Skip to content

Refactor image build, create multi-arch images, drop Builder usage #347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sairon merged 24 commits into from
Mar 17, 2026
Merged

Refactor image build, create multi-arch images, drop Builder usage #347

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
23e02d9
Refactor image build, create multi-arch images, drop Builder usage
sairon Mar 3, 2026
a79a9a9
Add readme entry with instructions for local builds
sairon Mar 3, 2026
fb9b3d9
Extract workflow and action to the builder repo
sairon Mar 4, 2026
9d5fd38
Change underscores to dashes in workflow inputs
sairon Mar 4, 2026
faee5d2
Cleanup args in Python Dockerfiles
sairon Mar 4, 2026
ade0857
Add Supported platforms section to readme
sairon Mar 4, 2026
8470f0b
Clarify Alpine base for Python in readme example
sairon Mar 4, 2026
58e2b38
Explain permissions
sairon Mar 4, 2026
e6375ba
Update to match latest inputs, sort workflow inputs
sairon Mar 5, 2026
bcf14cf
Use local reusable workflow again
sairon Mar 5, 2026
94b9b2b
Update for latest builder changes
sairon Mar 10, 2026
9019660
Remove dropped multi-arch flag
sairon Mar 16, 2026
b2bc1fb
Merge remote-tracking branch 'origin/master' into use-no-builder
sairon Mar 17, 2026
bbe119b
Update S6 overlay, pip and Python to match master branch
sairon Mar 17, 2026
f4b29ae
Pin builder actions to release SHA
sairon Mar 17, 2026
5ac7e03
Remove redundant contents permissions for manifest job
sairon Mar 17, 2026
fb16c31
Scope permissions to jobs
sairon Mar 17, 2026
262d5b4
Expect TARGETARCH to be set by BuildKit
sairon Mar 17, 2026
95d2de9
Use builder actions 2026.03.1
sairon Mar 17, 2026
4c10a9c
Update reusable workflow description
sairon Mar 17, 2026
2055d46
Update the readme with expected release number
sairon Mar 17, 2026
a35150d
Fix image names for debian/ubuntu
sairon Mar 17, 2026
ce7b18b
Fix image names in examples, add paragraph about multi-platform builds
sairon Mar 17, 2026
54d26c6
Bump builder actions to 2026.03.2
sairon Mar 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
173 changes: 173 additions & 0 deletions .github/workflows/build-base-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
name: Reusable workflow for single multi-arch image build

on:
workflow_call:
inputs:
architectures:
description: Architectures to build (JSON array, e.g., '["amd64", "aarch64"]')
required: true
type: string
build-args:
description: Additional build arguments (key=value format, one per line)
required: false
default: ""
type: string
cache-gha:
description: Whether to use GitHub Actions cache for build caching
required: false
default: true
type: boolean
cache-gha-scope:
description: Scope for build cache sharing (defaults to architecture, set if building multiple images from a single repo)
required: false
default: ""
type: string
cache-image-tag:
description: Tag of the image containing BuildKit inline cache metadata
required: false
default: "latest"
type: string
context:
description: Build context path (usually the directory with Dockerfile)
required: true
type: string
cosign:
description: Whether to sign images with Cosign
required: false
default: true
type: boolean
cosign-base-identity:
description: Certificate identity regexp for verifying the base (FROM) image
required: false
default: ""
type: string
cosign-base-issuer:
description: Certificate OIDC issuer regexp for base image verification (defaults to cosign-issuer)
required: false
default: ""
type: string
cosign-base-verify:
description: Base image reference to verify with cosign before building
required: false
default: ""
type: string
cosign-identity:
description: Certificate identity regexp for verifying cache images (defaults to current repo pattern)
required: false
default: ""
type: string
cosign-issuer:
description: Certificate OIDC issuer regexp for all cosign verification
required: false
default: "https://token.actions.githubusercontent.com"
type: string
file:
description: Dockerfile path (defaults to "Dockerfile" in the context directory)
required: false
default: ""
type: string
image-name:
description: Image name without a tag (e.g., "base-python")
required: true
type: string
image-tags:
description: Image tags, one per line
required: true
type: string
labels:
description: Additional OCI labels (key=value format, one per line)
required: false
default: ""
type: string
multi-arch:
description: Prefix per-arch image names with architecture (required for multiple architectures)
required: false
default: true
type: boolean
push:
description: Whether to push images to registry
required: false
default: false
type: boolean
version:
description: Image version label
required: true
type: string

jobs:
prepare:
name: Prepare build matrix
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.prepare.outputs.matrix }}
steps:
- name: Prepare multi-arch matrix
id: prepare
uses: home-assistant/builder/actions/prepare-multi-arch-matrix@gha-builder
with:
architectures: ${{ inputs.architectures }}
image-name: ${{ inputs.image-name }}
multi-arch: ${{ inputs.multi-arch }}

build:
name: Build ${{ matrix.arch }} image
needs: prepare
runs-on: ${{ matrix.os }}
permissions:
contents: read
id-token: write
packages: write
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.prepare.outputs.matrix) }}
steps:
- name: Checkout the repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Build image
id: build
uses: home-assistant/builder/actions/build-image@gha-builder
with:
arch: ${{ matrix.arch }}
build-args: ${{ inputs.build-args }}
cache-gha: ${{ inputs.cache-gha }}
cache-gha-scope: ${{ inputs.cache-gha-scope }}
cache-image-tag: ${{ inputs.cache-image-tag }}
container-registry-password: ${{ secrets.GITHUB_TOKEN }}
context: ${{ inputs.context }}
cosign: ${{ inputs.cosign }}
cosign-base-identity: ${{ inputs.cosign-base-identity }}
cosign-base-issuer: ${{ inputs.cosign-base-issuer }}
cosign-base-verify: ${{ inputs.cosign-base-verify }}
cosign-identity: ${{ inputs.cosign-identity }}
cosign-issuer: ${{ inputs.cosign-issuer }}
file: ${{ inputs.file }}
image: ${{ matrix.image }}
image-tags: ${{ inputs.image-tags }}
labels: |
io.hass.base.arch=${{ matrix.arch }}
io.hass.base.version=${{ inputs.version }}
${{ inputs.labels }}
push: ${{ inputs.push }}
version: ${{ inputs.version }}

manifest:
name: Publish multi-arch manifest
if: inputs.push && inputs.multi-arch
needs: [prepare, build]
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
- name: Publish multi-arch manifest
uses: home-assistant/builder/actions/publish-multi-arch-manifest@gha-builder
with:
architectures: ${{ inputs.architectures }}
container-registry-password: ${{ secrets.GITHUB_TOKEN }}
cosign: ${{ inputs.cosign }}
image-name: ${{ inputs.image-name }}
image-tags: ${{ inputs.image-tags }}
Loading