B2500 [brave-cheerful-hedgehog-234] #9118
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build ESPHome Firmware | |
| run-name: > | |
| B2500 [${{ | |
| github.event.client_payload.identifier && | |
| github.event.client_payload.identifier || 'N/A' }}] | |
| on: | |
| repository_dispatch: | |
| types: | |
| - build_esphome | |
| jobs: | |
| build_esphome: | |
| runs-on: ubuntu-latest | |
| env: | |
| ENCRYPTED_ZIP_PASSWORD: ${{ github.event.client_payload.password }} | |
| ENCRYPTED_CONFIG: ${{ github.event.client_payload.config }} | |
| PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} | |
| S3_BUCKET: esphome-b2500-images | |
| AWS_REGION: eu-west-1 | |
| AUTOMATED_BUILD: 'true' | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| - name: Install dependencies | |
| run: npm install nunjucks | |
| - name: Decrypt the ZIP password | |
| id: decrypt_password | |
| run: | | |
| echo "${{ env.PRIVATE_KEY }}" > private_key.pem | |
| echo "${{ env.ENCRYPTED_ZIP_PASSWORD }}" > encrypted_password.txt | |
| DECRYPTED_PASSWORD=$(openssl rsautl -decrypt -inkey private_key.pem -in <(base64 -d encrypted_password.txt) -oaep) | |
| echo "PASSWORD=$DECRYPTED_PASSWORD" >> $GITHUB_ENV | |
| echo "::add-mask::$DECRYPTED_PASSWORD" | |
| - name: Install yq | |
| run: | | |
| wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/local/bin/yq | |
| chmod +x /usr/local/bin/yq | |
| shell: bash | |
| - name: Render ESPHome configuration | |
| id: generate_config | |
| run: | | |
| node scripts/render.js | |
| - name: Build firmware | |
| id: esphome-build | |
| uses: esphome/build-action@v7.1.0 | |
| with: | |
| yaml-file: device.yaml | |
| version: ${{ github.event.client_payload.esphome_version || '2025.12.4' }} | |
| continue-on-error: true | |
| - name: Debug on failure | |
| if: steps.esphome-build.outcome == 'failure' | |
| run: | | |
| echo "Build failed" | |
| echo "::group::Original Config File" | |
| cat config.json | |
| echo "::endgroup::" | |
| - name: Exit on build failure | |
| if: steps.esphome-build.outcome == 'failure' | |
| run: exit 1 | |
| - name: Zip the firmware with a password | |
| run: | | |
| zip -P "$PASSWORD" firmware.zip ${{ steps.esphome-build.outputs.name }}/* | |
| - name: Upload firmware artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: esphome-firmware-${{ github.event.client_payload.identifier }} | |
| path: firmware.zip | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Upload firmware to S3 | |
| run: | | |
| aws s3 cp firmware.zip s3://$S3_BUCKET/firmware/${{ github.event.client_payload.identifier }}.zip | |
| - name: Output firmware URL | |
| run: | | |
| echo "::notice::Firmware available at: https://$S3_BUCKET.s3.${{ env.AWS_REGION }}.amazonaws.com/firmware/${{ github.event.client_payload.identifier }}.zip" |