Skip to content

Commit f69fce6

Browse files
edenhausagners
edenhaus
and
agners
authored
Use buildx imagetools to copy base image to docker.io and enable provenance (home-assistant#157341)
Co-authored-by: Stefan Agner <[email protected]>
1 parent f758cfa commit f69fce6

File tree

1 file changed

+10
-11
lines changed

1 file changed

+10
-11
lines changed

.github/workflows/builder.yml

Lines changed: 10 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -229,7 +229,6 @@ jobs:
229229
file: ./Dockerfile
230230
platforms: ${{ steps.vars.outputs.platform }}
231231
push: true
232-
provenance: false
233232
cache-from: ${{ steps.cache.outcome == 'success' && steps.vars.outputs.cache_image || '' }}
234233
build-args: |
235234
BUILD_FROM=${{ steps.vars.outputs.base_image }}
@@ -366,7 +365,6 @@ jobs:
366365
password: ${{ secrets.DOCKERHUB_TOKEN }}
367366

368367
- name: Login to GitHub Container Registry
369-
if: matrix.registry == 'ghcr.io/home-assistant'
370368
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
371369
with:
372370
registry: ghcr.io
@@ -407,23 +405,24 @@ jobs:
407405
type=raw,value=latest,enable=${{ !contains(needs.init.outputs.version, 'd') && !contains(needs.init.outputs.version, 'b') }}
408406
type=semver,pattern={{major}}.{{minor}},value=${{ needs.init.outputs.version }},enable=${{ !contains(needs.init.outputs.version, 'd') && !contains(needs.init.outputs.version, 'b') }}
409407
410-
- name: Push architecture images to DockerHub
408+
- name: Set up Docker Buildx
409+
uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.7.1
410+
411+
- name: Copy architecture images to DockerHub
411412
if: matrix.registry == 'docker.io/homeassistant'
412413
shell: bash
413414
run: |
415+
# Use imagetools to copy image blobs directly between registries
416+
# This preserves provenance/attestations and seems to be much faster than pull/push
414417
ARCHS=$(echo '${{ needs.init.outputs.architectures }}' | jq -r '.[]')
415418
for arch in $ARCHS; do
416-
echo "Pushing ${arch} to DockerHub..."
417-
docker pull "ghcr.io/home-assistant/${arch}-homeassistant:${{ needs.init.outputs.version }}"
418-
docker tag "ghcr.io/home-assistant/${arch}-homeassistant:${{ needs.init.outputs.version }}" \
419-
"docker.io/homeassistant/${arch}-homeassistant:${{ needs.init.outputs.version }}"
420-
docker push "docker.io/homeassistant/${arch}-homeassistant:${{ needs.init.outputs.version }}"
419+
echo "Copying ${arch} image to DockerHub..."
420+
docker buildx imagetools create \
421+
--tag "docker.io/homeassistant/${arch}-homeassistant:${{ needs.init.outputs.version }}" \
422+
"ghcr.io/home-assistant/${arch}-homeassistant:${{ needs.init.outputs.version }}"
421423
cosign sign --yes "docker.io/homeassistant/${arch}-homeassistant:${{ needs.init.outputs.version }}"
422424
done
423425
424-
- name: Set up Docker Buildx
425-
uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.7.1
426-
427426
- name: Create and push multi-arch manifests
428427
shell: bash
429428
run: |

0 commit comments

Comments
 (0)