diff --git a/.github/renovate.json b/.github/renovate.json index 6324fcfed..77f7ff485 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -4,9 +4,9 @@ "customManagers": [ { "customType": "regex", - "fileMatch": ["^build\\.yaml$"], + "fileMatch": ["^Dockerfile$"], "matchStrings": [ - "(?ghcr\\.io/home-assistant/[a-z0-9]+-base-python:(?[0-9\\.]+)-(?alpine[0-9\\.]+))-(?[0-9]+\\.[0-9]+\\.[0-9]+)" + "BUILD_FROM=(?ghcr\\.io/home-assistant/base-python:(?[0-9\\.]+)-(?alpine[0-9\\.]+))-(?[0-9]+\\.[0-9]+\\.[0-9]+)" ], "datasourceTemplate": "github-releases", "depNameTemplate": "home-assistant/docker-base" diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index 0f62d31bd..a88c5be54 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -3,53 +3,67 @@ name: Build base images on: pull_request: branches: ["master"] + push: + branches: ["master"] + paths: + - ".github/workflows/builder.yml" + - "Dockerfile" + - "patches/**" + - "requirements.txt" + - "rootfs/**" release: types: ["published"] env: - BUILD_TYPE: base + ARCHITECTURES: '["amd64", "aarch64"]' + BUILD_TYPE: generic + IMAGE_NAME: homeassistant-base + +permissions: + contents: read jobs: init: name: Initialize build runs-on: ubuntu-latest outputs: - architectures: ${{ steps.info.outputs.architectures }} version: ${{ steps.version.outputs.version }} + matrix: ${{ steps.matrix.outputs.matrix }} steps: - name: Checkout the repository - uses: actions/checkout@v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - name: Get information - id: info - uses: home-assistant/actions/helpers/info@master - - name: Get version id: version uses: home-assistant/actions/helpers/version@master with: type: ${{ env.BUILD_TYPE }} + - name: Get build matrix + id: matrix + uses: home-assistant/builder/actions/prepare-multi-arch-matrix@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2 + with: + architectures: ${{ env.ARCHITECTURES }} + image-name: ${{ env.IMAGE_NAME }} + build: name: Build ${{ matrix.arch }} base image needs: init - runs-on: ${{ matrix.runs-on }} + runs-on: ${{ matrix.os }} permissions: contents: read id-token: write packages: write strategy: - matrix: - arch: ${{ fromJson(needs.init.outputs.architectures) }} - include: - - runs-on: ubuntu-24.04 - - arch: aarch64 - runs-on: ubuntu-24.04-arm + fail-fast: false + matrix: ${{ fromJSON(needs.init.outputs.matrix) }} steps: - name: Checkout the repository - uses: actions/checkout@v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Check if requirements or workflow has changed uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47 @@ -71,25 +85,35 @@ jobs: apk: "mariadb-dev;postgresql-dev;libffi-dev" requirements: "requirements.txt" - - name: Login to GitHub Container Registry - if: github.event_name == 'release' - uses: docker/login-action@v4.0.0 + - name: Build base image + uses: home-assistant/builder/actions/build-image@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2 with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set build arguments - if: github.event_name != 'release' - run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV + arch: ${{ matrix.arch }} + container-registry-password: ${{ secrets.GITHUB_TOKEN }} + cosign-base-identity: 'https://github.com/home-assistant/docker-base/.*' + cosign-base-verify: ghcr.io/home-assistant/base-python:3.14-alpine3.22 + image: ${{ matrix.image }} + image-tags: | + ${{ needs.init.outputs.version }} + latest + push: ${{ github.event_name == 'release' }} + version: ${{ needs.init.outputs.version }} - - name: Build base image - uses: home-assistant/builder@2026.02.1 + manifest: + name: Publish multi-arch manifest + needs: [init, build] + if: github.event_name == 'release' + runs-on: ubuntu-latest + permissions: + id-token: write + packages: write + steps: + - name: Publish multi-arch manifest + uses: home-assistant/builder/actions/publish-multi-arch-manifest@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2 with: - image: ${{ matrix.arch }} - args: | - $BUILD_ARGS \ - --${{ matrix.arch }} \ - --target /data \ - --cosign \ - --generic ${{ needs.init.outputs.version }} + architectures: ${{ env.ARCHITECTURES }} + container-registry-password: ${{ secrets.GITHUB_TOKEN }} + image-name: ${{ env.IMAGE_NAME }} + image-tags: | + ${{ needs.init.outputs.version }} + latest diff --git a/Dockerfile b/Dockerfile index 6c725cfa4..78bc98228 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ -ARG BUILD_FROM +ARG BUILD_FROM=ghcr.io/home-assistant/base-python:3.14-alpine3.22-2026.03.1 #### ## Builder stage for ssocr, installs to /opt/ssocr FROM ${BUILD_FROM} AS ssocr-builder -ARG SSOCR_VERSION +ARG SSOCR_VERSION=2.25.1 ARG BUILD_FROM WORKDIR /tmp/ SHELL ["/bin/ash", "-o", "pipefail", "-c"] @@ -24,7 +24,7 @@ RUN mkdir /opt/ssocr /tmp/ssocr \ #### ## Builder stage for libcec, installs to /opt/libcec FROM ${BUILD_FROM} AS libcec-builder -ARG LIBCEC_VERSION +ARG LIBCEC_VERSION=7.1.1 ARG BUILD_FROM WORKDIR /tmp/ # hadolint ignore=DL3019 @@ -53,9 +53,9 @@ RUN python_version=$(python -c "import sys; print(f'{sys.version_info.major}.{sy # Build stage for PicoTTS, installs to /opt/picotts -# PicoTTS - it has no specific version - commit should be taken from build.json +# PicoTTS - it has no specific version, so use a pinned commit hash. FROM ${BUILD_FROM} AS picotts-builder -ARG PICOTTS_HASH +ARG PICOTTS_HASH=e3ba46009ee868911fa0b53db672a55f9cc13b1c ARG BUILD_FROM WORKDIR /tmp/ # hadolint ignore=DL3019 @@ -84,7 +84,7 @@ RUN git clone https://github.com/naggety/picotts.git pico \ # Build stage for Telldus, installs to /opt/telldus FROM ${BUILD_FROM} AS telldus-builder -ARG TELLDUS_COMMIT +ARG TELLDUS_COMMIT=2598bbed16ffd701f2a07c99582f057a3decbaf3 ARG BUILD_FROM WORKDIR /tmp/ COPY patches/telldus-fix-gcc-11-issues.patch /tmp/ @@ -179,3 +179,12 @@ COPY --link --from=telldus-builder /opt/telldus/ /usr/local/ ### # Base S6-Overlay COPY rootfs / + +LABEL \ + io.hass.type="homeassistant-base" \ + org.opencontainers.image.title="Home Assistant Core baseimage" \ + org.opencontainers.image.description="Baseimage for Home Assistant Core container/supervisor installation" \ + org.opencontainers.image.authors="The Home Assistant Authors" \ + org.opencontainers.image.url="https://www.home-assistant.io/" \ + org.opencontainers.image.documentation="https://www.home-assistant.io/docs/" \ + org.opencontainers.image.licenses="Apache License 2.0" diff --git a/README.md b/README.md index 9b3b396b6..ba529c82b 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,5 @@ # Docker Home Assistant containers -Base Images: -- ghcr.io/home-assistant/aarch64-homeassistant-base:_BASE-VERSION_ -- ghcr.io/home-assistant/amd64-homeassistant-base:_BASE-VERSION_ +Base Image: +- ghcr.io/home-assistant/homeassistant-base:_BASE-VERSION_ diff --git a/build.yaml b/build.yaml deleted file mode 100644 index dd5b22a9f..000000000 --- a/build.yaml +++ /dev/null @@ -1,21 +0,0 @@ -image: ghcr.io/home-assistant/{arch}-homeassistant-base -build_from: - aarch64: ghcr.io/home-assistant/aarch64-base-python:3.14-alpine3.22-2026.03.1 - amd64: ghcr.io/home-assistant/amd64-base-python:3.14-alpine3.22-2026.03.1 -cosign: - base_identity: https://github.com/home-assistant/docker-base/.* - identity: https://github.com/home-assistant/docker/.* -labels: - io.hass.type: homeassistant-base - org.opencontainers.image.title: Home Assistant Core baseimage - org.opencontainers.image.description: Baseimage for Home Assistant Core container/supervisor installation - org.opencontainers.image.source: https://github.com/home-assistant/docker - org.opencontainers.image.authors: The Home Assistant Authors - org.opencontainers.image.url: https://www.home-assistant.io/ - org.opencontainers.image.documentation: https://www.home-assistant.io/docs/ - org.opencontainers.image.licenses: Apache License 2.0 -args: - SSOCR_VERSION: 2.25.1 - LIBCEC_VERSION: 7.1.1 - TELLDUS_COMMIT: 2598bbed16ffd701f2a07c99582f057a3decbaf3 - PICOTTS_HASH: e3ba46009ee868911fa0b53db672a55f9cc13b1c