diff --git a/.github/workflows/build-base-image.yml b/.github/workflows/build-base-image.yml new file mode 100644 index 00000000..3a617206 --- /dev/null +++ b/.github/workflows/build-base-image.yml @@ -0,0 +1,166 @@ +name: Reusable workflow building a multi-arch image + +on: + workflow_call: + inputs: + architectures: + description: Architectures to build (JSON array, e.g., '["amd64", "aarch64"]') + required: true + type: string + build-args: + description: Additional build arguments (key=value format, one per line) + required: false + default: "" + type: string + cache-gha: + description: Whether to use GitHub Actions cache for build caching + required: false + default: true + type: boolean + cache-gha-scope: + description: Scope for build cache sharing (defaults to architecture, set if building multiple images from a single repo) + required: false + default: "" + type: string + cache-image-tag: + description: Tag of the image containing BuildKit inline cache metadata + required: false + default: "latest" + type: string + context: + description: Build context path (usually the directory with Dockerfile) + required: true + type: string + cosign: + description: Whether to sign images with Cosign + required: false + default: true + type: boolean + cosign-base-identity: + description: Certificate identity regexp for verifying the base (FROM) image + required: false + default: "" + type: string + cosign-base-issuer: + description: Certificate OIDC issuer regexp for base image verification (defaults to cosign-issuer) + required: false + default: "" + type: string + cosign-base-verify: + description: Base image reference to verify with cosign before building + required: false + default: "" + type: string + cosign-identity: + description: Certificate identity regexp for verifying cache images (defaults to current repo pattern) + required: false + default: "" + type: string + cosign-issuer: + description: Certificate OIDC issuer regexp for all cosign verification + required: false + default: "https://token.actions.githubusercontent.com" + type: string + file: + description: Dockerfile path (defaults to "Dockerfile" in the context directory) + required: false + default: "" + type: string + image-name: + description: Image name without a tag (e.g., "base-python") + required: true + type: string + image-tags: + description: Image tags, one per line + required: true + type: string + labels: + description: Additional OCI labels (key=value format, one per line) + required: false + default: "" + type: string + push: + description: Whether to push images to registry + required: false + default: false + type: boolean + version: + description: Image version label + required: true + type: string + +jobs: + prepare: + name: Prepare build matrix + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.prepare.outputs.matrix }} + steps: + - name: Prepare multi-arch matrix + id: prepare + uses: home-assistant/builder/actions/prepare-multi-arch-matrix@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2 + with: + architectures: ${{ inputs.architectures }} + image-name: ${{ inputs.image-name }} + + build: + name: Build ${{ matrix.arch }} image + needs: prepare + runs-on: ${{ matrix.os }} + permissions: + contents: read + id-token: write + packages: write + strategy: + fail-fast: false + matrix: ${{ fromJSON(needs.prepare.outputs.matrix) }} + steps: + - name: Checkout the repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Build image + id: build + uses: home-assistant/builder/actions/build-image@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2 + with: + arch: ${{ matrix.arch }} + build-args: ${{ inputs.build-args }} + cache-gha: ${{ inputs.cache-gha }} + cache-gha-scope: ${{ inputs.cache-gha-scope }} + cache-image-tag: ${{ inputs.cache-image-tag }} + container-registry-password: ${{ secrets.GITHUB_TOKEN }} + context: ${{ inputs.context }} + cosign: ${{ inputs.cosign }} + cosign-base-identity: ${{ inputs.cosign-base-identity }} + cosign-base-issuer: ${{ inputs.cosign-base-issuer }} + cosign-base-verify: ${{ inputs.cosign-base-verify }} + cosign-identity: ${{ inputs.cosign-identity }} + cosign-issuer: ${{ inputs.cosign-issuer }} + file: ${{ inputs.file }} + image: ${{ matrix.image }} + image-tags: ${{ inputs.image-tags }} + labels: | + io.hass.base.arch=${{ matrix.arch }} + io.hass.base.version=${{ inputs.version }} + ${{ inputs.labels }} + push: ${{ inputs.push }} + version: ${{ inputs.version }} + + manifest: + name: Publish multi-arch manifest + if: inputs.push + needs: [prepare, build] + runs-on: ubuntu-latest + permissions: + id-token: write + packages: write + steps: + - name: Publish multi-arch manifest + uses: home-assistant/builder/actions/publish-multi-arch-manifest@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2 + with: + architectures: ${{ inputs.architectures }} + container-registry-password: ${{ secrets.GITHUB_TOKEN }} + cosign: ${{ inputs.cosign }} + image-name: ${{ inputs.image-name }} + image-tags: ${{ inputs.image-tags }} diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index b1b63825..f4d1cc22 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -1,13 +1,16 @@ name: Build base images on: + push: + branches: ["master"] pull_request: branches: ["master"] release: types: ["published"] env: - BUILD_TYPE: base + REGISTRY_PREFIX: ghcr.io/${{ github.repository_owner }} + ARCHITECTURES: '["amd64", "aarch64"]' ALPINE_LATEST: "3.23" DEBIAN_LATEST: "trixie" UBUNTU_LATEST: "24.04" @@ -17,113 +20,163 @@ jobs: init: name: Initialize build runs-on: ubuntu-latest + permissions: + contents: read outputs: - architectures_alpine: ${{ steps.info_alpine.outputs.architectures }} - architectures_debian: ${{ steps.info_debian.outputs.architectures }} - architectures_ubuntu: ${{ steps.info_ubuntu.outputs.architectures }} - release: ${{ steps.version.outputs.version }} - alpine_latest: ${{ steps.set-latest.outputs.alpine_latest}} - debian_latest: ${{ steps.set-latest.outputs.debian_latest}} - ubuntu_latest: ${{ steps.set-latest.outputs.ubuntu_latest}} - python_latest: ${{ steps.set-latest.outputs.python_latest}} + architectures: ${{ steps.meta.outputs.architectures }} + version: ${{ steps.meta.outputs.version }} + alpine_latest: ${{ steps.meta.outputs.alpine_latest }} + debian_latest: ${{ steps.meta.outputs.debian_latest }} + ubuntu_latest: ${{ steps.meta.outputs.ubuntu_latest }} + python_latest: ${{ steps.meta.outputs.python_latest }} + registry_prefix: ${{ steps.meta.outputs.registry_prefix }} + push: ${{ steps.meta.outputs.push }} steps: - - name: Checkout the repository - uses: actions/checkout@v6.0.2 - with: - fetch-depth: 0 - - - name: Get information Alpine - id: info_alpine - uses: home-assistant/actions/helpers/info@master - with: - path: "${{ github.workspace }}/alpine" - - - name: Get information Debian - id: info_debian - uses: home-assistant/actions/helpers/info@master - with: - path: "${{ github.workspace }}/debian" - - - name: Get information Ubuntu - id: info_ubuntu - uses: home-assistant/actions/helpers/info@master - with: - path: "${{ github.workspace }}/ubuntu" - - - name: Get version - id: version - uses: home-assistant/actions/helpers/version@master - with: - type: ${{ env.BUILD_TYPE }} - - - name: Set latest tags - id: set-latest + - name: Set build metadata + id: meta + shell: bash + env: + EVENT_NAME: ${{ github.event_name }} + RELEASE_TAG: ${{ github.event.release.tag_name }} + REGISTRY_PREFIX: ${{ env.REGISTRY_PREFIX }} + ARCHITECTURES: ${{ env.ARCHITECTURES }} + ALPINE_LATEST: ${{ env.ALPINE_LATEST }} + DEBIAN_LATEST: ${{ env.DEBIAN_LATEST }} + UBUNTU_LATEST: ${{ env.UBUNTU_LATEST }} + PYTHON_LATEST: ${{ env.PYTHON_LATEST }} run: | - echo "alpine_latest=${{ env.ALPINE_LATEST }}" >> $GITHUB_OUTPUT - echo "debian_latest=${{ env.DEBIAN_LATEST }}" >> $GITHUB_OUTPUT - echo "ubuntu_latest=${{ env.UBUNTU_LATEST }}" >> $GITHUB_OUTPUT - echo "python_latest=${{ env.PYTHON_LATEST }}" >> $GITHUB_OUTPUT + if [[ "${EVENT_NAME}" == "release" ]]; then + version="${RELEASE_TAG}" + push=true + else + version="${GITHUB_SHA::7}" + fi + + echo "architectures=${ARCHITECTURES}" >> "$GITHUB_OUTPUT" + echo "version=${version}" >> "$GITHUB_OUTPUT" + echo "push=${push}" >> "$GITHUB_OUTPUT" + echo "alpine_latest=${ALPINE_LATEST}" >> "$GITHUB_OUTPUT" + echo "debian_latest=${DEBIAN_LATEST}" >> "$GITHUB_OUTPUT" + echo "ubuntu_latest=${UBUNTU_LATEST}" >> "$GITHUB_OUTPUT" + echo "python_latest=${PYTHON_LATEST}" >> "$GITHUB_OUTPUT" + echo "registry_prefix=${REGISTRY_PREFIX}" >> "$GITHUB_OUTPUT" build_alpine: - name: Alpine ${{ matrix.version }} + name: Alpine ${{ matrix.alpine_version }} needs: init strategy: + fail-fast: false matrix: - version: ["3.21", "3.22", "3.23"] - uses: ./.github/workflows/reuseable-builder.yml + alpine_version: ["3.21", "3.22", "3.23"] + permissions: + contents: read + id-token: write # For cosign signing + packages: write # For pushing to registry + uses: ./.github/workflows/build-base-image.yml with: - target: alpine - architectures: ${{ needs.init.outputs.architectures_alpine }} - version: ${{ matrix.version }} - release_name: ${{ needs.init.outputs.release }} - tag_latest: ${{ needs.init.outputs.alpine_latest }} + architectures: ${{ needs.init.outputs.architectures }} + build-args: | + ALPINE_VERSION=${{ matrix.alpine_version }} + cache-gha-scope: alpine-${{ matrix.alpine_version }} + cache-image-tag: ${{ matrix.alpine_version }} + context: alpine + image-name: base + image-tags: | + ${{ matrix.alpine_version }} + ${{ matrix.alpine_version }}-${{ needs.init.outputs.version }} + ${{ matrix.alpine_version == needs.init.outputs.alpine_latest && 'latest' || '' }} + labels: | + io.hass.base.image=alpine:${{ matrix.alpine_version }} + push: ${{ needs.init.outputs.push == 'true' }} + version: ${{ needs.init.outputs.version }} build_debian: - name: Debian ${{ matrix.version }} + name: Debian ${{ matrix.debian_version }} needs: init strategy: fail-fast: false matrix: - version: ["bookworm", "trixie"] - uses: ./.github/workflows/reuseable-builder.yml + debian_version: ["bookworm", "trixie"] + permissions: + contents: read + id-token: write # For cosign signing + packages: write # For pushing to registry + uses: ./.github/workflows/build-base-image.yml with: - target: debian - architectures: ${{ needs.init.outputs.architectures_debian }} - version: ${{ matrix.version }} - release_name: ${{ needs.init.outputs.release }} - version_from: ${{ matrix.version }}-slim - tag_latest: ${{ needs.init.outputs.debian_latest }} + architectures: ${{ needs.init.outputs.architectures }} + build-args: | + DEBIAN_VERSION=${{ matrix.debian_version }} + cache-gha-scope: debian-${{ matrix.debian_version }} + cache-image-tag: ${{ matrix.debian_version }} + context: debian + image-name: base-debian + image-tags: | + ${{ matrix.debian_version }} + ${{ matrix.debian_version }}-${{ needs.init.outputs.version }} + ${{ matrix.debian_version == needs.init.outputs.debian_latest && 'latest' || '' }} + labels: | + io.hass.base.image=debian:${{ matrix.debian_version }}-slim + push: ${{ needs.init.outputs.push == 'true' }} + version: ${{ needs.init.outputs.version }} build_ubuntu: - name: Ubuntu ${{ matrix.version }} + name: Ubuntu ${{ matrix.ubuntu_version }} needs: init strategy: fail-fast: false matrix: - version: ["22.04", "24.04"] - uses: ./.github/workflows/reuseable-builder.yml + ubuntu_version: ["22.04", "24.04"] + permissions: + contents: read + id-token: write # For cosign signing + packages: write # For pushing to registry + uses: ./.github/workflows/build-base-image.yml with: - target: ubuntu - architectures: ${{ needs.init.outputs.architectures_ubuntu }} - version: ${{ matrix.version }} - release_name: ${{ needs.init.outputs.release }} - tag_latest: ${{ needs.init.outputs.ubuntu_latest }} + architectures: ${{ needs.init.outputs.architectures }} + build-args: | + UBUNTU_VERSION=${{ matrix.ubuntu_version }} + cache-gha-scope: ubuntu-${{ matrix.ubuntu_version }} + cache-image-tag: ${{ matrix.ubuntu_version }} + context: ubuntu + image-name: base-ubuntu + image-tags: | + ${{ matrix.ubuntu_version }} + ${{ matrix.ubuntu_version }}-${{ needs.init.outputs.version }} + ${{ matrix.ubuntu_version == needs.init.outputs.ubuntu_latest && 'latest' || '' }} + labels: | + io.hass.base.image=ubuntu:${{ matrix.ubuntu_version }} + push: ${{ needs.init.outputs.push == 'true' }} + version: ${{ needs.init.outputs.version }} build_python: - name: Alpine ${{ matrix.version }} - python ${{ matrix.python }} + name: Python ${{ matrix.python_version }} (Alpine ${{ matrix.alpine_version }}) needs: [init, build_alpine] strategy: fail-fast: false matrix: - version: ["3.21", "3.22", "3.23"] - python: ["3.12", "3.13", "3.14"] - uses: ./.github/workflows/reuseable-builder.yml + alpine_version: ["3.21", "3.22", "3.23"] + python_version: ["3.12", "3.13", "3.14"] + permissions: + contents: read + id-token: write # For cosign signing + packages: write # For pushing to registry + uses: ./.github/workflows/build-base-image.yml with: - target: python/${{ matrix.python }} - architectures: ${{ needs.init.outputs.architectures_alpine }} - version: ${{ matrix.version }} - python: ${{ matrix.python }} - release_name: ${{ needs.init.outputs.release }} - version_from: ${{ matrix.version }} - tag_latest: ${{ needs.init.outputs.alpine_latest }} - python_latest: ${{ needs.init.outputs.python_latest }} + architectures: ${{ needs.init.outputs.architectures }} + build-args: | + BASE_IMAGE=ghcr.io/${{ github.repository_owner }}/base + BASE_VERSION=${{ matrix.alpine_version }} + cache-gha-scope: python-${{ matrix.python_version }}-alpine${{ matrix.alpine_version }} + cache-image-tag: ${{ matrix.python_version }}-alpine${{ matrix.alpine_version }} + context: python/${{ matrix.python_version }} + cosign-base-identity: "https://github.com/${{ github.repository }}/.*" + cosign-base-verify: ghcr.io/${{ github.repository_owner }}/base:${{ matrix.alpine_version }} + image-name: base-python + image-tags: | + ${{ matrix.python_version }}-alpine${{ matrix.alpine_version }} + ${{ matrix.python_version }}-alpine${{ matrix.alpine_version }}-${{ needs.init.outputs.version }} + ${{ matrix.alpine_version == needs.init.outputs.alpine_latest && matrix.python_version == needs.init.outputs.python_latest && 'latest' || '' }} + labels: | + io.hass.base.image=ghcr.io/${{ github.repository_owner }}/base:${{ matrix.alpine_version }} + push: ${{ needs.init.outputs.push == 'true' }} + version: ${{ needs.init.outputs.version }} diff --git a/.github/workflows/reuseable-builder.yml b/.github/workflows/reuseable-builder.yml deleted file mode 100644 index 5ea04ad7..00000000 --- a/.github/workflows/reuseable-builder.yml +++ /dev/null @@ -1,102 +0,0 @@ -name: Reusable builder - -on: - workflow_call: - inputs: - target: - description: Target name - required: true - type: string - architectures: - description: List of architectures to build - required: true - type: string - version: - description: Version to build - required: true - type: string - python: - description: Python version to build - type: string - release_name: - description: Release name - required: true - type: string - version_from: - description: Version to build image from - type: string - tag_latest: - description: Tag to mark docker image as latest - required: true - type: string - python_latest: - description: Python tag to mark docker image as latest - type: string - -jobs: - build: - name: Build ${{ matrix.arch }} base image - runs-on: ${{ matrix.os }} - permissions: - contents: read - id-token: write - packages: write - strategy: - fail-fast: false - matrix: - arch: ${{ fromJson(inputs.architectures) }} - include: - - os: ubuntu-24.04 - - arch: aarch64 - os: ubuntu-24.04-arm - steps: - - name: Checkout the repository - uses: actions/checkout@v6.0.2 - - - name: Login to GitHub Container Registry - if: github.event_name == 'release' - uses: docker/login-action@v4 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set build arguments - shell: bash - run: | - if [[ "${{ github.event_name }}" == "release" ]]; then - if [[ -n "${{ inputs.python }}" ]]; then - BUILD_ARGS="--additional-tag ${{ inputs.python }}-alpine${{ inputs.version }}-${{ github.event.release.tag_name }}" - else - BUILD_ARGS="--additional-tag ${{ inputs.version }}-${{ github.event.release.tag_name }}" - fi - if [[ "${{ inputs.tag_latest }}" != "${{ inputs.version }}" ]] \ - || [[ -n "${{ inputs.python }}" && "${{ inputs.python_latest }}" != "${{ inputs.python }}" ]]; - then - BUILD_ARGS="$BUILD_ARGS --no-latest" - fi - else - BUILD_ARGS="--test" - fi - - if [[ -n "${{ inputs.version_from }}" ]]; then - BUILD_ARGS="$BUILD_ARGS --version-from ${{ inputs.version_from }}" - fi - if [[ -n "${{ inputs.python }}" ]]; then - BUILD_ARGS="$BUILD_ARGS --version ${{ inputs.python }} --base ${{ inputs.python }}-alpine${{ inputs.version }}" - else - BUILD_ARGS="$BUILD_ARGS --base ${{ inputs.version }}" - fi - - echo "BUILD_ARGS=$BUILD_ARGS" >> $GITHUB_ENV - - - name: Build base image - uses: home-assistant/builder@2026.02.1 - with: - image: ${{ matrix.arch }} - args: | - $BUILD_ARGS \ - --${{ matrix.arch }} \ - --target /data/${{ inputs.target }} \ - --cosign \ - --release ${{ inputs.release_name }} \ diff --git a/README.md b/README.md index b478b52e..fd037c07 100644 --- a/README.md +++ b/README.md @@ -7,14 +7,19 @@ Using these images as a base for other Docker projects is, however, not recommen The image include [S6-Overlay](https://github.com/just-containers/s6-overlay), [Bashio](https://github.com/hassio-addons/bashio) and [TempIO](https://github.com/home-assistant/tempio). +## Supported architectures + +Images are built for all platforms officially supported by Home Assistant, which are `amd64` and `arm64`. + +Beginning with the 2026.03.1 release, all images are published as multi-arch images for these platforms. The old architecture-prefixed images (`aarch64-*`, `amd64-*`) are still available but preferably the multi-arch images should be used. + ## Base images We support version that are not EOL: https://alpinelinux.org/releases/ | Image | OS | Tags | latest | |-------|----|------|--------| -| aarch64-base | Alpine | 3.21, 3.22, 3.23 | 3.23 | -| amd64-base | Alpine | 3.21, 3.22, 3.23 | 3.23 | +| base | Alpine | 3.21, 3.22, 3.23 | 3.23 | ### jemalloc @@ -26,8 +31,7 @@ We support the latest 3 release with the latest 3 Alpine version. | Image | OS | Python versions | Tags | latest | |-------|----|-----------------|------|--------| -| aarch64-base-python | Alpine | 3.12, 3.13, 3.14 | 3.12-alpine3.21, 3.12-alpine3.22, 3.12-alpine3.23, 3.13-alpine3.21, 3.13-alpine3.22, 3.13-alpine3.23, 3.14-alpine3.21, 3.14-alpine3.22, 3.14-alpine3.23 | 3.14-alpine3.23 | -| amd64-base-python | Alpine | 3.12, 3.13, 3.14 | 3.12-alpine3.21, 3.12-alpine3.22, 3.12-alpine3.23, 3.13-alpine3.21, 3.13-alpine3.22, 3.13-alpine3.23, 3.14-alpine3.21, 3.14-alpine3.22, 3.14-alpine3.23 | 3.14-alpine3.23 | +| base-python | Alpine | 3.12, 3.13, 3.14 | 3.12-alpine3.21, 3.12-alpine3.22, 3.12-alpine3.23, 3.13-alpine3.21, 3.13-alpine3.22, 3.13-alpine3.23, 3.14-alpine3.21, 3.14-alpine3.22, 3.14-alpine3.23 | 3.14-alpine3.23 | ## Others @@ -37,8 +41,7 @@ We support the latest 3 release with the latest 3 Alpine version. | Image | OS | Tags | latest | |-------|----|------|--------| -| aarch64-base-debian | Debian | bookworm, trixie | trixie | -| amd64-base-debian | Debian | bookworm, trixie | trixie | +| base-debian | Debian | bookworm, trixie | trixie | ### Ubuntu images @@ -46,5 +49,56 @@ We support the latest 3 release with the latest 3 Alpine version. | Image | OS | Tags | latest | |-------|----|------|--------| -| aarch64-base-ubuntu | Ubuntu | 22.04, 24.04 | 24.04 | -| amd64-base-ubuntu | Ubuntu | 22.04, 24.04 | 24.04 | +| base-ubuntu | Ubuntu | 22.04, 24.04 | 24.04 | + +## Building images locally + +Docker BuildKit (`docker buildx`) can be used for building the images locally without any extra tooling. Following are examples of building the images for a single (host) architecture. + + +For a multi-platform build or cross-compilation, use the `--platform` flag with the appropriate target platform. See the official Docker documentation on [multi-platform builds](https://docs.docker.com/build/building/multi-platform/) for more details. + +### Examples + +Alpine base using the default version from the Dockerfile: + +```bash +docker buildx build -t base alpine/ +``` + +To use a specific Alpine base version: + +```bash +docker buildx build \ + --build-arg ALPINE_VERSION=3.21 \ + -t base:3.21 \ + alpine/ +``` + +Debian base: + +```bash +docker buildx build \ + --build-arg DEBIAN_VERSION=trixie + -t base-debian:trixie \ + debian/ +``` + +Ubuntu base: + +```bash +docker buildx build \ + --build-arg UBUNTU_VERSION=24.04 \ + -t base-ubuntu:24.04 \ + ubuntu/ +``` + +Python 3.14 image, using the Home Assistant Alpine 3.23 base image from GHCR: + +```bash +docker buildx build \ + --build-arg BASE_IMAGE=ghcr.io/home-assistant/base \ + --build-arg BASE_VERSION=3.23 \ + -t base-python:3.14-alpine3.23 \ + python/3.14/ +``` diff --git a/alpine/Dockerfile b/alpine/Dockerfile index 33e784b0..870b551b 100644 --- a/alpine/Dockerfile +++ b/alpine/Dockerfile @@ -1,7 +1,6 @@ -ARG BUILD_FROM -# amd64: alpine:${VERSION} -# aarch64: arm64v8/alpine:${VERSION} - +ARG BASE_IMAGE=alpine +ARG ALPINE_VERSION=3.23 +ARG BUILD_FROM=${BASE_IMAGE}:${ALPINE_VERSION} FROM ${BUILD_FROM} # Default ENV @@ -16,19 +15,25 @@ ENV \ # Set shell SHELL ["/bin/ash", "-o", "pipefail", "-c"] -# Build Args -ARG \ - BASHIO_VERSION \ - TEMPIO_VERSION \ - S6_OVERLAY_VERSION \ - JEMALLOC_VERSION - # Base system WORKDIR /usr/src -ARG BUILD_ARCH + +ARG TARGETARCH +ARG BASHIO_VERSION=0.17.5 +ARG TEMPIO_VERSION=2024.11.2 +ARG S6_OVERLAY_VERSION=3.2.2.0 +ARG JEMALLOC_VERSION=5.3.0 RUN \ set -x \ + && if [ -z "${TARGETARCH}" ]; then \ + echo "TARGETARCH is not set, please use Docker BuildKit for the build." && exit 1; \ + fi \ + && case "${TARGETARCH}" in \ + amd64) TEMPIO_ARCH="amd64"; S6_ARCH="x86_64" ;; \ + arm64) TEMPIO_ARCH="aarch64"; S6_ARCH="aarch64" ;; \ + *) echo "Unsupported TARGETARCH: ${TARGETARCH}" && exit 1 ;; \ + esac \ && apk add --no-cache \ bash \ bind-tools \ @@ -44,12 +49,6 @@ RUN \ autoconf \ git \ \ - && if [ "${BUILD_ARCH}" = "amd64" ]; then \ - export S6_ARCH="x86_64"; \ - else \ - export S6_ARCH="${BUILD_ARCH}"; \ - fi \ - \ && curl -L -f -s "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" \ | tar Jxvf - -C / \ && curl -L -f -s "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" \ @@ -76,7 +75,7 @@ RUN \ && ln -s /usr/lib/bashio/bashio /usr/bin/bashio \ \ && curl -L -f -s -o /usr/bin/tempio \ - "https://github.com/home-assistant/tempio/releases/download/${TEMPIO_VERSION}/tempio_${BUILD_ARCH}" \ + "https://github.com/home-assistant/tempio/releases/download/${TEMPIO_VERSION}/tempio_${TEMPIO_ARCH}" \ && chmod a+x /usr/bin/tempio \ \ && apk del .build-deps \ @@ -88,3 +87,7 @@ COPY rootfs / # S6-Overlay WORKDIR / ENTRYPOINT ["/init"] + +LABEL \ + io.hass.type="base" \ + io.hass.base.name="alpine" diff --git a/alpine/build.yaml b/alpine/build.yaml deleted file mode 100644 index 94379bbc..00000000 --- a/alpine/build.yaml +++ /dev/null @@ -1,14 +0,0 @@ -image: ghcr.io/home-assistant/{arch}-base -build_from: - aarch64: "arm64v8/alpine:" - amd64: "alpine:" -cosign: - identity: https://github.com/home-assistant/docker-base/.* -args: - BASHIO_VERSION: 0.17.5 - TEMPIO_VERSION: 2024.11.2 - S6_OVERLAY_VERSION: 3.2.2.0 - JEMALLOC_VERSION: 5.3.0 -labels: - io.hass.base.name: alpine - org.opencontainers.image.source: https://github.com/home-assistant/docker-base diff --git a/debian/Dockerfile b/debian/Dockerfile index 2f94cbd1..7606a811 100644 --- a/debian/Dockerfile +++ b/debian/Dockerfile @@ -1,7 +1,6 @@ -ARG BUILD_FROM -# amd64: debian:${VERSION}-slim -# aarch64: arm64v8/debian:${VERSION}-slim - +ARG BASE_IMAGE=debian +ARG DEBIAN_VERSION=trixie +ARG BUILD_FROM=${BASE_IMAGE}:${DEBIAN_VERSION}-slim FROM ${BUILD_FROM} # Default ENV @@ -17,18 +16,24 @@ ENV \ # Set shell SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Build Args -ARG \ - BASHIO_VERSION \ - TEMPIO_VERSION \ - S6_OVERLAY_VERSION - # Base system WORKDIR /usr/src -ARG BUILD_ARCH + +ARG TARGETARCH +ARG BASHIO_VERSION=0.17.5 +ARG TEMPIO_VERSION=2024.11.2 +ARG S6_OVERLAY_VERSION=3.2.2.0 RUN \ set -x \ + && if [ -z "${TARGETARCH}" ]; then \ + echo "TARGETARCH is not set, please use Docker BuildKit for the build." && exit 1; \ + fi \ + && case "${TARGETARCH}" in \ + amd64) TEMPIO_ARCH="amd64"; S6_ARCH="x86_64" ;; \ + arm64) TEMPIO_ARCH="aarch64"; S6_ARCH="aarch64" ;; \ + *) echo "Unsupported TARGETARCH: ${TARGETARCH}" && exit 1 ;; \ + esac \ && apt-get update && apt-get install -y --no-install-recommends \ bash \ jq \ @@ -38,12 +43,6 @@ RUN \ xz-utils \ && mkdir -p /usr/share/man/man1 \ \ - && if [ "${BUILD_ARCH}" = "amd64" ]; then \ - export S6_ARCH="x86_64"; \ - else \ - export S6_ARCH="${BUILD_ARCH}"; \ - fi \ - \ && curl -L -f -s "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" \ | tar Jxvf - -C / \ && curl -L -f -s "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" \ @@ -56,7 +55,7 @@ RUN \ && mkdir -p /etc/services.d \ \ && curl -L -f -s -o /usr/bin/tempio \ - "https://github.com/home-assistant/tempio/releases/download/${TEMPIO_VERSION}/tempio_${BUILD_ARCH}" \ + "https://github.com/home-assistant/tempio/releases/download/${TEMPIO_VERSION}/tempio_${TEMPIO_ARCH}" \ && chmod a+x /usr/bin/tempio \ \ && mkdir -p /usr/src/bashio \ @@ -71,3 +70,7 @@ RUN \ # S6-Overlay WORKDIR / ENTRYPOINT ["/init"] + +LABEL \ + io.hass.type="base" \ + io.hass.base.name="debian" diff --git a/debian/build.yaml b/debian/build.yaml deleted file mode 100644 index 9140e279..00000000 --- a/debian/build.yaml +++ /dev/null @@ -1,13 +0,0 @@ -image: ghcr.io/home-assistant/{arch}-base-debian -build_from: - aarch64: "arm64v8/debian:" - amd64: "debian:" -cosign: - identity: https://github.com/home-assistant/docker-base/.* -args: - BASHIO_VERSION: 0.17.5 - TEMPIO_VERSION: 2024.11.2 - S6_OVERLAY_VERSION: 3.2.2.0 -labels: - io.hass.base.name: debian - org.opencontainers.image.source: https://github.com/home-assistant/docker-base diff --git a/python/3.12/Dockerfile b/python/3.12/Dockerfile index ffbda61a..d3552b95 100644 --- a/python/3.12/Dockerfile +++ b/python/3.12/Dockerfile @@ -1,10 +1,15 @@ +ARG BASE_IMAGE=ghcr.io/home-assistant/base +ARG BASE_VERSION=3.23 +ARG BUILD_FROM=${BASE_IMAGE}:${BASE_VERSION} +FROM ${BUILD_FROM} +# Redeclare for usage in base image labels +ARG BASE_IMAGE +ARG BASE_VERSION ARG BUILD_FROM -FROM $BUILD_FROM -ARG \ - PYTHON_VERSION \ - CERT_IDENTITY \ - CERT_OIDC_ISSUER +ARG PYTHON_VERSION=3.12.13 +ARG CERT_IDENTITY=thomas@python.org +ARG CERT_OIDC_ISSUER=https://accounts.google.com # ensure local python is preferred over distribution python ENV PATH=/usr/local/bin:$PATH @@ -106,9 +111,13 @@ RUN \ && ln -s python3 python \ && ln -s python3-config python-config -ARG PIP_VERSION +ARG PIP_VERSION=26.0.1 RUN set -ex; \ python -m ensurepip --upgrade --default-pip; \ pip3 install --no-cache-dir --upgrade pip=="${PIP_VERSION}"; \ pip --version + +LABEL \ + io.hass.type="base" \ + io.hass.base.name="python" diff --git a/python/3.12/build.yaml b/python/3.12/build.yaml deleted file mode 100644 index df14e073..00000000 --- a/python/3.12/build.yaml +++ /dev/null @@ -1,15 +0,0 @@ -image: ghcr.io/home-assistant/{arch}-base-python -build_from: - aarch64: "ghcr.io/home-assistant/aarch64-base:" - amd64: "ghcr.io/home-assistant/amd64-base:" -cosign: - base_identity: https://github.com/home-assistant/docker-base/.* - identity: https://github.com/home-assistant/docker-base/.* -args: - PYTHON_VERSION: "3.12.13" - PIP_VERSION: "26.0.1" - CERT_IDENTITY: thomas@python.org - CERT_OIDC_ISSUER: https://accounts.google.com -labels: - io.hass.base.name: python - org.opencontainers.image.source: https://github.com/home-assistant/docker-base diff --git a/python/3.13/Dockerfile b/python/3.13/Dockerfile index ffbda61a..fc8690fa 100644 --- a/python/3.13/Dockerfile +++ b/python/3.13/Dockerfile @@ -1,10 +1,11 @@ -ARG BUILD_FROM -FROM $BUILD_FROM +ARG BASE_IMAGE=ghcr.io/home-assistant/base +ARG BASE_VERSION=3.23 +ARG BUILD_FROM=${BASE_IMAGE}:${BASE_VERSION} +FROM ${BUILD_FROM} -ARG \ - PYTHON_VERSION \ - CERT_IDENTITY \ - CERT_OIDC_ISSUER +ARG PYTHON_VERSION=3.13.12 +ARG CERT_IDENTITY=thomas@python.org +ARG CERT_OIDC_ISSUER=https://accounts.google.com # ensure local python is preferred over distribution python ENV PATH=/usr/local/bin:$PATH @@ -106,9 +107,13 @@ RUN \ && ln -s python3 python \ && ln -s python3-config python-config -ARG PIP_VERSION +ARG PIP_VERSION=26.0.1 RUN set -ex; \ python -m ensurepip --upgrade --default-pip; \ pip3 install --no-cache-dir --upgrade pip=="${PIP_VERSION}"; \ pip --version + +LABEL \ + io.hass.type="base" \ + io.hass.base.name="python" diff --git a/python/3.13/build.yaml b/python/3.13/build.yaml deleted file mode 100644 index a2516e77..00000000 --- a/python/3.13/build.yaml +++ /dev/null @@ -1,15 +0,0 @@ -image: ghcr.io/home-assistant/{arch}-base-python -build_from: - aarch64: "ghcr.io/home-assistant/aarch64-base:" - amd64: "ghcr.io/home-assistant/amd64-base:" -cosign: - base_identity: https://github.com/home-assistant/docker-base/.* - identity: https://github.com/home-assistant/docker-base/.* -args: - PYTHON_VERSION: "3.13.12" - PIP_VERSION: "26.0.1" - CERT_IDENTITY: thomas@python.org - CERT_OIDC_ISSUER: https://accounts.google.com -labels: - io.hass.base.name: python - org.opencontainers.image.source: https://github.com/home-assistant/docker-base diff --git a/python/3.14/Dockerfile b/python/3.14/Dockerfile index d9a2cbef..11def3f4 100644 --- a/python/3.14/Dockerfile +++ b/python/3.14/Dockerfile @@ -1,10 +1,11 @@ -ARG BUILD_FROM -FROM $BUILD_FROM +ARG BASE_IMAGE=ghcr.io/home-assistant/base +ARG BASE_VERSION=3.23 +ARG BUILD_FROM=${BASE_IMAGE}:${BASE_VERSION} +FROM ${BUILD_FROM} -ARG \ - PYTHON_VERSION \ - CERT_IDENTITY \ - CERT_OIDC_ISSUER +ARG PYTHON_VERSION=3.14.3 +ARG CERT_IDENTITY=hugo@python.org +ARG CERT_OIDC_ISSUER=https://github.com/login/oauth # ensure local python is preferred over distribution python ENV PATH=/usr/local/bin:$PATH @@ -107,9 +108,13 @@ RUN \ && ln -s python3 python \ && ln -s python3-config python-config -ARG PIP_VERSION +ARG PIP_VERSION=26.0.1 RUN set -ex; \ python -m ensurepip --upgrade --default-pip; \ pip3 install --no-cache-dir --upgrade pip=="${PIP_VERSION}"; \ pip --version + +LABEL \ + io.hass.type="base" \ + io.hass.base.name="python" diff --git a/python/3.14/build.yaml b/python/3.14/build.yaml deleted file mode 100644 index 892291e6..00000000 --- a/python/3.14/build.yaml +++ /dev/null @@ -1,15 +0,0 @@ -image: ghcr.io/home-assistant/{arch}-base-python -build_from: - aarch64: "ghcr.io/home-assistant/aarch64-base:" - amd64: "ghcr.io/home-assistant/amd64-base:" -cosign: - base_identity: https://github.com/home-assistant/docker-base/.* - identity: https://github.com/home-assistant/docker-base/.* -args: - PYTHON_VERSION: "3.14.3" - PIP_VERSION: "26.0.1" - CERT_IDENTITY: hugo@python.org - CERT_OIDC_ISSUER: https://github.com/login/oauth -labels: - io.hass.base.name: python - org.opencontainers.image.source: https://github.com/home-assistant/docker-base diff --git a/ubuntu/Dockerfile b/ubuntu/Dockerfile index f97fb4d3..915fa839 100644 --- a/ubuntu/Dockerfile +++ b/ubuntu/Dockerfile @@ -1,7 +1,6 @@ -ARG BUILD_FROM -# amd64: ubuntu:${VERSION} -# aarch64: arm64v8/ubuntu:${VERSION} - +ARG BASE_IMAGE=ubuntu +ARG UBUNTU_VERSION=24.04 +ARG BUILD_FROM=${BASE_IMAGE}:${UBUNTU_VERSION} FROM ${BUILD_FROM} # Default ENV @@ -16,18 +15,24 @@ ENV \ # Set shell SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Version -ARG \ - BASHIO_VERSION \ - TEMPIO_VERSION \ - S6_OVERLAY_VERSION - # Base system WORKDIR /usr/src -ARG BUILD_ARCH + +ARG TARGETARCH +ARG BASHIO_VERSION=0.17.5 +ARG TEMPIO_VERSION=2024.11.2 +ARG S6_OVERLAY_VERSION=3.2.2.0 RUN \ set -x \ + && if [ -z "${TARGETARCH}" ]; then \ + echo "TARGETARCH is not set, please use Docker BuildKit for the build." && exit 1; \ + fi \ + && case "${TARGETARCH}" in \ + amd64) TEMPIO_ARCH="amd64"; S6_ARCH="x86_64" ;; \ + arm64) TEMPIO_ARCH="aarch64"; S6_ARCH="aarch64" ;; \ + *) echo "Unsupported TARGETARCH: ${TARGETARCH}" && exit 1 ;; \ + esac \ && apt-get update && apt-get install -y --no-install-recommends \ bash \ jq \ @@ -36,12 +41,6 @@ RUN \ ca-certificates \ xz-utils \ \ - && if [ "${BUILD_ARCH}" = "amd64" ]; then \ - export S6_ARCH="x86_64"; \ - else \ - export S6_ARCH="${BUILD_ARCH}"; \ - fi \ - \ && curl -L -f -s "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" \ | tar Jxvf - -C / \ && curl -L -f -s "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" \ @@ -54,7 +53,7 @@ RUN \ && mkdir -p /etc/services.d \ \ && curl -L -f -s -o /usr/bin/tempio \ - "https://github.com/home-assistant/tempio/releases/download/${TEMPIO_VERSION}/tempio_${BUILD_ARCH}" \ + "https://github.com/home-assistant/tempio/releases/download/${TEMPIO_VERSION}/tempio_${TEMPIO_ARCH}" \ && chmod a+x /usr/bin/tempio \ \ && mkdir -p /usr/src/bashio \ @@ -69,3 +68,7 @@ RUN \ # S6-Overlay WORKDIR / ENTRYPOINT ["/init"] + +LABEL \ + io.hass.type="base" \ + io.hass.base.name="ubuntu" diff --git a/ubuntu/build.yaml b/ubuntu/build.yaml deleted file mode 100644 index 0f541d77..00000000 --- a/ubuntu/build.yaml +++ /dev/null @@ -1,13 +0,0 @@ -image: ghcr.io/home-assistant/{arch}-base-ubuntu -build_from: - aarch64: "arm64v8/ubuntu:" - amd64: "ubuntu:" -cosign: - identity: https://github.com/home-assistant/docker-base/.* -args: - BASHIO_VERSION: 0.17.5 - TEMPIO_VERSION: 2024.11.2 - S6_OVERLAY_VERSION: 3.2.2.0 -labels: - io.hass.base.name: ubuntu - org.opencontainers.image.source: https://github.com/home-assistant/docker-base