From 751de419a58fadf8f19fbb605bdc16d26bbbda31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cerm=C3=A1k?= Date: Tue, 31 Mar 2026 13:44:28 +0200 Subject: [PATCH] Migrate image build away from legacy builder action Migrate image build to new composite builder actions and publish multi-arch manifest combining all architecture into a single image reference. `BUILD_TYPE` was changed as the `base` type was unhandled by the version action and the version it produced for merges to master were literal `master`, and literal `merge` for PRs respectively. The `generic` type produces more sensible commit SHA for PRs and CalVer-based string for merges to master, which is reasonable for this image. The build now also runs on push to master without publishing the image, to keep the GHA cache warm. Closes home-assistant/epics#34 --- .github/renovate.json | 4 +- .github/workflows/builder.yml | 92 ++++++++++++++++++++++------------- Dockerfile | 21 +++++--- README.md | 5 +- build.yaml | 21 -------- 5 files changed, 77 insertions(+), 66 deletions(-) delete mode 100644 build.yaml diff --git a/.github/renovate.json b/.github/renovate.json index 6324fcfed..77f7ff485 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -4,9 +4,9 @@ "customManagers": [ { "customType": "regex", - "fileMatch": ["^build\\.yaml$"], + "fileMatch": ["^Dockerfile$"], "matchStrings": [ - "(?ghcr\\.io/home-assistant/[a-z0-9]+-base-python:(?[0-9\\.]+)-(?alpine[0-9\\.]+))-(?[0-9]+\\.[0-9]+\\.[0-9]+)" + "BUILD_FROM=(?ghcr\\.io/home-assistant/base-python:(?[0-9\\.]+)-(?alpine[0-9\\.]+))-(?[0-9]+\\.[0-9]+\\.[0-9]+)" ], "datasourceTemplate": "github-releases", "depNameTemplate": "home-assistant/docker-base" diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index 0f62d31bd..a88c5be54 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -3,53 +3,67 @@ name: Build base images on: pull_request: branches: ["master"] + push: + branches: ["master"] + paths: + - ".github/workflows/builder.yml" + - "Dockerfile" + - "patches/**" + - "requirements.txt" + - "rootfs/**" release: types: ["published"] env: - BUILD_TYPE: base + ARCHITECTURES: '["amd64", "aarch64"]' + BUILD_TYPE: generic + IMAGE_NAME: homeassistant-base + +permissions: + contents: read jobs: init: name: Initialize build runs-on: ubuntu-latest outputs: - architectures: ${{ steps.info.outputs.architectures }} version: ${{ steps.version.outputs.version }} + matrix: ${{ steps.matrix.outputs.matrix }} steps: - name: Checkout the repository - uses: actions/checkout@v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - name: Get information - id: info - uses: home-assistant/actions/helpers/info@master - - name: Get version id: version uses: home-assistant/actions/helpers/version@master with: type: ${{ env.BUILD_TYPE }} + - name: Get build matrix + id: matrix + uses: home-assistant/builder/actions/prepare-multi-arch-matrix@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2 + with: + architectures: ${{ env.ARCHITECTURES }} + image-name: ${{ env.IMAGE_NAME }} + build: name: Build ${{ matrix.arch }} base image needs: init - runs-on: ${{ matrix.runs-on }} + runs-on: ${{ matrix.os }} permissions: contents: read id-token: write packages: write strategy: - matrix: - arch: ${{ fromJson(needs.init.outputs.architectures) }} - include: - - runs-on: ubuntu-24.04 - - arch: aarch64 - runs-on: ubuntu-24.04-arm + fail-fast: false + matrix: ${{ fromJSON(needs.init.outputs.matrix) }} steps: - name: Checkout the repository - uses: actions/checkout@v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Check if requirements or workflow has changed uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47 @@ -71,25 +85,35 @@ jobs: apk: "mariadb-dev;postgresql-dev;libffi-dev" requirements: "requirements.txt" - - name: Login to GitHub Container Registry - if: github.event_name == 'release' - uses: docker/login-action@v4.0.0 + - name: Build base image + uses: home-assistant/builder/actions/build-image@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2 with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set build arguments - if: github.event_name != 'release' - run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV + arch: ${{ matrix.arch }} + container-registry-password: ${{ secrets.GITHUB_TOKEN }} + cosign-base-identity: 'https://github.com/home-assistant/docker-base/.*' + cosign-base-verify: ghcr.io/home-assistant/base-python:3.14-alpine3.22 + image: ${{ matrix.image }} + image-tags: | + ${{ needs.init.outputs.version }} + latest + push: ${{ github.event_name == 'release' }} + version: ${{ needs.init.outputs.version }} - - name: Build base image - uses: home-assistant/builder@2026.02.1 + manifest: + name: Publish multi-arch manifest + needs: [init, build] + if: github.event_name == 'release' + runs-on: ubuntu-latest + permissions: + id-token: write + packages: write + steps: + - name: Publish multi-arch manifest + uses: home-assistant/builder/actions/publish-multi-arch-manifest@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2 with: - image: ${{ matrix.arch }} - args: | - $BUILD_ARGS \ - --${{ matrix.arch }} \ - --target /data \ - --cosign \ - --generic ${{ needs.init.outputs.version }} + architectures: ${{ env.ARCHITECTURES }} + container-registry-password: ${{ secrets.GITHUB_TOKEN }} + image-name: ${{ env.IMAGE_NAME }} + image-tags: | + ${{ needs.init.outputs.version }} + latest diff --git a/Dockerfile b/Dockerfile index 6c725cfa4..78bc98228 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ -ARG BUILD_FROM +ARG BUILD_FROM=ghcr.io/home-assistant/base-python:3.14-alpine3.22-2026.03.1 #### ## Builder stage for ssocr, installs to /opt/ssocr FROM ${BUILD_FROM} AS ssocr-builder -ARG SSOCR_VERSION +ARG SSOCR_VERSION=2.25.1 ARG BUILD_FROM WORKDIR /tmp/ SHELL ["/bin/ash", "-o", "pipefail", "-c"] @@ -24,7 +24,7 @@ RUN mkdir /opt/ssocr /tmp/ssocr \ #### ## Builder stage for libcec, installs to /opt/libcec FROM ${BUILD_FROM} AS libcec-builder -ARG LIBCEC_VERSION +ARG LIBCEC_VERSION=7.1.1 ARG BUILD_FROM WORKDIR /tmp/ # hadolint ignore=DL3019 @@ -53,9 +53,9 @@ RUN python_version=$(python -c "import sys; print(f'{sys.version_info.major}.{sy # Build stage for PicoTTS, installs to /opt/picotts -# PicoTTS - it has no specific version - commit should be taken from build.json +# PicoTTS - it has no specific version, so use a pinned commit hash. FROM ${BUILD_FROM} AS picotts-builder -ARG PICOTTS_HASH +ARG PICOTTS_HASH=e3ba46009ee868911fa0b53db672a55f9cc13b1c ARG BUILD_FROM WORKDIR /tmp/ # hadolint ignore=DL3019 @@ -84,7 +84,7 @@ RUN git clone https://github.com/naggety/picotts.git pico \ # Build stage for Telldus, installs to /opt/telldus FROM ${BUILD_FROM} AS telldus-builder -ARG TELLDUS_COMMIT +ARG TELLDUS_COMMIT=2598bbed16ffd701f2a07c99582f057a3decbaf3 ARG BUILD_FROM WORKDIR /tmp/ COPY patches/telldus-fix-gcc-11-issues.patch /tmp/ @@ -179,3 +179,12 @@ COPY --link --from=telldus-builder /opt/telldus/ /usr/local/ ### # Base S6-Overlay COPY rootfs / + +LABEL \ + io.hass.type="homeassistant-base" \ + org.opencontainers.image.title="Home Assistant Core baseimage" \ + org.opencontainers.image.description="Baseimage for Home Assistant Core container/supervisor installation" \ + org.opencontainers.image.authors="The Home Assistant Authors" \ + org.opencontainers.image.url="https://www.home-assistant.io/" \ + org.opencontainers.image.documentation="https://www.home-assistant.io/docs/" \ + org.opencontainers.image.licenses="Apache License 2.0" diff --git a/README.md b/README.md index 9b3b396b6..ba529c82b 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,5 @@ # Docker Home Assistant containers -Base Images: -- ghcr.io/home-assistant/aarch64-homeassistant-base:_BASE-VERSION_ -- ghcr.io/home-assistant/amd64-homeassistant-base:_BASE-VERSION_ +Base Image: +- ghcr.io/home-assistant/homeassistant-base:_BASE-VERSION_ diff --git a/build.yaml b/build.yaml deleted file mode 100644 index dd5b22a9f..000000000 --- a/build.yaml +++ /dev/null @@ -1,21 +0,0 @@ -image: ghcr.io/home-assistant/{arch}-homeassistant-base -build_from: - aarch64: ghcr.io/home-assistant/aarch64-base-python:3.14-alpine3.22-2026.03.1 - amd64: ghcr.io/home-assistant/amd64-base-python:3.14-alpine3.22-2026.03.1 -cosign: - base_identity: https://github.com/home-assistant/docker-base/.* - identity: https://github.com/home-assistant/docker/.* -labels: - io.hass.type: homeassistant-base - org.opencontainers.image.title: Home Assistant Core baseimage - org.opencontainers.image.description: Baseimage for Home Assistant Core container/supervisor installation - org.opencontainers.image.source: https://github.com/home-assistant/docker - org.opencontainers.image.authors: The Home Assistant Authors - org.opencontainers.image.url: https://www.home-assistant.io/ - org.opencontainers.image.documentation: https://www.home-assistant.io/docs/ - org.opencontainers.image.licenses: Apache License 2.0 -args: - SSOCR_VERSION: 2.25.1 - LIBCEC_VERSION: 7.1.1 - TELLDUS_COMMIT: 2598bbed16ffd701f2a07c99582f057a3decbaf3 - PICOTTS_HASH: e3ba46009ee868911fa0b53db672a55f9cc13b1c