diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index d25b527..2cd5470 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -64,6 +64,10 @@ jobs: name: Build ${{ matrix.arch }} alpine ${{ matrix.version }} base image needs: init runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: write strategy: matrix: arch: ${{ fromJson(needs.init.outputs.architectures_alpine) }} @@ -72,13 +76,6 @@ jobs: - name: Checkout the repository uses: actions/checkout@v3 - - name: Login to DockerHub - if: github.event_name == 'release' - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GitHub Container Registry if: github.event_name == 'release' uses: docker/login-action@v2 @@ -97,12 +94,13 @@ jobs: fi - name: Build base image - uses: home-assistant/builder@2023.03.0 + uses: home-assistant/builder@2023.06.0 with: args: | $BUILD_ARGS \ --${{ matrix.arch }} \ --target /data/alpine \ + --cosign \ --release ${{ needs.init.outputs.release }} \ --base ${{ matrix.version }} env: @@ -112,6 +110,10 @@ jobs: name: Build ${{ matrix.arch }} debian ${{ matrix.version }} base image needs: init runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: write strategy: matrix: arch: ${{ fromJson(needs.init.outputs.architectures_debian) }} @@ -120,13 +122,6 @@ jobs: - name: Checkout the repository uses: actions/checkout@v3 - - name: Login to DockerHub - if: github.event_name == 'release' - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GitHub Container Registry if: github.event_name == 'release' uses: docker/login-action@v2 @@ -145,12 +140,13 @@ jobs: fi - name: Build base image - uses: home-assistant/builder@2023.03.0 + uses: home-assistant/builder@2023.06.0 with: args: | $BUILD_ARGS \ --${{ matrix.arch }} \ --target /data/debian \ + --cosign \ --release ${{ needs.init.outputs.release }} \ --version-from ${{ matrix.version }}-slim \ --base ${{ matrix.version }} @@ -161,6 +157,10 @@ jobs: name: Build ${{ matrix.arch }} ubuntu ${{ matrix.version }} base image needs: init runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: write strategy: matrix: arch: ${{ fromJson(needs.init.outputs.architectures_ubuntu) }} @@ -169,13 +169,6 @@ jobs: - name: Checkout the repository uses: actions/checkout@v3 - - name: Login to DockerHub - if: github.event_name == 'release' - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GitHub Container Registry if: github.event_name == 'release' uses: docker/login-action@v2 @@ -194,12 +187,13 @@ jobs: fi - name: Build base image - uses: home-assistant/builder@2023.03.0 + uses: home-assistant/builder@2023.06.0 with: args: | $BUILD_ARGS \ --${{ matrix.arch }} \ --target /data/ubuntu \ + --cosign \ --release ${{ needs.init.outputs.release }} \ --base ${{ matrix.version }} env: @@ -209,6 +203,10 @@ jobs: name: Build ${{ matrix.arch }} raspbian ${{ matrix.version }} base image needs: init runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: write strategy: matrix: arch: ${{ fromJson(needs.init.outputs.architectures_raspbian) }} @@ -217,13 +215,6 @@ jobs: - name: Checkout the repository uses: actions/checkout@v3 - - name: Login to DockerHub - if: github.event_name == 'release' - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GitHub Container Registry if: github.event_name == 'release' uses: docker/login-action@v2 @@ -242,12 +233,13 @@ jobs: fi - name: Build base image - uses: home-assistant/builder@2023.03.0 + uses: home-assistant/builder@2023.06.0 with: args: | $BUILD_ARGS \ --${{ matrix.arch }} \ --target /data/raspbian \ + --cosign \ --release ${{ needs.init.outputs.release }} \ --version-from ${{ matrix.version }}-slim \ --base ${{ matrix.version }} @@ -258,6 +250,10 @@ jobs: name: Build ${{ matrix.arch }} alpine ${{ matrix.version }} - python ${{ matrix.python }} base image needs: [init, build_alpine] runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: write strategy: matrix: arch: ${{ fromJson(needs.init.outputs.architectures_alpine) }} @@ -267,13 +263,6 @@ jobs: - name: Checkout the repository uses: actions/checkout@v3 - - name: Login to DockerHub - if: github.event_name == 'release' - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GitHub Container Registry if: github.event_name == 'release' uses: docker/login-action@v2 @@ -292,12 +281,13 @@ jobs: fi - name: Build base image - uses: home-assistant/builder@2023.03.0 + uses: home-assistant/builder@2023.06.0 with: args: | $BUILD_ARGS \ --${{ matrix.arch }} \ --target "/data/python/${{ matrix.python }}" \ + --cosign \ --release ${{ needs.init.outputs.release }} \ --version-from ${{ matrix.version }} \ --version ${{ matrix.python }} \ diff --git a/alpine/build.yaml b/alpine/build.yaml index f01a1c6..7fd2a19 100644 --- a/alpine/build.yaml +++ b/alpine/build.yaml @@ -1,5 +1,4 @@ -image: homeassistant/{arch}-base -shadow_repository: ghcr.io/home-assistant +image: ghcr.io/home-assistant/{arch}-base build_from: aarch64: "arm64v8/alpine:" armv7: "arm32v7/alpine:" diff --git a/debian/build.yaml b/debian/build.yaml index 356ea8b..7182527 100644 --- a/debian/build.yaml +++ b/debian/build.yaml @@ -1,5 +1,4 @@ -image: homeassistant/{arch}-base-debian -shadow_repository: ghcr.io/home-assistant +image: ghcr.io/home-assistant/{arch}-base-debian build_from: aarch64: "arm64v8/debian:" armv7: "arm32v7/debian:" diff --git a/python/3.10/build.yaml b/python/3.10/build.yaml index f531e0c..ffe479d 100644 --- a/python/3.10/build.yaml +++ b/python/3.10/build.yaml @@ -1,11 +1,10 @@ -image: homeassistant/{arch}-base-python -shadow_repository: ghcr.io/home-assistant +image: ghcr.io/home-assistant/{arch}-base-python build_from: - aarch64: "homeassistant/aarch64-base:" - armv7: "homeassistant/armv7-base:" - armhf: "homeassistant/armhf-base:" - amd64: "homeassistant/amd64-base:" - i386: "homeassistant/i386-base:" + aarch64: "ghcr.io/home-assistant/aarch64-base:" + armv7: "ghcr.io/home-assistant/armv7-base:" + armhf: "ghcr.io/home-assistant/armhf-base:" + amd64: "ghcr.io/home-assistant/amd64-base:" + i386: "ghcr.io/home-assistant/i386-base:" codenotary: signer: notary@home-assistant.io base_image: notary@home-assistant.io diff --git a/python/3.11/build.yaml b/python/3.11/build.yaml index a60206e..3da850f 100644 --- a/python/3.11/build.yaml +++ b/python/3.11/build.yaml @@ -1,11 +1,10 @@ -image: homeassistant/{arch}-base-python -shadow_repository: ghcr.io/home-assistant +image: ghcr.io/home-assistant/{arch}-base-python build_from: - aarch64: "homeassistant/aarch64-base:" - armv7: "homeassistant/armv7-base:" - armhf: "homeassistant/armhf-base:" - amd64: "homeassistant/amd64-base:" - i386: "homeassistant/i386-base:" + aarch64: "ghcr.io/home-assistant/aarch64-base:" + armv7: "ghcr.io/home-assistant/armv7-base:" + armhf: "ghcr.io/home-assistant/armhf-base:" + amd64: "ghcr.io/home-assistant/amd64-base:" + i386: "ghcr.io/home-assistant/i386-base:" codenotary: signer: notary@home-assistant.io base_image: notary@home-assistant.io diff --git a/python/3.9/build.yaml b/python/3.9/build.yaml index 9a94506..4c3432e 100644 --- a/python/3.9/build.yaml +++ b/python/3.9/build.yaml @@ -1,11 +1,10 @@ -image: homeassistant/{arch}-base-python -shadow_repository: ghcr.io/home-assistant +image: ghcr.io/home-assistant/{arch}-base-python build_from: - aarch64: "homeassistant/aarch64-base:" - armv7: "homeassistant/armv7-base:" - armhf: "homeassistant/armhf-base:" - amd64: "homeassistant/amd64-base:" - i386: "homeassistant/i386-base:" + aarch64: "ghcr.io/home-assistant/aarch64-base:" + armv7: "ghcr.io/home-assistant/armv7-base:" + armhf: "ghcr.io/home-assistant/armhf-base:" + amd64: "ghcr.io/home-assistant/amd64-base:" + i386: "ghcr.io/home-assistant/i386-base:" codenotary: signer: notary@home-assistant.io base_image: notary@home-assistant.io diff --git a/raspbian/build.yaml b/raspbian/build.yaml index d7e44bd..68e0761 100644 --- a/raspbian/build.yaml +++ b/raspbian/build.yaml @@ -1,5 +1,4 @@ -image: homeassistant/{arch}-base-raspbian -shadow_repository: ghcr.io/home-assistant +image: ghcr.io/home-assistant/{arch}-base-raspbian build_from: armhf: "tianon/raspbian:" codenotary: diff --git a/ubuntu/build.yaml b/ubuntu/build.yaml index 424d180..8243058 100644 --- a/ubuntu/build.yaml +++ b/ubuntu/build.yaml @@ -1,5 +1,4 @@ -image: homeassistant/{arch}-base-ubuntu -shadow_repository: ghcr.io/home-assistant +image: ghcr.io/home-assistant/{arch}-base-ubuntu build_from: aarch64: "arm64v8/ubuntu:" armv7: "arm32v7/ubuntu:"