updated GitHub actions builds

.github/workflows/ci.yaml → .github/workflows/docker-stack.yaml

@@ -1,4 +1,4 @@
-name: CI
+name: build dockers
 
 on:
   push:
@@ -18,26 +18,21 @@ jobs:
     steps:
       - name: Checkout source code
         uses: actions/checkout@v3
-      #- name: 🚀 Run yamllint
-      #  uses: frenck/action-yamllint@v1
-      #- name: Copy .env
-      #  run: cp .env.dist .env
+
       - name: Build SHARED docker-compose stack
         run: docker network create iot-smart-network
       - name: Build QUEUE docker-compose stack
         working-directory: ./docker/queue
-        run: docker-compose up --env-file ../docker/.env
+        run: sh run-ci.sh
       - name: Build MANAGEMENT docker-compose stack
         working-directory: ./docker/management/
-        run: docker-compose up --env-file ../docker/.env
+        run: sh run-ci.sh
       - name: Build OBSERVABILITY docker-compose stack
         working-directory: ./docker/observability/
-        run: docker-compose up --env-file ../docker/.env
-      - name: prepare to run HA
-        working-directory: .
-        run: . ha-run.sh
+        run: sh run-ci.sh
+
       - name: Build HA docker-compose stack
         working-directory: ./docker/home-assistant/
-        run: docker-compose up  --env-file docker/.env
+        run: sh run-ci.sh
       - name: Check running containers
         run: docker ps -a

.github/workflows/home-assistant.yml

@@ -0,0 +1,71 @@
+---
+name: Home Assistant CI
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request:
+
+jobs:
+  yamllint:
+    name: 🧹 yamllint 
+    runs-on: ubuntu-latest
+    steps:
+      - name: Getting your configuration from GitHub
+        uses: actions/checkout@v1
+      - name: Running YAMLlint
+        uses: ibiqlik/action-yamllint@v1
+        continue-on-error: true
+        with:
+          config_file: .github/yamllint-config.yml
+
+  remarklint:
+    runs-on: ubuntu-18.04
+    steps:
+      - name: ⤵️ Check out configuration from GitHub
+        uses: actions/checkout@v3.0.2
+      - name: Running Remark lint
+        uses: "docker://pipelinecomponents/remark-lint:latest"
+        continue-on-error: true
+        with:
+          args: "remark --no-stdout --color --frail --use preset-lint-recommended ."
+
+  home-assistant:
+    name: "Home Assistant Core ${{ matrix.version }} Configuration Check"
+    needs: [yamllint]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        version: ["stable"]
+    steps:
+      - name: ⤵️ Check out configuration from GitHub
+        uses: actions/checkout@v3.0.2
+      - name: 🚀 Run Home Assistant Configuration Check
+        uses: frenck/action-home-assistant@v1.3
+        with:
+          path: "./home-assistant-configuration"
+          secrets: ./home-assistant-configuration/secrets_github.yaml
+          version: "${{ matrix.version }}"
+
+  # esphome:
+  #   runs-on: ubuntu-latest
+  #   needs: [yamllint]
+  #   steps:
+  #     - name: ⤵️ Check out configuration from GitHub
+  #       uses: actions/checkout@v3.0.2
+  #     - name: Set up Python 3.7
+  #       uses: actions/setup-python@v3
+  #       with:
+  #         python-version: 3.7
+  #     - name: Install dependencies
+  #       run: |
+  #         python -m pip install --upgrade pip setuptools wheel
+  #         pip install esphome
+  #         pip list
+  #         esphome version
+  #     - name: Copy secrets stub into configuration folder
+  #       run: cp ./secrets_github.yaml ./esphome/secrets.yaml
+  #     - name: Run esphome on all files
+  #       # yamllint disable rule:line-length
+  #       run: |
+  #         for file in $(find ./config/esphome -type f -name "*.yaml" -maxdepth 1 -not -name "secrets.yaml"); do esphome "${file}" config; done
+

.github/yamllint-config.yml

@@ -0,0 +1,21 @@
+---
+#####
+# Used to configure yamlling so it skips some checks
+# But also some files too
+#####
+extends: default
+
+rules:
+  line-length: disable
+#  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  indentation: disable
+
+ignore: |
+  lovelace-ui.yaml
+  custom_components/
+  .git
+  .github/workflows/yaml-lint.yaml
+  themes/
+  esphome/

docker/home-assistant/run-ci.sh

@@ -0,0 +1,9 @@
+docker-compose stop
+
+mkdir -p ../../dist
+mkdir -p ../../dist/ha
+mkdir -p ../../dist/ha/config
+
+cp -a ../../home-assistant-configuration/. ../../dist/ha/config/
+
+docker-compose -f docker-compose.yaml --env-file .env up --detach

docker/management/.env

@@ -0,0 +1,2 @@
+TZ=Europe/Warsaw
+USERDIR=../../dist

docker/management/docker-compose.yaml

@@ -21,4 +21,4 @@ services:
 networks:
   default:
     external:
-      name: shared-smart-network
+      name: iot-smart-network

docker/management/run-ci.sh

@@ -0,0 +1 @@
+docker-compose -f docker-compose.yaml --env-file .env up --detach

docker/observability/run-ci.sh

@@ -0,0 +1 @@
+docker-compose -p "ci-observability" -f docker-compose.yaml  --env-file .env up --detach --force-recreate

docker/queue/.env

@@ -0,0 +1,6 @@
+# GLOBAL
+HOST_PORT_PREFIX=
+# deployment
+USERDIR=../../dist
+RABBIT_USER_NAME=test
+RABBIT_USER_PASSWORD=test

docker/queue/run-ci.sh

@@ -0,0 +1 @@
+docker-compose -p "ci-queue" -f docker-compose.yaml  --env-file .env up --detach

home-assistant-configuration/custom_components/auth_header/__init__.py

@@ -0,0 +1,132 @@
+import logging
+from http import HTTPStatus
+from ipaddress import ip_address
+from typing import OrderedDict
+from aiohttp.web import Request, Response
+from typing import Any
+
+import homeassistant.helpers.config_validation as cv
+import voluptuous as vol
+from homeassistant import data_entry_flow
+from homeassistant.components.auth import DOMAIN as AUTH_DOMAIN
+from homeassistant.components.auth import indieauth
+from homeassistant.components.auth.login_flow import (
+    LoginFlowIndexView,
+    _prepare_result_json,
+)
+from homeassistant.components.http.ban import log_invalid_auth, process_success_login
+from homeassistant.components.http.data_validator import RequestDataValidator
+from homeassistant.core import HomeAssistant
+
+from . import headers
+
+DOMAIN = "auth_header"
+_LOGGER = logging.getLogger(__name__)
+CONFIG_SCHEMA = vol.Schema(
+    {
+        DOMAIN: vol.Schema(
+            {
+                vol.Optional(
+                    "username_header", default="X-Forwarded-Preferred-Username"
+                ): cv.string,
+                vol.Optional("debug", default=False): cv.boolean,
+            }
+        )
+    },
+    extra=vol.ALLOW_EXTRA,
+)
+
+
+async def async_setup(hass: HomeAssistant, config):
+    """Register custom view which includes request in context"""
+    # Because we start after auth, we have access to store_result
+    store_result = hass.data[AUTH_DOMAIN]
+    # Remove old LoginFlowIndexView
+    for route in hass.http.app.router._resources:
+        if route.canonical == "/auth/login_flow":
+            _LOGGER.debug("Removed original login_flow route")
+            hass.http.app.router._resources.remove(route)
+    _LOGGER.debug("Add new login_flow route")
+    hass.http.register_view(
+        RequestLoginFlowIndexView(
+            hass.auth.login_flow, store_result, config[DOMAIN]["debug"]
+        )
+    )
+
+    # Inject Auth-Header provider.
+    providers = OrderedDict()
+    provider = headers.HeaderAuthProvider(
+        hass,
+        hass.auth._store,
+        config[DOMAIN],
+    )
+    providers[(provider.type, provider.id)] = provider
+    providers.update(hass.auth._providers)
+    hass.auth._providers = providers
+    _LOGGER.debug("Injected auth_header provider")
+    return True
+
+
+def get_actual_ip(request: Request) -> str:
+    """Get remote from `request` without considering overrides. This is because
+    when behind a reverse proxy, hass overrides the .remote attributes with the X-Forwarded-For
+    value. We still need to check the actual remote though, to verify its from a valid proxy."""
+    if isinstance(request._transport_peername, (list, tuple)):
+        return request._transport_peername[0]
+    return request._transport_peername
+
+
+class RequestLoginFlowIndexView(LoginFlowIndexView):
+
+    debug: bool
+
+    def __init__(self, flow_mgr, store_result, debug=False) -> None:
+        super().__init__(flow_mgr, store_result)
+        self.debug = debug
+
+    @RequestDataValidator(
+        vol.Schema(
+            {
+                vol.Required("client_id"): str,
+                vol.Required("handler"): vol.Any(str, list),
+                vol.Required("redirect_uri"): str,
+                vol.Optional("type", default="authorize"): str,
+            }
+        )
+    )
+    @log_invalid_auth
+    async def post(self, request: Request, data: dict[str, Any]) -> Response:
+        """Create a new login flow."""
+        client_id: str = data["client_id"]
+        redirect_uri: str = data["redirect_uri"]
+
+        if not indieauth.verify_client_id(client_id):
+            return self.json_message("Invalid client id", HTTPStatus.BAD_REQUEST)
+
+        handler: tuple[str, ...] | str
+        if isinstance(data["handler"], list):
+            handler = tuple(data["handler"])
+        else:
+            handler = data["handler"]
+
+        try:
+            _LOGGER.debug(request.headers)
+            actual_ip = get_actual_ip(request)
+            _LOGGER.debug("Got actual IP %s", actual_ip)
+            result = await self._flow_mgr.async_init(
+                handler,  # type: ignore[arg-type]
+                context={
+                    "request": request,
+                    "ip_address": ip_address(actual_ip),  # type: ignore[arg-type]
+                    "credential_only": data.get("type") == "link_user",
+                    "redirect_uri": redirect_uri,
+                },
+            )
+        except data_entry_flow.UnknownHandler:
+            return self.json_message("Invalid handler specified", HTTPStatus.NOT_FOUND)
+        except data_entry_flow.UnknownStep:
+            return self.json_message(
+                "Handler does not support init", HTTPStatus.BAD_REQUEST
+            )
+
+        return await self._async_flow_result_to_response(request, client_id, result)