Home Assistant Continuous Integration Workflow 2023
Overview
Previously, I was using TravisCI to perform checks on any changes to Home Assistant files.
Since then, TravisCI has introduced caps and pricing plans and on the free tier I ran out of credits very quickly which broke the deployment chain.
The build and test stage was never successful so it never moved onto telling Home Assistant to check if the changes need to be pulled in.
To get around this, I have moved from TravisCI to Github Actions which offers more generous runs.
Home Assistant Webhook
Everything in the previous is still relevant up to the Git Pull Add-on. The part from Travis CI automations should be removed / replaced with a new web hook trigger.
- id: "1613937312554"
alias: "^Home Assistant CI"
description: "https://community.home-assistant.io/t/guide-to-setting-up-a-fully-automated-ci-for-hassio/51576"
trigger:
- platform: webhook
webhook_id: git_pull
condition:
- condition: state
entity_id: input_boolean.enable_github_integration
state: "on"
action:
- choose:
- conditions:
- condition: template
value_template: "{{ trigger.json.key|string == states('input_text.github_pull_key') }}"
sequence:
- parallel:
- service: script.send_to_home_log
data:
message: "build :white_check_mark: passed. Pulling changes."
title: ":construction_worker: :hammer_and_wrench: GitHub"
- service: hassio.addon_start
data:
addon: core_git_pull
default:
- service: script.send_to_home_log
data:
message: "Build :white_check_mark: passed but ncorrect :key: key was sent."
title: ":warning: :construction_worker: :hammer_and_wrench: GitHub :warning:"
mode: single
This might not do anything but for my own peace of mind, I check for a password in the body of the web hook call. That way, if someone gets the end point, they would also have to pass a specific password or key to match.
Create a text helper with the ID input_text.github_pull_key and put a value in the helper. Make sure you have this to hand for the next part.
Create Github Action
Github Actions use YAML file to define a workflow. I created the file the root folder of my Home Assistant configuration folder: .github/workflows/main.yaml. Using my workflow as the example (found here):
- yamllint: check YAML files for syntax errors.
- remarklint: check markdown file syntax errors.
- ha-stable-check: run a Home Assistant configuration check against the latest stable version of Home Assistant.
- ha-future-checks: run a Home Assistant configuration check against the next version of Home Assistant.
- deploy: Call a webhook in Home Assistant if the build was successful
There are two environment variables for the deploy part that is needed. The URL for the webhook and the key set in the helper. The secret is set at the repository level so anyone who can manage the repository will be able to see or change the secrets. This is not ideal but it works if you’re the only one managing the repository.
Follwo the instructions here to create two secrets called DEPLOYMENT_URL with the webhook URL and PULL_KEY with the password/key set in the Home Assistant helper.
Testing
When a push is made, the action will trigger. A true test would be to push your commits.
Summary
It was fairly seemless to switch and most of the work done for TravisCI was applicable. I prefer the webhook method because it’s a push rather than a poll method to check whether a build has started or completed.
Pingback: Why I Moved From Zerotier To Tailscale | Danny Tsang