mirror of
https://github.com/home-assistant/supervisor.git
synced 2026-02-15 07:27:13 +00:00
515114fa69
* Improve Supervisor startup wait logic in CI workflow The 'Wait for Supervisor to come up' step was failing intermittently when the Supervisor API wasn't immediately available. The original script relied on bash's lenient error handling in command substitution, which could fail unpredictably. Changes: - Use curl -f flag to properly handle HTTP errors - Use jq -e for robust JSON validation and exit code handling - Add explicit 5-minute timeout with elapsed time tracking - Reduce log noise by only reporting progress every 15 seconds - Add comprehensive error diagnostics on timeout: * Show last API response received * Dump last 50 lines of Supervisor logs - Show startup time on success for performance monitoring This makes the CI workflow more reliable and easier to debug when the Supervisor fails to start. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * Use YAML anchor to deduplicate wait step in CI workflow The 'Wait for Supervisor to come up' step appears twice in the run_supervisor job - once after starting and once after restarting. Use a YAML anchor to define the step once and reference it on the second occurrence. This reduces duplication by 28 lines and makes future maintenance easier by ensuring both wait steps remain identical. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
464 lines
16 KiB
YAML
464 lines
16 KiB
YAML
name: Build supervisor
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
channel:
|
|
description: "Channel"
|
|
required: true
|
|
default: "dev"
|
|
version:
|
|
description: "Version"
|
|
required: true
|
|
publish:
|
|
description: "Publish"
|
|
required: true
|
|
default: "false"
|
|
stable:
|
|
description: "Stable"
|
|
required: true
|
|
default: "false"
|
|
pull_request:
|
|
branches: ["main"]
|
|
release:
|
|
types: ["published"]
|
|
push:
|
|
branches: ["main"]
|
|
paths:
|
|
- "rootfs/**"
|
|
- "supervisor/**"
|
|
- build.yaml
|
|
- Dockerfile
|
|
- requirements.txt
|
|
- setup.py
|
|
|
|
env:
|
|
DEFAULT_PYTHON: "3.13"
|
|
COSIGN_VERSION: "v2.5.3"
|
|
CRANE_VERSION: "v0.20.7"
|
|
CRANE_SHA256: "8ef3564d264e6b5ca93f7b7f5652704c4dd29d33935aff6947dd5adefd05953e"
|
|
BUILD_NAME: supervisor
|
|
BUILD_TYPE: supervisor
|
|
|
|
concurrency:
|
|
group: "${{ github.workflow }}-${{ github.ref }}"
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
init:
|
|
name: Initialize build
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
architectures: ${{ steps.info.outputs.architectures }}
|
|
version: ${{ steps.version.outputs.version }}
|
|
channel: ${{ steps.version.outputs.channel }}
|
|
publish: ${{ steps.version.outputs.publish }}
|
|
build_wheels: ${{ steps.requirements.outputs.build_wheels }}
|
|
steps:
|
|
- name: Checkout the repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Get information
|
|
id: info
|
|
uses: home-assistant/actions/helpers/info@master
|
|
|
|
- name: Get version
|
|
id: version
|
|
uses: home-assistant/actions/helpers/version@master
|
|
with:
|
|
type: ${{ env.BUILD_TYPE }}
|
|
|
|
- name: Get changed files
|
|
id: changed_files
|
|
if: github.event_name != 'release'
|
|
uses: masesgroup/retrieve-changed-files@491e80760c0e28d36ca6240a27b1ccb8e1402c13 # v3.0.0
|
|
|
|
- name: Check if requirements files changed
|
|
id: requirements
|
|
run: |
|
|
# No wheels build necessary for releases
|
|
if [[ "${{ github.event_name }}" == "release" ]]; then
|
|
echo "build_wheels=false" >> "$GITHUB_OUTPUT"
|
|
elif [[ "${{ steps.changed_files.outputs.all }}" =~ (requirements\.txt|build\.yaml|\.github/workflows/builder\.yml) ]]; then
|
|
echo "build_wheels=true" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "build_wheels=false" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
build:
|
|
name: Build ${{ matrix.arch }} supervisor
|
|
needs: init
|
|
runs-on: ${{ matrix.runs-on }}
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
packages: write
|
|
strategy:
|
|
matrix:
|
|
arch: ${{ fromJson(needs.init.outputs.architectures) }}
|
|
include:
|
|
- runs-on: ubuntu-24.04
|
|
- runs-on: ubuntu-24.04-arm
|
|
arch: aarch64
|
|
env:
|
|
WHEELS_ABI: cp313
|
|
WHEELS_TAG: musllinux_1_2
|
|
WHEELS_APK_DEPS: "libffi-dev;openssl-dev;yaml-dev"
|
|
WHEELS_SKIP_BINARY: aiohttp
|
|
steps:
|
|
- name: Checkout the repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Write env-file for wheels build
|
|
if: needs.init.outputs.build_wheels == 'true'
|
|
run: |
|
|
(
|
|
# Fix out of memory issues with rust
|
|
echo "CARGO_NET_GIT_FETCH_WITH_CLI=true"
|
|
) > .env_file
|
|
|
|
- name: Build and publish wheels
|
|
if: needs.init.outputs.build_wheels == 'true' && needs.init.outputs.publish == 'true'
|
|
uses: home-assistant/wheels@e5742a69d69f0e274e2689c998900c7d19652c21 # 2025.12.0
|
|
with:
|
|
wheels-key: ${{ secrets.WHEELS_KEY }}
|
|
abi: ${{ env.WHEELS_ABI }}
|
|
tag: ${{ env.WHEELS_TAG }}
|
|
arch: ${{ matrix.arch }}
|
|
apk: ${{ env.WHEELS_APK_DEPS }}
|
|
skip-binary: ${{ env.WHEELS_SKIP_BINARY }}
|
|
env-file: true
|
|
requirements: "requirements.txt"
|
|
|
|
- name: Build local wheels
|
|
if: needs.init.outputs.build_wheels == 'true' && needs.init.outputs.publish == 'false'
|
|
uses: home-assistant/wheels@e5742a69d69f0e274e2689c998900c7d19652c21 # 2025.12.0
|
|
with:
|
|
wheels-host: ""
|
|
wheels-user: ""
|
|
wheels-key: ""
|
|
local-wheels-repo-path: "wheels/"
|
|
abi: ${{ env.WHEELS_ABI }}
|
|
tag: ${{ env.WHEELS_TAG }}
|
|
arch: ${{ matrix.arch }}
|
|
apk: ${{ env.WHEELS_APK_DEPS }}
|
|
skip-binary: ${{ env.WHEELS_SKIP_BINARY }}
|
|
env-file: true
|
|
requirements: "requirements.txt"
|
|
|
|
- name: Upload local wheels artifact
|
|
if: needs.init.outputs.build_wheels == 'true' && needs.init.outputs.publish == 'false'
|
|
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
|
with:
|
|
name: wheels-${{ matrix.arch }}
|
|
path: wheels
|
|
retention-days: 1
|
|
|
|
- name: Set version
|
|
if: needs.init.outputs.publish == 'true'
|
|
uses: home-assistant/actions/helpers/version@master
|
|
with:
|
|
type: ${{ env.BUILD_TYPE }}
|
|
|
|
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
|
|
if: needs.init.outputs.publish == 'true'
|
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
|
with:
|
|
python-version: ${{ env.DEFAULT_PYTHON }}
|
|
|
|
- name: Install Cosign
|
|
if: needs.init.outputs.publish == 'true'
|
|
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
|
|
with:
|
|
cosign-release: ${{ env.COSIGN_VERSION }}
|
|
|
|
- name: Install dirhash and calc hash
|
|
if: needs.init.outputs.publish == 'true'
|
|
run: |
|
|
pip3 install setuptools dirhash
|
|
dir_hash="$(dirhash "${{ github.workspace }}/supervisor" -a sha256 --match "*.py")"
|
|
echo "${dir_hash}" > rootfs/supervisor.sha256
|
|
|
|
- name: Sign supervisor SHA256
|
|
if: needs.init.outputs.publish == 'true'
|
|
run: |
|
|
cosign sign-blob --yes rootfs/supervisor.sha256 --bundle rootfs/supervisor.sha256.sig
|
|
|
|
- name: Login to GitHub Container Registry
|
|
if: needs.init.outputs.publish == 'true'
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Set build arguments
|
|
if: needs.init.outputs.publish == 'false'
|
|
run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV
|
|
|
|
# home-assistant/builder doesn't support sha pinning
|
|
- name: Build supervisor
|
|
uses: home-assistant/builder@2025.11.0
|
|
with:
|
|
image: ${{ matrix.arch }}
|
|
args: |
|
|
$BUILD_ARGS \
|
|
--${{ matrix.arch }} \
|
|
--target /data \
|
|
--cosign \
|
|
--generic ${{ needs.init.outputs.version }}
|
|
|
|
version:
|
|
name: Update version
|
|
needs: ["init", "run_supervisor", "retag_deprecated"]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout the repository
|
|
if: needs.init.outputs.publish == 'true'
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
- name: Initialize git
|
|
if: needs.init.outputs.publish == 'true'
|
|
uses: home-assistant/actions/helpers/git-init@master
|
|
with:
|
|
name: ${{ secrets.GIT_NAME }}
|
|
email: ${{ secrets.GIT_EMAIL }}
|
|
token: ${{ secrets.GIT_TOKEN }}
|
|
|
|
- name: Update version file
|
|
if: needs.init.outputs.publish == 'true'
|
|
uses: home-assistant/actions/helpers/version-push@master
|
|
with:
|
|
key: ${{ env.BUILD_NAME }}
|
|
version: ${{ needs.init.outputs.version }}
|
|
channel: ${{ needs.init.outputs.channel }}
|
|
|
|
run_supervisor:
|
|
runs-on: ubuntu-latest
|
|
name: Run the Supervisor
|
|
needs: ["build", "init"]
|
|
timeout-minutes: 60
|
|
steps:
|
|
- name: Checkout the repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
- name: Download local wheels artifact
|
|
if: needs.init.outputs.build_wheels == 'true' && needs.init.outputs.publish == 'false'
|
|
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
|
with:
|
|
name: wheels-amd64
|
|
path: wheels
|
|
|
|
# home-assistant/builder doesn't support sha pinning
|
|
- name: Build the Supervisor
|
|
if: needs.init.outputs.publish != 'true'
|
|
uses: home-assistant/builder@2025.11.0
|
|
with:
|
|
args: |
|
|
--test \
|
|
--amd64 \
|
|
--target /data \
|
|
--generic runner
|
|
|
|
- name: Pull Supervisor
|
|
if: needs.init.outputs.publish == 'true'
|
|
run: |
|
|
docker pull ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }}
|
|
docker tag ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }} ghcr.io/home-assistant/amd64-hassio-supervisor:runner
|
|
|
|
- name: Create the Supervisor
|
|
run: |
|
|
mkdir -p /tmp/supervisor/data
|
|
docker create --name hassio_supervisor \
|
|
--privileged \
|
|
--security-opt seccomp=unconfined \
|
|
--security-opt apparmor=unconfined \
|
|
-v /run/docker.sock:/run/docker.sock \
|
|
-v /run/dbus:/run/dbus \
|
|
-v /tmp/supervisor/data:/data \
|
|
-v /etc/machine-id:/etc/machine-id:ro \
|
|
-e SUPERVISOR_SHARE="/tmp/supervisor/data" \
|
|
-e SUPERVISOR_NAME=hassio_supervisor \
|
|
-e SUPERVISOR_DEV=1 \
|
|
-e SUPERVISOR_MACHINE="qemux86-64" \
|
|
ghcr.io/home-assistant/amd64-hassio-supervisor:runner
|
|
|
|
- name: Start the Supervisor
|
|
run: docker start hassio_supervisor
|
|
|
|
- &wait_for_supervisor
|
|
name: Wait for Supervisor to come up
|
|
run: |
|
|
SUPERVISOR=$(docker inspect --format='{{.NetworkSettings.IPAddress}}' hassio_supervisor)
|
|
echo "Waiting for Supervisor API at http://${SUPERVISOR}/supervisor/ping"
|
|
timeout=300
|
|
elapsed=0
|
|
|
|
while [ $elapsed -lt $timeout ]; do
|
|
if response=$(curl -sSf "http://${SUPERVISOR}/supervisor/ping" 2>/dev/null); then
|
|
if echo "$response" | jq -e '.result == "ok"' >/dev/null 2>&1; then
|
|
echo "Supervisor is up! (took ${elapsed}s)"
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
if [ $((elapsed % 15)) -eq 0 ]; then
|
|
echo "Still waiting... (${elapsed}s/${timeout}s)"
|
|
fi
|
|
|
|
sleep 5
|
|
elapsed=$((elapsed + 5))
|
|
done
|
|
|
|
echo "ERROR: Supervisor failed to start within ${timeout}s"
|
|
echo "Last response: $response"
|
|
echo "Checking supervisor logs..."
|
|
docker logs --tail 50 hassio_supervisor
|
|
exit 1
|
|
|
|
- name: Check the Supervisor
|
|
run: |
|
|
echo "Checking supervisor info"
|
|
test=$(docker exec hassio_cli ha supervisor info --no-progress --raw-json | jq -r '.result')
|
|
if [ "$test" != "ok" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
echo "Checking supervisor network info"
|
|
test=$(docker exec hassio_cli ha network info --no-progress --raw-json | jq -r '.result')
|
|
if [ "$test" != "ok" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
- name: Check the Store / Addon
|
|
run: |
|
|
echo "Install Core SSH Add-on"
|
|
test=$(docker exec hassio_cli ha addons install core_ssh --no-progress --raw-json | jq -r '.result')
|
|
if [ "$test" != "ok" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
# Make sure it actually installed
|
|
test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
|
|
if [[ "$test" == "null" ]]; then
|
|
exit 1
|
|
fi
|
|
|
|
echo "Start Core SSH Add-on"
|
|
test=$(docker exec hassio_cli ha addons start core_ssh --no-progress --raw-json | jq -r '.result')
|
|
if [ "$test" != "ok" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
# Make sure its state is started
|
|
test="$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.state')"
|
|
if [ "$test" != "started" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
- name: Create full backup
|
|
id: backup
|
|
run: |
|
|
test=$(docker exec hassio_cli ha backups new --no-progress --raw-json)
|
|
if [ "$(echo $test | jq -r '.result')" != "ok" ]; then
|
|
exit 1
|
|
fi
|
|
echo "slug=$(echo $test | jq -r '.data.slug')" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Uninstall SSH add-on
|
|
run: |
|
|
test=$(docker exec hassio_cli ha addons uninstall core_ssh --no-progress --raw-json | jq -r '.result')
|
|
if [ "$test" != "ok" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
- name: Restart supervisor
|
|
run: |
|
|
test=$(docker exec hassio_cli ha supervisor restart --no-progress --raw-json | jq -r '.result')
|
|
if [ "$test" != "ok" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
- *wait_for_supervisor
|
|
|
|
- name: Restore SSH add-on from backup
|
|
run: |
|
|
test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --addons core_ssh --no-progress --raw-json | jq -r '.result')
|
|
if [ "$test" != "ok" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
# Make sure it actually installed
|
|
test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
|
|
if [[ "$test" == "null" ]]; then
|
|
exit 1
|
|
fi
|
|
|
|
# Make sure its state is started
|
|
test="$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.state')"
|
|
if [ "$test" != "started" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
- name: Restore SSL directory from backup
|
|
run: |
|
|
test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --folders ssl --no-progress --raw-json | jq -r '.result')
|
|
if [ "$test" != "ok" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
- name: Get supervisor logs on failiure
|
|
if: ${{ cancelled() || failure() }}
|
|
run: docker logs hassio_supervisor
|
|
|
|
retag_deprecated:
|
|
needs: ["build", "init"]
|
|
name: Re-tag deprecated ${{ matrix.arch }} images
|
|
if: needs.init.outputs.publish == 'true'
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
packages: write
|
|
strategy:
|
|
matrix:
|
|
arch: ["armhf", "armv7", "i386"]
|
|
env:
|
|
# Last available release for deprecated architectures
|
|
FROZEN_VERSION: "2025.11.5"
|
|
steps:
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Install Cosign
|
|
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
|
|
with:
|
|
cosign-release: ${{ env.COSIGN_VERSION }}
|
|
|
|
- name: Install crane
|
|
run: |
|
|
curl -sLO https://github.com/google/go-containerregistry/releases/download/${{ env.CRANE_VERSION }}/go-containerregistry_Linux_x86_64.tar.gz
|
|
echo "${{ env.CRANE_SHA256 }} go-containerregistry_Linux_x86_64.tar.gz" | sha256sum -c -
|
|
tar xzf go-containerregistry_Linux_x86_64.tar.gz crane
|
|
sudo mv crane /usr/local/bin/
|
|
|
|
- name: Re-tag deprecated image with updated version label
|
|
run: |
|
|
crane auth login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
|
|
crane mutate \
|
|
--label io.hass.version=${{ needs.init.outputs.version }} \
|
|
--tag ghcr.io/home-assistant/${{ matrix.arch }}-hassio-supervisor:${{ needs.init.outputs.version }} \
|
|
ghcr.io/home-assistant/${{ matrix.arch }}-hassio-supervisor:${{ env.FROZEN_VERSION }}
|
|
|
|
- name: Sign image with Cosign
|
|
run: |
|
|
cosign sign --yes ghcr.io/home-assistant/${{ matrix.arch }}-hassio-supervisor:${{ needs.init.outputs.version }}
|