.outputs.result == 'true' | |
| # We need this or the linter will complain about other stuff than the checks | |
| run: yarn run build | |
| - name: Get config file ID | |
| if: steps.check-permissions.outputs.result == 'true' | |
| id: config-id | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| script: | | |
| const body = context.payload.comment.body; | |
| const match = /import config (?<ids>[a-z0-9_:, -]{1,}?) from (?<source>\w+)/.exec(body); | |
| if (!match) return {skip: true}; | |
| return { | |
| source: match.groups.source, | |
| ids: match.groups.ids, | |
| } | |
| - name: Import config files | |
| if: | | |
| steps.check-permissions.outputs.result == 'true' && | |
| !fromJSON(steps.config-id.outputs.result).skip | |
| id: import | |
| env: | |
| source: ${{ fromJSON(steps.config-id.outputs.result).source }} | |
| ids: ${{ fromJSON(steps.config-id.outputs.result).ids }} | |
| run: | | |
| yarn run config import -s "$source" -Dd --ids "$ids" | |
| branchname="import-config-$(date +'%s')" | |
| commitmessage="feat(config): import config files from $source" | |
| # Check if something changed | |
| git config user.email "bot@zwave-js.io" | |
| git config user.name "Z-Wave JS Bot" | |
| git checkout -b "$branchname" | |
| git add -A | |
| if ! git diff --quiet HEAD -- packages/config/config/devices/ ; then | |
| git commit -m "$commitmessage" | |
| git push --set-upstream origin "$branchname" | |
| echo "result=success" >> $GITHUB_OUTPUT | |
| echo "branchname=$branchname" >> $GITHUB_OUTPUT | |
| echo "commitmessage=$commitmessage" >> $GITHUB_OUTPUT | |
| else | |
| echo "result=unchanged" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| - name: Create PR | |
| if: steps.check-permissions.outputs.result == 'true' | |
| uses: actions/github-script@v7 | |
| env: | |
| RESULT: ${{ steps.import.outputs.result }} | |
| branchname: ${{ steps.import.outputs.branchname }} | |
| commitmessage: ${{ steps.import.outputs.commitmessage }} | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| return bot.importConfigCreatePR({github, context}); | |
| # ######################################################################### | |
| # Adds a compat flag to an existing file when an authorized person posts | |
| # @zwave-js-bot add compat flag to <deviceId> | |
| # ``` | |
| # mapBasicSet: "auto" | |
| # ``` | |
| add-compat-flag: | |
| if: | | |
| contains(github.event.issue.html_url, '/issues/') && | |
| contains(github.event.comment.body, '@zwave-js-bot add compat flag') && | |
| (github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]') | |
| runs-on: [ubuntu-latest] | |
| strategy: | |
| matrix: | |
| node-version: [18] # This should be LTS | |
| steps: | |
| - name: Checkout master branch | |
| uses: actions/checkout@v4 | |
| - name: Check user's permissions to do this | |
| id: check-permissions | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| result-encoding: string | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| return bot.checkAuthorized({github, context}); | |
| # These steps only run if the check was successful | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| if: steps.check-permissions.outputs.result == 'true' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'yarn' | |
| - name: Install dependencies | |
| if: steps.check-permissions.outputs.result == 'true' | |
| run: yarn install --immutable | |
| - name: Compile TypeScript code | |
| if: steps.check-permissions.outputs.result == 'true' | |
| # We need this or the linter will complain about other stuff than the checks | |
| run: yarn run build | |
| - name: Parse command | |
| if: steps.check-permissions.outputs.result == 'true' | |
| id: parse-command | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| script: | | |
| const body = context.payload.comment.body; | |
| const match1 = /add compat flag to `?(?<id>0x[0-9a-f]{4}:0x[0-9a-f]{4}:0x[0-9a-f]{4}(?::\d+\.\d+)?)`?\s/.exec(body); | |
| const match2 = /```(?:jsonc?)?(?<flag>(?:.|\n|\r)*)```/.exec(body); | |
| if (!match1 || !match2) return {skip: true}; | |
| return { | |
| id: match1.groups.id, | |
| flag: match2.groups.flag | |
| } | |
| - name: Add compat flag | |
| if: | | |
| steps.check-permissions.outputs.result == 'true' && | |
| !fromJSON(steps.parse-command.outputs.result).skip | |
| uses: actions/github-script@v7 | |
| env: | |
| id: ${{ fromJSON(steps.parse-command.outputs.result).id }} | |
| flag: ${{ fromJSON(steps.parse-command.outputs.result).flag }} | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| return bot.addCompatFlag({github, context}); | |
| - name: Commit changes | |
| if: | | |
| steps.check-permissions.outputs.result == 'true' && | |
| !fromJSON(steps.parse-command.outputs.result).skip | |
| id: commit-changes | |
| env: | |
| id: ${{ fromJSON(steps.parse-command.outputs.result).id }} | |
| run: | | |
| branchname="add-compat-flag-$(date +'%s')" | |
| commitmessage="fix(config): add compat flag to $id" | |
| # Check if something changed | |
| git config user.email "bot@zwave-js.io" | |
| git config user.name "Z-Wave JS Bot" | |
| git checkout -b "$branchname" | |
| git add -A | |
| if ! git diff --quiet HEAD -- packages/config/config/devices/ ; then | |
| git commit -m "$commitmessage" | |
| git push --set-upstream origin "$branchname" | |
| echo "result=success" >> $GITHUB_OUTPUT | |
| echo "branchname=$branchname" >> $GITHUB_OUTPUT | |
| echo "commitmessage=$commitmessage" >> $GITHUB_OUTPUT | |
| else | |
| echo "result=unchanged" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| - name: Create PR | |
| if: | | |
| steps.check-permissions.outputs.result == 'true' && | |
| !fromJSON(steps.parse-command.outputs.result).skip | |
| uses: actions/github-script@v7 | |
| env: | |
| RESULT: ${{ steps.commit-changes.outputs.result }} | |
| branchname: ${{ steps.commit-changes.outputs.branchname }} | |
| commitmessage: ${{ steps.commit-changes.outputs.commitmessage }} | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| return bot.addCompatFlagCreatePR({github, context}); | |
| # ######################################################################### | |
| # Adds a fingerprint to an existing file when an authorized person posts | |
| # @zwave-js-bot add fingerprint <newId> to <existingDeviceId> | |
| add-fingerprint: | |
| if: | | |
| contains(github.event.issue.html_url, '/issues/') && | |
| contains(github.event.comment.body, '@zwave-js-bot add fingerprint') && | |
| (github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]') | |
| runs-on: [ubuntu-latest] | |
| strategy: | |
| matrix: | |
| node-version: [18] # This should be LTS | |
| steps: | |
| - name: Checkout master branch | |
| uses: actions/checkout@v4 | |
| - name: Check user's permissions to do this | |
| id: check-permissions | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| result-encoding: string | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| return bot.checkAuthorized({github, context}); | |
| # These steps only run if the check was successful | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| if: steps.check-permissions.outputs.result == 'true' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'yarn' | |
| - name: Install dependencies | |
| if: steps.check-permissions.outputs.result == 'true' | |
| run: yarn install --immutable | |
| - name: Compile TypeScript code | |
| if: steps.check-permissions.outputs.result == 'true' | |
| # We need this or the linter will complain about other stuff than the checks | |
| run: yarn run build | |
| - name: Parse command | |
| if: steps.check-permissions.outputs.result == 'true' | |
| id: parse-command | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| script: | | |
| const body = context.payload.comment.body; | |
| const match = /add fingerprint `?(?<fingerprint>0x[0-9a-f]{4}:0x[0-9a-f]{4})`? to `?(?<id>0x[0-9a-f]{4}:0x[0-9a-f]{4}:0x[0-9a-f]{4}(?::\d+\.\d+)?)`?/.exec(body); | |
| if (!match) return {skip: true}; | |
| return { | |
| fingerprint: match.groups.fingerprint, | |
| id: match.groups.id | |
| } | |
| - name: Add fingerprint | |
| if: | | |
| steps.check-permissions.outputs.result == 'true' && | |
| !fromJSON(steps.parse-command.outputs.result).skip | |
| id: add-fingerprint | |
| uses: actions/github-script@v7 | |
| env: | |
| fingerprint: ${{ fromJSON(steps.parse-command.outputs.result).fingerprint }} | |
| id: ${{ fromJSON(steps.parse-command.outputs.result).id }} | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| return bot.addFingerprint({github, context}); | |
| - name: Commit changes | |
| if: | | |
| steps.check-permissions.outputs.result == 'true' && | |
| !fromJSON(steps.parse-command.outputs.result).skip | |
| id: commit-changes | |
| env: | |
| fingerprint: ${{ fromJSON(steps.parse-command.outputs.result).fingerprint }} | |
| id: ${{ fromJSON(steps.parse-command.outputs.result).id }} | |
| deviceLabel: ${{ steps.add-fingerprint.outputs.result }} | |
| run: | | |
| branchname="add-fingerprint-$(date +'%s')" | |
| commitmessage="fix(config): add fingerprint \`$fingerprint\` to $deviceLabel" | |
| # Check if something changed | |
| git config user.email "bot@zwave-js.io" | |
| git config user.name "Z-Wave JS Bot" | |
| git checkout -b "$branchname" | |
| git add -A | |
| if ! git diff --quiet HEAD -- packages/config/config/devices/ ; then | |
| git commit -m "$commitmessage" | |
| git push --set-upstream origin "$branchname" | |
| echo "result=success" >> $GITHUB_OUTPUT | |
| echo "branchname=$branchname" >> $GITHUB_OUTPUT | |
| echo "commitmessage=$commitmessage" >> $GITHUB_OUTPUT | |
| else | |
| echo "result=unchanged" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| - name: Create PR | |
| if: | | |
| steps.check-permissions.outputs.result == 'true' && | |
| !fromJSON(steps.parse-command.outputs.result).skip | |
| uses: actions/github-script@v7 | |
| env: | |
| RESULT: ${{ steps.commit-changes.outputs.result }} | |
| branchname: ${{ steps.commit-changes.outputs.branchname }} | |
| commitmessage: ${{ steps.commit-changes.outputs.commitmessage }} | |
| with: | |
| github-token: ${{secrets.BOT_TOKEN}} | |
| script: | | |
| const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`); | |
| return bot.addFingerprintCreatePR({github, context}); |