Skip to content
Z-Wave Bot: React to comments

feat: log debugging information for S0 encryption in dev mode #17555

Sign in to view logs

feat: log debugging information for S0 encryption in dev mode

feat: log debugging information for S0 encryption in dev mode #17555

Workflow file for this run

.github/workflows/zwave-js-bot_comment.yml at b5fcbb7
name: 'Z-Wave Bot: React to comments'
on:
issue_comment:
types: [created] # edited, deleted
jobs:
# Publish a PR build when an authorized person comments "@zwave-js-bot pack this"
publish-pr:
if: |
contains(github.event.issue.html_url, '/pull/') &&
contains(github.event.comment.body, '@zwave-js-bot pack this') &&
(github.event.comment.user.login == 'AlCalzone')
runs-on: [ubuntu-latest]
strategy:
matrix:
node-version: [18] # This should be LTS
steps:
- uses: actions/github-script@v7
with:
github-token: ${{secrets.BOT_TOKEN}}
script: |
const options = {
owner: context.repo.owner,
repo: context.repo.repo,
};
const { data: pull } = await github.rest.pulls.get({
...options,
pull_number: context.payload.issue.number,
});
if (!pull.mergeable || !pull.merge_commit_sha) {
await github.rest.issues.createComment({
...options,
issue_number: context.payload.issue.number,
body: `😥 Seems like this PR cannot be merged. Please fix the merge conflicts and try again.`,
});
process.exit(1);
}
await github.rest.issues.createComment({
...options,
issue_number: context.issue.number,
body: `👋 Hey @${context.payload.comment.user.login}!
I've started to deploy this PR as a development build.
You can monitor the progress [here](${context.payload.repository.html_url}/actions/runs/${context.runId}).`
})
- name: Checkout merged code
uses: actions/checkout@v4
with:
token: ${{secrets.BOT_TOKEN}}
fetch-depth: 0 # We need the history for versioning with yarn
ref: 'refs/pull/${{ github.event.issue.number }}/merge'
- name: Switch to a branch
run: git switch -c temp
- name: Prepare environment
uses: ./.github/actions/prepare-env
with:
node-version: ${{ matrix.node-version }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
- name: Publish PR build to npm
uses: actions/github-script@v7
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
with:
github-token: ${{ secrets.BOT_TOKEN }}
result-encoding: string
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
return bot.packPr({github, context});
# #########################################################################
# Fix lint errors when an authorized person posts "@zwave-js-bot fix lint"
fix-lint:
if: |
contains(github.event.issue.html_url, '/pull/') &&
contains(github.event.comment.body, '@zwave-js-bot fix lint') &&
(github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]')
runs-on: [ubuntu-latest]
strategy:
matrix:
node-version: [18] # This should be LTS
steps:
- name: Checkout master branch
uses: actions/checkout@v4
with:
path: trusted
- name: Check user's permissions to do this
id: check-permissions
uses: actions/github-script@v7
with:
github-token: ${{secrets.BOT_TOKEN}}
result-encoding: string
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/trusted/.github/bot-scripts/index.js`);
return bot.checkAuthorized({github, context});
# These steps only run if the check was successful
- name: Retrieve PR information
if: steps.check-permissions.outputs.result == 'true'
id: pr-info
uses: actions/github-script@v7
with:
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/trusted/.github/bot-scripts/index.js`);
const result = await bot.getFixLintInfo({github, context});
console.dir(result);
return result || {pending: true};
- name: Download Lint patch
if: |
steps.check-permissions.outputs.result == 'true' &&
!fromJSON(steps.pr-info.outputs.result).pending
env:
PATCH_URL: ${{ fromJSON(steps.pr-info.outputs.result).patchUrl }}
run: |
mkdir -p patch
cd patch
curl "$PATCH_URL" -o patch.zip
unzip patch.zip
- name: Checkout pull request side by side
if: |
steps.check-permissions.outputs.result == 'true' &&
!fromJSON(steps.pr-info.outputs.result).pending
uses: actions/checkout@v4
with:
token: ${{secrets.BOT_TOKEN}}
repository: ${{ fromJSON(steps.pr-info.outputs.result).repoName }}
ref: ${{ fromJSON(steps.pr-info.outputs.result).headRef }}
path: untrusted
- name: Do the lint fix
if: |
steps.check-permissions.outputs.result == 'true' &&
!fromJSON(steps.pr-info.outputs.result).pending
working-directory: ./untrusted
id: fix
run: |
# Apply the patch
if ! git apply ../patch/fix.patch ; then
echo "result=error" >> $GITHUB_OUTPUT
exit 0
fi
# Check if something changed in the untrusted repo
cd ../untrusted
if ! git diff --quiet ; then
git config user.email "[email protected]"
git config user.name "Z-Wave JS Bot"
git add -A
git reset -- .github
git commit -m "style: fix lint"
git push
echo "result=ok" >> $GITHUB_OUTPUT
else
echo "result=unchanged" >> $GITHUB_OUTPUT
exit 0
fi
- name: Give feedback
if: steps.check-permissions.outputs.result == 'true'
uses: actions/github-script@v7
env:
FEEDBACK: ${{ steps.fix.outputs.result }}
PENDING: ${{ fromJSON(steps.pr-info.outputs.result).pending }}
with:
github-token: ${{secrets.BOT_TOKEN}}
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/trusted/.github/bot-scripts/index.js`);
return bot.fixLintFeedback({github, context});
# #########################################################################
# Rebase PR onto its target branch when an authorized person posts "@zwave-js-bot rebase"
rebase:
if: |
contains(github.event.issue.html_url, '/pull/') &&
contains(github.event.comment.body, '@zwave-js-bot rebase') &&
(github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]')
runs-on: [ubuntu-latest]
strategy:
matrix:
node-version: [18] # This should be LTS
steps:
- name: Checkout master branch
uses: actions/checkout@v4
- name: Check user's permissions to do this
id: check-permissions
uses: actions/github-script@v7
with:
github-token: ${{secrets.BOT_TOKEN}}
result-encoding: string
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
return bot.checkAuthorized({github, context});
# These steps only run if the check was successful
- name: Retrieve PR information
if: steps.check-permissions.outputs.result == 'true'
uses: actions/github-script@v7
id: get-pr
with:
script: |
const request = {
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number
}
core.info(`Getting PR #${request.pull_number} from ${request.owner}/${request.repo}`)
try {
const result = await github.rest.pulls.get(request)
return result.data
} catch (err) {
core.setFailed(`Request failed with error ${err}`)
}
- name: Save our CI scripts
if: steps.check-permissions.outputs.result == 'true'
run: |
mkdir -p /tmp/.github
cp -r .github/* /tmp/.github
- name: Checkout pull request
if: steps.check-permissions.outputs.result == 'true'
uses: actions/checkout@v4
with:
token: ${{secrets.BOT_TOKEN}}
repository: ${{ fromJSON(steps.get-pr.outputs.result).head.repo.full_name }}
ref: ${{ fromJSON(steps.get-pr.outputs.result).head.ref }}
- name: Restore our CI scripts
if: steps.check-permissions.outputs.result == 'true'
run: |
rm -rf .github
cp -r /tmp/.github .
- name: Rebase the branch
env:
# sanitize untrusted input by using an env variable
BRANCH: ${{ fromJSON(steps.get-pr.outputs.result).base.ref }}
if: steps.check-permissions.outputs.result == 'true'
id: fix
run: |
# Try to rebase
git fetch origin
if git rebase "origin/$BRANCH" ; then
# The rebase worked
git config user.email "[email protected]"
git config user.name "Z-Wave JS Bot"
git push -f
else
echo "result=error" >> $GITHUB_OUTPUT
fi
- name: Give feedback
if: steps.check-permissions.outputs.result == 'true'
uses: actions/github-script@v7
env:
FEEDBACK: ${{ steps.fix.outputs.result }}
with:
github-token: ${{secrets.BOT_TOKEN}}
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
return bot.rebaseFeedback({github, context});
# No longer needed
# # #########################################################################
# # Rename the single commit of a PR to the title when an authorized person posts "@zwave-js-bot rename commit"
# rename-commit:
# if: |
# contains(github.event.issue.html_url, '/pull/') &&
# contains(github.event.comment.body, '@zwave-js-bot rename commit') &&
# (github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]')
# runs-on: [ubuntu-latest]
# strategy:
# matrix:
# node-version: [18] # This should be LTS
# steps:
# - name: Checkout master branch
# uses: actions/checkout@v4
# - name: Check permissions and necessity
# id: check-permissions
# uses: actions/github-script@v7
# with:
# github-token: ${{secrets.BOT_TOKEN}}
# result-encoding: string
# script: |
# const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
# return (
# (await bot.checkAuthorized({github, context})) &&
# (await bot.renameCommitCheck({github, context}))
# );
# # These steps only run if the check was successful
# - name: Retrieve PR information
# if: steps.check-permissions.outputs.result == 'true'
# uses: actions/github-script@v7
# id: get-pr
# with:
# script: |
# const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
# return bot.renameCommitGetPRInfo({github, context});
# - name: Save our CI scripts
# if: steps.check-permissions.outputs.result == 'true'
# run: |
# mkdir -p /tmp/.github
# cp -r .github/* /tmp/.github
# - name: Checkout pull request
# if: steps.check-permissions.outputs.result == 'true'
# uses: actions/checkout@v4
# with:
# fetch-depth: 0 # Fetch the history, or this action will break everything!
# token: ${{secrets.BOT_TOKEN}}
# repository: ${{ fromJSON(steps.get-pr.outputs.result).repo }}
# ref: ${{ fromJSON(steps.get-pr.outputs.result).ref }}
# - name: Restore our CI scripts
# if: steps.check-permissions.outputs.result == 'true'
# run: |
# rm -rf .github
# cp -r /tmp/.github .
# - name: Rebase the branch
# env:
# # sanitize untrusted input by using an env variable
# TITLE: ${{ fromJSON(steps.get-pr.outputs.result).title }}
# if: steps.check-permissions.outputs.result == 'true'
# id: fix
# run: |
# # Try to reword the commit
# git config user.email "[email protected]"
# git config user.name "Z-Wave JS Bot"
# if git commit --amend -m "$TITLE" ; then
# # Amending the commit worked
# git push -f
# echo "result=success" >> $GITHUB_OUTPUT
# else
# echo "result=error" >> $GITHUB_OUTPUT
# fi
# - name: Give feedback
# if: steps.check-permissions.outputs.result == 'true'
# uses: actions/github-script@v7
# env:
# FEEDBACK: ${{ steps.fix.outputs.result }}
# with:
# github-token: ${{secrets.BOT_TOKEN}}
# script: |
# const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
# return bot.renameCommitFeedback({github, context});
# #########################################################################
# Imports a config file when an authorized person posts "@zwave-js-bot import config <device-id> from <source>"
import-config:
if: |
contains(github.event.issue.html_url, '/issues/') &&
contains(github.event.comment.body, '@zwave-js-bot import config') &&
(github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]')
runs-on: [ubuntu-latest]
strategy:
matrix:
node-version: [18] # This should be LTS
steps:
- name: Checkout master branch
uses: actions/checkout@v4
- name: Check user's permissions to do this
id: check-permissions
uses: actions/github-script@v7
with:
github-token: ${{secrets.BOT_TOKEN}}
result-encoding: string
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
return bot.checkAuthorized({github, context});
# These steps only run if the check was successful
- name: Prepare environment
if: steps.check-permissions.outputs.result == 'true'
uses: ./.github/actions/prepare-env
with:
node-version: ${{ matrix.node-version }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
- name: Compile TypeScript code
if: steps.check-permissions.outputs.result == 'true'
# We need this or the linter will complain about other stuff than the checks
run: yarn run build
- name: Get config file ID
if: steps.check-permissions.outputs.result == 'true'
id: config-id
uses: actions/github-script@v7
with:
github-token: ${{secrets.BOT_TOKEN}}
script: |
const body = context.payload.comment.body;
const match = /import config (?<ids>[a-z0-9_:, -]{1,}?) from (?<source>\w+)/.exec(body);
if (!match) return {skip: true};
return {
source: match.groups.source,
ids: match.groups.ids,
}
- name: Import config files
if: |
steps.check-permissions.outputs.result == 'true' &&
!fromJSON(steps.config-id.outputs.result).skip
id: import
env:
source: ${{ fromJSON(steps.config-id.outputs.result).source }}
ids: ${{ fromJSON(steps.config-id.outputs.result).ids }}
run: |
yarn run config import -s "$source" -Dd --ids "$ids"
branchname="import-config-$(date +'%s')"
commitmessage="feat(config): import config files from $source"
# Check if something changed
git config user.email "[email protected]"
git config user.name "Z-Wave JS Bot"
git checkout -b "$branchname"
git add -A
if ! git diff --quiet HEAD -- packages/config/config/devices/ ; then
git commit -m "$commitmessage"
git push --set-upstream origin "$branchname"
echo "result=success" >> $GITHUB_OUTPUT
echo "branchname=$branchname" >> $GITHUB_OUTPUT
echo "commitmessage=$commitmessage" >> $GITHUB_OUTPUT
else
echo "result=unchanged" >> $GITHUB_OUTPUT
exit 0
fi
- name: Create PR
if: steps.check-permissions.outputs.result == 'true'
uses: actions/github-script@v7
env:
RESULT: ${{ steps.import.outputs.result }}
branchname: ${{ steps.import.outputs.branchname }}
commitmessage: ${{ steps.import.outputs.commitmessage }}
with:
github-token: ${{secrets.BOT_TOKEN}}
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
return bot.importConfigCreatePR({github, context});
# #########################################################################
# Adds a compat flag to an existing file when an authorized person posts
# @zwave-js-bot add compat flag to <deviceId>
# ```
# mapBasicSet: "auto"
# ```
add-compat-flag:
if: |
contains(github.event.issue.html_url, '/issues/') &&
contains(github.event.comment.body, '@zwave-js-bot add compat flag') &&
(github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]')
runs-on: [ubuntu-latest]
strategy:
matrix:
node-version: [18] # This should be LTS
steps:
- name: Checkout master branch
uses: actions/checkout@v4
- name: Check user's permissions to do this
id: check-permissions
uses: actions/github-script@v7
with:
github-token: ${{secrets.BOT_TOKEN}}
result-encoding: string
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
return bot.checkAuthorized({github, context});
# These steps only run if the check was successful
- name: Prepare environment
if: steps.check-permissions.outputs.result == 'true'
uses: ./.github/actions/prepare-env
with:
node-version: ${{ matrix.node-version }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
- name: Compile TypeScript code
if: steps.check-permissions.outputs.result == 'true'
# We need this or the linter will complain about other stuff than the checks
run: yarn run build
- name: Parse command
if: steps.check-permissions.outputs.result == 'true'
id: parse-command
uses: actions/github-script@v7
with:
github-token: ${{secrets.BOT_TOKEN}}
script: |
const body = context.payload.comment.body;
const match1 = /add compat flag to `?(?<id>0x[0-9a-f]{4}:0x[0-9a-f]{4}:0x[0-9a-f]{4}(?::\d+\.\d+)?)`?\s/.exec(body);
const match2 = /```(?:jsonc?)?(?<flag>(?:.|\n|\r)*)```/.exec(body);
if (!match1 || !match2) return {skip: true};
return {
id: match1.groups.id,
flag: match2.groups.flag
}
- name: Add compat flag
if: |
steps.check-permissions.outputs.result == 'true' &&
!fromJSON(steps.parse-command.outputs.result).skip
uses: actions/github-script@v7
env:
id: ${{ fromJSON(steps.parse-command.outputs.result).id }}
flag: ${{ fromJSON(steps.parse-command.outputs.result).flag }}
with:
github-token: ${{secrets.BOT_TOKEN}}
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
return bot.addCompatFlag({github, context});
- name: Commit changes
if: |
steps.check-permissions.outputs.result == 'true' &&
!fromJSON(steps.parse-command.outputs.result).skip
id: commit-changes
env:
id: ${{ fromJSON(steps.parse-command.outputs.result).id }}
run: |
branchname="add-compat-flag-$(date +'%s')"
commitmessage="fix(config): add compat flag to $id"
# Check if something changed
git config user.email "[email protected]"
git config user.name "Z-Wave JS Bot"
git checkout -b "$branchname"
git add -A
if ! git diff --quiet HEAD -- packages/config/config/devices/ ; then
git commit -m "$commitmessage"
git push --set-upstream origin "$branchname"
echo "result=success" >> $GITHUB_OUTPUT
echo "branchname=$branchname" >> $GITHUB_OUTPUT
echo "commitmessage=$commitmessage" >> $GITHUB_OUTPUT
else
echo "result=unchanged" >> $GITHUB_OUTPUT
exit 0
fi
- name: Create PR
if: |
steps.check-permissions.outputs.result == 'true' &&
!fromJSON(steps.parse-command.outputs.result).skip
uses: actions/github-script@v7
env:
RESULT: ${{ steps.commit-changes.outputs.result }}
branchname: ${{ steps.commit-changes.outputs.branchname }}
commitmessage: ${{ steps.commit-changes.outputs.commitmessage }}
with:
github-token: ${{secrets.BOT_TOKEN}}
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
return bot.addCompatFlagCreatePR({github, context});
# #########################################################################
# Adds a fingerprint to an existing file when an authorized person posts
# @zwave-js-bot add fingerprint <newId> to <existingDeviceId>
add-fingerprint:
if: |
contains(github.event.issue.html_url, '/issues/') &&
contains(github.event.comment.body, '@zwave-js-bot add fingerprint') &&
(github.event.comment.user.login != 'zwave-js-bot' && github.event.comment.user.login != 'zwave-js-assistant[bot]')
runs-on: [ubuntu-latest]
strategy:
matrix:
node-version: [18] # This should be LTS
steps:
- name: Checkout master branch
uses: actions/checkout@v4
- name: Check user's permissions to do this
id: check-permissions
uses: actions/github-script@v7
with:
github-token: ${{secrets.BOT_TOKEN}}
result-encoding: string
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
return bot.checkAuthorized({github, context});
# These steps only run if the check was successful
- name: Prepare environment
if: steps.check-permissions.outputs.result == 'true'
uses: ./.github/actions/prepare-env
with:
node-version: ${{ matrix.node-version }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
- name: Compile TypeScript code
if: steps.check-permissions.outputs.result == 'true'
# We need this or the linter will complain about other stuff than the checks
run: yarn run build
- name: Parse command
if: steps.check-permissions.outputs.result == 'true'
id: parse-command
uses: actions/github-script@v7
with:
github-token: ${{secrets.BOT_TOKEN}}
script: |
const body = context.payload.comment.body;
const match = /add fingerprint `?(?<fingerprint>0x[0-9a-f]{4}:0x[0-9a-f]{4})`? to `?(?<id>0x[0-9a-f]{4}:0x[0-9a-f]{4}:0x[0-9a-f]{4}(?::\d+\.\d+)?)`?/.exec(body);
if (!match) return {skip: true};
return {
fingerprint: match.groups.fingerprint,
id: match.groups.id
}
- name: Add fingerprint
if: |
steps.check-permissions.outputs.result == 'true' &&
!fromJSON(steps.parse-command.outputs.result).skip
id: add-fingerprint
uses: actions/github-script@v7
env:
fingerprint: ${{ fromJSON(steps.parse-command.outputs.result).fingerprint }}
id: ${{ fromJSON(steps.parse-command.outputs.result).id }}
with:
github-token: ${{secrets.BOT_TOKEN}}
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
return bot.addFingerprint({github, context});
- name: Commit changes
if: |
steps.check-permissions.outputs.result == 'true' &&
!fromJSON(steps.parse-command.outputs.result).skip
id: commit-changes
env:
fingerprint: ${{ fromJSON(steps.parse-command.outputs.result).fingerprint }}
id: ${{ fromJSON(steps.parse-command.outputs.result).id }}
deviceLabel: ${{ steps.add-fingerprint.outputs.result }}
run: |
branchname="add-fingerprint-$(date +'%s')"
commitmessage="fix(config): add fingerprint \`$fingerprint\` to $deviceLabel"
# Check if something changed
git config user.email "[email protected]"
git config user.name "Z-Wave JS Bot"
git checkout -b "$branchname"
git add -A
if ! git diff --quiet HEAD -- packages/config/config/devices/ ; then
git commit -m "$commitmessage"
git push --set-upstream origin "$branchname"
echo "result=success" >> $GITHUB_OUTPUT
echo "branchname=$branchname" >> $GITHUB_OUTPUT
echo "commitmessage=$commitmessage" >> $GITHUB_OUTPUT
else
echo "result=unchanged" >> $GITHUB_OUTPUT
exit 0
fi
- name: Create PR
if: |
steps.check-permissions.outputs.result == 'true' &&
!fromJSON(steps.parse-command.outputs.result).skip
uses: actions/github-script@v7
env:
RESULT: ${{ steps.commit-changes.outputs.result }}
branchname: ${{ steps.commit-changes.outputs.branchname }}
commitmessage: ${{ steps.commit-changes.outputs.commitmessage }}
with:
github-token: ${{secrets.BOT_TOKEN}}
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.js`);
return bot.addFingerprintCreatePR({github, context});