Migrate builder workflow to new builder actions (#187)

sairon · web-flow · commit 20b683c742a4 · 2026-03-23T17:36:01.000+01:00
* Migrate builder workflow to new builder actions Migrate plugin image build to new builder actions. The resulting image should be identical, while a multi-arch manifest should be now published along the per-arch images. The workflow should now also work in forked repos, unlike the old one which had home-assistant org hardcoded on several places. In forked repos, the version job is skipped now. Closes #186 * Update Renovate config
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -4,9 +4,9 @@
   "customManagers": [
     {
       "customType": "regex",
-      "fileMatch": ["^build\\.yaml$"],
+      "fileMatch": ["^Dockerfile$"],
       "matchStrings": [
-        "(?<image>ghcr\\.io/home-assistant/[a-z0-9]+-base:(?<alpineVersion>alpine[0-9\\.]+))-(?<currentValue>[0-9]+\\.[0-9]+\\.[0-9]+)"
+        "BUILD_FROM=(?<image>ghcr\\.io/home-assistant/base:(?<alpineVersion>alpine[0-9\\.]+))-(?<currentValue>[0-9]+\\.[0-9]+\\.[0-9]+)"
       ],
       "datasourceTemplate": "github-releases",
       "depNameTemplate": "home-assistant/docker-base"
diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml
@@ -9,89 +9,106 @@ on:
     branches: ["master"]
     paths:
     - Dockerfile
-    - build.yaml
     - 'rootfs/**'
     - 'plugins/**'
 
 env:
+  ARCHITECTURES: '["amd64", "aarch64"]'
   BUILD_NAME: dns
   BUILD_TYPE: plugin
+  IMAGE_NAME: hassio-dns
+
+permissions:
+  contents: read
 
 jobs:
   init:
     name: Initialize build
     runs-on: ubuntu-latest
     outputs:
-      architectures: ${{ steps.info.outputs.architectures }}
       version: ${{ steps.version.outputs.version }}
       channel: ${{ steps.version.outputs.channel }}
       publish: ${{ steps.version.outputs.publish }}
+      matrix: ${{ steps.matrix.outputs.matrix }}
     steps:
     - name: Checkout the repository
-      uses: actions/checkout@v6.0.2
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       with:
         fetch-depth: 0
 
-    - name: Get information
-      id: info
-      uses: home-assistant/actions/helpers/info@master
-
     - name: Get version
       id: version
       uses: home-assistant/actions/helpers/version@master
       with:
         type: ${{ env.BUILD_TYPE }}
 
+    - name: Get build matrix
+      id: matrix
+      uses: home-assistant/builder/actions/prepare-multi-arch-matrix@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2
+      with:
+        architectures: ${{ env.ARCHITECTURES }}
+        image-name: ${{ env.IMAGE_NAME }}
+
   build:
-    name: Build ${{ matrix.arch }} plugin
+    name: Build ${{ matrix.arch }} image
     needs: init
-    runs-on: ${{ matrix.runs-on }}
+    runs-on: ${{ matrix.os }}
     permissions:
       contents: read
-      packages: write
       id-token: write
+      packages: write
     strategy:
-      matrix:
-        arch: ${{ fromJson(needs.init.outputs.architectures) }}
-        include:
-          - runs-on: ubuntu-24.04
-          - arch: aarch64
-            runs-on: ubuntu-24.04-arm
+      fail-fast: false
+      matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
     steps:
-    - name: Checkout the repository
-      uses: actions/checkout@v6.0.2
-
-    - name: Login to GitHub Container Registry
-      if: needs.init.outputs.publish == 'true'
-      uses: docker/login-action@v4.0.0
-      with:
-        registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Checkout the repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
-    - name: Set build arguments
-      if: needs.init.outputs.publish == 'false'
-      run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV
+      - name: Build image
+        id: build
+        uses: home-assistant/builder/actions/build-image@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2
+        with:
+          arch: ${{ matrix.arch }}
+          container-registry-password: ${{ secrets.GITHUB_TOKEN }}
+          cosign-base-identity: 'https://github.com/home-assistant/docker-base/.*'
+          cosign-base-verify: ghcr.io/home-assistant/base:3.23
+          image: ${{ matrix.image }}
+          image-tags: |
+            ${{ needs.init.outputs.version }}
+            latest
+          push: ${{ needs.init.outputs.publish == 'true' }}
+          version: ${{ needs.init.outputs.version }}
 
-    - name: Build plugin
-      uses: home-assistant/builder@2026.02.1
-      with:
-        image: ${{ matrix.arch }}
-        args: |
-          $BUILD_ARGS \
-          --${{ matrix.arch }} \
-          --cosign \
-          --target /data \
-          --generic ${{ needs.init.outputs.version }}
+  manifest:
+    name: Publish multi-arch manifest
+    needs: [init, build]
+    if: needs.init.outputs.publish == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      packages: write
+    steps:
+      - name: Publish multi-arch manifest
+        uses: home-assistant/builder/actions/publish-multi-arch-manifest@62a1597b84b3461abad9816d9cd92862a2b542c3 # 2026.03.2
+        with:
+          architectures: ${{ env.ARCHITECTURES }}
+          container-registry-password: ${{ secrets.GITHUB_TOKEN }}
+          image-name: ${{ env.IMAGE_NAME }}
+          image-tags: |
+            ${{ needs.init.outputs.version }}
+            latest
 
   version:
     name: Update version
-    needs: ["init", "build"]
+    if: github.repository_owner == 'home-assistant'
+    needs: [init, build, manifest]
     runs-on: ubuntu-latest
     steps:
     - name: Checkout the repository
       if: needs.init.outputs.publish == 'true'
-      uses: actions/checkout@v6.0.2
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     - name: Initialize git
       if: needs.init.outputs.publish == 'true'
diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,10 @@
-ARG BUILD_FROM
+ARG BUILD_FROM=ghcr.io/home-assistant/base:3.23-2026.03.1
 
 FROM golang:1.25.7-alpine3.23 AS builder
 
 WORKDIR /usr/src
-ARG BUILD_ARCH
-ARG COREDNS_VERSION
+ARG TARGETARCH
+ARG COREDNS_VERSION="1.11.4"
 
 # Build CoreDNS
 COPY plugins plugins
@@ -29,17 +29,26 @@ RUN \
     && sed -i "/grpc:grpc/d" plugin.cfg \
     && go mod tidy \
     && go generate \
-    && \
-        if [ "${BUILD_ARCH}" = "aarch64" ]; then \
-            make coredns SYSTEM="CGO_ENABLED=0 GOOS=linux GOARCH=arm64"; \
-        elif [ "${BUILD_ARCH}" = "amd64" ]; then \
-            make coredns SYSTEM="CGO_ENABLED=0 GOOS=linux GOARCH=amd64"; \
-        else \
-            exit 1; \
-        fi
+    && if [ -z "${TARGETARCH}" ]; then \
+            echo "TARGETARCH is not set, please use Docker BuildKit for the build." && exit 1; \
+        fi \
+    && case "${TARGETARCH}" in \
+            amd64|arm64) ;; \
+            *) echo "Unsupported TARGETARCH: ${TARGETARCH}" && exit 1 ;; \
+        esac \
+    && make coredns SYSTEM="CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH}"
 
 FROM ${BUILD_FROM}
 
 WORKDIR /config
 COPY --from=builder /usr/src/coredns/coredns /usr/bin/coredns
 COPY rootfs /
+
+LABEL \
+    io.hass.type="dns" \
+    org.opencontainers.image.title="Home Assistant DNS Plugin" \
+    org.opencontainers.image.description="Home Assistant Supervisor plugin for DNS" \
+    org.opencontainers.image.authors="The Home Assistant Authors" \
+    org.opencontainers.image.url="https://www.home-assistant.io/" \
+    org.opencontainers.image.documentation="https://www.home-assistant.io/docs/" \
+    org.opencontainers.image.licenses="Apache License 2.0"
diff --git a/build.yaml b/build.yaml
