diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index 4a9b7033842..bcc7781866d 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -57,10 +57,10 @@ jobs: with: type: ${{ env.BUILD_TYPE }} - - name: Verify version - uses: home-assistant/actions/helpers/verify-version@master # zizmor: ignore[unpinned-uses] - with: - ignore-dev: true + # - name: Verify version + # uses: home-assistant/actions/helpers/verify-version@master # zizmor: ignore[unpinned-uses] + # with: + # ignore-dev: true - name: Fail if translations files are checked in run: | @@ -211,353 +211,353 @@ jobs: push: true version: ${{ needs.init.outputs.version }} - build_machine: - name: Build ${{ matrix.machine }} machine core image - if: github.repository_owner == 'home-assistant' - needs: ["init", "build_base"] - runs-on: ${{ matrix.runs-on }} - permissions: - contents: read # To check out the repository - packages: write # To push to GHCR - id-token: write # For cosign signing - strategy: - matrix: - machine: - - generic-x86-64 - - khadas-vim3 - - odroid-c2 - - odroid-c4 - - odroid-m1 - - odroid-n2 - - qemuarm-64 - - qemux86-64 - - raspberrypi3-64 - - raspberrypi4-64 - - raspberrypi5-64 - - yellow - - green - include: - # Default: aarch64 on native ARM runner - - arch: aarch64 - runs-on: ubuntu-24.04-arm - # Overrides for amd64 machines - - machine: generic-x86-64 - arch: amd64 - runs-on: ubuntu-24.04 - - machine: qemux86-64 - arch: amd64 - runs-on: ubuntu-24.04 - steps: - - name: Checkout the repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false + # build_machine: + # name: Build ${{ matrix.machine }} machine core image + # if: github.repository_owner == 'home-assistant' + # needs: ["init", "build_base"] + # runs-on: ${{ matrix.runs-on }} + # permissions: + # contents: read # To check out the repository + # packages: write # To push to GHCR + # id-token: write # For cosign signing + # strategy: + # matrix: + # machine: + # - generic-x86-64 + # - khadas-vim3 + # - odroid-c2 + # - odroid-c4 + # - odroid-m1 + # - odroid-n2 + # - qemuarm-64 + # - qemux86-64 + # - raspberrypi3-64 + # - raspberrypi4-64 + # - raspberrypi5-64 + # - yellow + # - green + # include: + # # Default: aarch64 on native ARM runner + # - arch: aarch64 + # runs-on: ubuntu-24.04-arm + # # Overrides for amd64 machines + # - machine: generic-x86-64 + # arch: amd64 + # runs-on: ubuntu-24.04 + # - machine: qemux86-64 + # arch: amd64 + # runs-on: ubuntu-24.04 + # steps: + # - name: Checkout the repository + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # with: + # persist-credentials: false - - name: Compute extra tags - id: tags - shell: bash - env: - VERSION: ${{ needs.init.outputs.version }} - run: | - if [[ "${VERSION}" =~ d ]]; then - echo "extra_tags=dev" >> "$GITHUB_OUTPUT" - elif [[ "${VERSION}" =~ b ]]; then - echo "extra_tags=beta" >> "$GITHUB_OUTPUT" - else - echo "extra_tags=stable" >> "$GITHUB_OUTPUT" - fi + # - name: Compute extra tags + # id: tags + # shell: bash + # env: + # VERSION: ${{ needs.init.outputs.version }} + # run: | + # if [[ "${VERSION}" =~ d ]]; then + # echo "extra_tags=dev" >> "$GITHUB_OUTPUT" + # elif [[ "${VERSION}" =~ b ]]; then + # echo "extra_tags=beta" >> "$GITHUB_OUTPUT" + # else + # echo "extra_tags=stable" >> "$GITHUB_OUTPUT" + # fi - - name: Build machine image - uses: home-assistant/builder/actions/build-image@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2 - with: - arch: ${{ matrix.arch }} - build-args: | - BUILD_FROM=ghcr.io/home-assistant/${{ matrix.arch }}-homeassistant:${{ needs.init.outputs.version }} - cache-gha: false - container-registry-password: ${{ secrets.GITHUB_TOKEN }} - context: machine/ - cosign-base-identity: "https://github.com/home-assistant/core/.*" - cosign-base-verify: ghcr.io/home-assistant/${{ matrix.arch }}-homeassistant:${{ needs.init.outputs.version }} - file: machine/${{ matrix.machine }} - image: ghcr.io/home-assistant/${{ matrix.machine }}-homeassistant - image-tags: | - ${{ needs.init.outputs.version }} - ${{ steps.tags.outputs.extra_tags }} - push: true - version: ${{ needs.init.outputs.version }} + # - name: Build machine image + # uses: home-assistant/builder/actions/build-image@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2 + # with: + # arch: ${{ matrix.arch }} + # build-args: | + # BUILD_FROM=ghcr.io/home-assistant/${{ matrix.arch }}-homeassistant:${{ needs.init.outputs.version }} + # cache-gha: false + # container-registry-password: ${{ secrets.GITHUB_TOKEN }} + # context: machine/ + # cosign-base-identity: "https://github.com/home-assistant/core/.*" + # cosign-base-verify: ghcr.io/home-assistant/${{ matrix.arch }}-homeassistant:${{ needs.init.outputs.version }} + # file: machine/${{ matrix.machine }} + # image: ghcr.io/home-assistant/${{ matrix.machine }}-homeassistant + # image-tags: | + # ${{ needs.init.outputs.version }} + # ${{ steps.tags.outputs.extra_tags }} + # push: true + # version: ${{ needs.init.outputs.version }} - publish_ha: - name: Publish version files - environment: ${{ needs.init.outputs.channel }} - if: github.repository_owner == 'home-assistant' - needs: ["init", "build_machine"] - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Checkout the repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false + # publish_ha: + # name: Publish version files + # environment: ${{ needs.init.outputs.channel }} + # if: github.repository_owner == 'home-assistant' + # needs: ["init", "build_machine"] + # runs-on: ubuntu-latest + # permissions: + # contents: read + # steps: + # - name: Checkout the repository + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # with: + # persist-credentials: false - - name: Initialize git - uses: home-assistant/actions/helpers/git-init@master # zizmor: ignore[unpinned-uses] - with: - name: ${{ secrets.GIT_NAME }} - email: ${{ secrets.GIT_EMAIL }} - token: ${{ secrets.GIT_TOKEN }} + # - name: Initialize git + # uses: home-assistant/actions/helpers/git-init@master # zizmor: ignore[unpinned-uses] + # with: + # name: ${{ secrets.GIT_NAME }} + # email: ${{ secrets.GIT_EMAIL }} + # token: ${{ secrets.GIT_TOKEN }} - - name: Update version file - uses: home-assistant/actions/helpers/version-push@master # zizmor: ignore[unpinned-uses] - with: - key: "homeassistant[]" - key-description: "Home Assistant Core" - version: ${{ needs.init.outputs.version }} - channel: ${{ needs.init.outputs.channel }} - exclude-list: '["odroid-xu","qemuarm","qemux86","raspberrypi","raspberrypi2","raspberrypi3","raspberrypi4","tinker"]' + # - name: Update version file + # uses: home-assistant/actions/helpers/version-push@master # zizmor: ignore[unpinned-uses] + # with: + # key: "homeassistant[]" + # key-description: "Home Assistant Core" + # version: ${{ needs.init.outputs.version }} + # channel: ${{ needs.init.outputs.channel }} + # exclude-list: '["odroid-xu","qemuarm","qemux86","raspberrypi","raspberrypi2","raspberrypi3","raspberrypi4","tinker"]' - - name: Update version file (stable -> beta) - if: needs.init.outputs.channel == 'stable' - uses: home-assistant/actions/helpers/version-push@master # zizmor: ignore[unpinned-uses] - with: - key: "homeassistant[]" - key-description: "Home Assistant Core" - version: ${{ needs.init.outputs.version }} - channel: beta - exclude-list: '["odroid-xu","qemuarm","qemux86","raspberrypi","raspberrypi2","raspberrypi3","raspberrypi4","tinker"]' + # - name: Update version file (stable -> beta) + # if: needs.init.outputs.channel == 'stable' + # uses: home-assistant/actions/helpers/version-push@master # zizmor: ignore[unpinned-uses] + # with: + # key: "homeassistant[]" + # key-description: "Home Assistant Core" + # version: ${{ needs.init.outputs.version }} + # channel: beta + # exclude-list: '["odroid-xu","qemuarm","qemux86","raspberrypi","raspberrypi2","raspberrypi3","raspberrypi4","tinker"]' - publish_container: - name: Publish meta container for ${{ matrix.registry }} - environment: ${{ needs.init.outputs.channel }} - if: github.repository_owner == 'home-assistant' - needs: ["init", "build_base"] - runs-on: ubuntu-latest - permissions: - contents: read # To check out the repository - packages: write # To push to GHCR - id-token: write # For cosign signing - strategy: - fail-fast: false - matrix: - registry: ["ghcr.io/home-assistant", "docker.io/homeassistant"] - steps: - - name: Install Cosign - uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0 - with: - cosign-release: "v2.5.3" + # publish_container: + # name: Publish meta container for ${{ matrix.registry }} + # environment: ${{ needs.init.outputs.channel }} + # if: github.repository_owner == 'home-assistant' + # needs: ["init", "build_base"] + # runs-on: ubuntu-latest + # permissions: + # contents: read # To check out the repository + # packages: write # To push to GHCR + # id-token: write # For cosign signing + # strategy: + # fail-fast: false + # matrix: + # registry: ["ghcr.io/home-assistant", "docker.io/homeassistant"] + # steps: + # - name: Install Cosign + # uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0 + # with: + # cosign-release: "v2.5.3" - - name: Login to DockerHub - if: matrix.registry == 'docker.io/homeassistant' - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + # - name: Login to DockerHub + # if: matrix.registry == 'docker.io/homeassistant' + # uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GitHub Container Registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} + # - name: Login to GitHub Container Registry + # uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + # with: + # registry: ghcr.io + # username: ${{ github.repository_owner }} + # password: ${{ secrets.GITHUB_TOKEN }} - - name: Verify architecture image signatures - shell: bash - env: - ARCHITECTURES: ${{ needs.init.outputs.architectures }} - VERSION: ${{ needs.init.outputs.version }} - run: | - ARCHS=$(echo "${ARCHITECTURES}" | jq -r '.[]') - for arch in $ARCHS; do - echo "Verifying ${arch} image signature..." - cosign verify \ - --certificate-oidc-issuer https://token.actions.githubusercontent.com \ - --certificate-identity-regexp https://github.com/home-assistant/core/.* \ - "ghcr.io/home-assistant/${arch}-homeassistant:${VERSION}" - done - echo "✓ All images verified successfully" + # - name: Verify architecture image signatures + # shell: bash + # env: + # ARCHITECTURES: ${{ needs.init.outputs.architectures }} + # VERSION: ${{ needs.init.outputs.version }} + # run: | + # ARCHS=$(echo "${ARCHITECTURES}" | jq -r '.[]') + # for arch in $ARCHS; do + # echo "Verifying ${arch} image signature..." + # cosign verify \ + # --certificate-oidc-issuer https://token.actions.githubusercontent.com \ + # --certificate-identity-regexp https://github.com/home-assistant/core/.* \ + # "ghcr.io/home-assistant/${arch}-homeassistant:${VERSION}" + # done + # echo "✓ All images verified successfully" - # Generate all Docker tags based on version string - # Version format: YYYY.MM.PATCH, YYYY.MM.PATCHbN (beta), or YYYY.MM.PATCH.devYYYYMMDDHHMM (dev) - # Examples: - # 2025.12.1 (stable) -> tags: 2025.12.1, 2025.12, stable, latest, beta, rc - # 2025.12.0b3 (beta) -> tags: 2025.12.0b3, beta, rc - # 2025.12.0.dev202511250240 -> tags: 2025.12.0.dev202511250240, dev - - name: Generate Docker metadata - id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 - with: - images: ${{ matrix.registry }}/home-assistant - sep-tags: "," - tags: | - type=raw,value=${{ needs.init.outputs.version }},priority=9999 - type=raw,value=dev,enable=${{ contains(needs.init.outputs.version, 'd') }} - type=raw,value=beta,enable=${{ !contains(needs.init.outputs.version, 'd') }} - type=raw,value=rc,enable=${{ !contains(needs.init.outputs.version, 'd') }} - type=raw,value=stable,enable=${{ !contains(needs.init.outputs.version, 'd') && !contains(needs.init.outputs.version, 'b') }} - type=raw,value=latest,enable=${{ !contains(needs.init.outputs.version, 'd') && !contains(needs.init.outputs.version, 'b') }} - type=semver,pattern={{major}}.{{minor}},value=${{ needs.init.outputs.version }},enable=${{ !contains(needs.init.outputs.version, 'd') && !contains(needs.init.outputs.version, 'b') }} + # # Generate all Docker tags based on version string + # # Version format: YYYY.MM.PATCH, YYYY.MM.PATCHbN (beta), or YYYY.MM.PATCH.devYYYYMMDDHHMM (dev) + # # Examples: + # # 2025.12.1 (stable) -> tags: 2025.12.1, 2025.12, stable, latest, beta, rc + # # 2025.12.0b3 (beta) -> tags: 2025.12.0b3, beta, rc + # # 2025.12.0.dev202511250240 -> tags: 2025.12.0.dev202511250240, dev + # - name: Generate Docker metadata + # id: meta + # uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + # with: + # images: ${{ matrix.registry }}/home-assistant + # sep-tags: "," + # tags: | + # type=raw,value=${{ needs.init.outputs.version }},priority=9999 + # type=raw,value=dev,enable=${{ contains(needs.init.outputs.version, 'd') }} + # type=raw,value=beta,enable=${{ !contains(needs.init.outputs.version, 'd') }} + # type=raw,value=rc,enable=${{ !contains(needs.init.outputs.version, 'd') }} + # type=raw,value=stable,enable=${{ !contains(needs.init.outputs.version, 'd') && !contains(needs.init.outputs.version, 'b') }} + # type=raw,value=latest,enable=${{ !contains(needs.init.outputs.version, 'd') && !contains(needs.init.outputs.version, 'b') }} + # type=semver,pattern={{major}}.{{minor}},value=${{ needs.init.outputs.version }},enable=${{ !contains(needs.init.outputs.version, 'd') && !contains(needs.init.outputs.version, 'b') }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v3.7.1 + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v3.7.1 - - name: Copy architecture images to DockerHub - if: matrix.registry == 'docker.io/homeassistant' - shell: bash - env: - ARCHITECTURES: ${{ needs.init.outputs.architectures }} - VERSION: ${{ needs.init.outputs.version }} - run: | - # Use imagetools to copy image blobs directly between registries - # This preserves provenance/attestations and seems to be much faster than pull/push - ARCHS=$(echo "${ARCHITECTURES}" | jq -r '.[]') - for arch in $ARCHS; do - echo "Copying ${arch} image to DockerHub..." - for attempt in 1 2 3; do - if docker buildx imagetools create \ - --tag "docker.io/homeassistant/${arch}-homeassistant:${VERSION}" \ - "ghcr.io/home-assistant/${arch}-homeassistant:${VERSION}"; then - break - fi - echo "Attempt ${attempt} failed, retrying in 10 seconds..." - sleep 10 - if [ "${attempt}" -eq 3 ]; then - echo "Failed after 3 attempts" - exit 1 - fi - done - cosign sign --yes "docker.io/homeassistant/${arch}-homeassistant:${VERSION}" - done + # - name: Copy architecture images to DockerHub + # if: matrix.registry == 'docker.io/homeassistant' + # shell: bash + # env: + # ARCHITECTURES: ${{ needs.init.outputs.architectures }} + # VERSION: ${{ needs.init.outputs.version }} + # run: | + # # Use imagetools to copy image blobs directly between registries + # # This preserves provenance/attestations and seems to be much faster than pull/push + # ARCHS=$(echo "${ARCHITECTURES}" | jq -r '.[]') + # for arch in $ARCHS; do + # echo "Copying ${arch} image to DockerHub..." + # for attempt in 1 2 3; do + # if docker buildx imagetools create \ + # --tag "docker.io/homeassistant/${arch}-homeassistant:${VERSION}" \ + # "ghcr.io/home-assistant/${arch}-homeassistant:${VERSION}"; then + # break + # fi + # echo "Attempt ${attempt} failed, retrying in 10 seconds..." + # sleep 10 + # if [ "${attempt}" -eq 3 ]; then + # echo "Failed after 3 attempts" + # exit 1 + # fi + # done + # cosign sign --yes "docker.io/homeassistant/${arch}-homeassistant:${VERSION}" + # done - - name: Create and push multi-arch manifests - shell: bash - env: - ARCHITECTURES: ${{ needs.init.outputs.architectures }} - REGISTRY: ${{ matrix.registry }} - VERSION: ${{ needs.init.outputs.version }} - META_TAGS: ${{ steps.meta.outputs.tags }} - run: | - # Build list of architecture images dynamically - ARCHS=$(echo "${ARCHITECTURES}" | jq -r '.[]') - ARCH_IMAGES=() - for arch in $ARCHS; do - ARCH_IMAGES+=("${REGISTRY}/${arch}-homeassistant:${VERSION}") - done + # - name: Create and push multi-arch manifests + # shell: bash + # env: + # ARCHITECTURES: ${{ needs.init.outputs.architectures }} + # REGISTRY: ${{ matrix.registry }} + # VERSION: ${{ needs.init.outputs.version }} + # META_TAGS: ${{ steps.meta.outputs.tags }} + # run: | + # # Build list of architecture images dynamically + # ARCHS=$(echo "${ARCHITECTURES}" | jq -r '.[]') + # ARCH_IMAGES=() + # for arch in $ARCHS; do + # ARCH_IMAGES+=("${REGISTRY}/${arch}-homeassistant:${VERSION}") + # done - # Build list of all tags for single manifest creation - # Note: Using sep-tags=',' in metadata-action for easier parsing - TAG_ARGS=() - IFS=',' read -ra TAGS <<< "${META_TAGS}" - for tag in "${TAGS[@]}"; do - TAG_ARGS+=("--tag" "${tag}") - done + # # Build list of all tags for single manifest creation + # # Note: Using sep-tags=',' in metadata-action for easier parsing + # TAG_ARGS=() + # IFS=',' read -ra TAGS <<< "${META_TAGS}" + # for tag in "${TAGS[@]}"; do + # TAG_ARGS+=("--tag" "${tag}") + # done - # Create manifest with ALL tags in a single operation (much faster!) - echo "Creating multi-arch manifest with tags: ${TAGS[*]}" - docker buildx imagetools create "${TAG_ARGS[@]}" "${ARCH_IMAGES[@]}" + # # Create manifest with ALL tags in a single operation (much faster!) + # echo "Creating multi-arch manifest with tags: ${TAGS[*]}" + # docker buildx imagetools create "${TAG_ARGS[@]}" "${ARCH_IMAGES[@]}" - # Sign each tag separately (signing requires individual tag names) - echo "Signing all tags..." - for tag in "${TAGS[@]}"; do - echo "Signing ${tag}" - cosign sign --yes "${tag}" - done + # # Sign each tag separately (signing requires individual tag names) + # echo "Signing all tags..." + # for tag in "${TAGS[@]}"; do + # echo "Signing ${tag}" + # cosign sign --yes "${tag}" + # done - echo "All manifests created and signed successfully" + # echo "All manifests created and signed successfully" - build_python: - name: Build PyPi package - environment: ${{ needs.init.outputs.channel }} - needs: ["init", "build_base"] - runs-on: ubuntu-latest - permissions: - contents: read # To check out the repository - id-token: write # For PyPI trusted publishing - if: github.repository_owner == 'home-assistant' && needs.init.outputs.publish == 'true' - steps: - - name: Checkout the repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false + # build_python: + # name: Build PyPi package + # environment: ${{ needs.init.outputs.channel }} + # needs: ["init", "build_base"] + # runs-on: ubuntu-latest + # permissions: + # contents: read # To check out the repository + # id-token: write # For PyPI trusted publishing + # if: github.repository_owner == 'home-assistant' && needs.init.outputs.publish == 'true' + # steps: + # - name: Checkout the repository + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # with: + # persist-credentials: false - - name: Set up Python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 - with: - python-version-file: ".python-version" + # - name: Set up Python + # uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + # with: + # python-version-file: ".python-version" - - name: Download translations - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 - with: - name: translations + # - name: Download translations + # uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + # with: + # name: translations - - name: Extract translations - run: | - tar xvf translations.tar.gz - rm translations.tar.gz + # - name: Extract translations + # run: | + # tar xvf translations.tar.gz + # rm translations.tar.gz - - name: Build package - shell: bash - run: | - # Remove dist, build, and homeassistant.egg-info - # when build locally for testing! - pip install build - python -m build + # - name: Build package + # shell: bash + # run: | + # # Remove dist, build, and homeassistant.egg-info + # # when build locally for testing! + # pip install build + # python -m build - - name: Upload package to PyPI - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 - with: - skip-existing: true + # - name: Upload package to PyPI + # uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 + # with: + # skip-existing: true - hassfest-image: - name: Build and test hassfest image - runs-on: ubuntu-latest - permissions: - contents: read # To check out the repository - packages: write # To push to GHCR - attestations: write # For build provenance attestation - id-token: write # For build provenance attestation - needs: ["init"] - if: github.repository_owner == 'home-assistant' - env: - HASSFEST_IMAGE_NAME: ghcr.io/home-assistant/hassfest - HASSFEST_IMAGE_TAG: ghcr.io/home-assistant/hassfest:${{ needs.init.outputs.version }} - steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false + # hassfest-image: + # name: Build and test hassfest image + # runs-on: ubuntu-latest + # permissions: + # contents: read # To check out the repository + # packages: write # To push to GHCR + # attestations: write # For build provenance attestation + # id-token: write # For build provenance attestation + # needs: ["init"] + # if: github.repository_owner == 'home-assistant' + # env: + # HASSFEST_IMAGE_NAME: ghcr.io/home-assistant/hassfest + # HASSFEST_IMAGE_TAG: ghcr.io/home-assistant/hassfest:${{ needs.init.outputs.version }} + # steps: + # - name: Checkout repository + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # with: + # persist-credentials: false - - name: Login to GitHub Container Registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} + # - name: Login to GitHub Container Registry + # uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + # with: + # registry: ghcr.io + # username: ${{ github.repository_owner }} + # password: ${{ secrets.GITHUB_TOKEN }} - - name: Build Docker image - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 - with: - context: . # So action will not pull the repository again - file: ./script/hassfest/docker/Dockerfile - load: true - tags: ${{ env.HASSFEST_IMAGE_TAG }} + # - name: Build Docker image + # uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + # with: + # context: . # So action will not pull the repository again + # file: ./script/hassfest/docker/Dockerfile + # load: true + # tags: ${{ env.HASSFEST_IMAGE_TAG }} - - name: Run hassfest against core - run: docker run --rm -v "${GITHUB_WORKSPACE}":/github/workspace "${HASSFEST_IMAGE_TAG}" --core-path=/github/workspace + # - name: Run hassfest against core + # run: docker run --rm -v "${GITHUB_WORKSPACE}":/github/workspace "${HASSFEST_IMAGE_TAG}" --core-path=/github/workspace - - name: Push Docker image - if: needs.init.outputs.channel != 'dev' && needs.init.outputs.publish == 'true' - id: push - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 - with: - context: . # So action will not pull the repository again - file: ./script/hassfest/docker/Dockerfile - push: true - tags: ${{ env.HASSFEST_IMAGE_TAG }},${{ env.HASSFEST_IMAGE_NAME }}:latest + # - name: Push Docker image + # if: needs.init.outputs.channel != 'dev' && needs.init.outputs.publish == 'true' + # id: push + # uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + # with: + # context: . # So action will not pull the repository again + # file: ./script/hassfest/docker/Dockerfile + # push: true + # tags: ${{ env.HASSFEST_IMAGE_TAG }},${{ env.HASSFEST_IMAGE_NAME }}:latest - - name: Generate artifact attestation - if: needs.init.outputs.channel != 'dev' && needs.init.outputs.publish == 'true' - uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0 - with: - subject-name: ${{ env.HASSFEST_IMAGE_NAME }} - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true + # - name: Generate artifact attestation + # if: needs.init.outputs.channel != 'dev' && needs.init.outputs.publish == 'true' + # uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0 + # with: + # subject-name: ${{ env.HASSFEST_IMAGE_NAME }} + # subject-digest: ${{ steps.push.outputs.digest }} + # push-to-registry: true