diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 62edd69..b4b0116 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,4 +1,4 @@
-name: 'Publish'
+name: "Publish"
on:
release:
@@ -17,12 +17,12 @@ jobs:
outputs:
architectures: ${{ steps.info.outputs.architectures }}
steps:
- - name: Checkout the repository
- uses: actions/checkout@v2.3.4
+ - name: Checkout the repository
+ uses: actions/checkout@v2.3.4
- - name: Get information
- id: info
- uses: home-assistant/actions/helpers/info@master
+ - name: Get information
+ id: info
+ uses: home-assistant/actions/helpers/info@master
publish:
name: Publish builder
@@ -33,34 +33,32 @@ jobs:
matrix:
architecture: ${{ fromJson(needs.init.outputs.architectures) }}
steps:
- - name: Checkout the repository
- uses: actions/checkout@v2.3.4
+ - name: Checkout the repository
+ uses: actions/checkout@v2.3.4
- - uses: olegtarasov/get-tag@v2.1
- if: github.event_name == 'release'
- name: Set tag envronment variable
+ - uses: olegtarasov/get-tag@v2.1
+ if: github.event_name == 'release'
+ name: Set tag envronment variable
- - name: Login to DockerHub
- uses: docker/login-action@v1.9.0
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
+ - name: Login to DockerHub
+ uses: docker/login-action@v1.9.0
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
- - name: Login to GitHub Container Registry
- uses: docker/login-action@v1.9.0
- with:
- registry: ghcr.io
- username: ${{ secrets.GIT_USER }}
- password: ${{ secrets.GIT_TOKEN }}
-
- - name: Publish ${{ matrix.architecture }} builder
- uses: home-assistant/builder@master
- with:
- args: |
- --${{ matrix.architecture }} \
- --target /data \
- --with-codenotary "${{ secrets.VCN_USER }}" "${{ secrets.VCN_PASSWORD }}" "${{ secrets.VCN_ORG }}" \
- --validate-from "${{ secrets.VCN_ORG }}" \
- --validate-cache "${{ secrets.VCN_ORG }}" \
- --generic $GIT_TAG_NAME
+ - name: Login to GitHub Container Registry
+ uses: docker/login-action@v1.9.0
+ with:
+ registry: ghcr.io
+ username: ${{ secrets.GIT_USER }}
+ password: ${{ secrets.GIT_TOKEN }}
+ - name: Publish ${{ matrix.architecture }} builder
+ uses: ./
+ with:
+ args: |
+ --${{ matrix.architecture }} \
+ --target /data \
+ --with-codenotary "${{ secrets.VCN_USER }}" "${{ secrets.VCN_PASSWORD }}" "${{ secrets.VCN_ORG }}" \
+ --validate-from "${{ secrets.VCN_ORG }}" \
+ --generic $GIT_TAG_NAME
diff --git a/README.md b/README.md
index 1750130..ee82a8d 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ Use the `with.args` key to pass in arguments to the builder, to see what argumen
### Test action example
```yaml
-name: 'Test'
+name: "Test"
on: [push, pull_request]
@@ -20,22 +20,22 @@ jobs:
name: Test build
runs-on: ubuntu-latest
steps:
- - name: Checkout the repository
- uses: actions/checkout@v2
- - name: Test build
- uses: home-assistant/builder@master
- with:
- args: |
- --test \
- --all \
- --target addon-folder \
- --docker-hub user-name-or-space-name
+ - name: Checkout the repository
+ uses: actions/checkout@v2
+ - name: Test build
+ uses: home-assistant/builder@master
+ with:
+ args: |
+ --test \
+ --all \
+ --target addon-folder \
+ --docker-hub user-name-or-space-name
```
### Publish action example
```yaml
-name: 'Publish'
+name: "Publish"
on:
release:
@@ -46,20 +46,20 @@ jobs:
name: Publish
runs-on: ubuntu-latest
steps:
- - name: Checkout the repository
- uses: actions/checkout@v2
- - name: Login to DockerHub
- uses: docker/login-action@v1
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
- - name: Publish
- uses: home-assistant/builder@master
- with:
- args: |
- --all \
- --target addon-folder \
- --docker-hub user-name-or-space-name
+ - name: Checkout the repository
+ uses: actions/checkout@v2
+ - name: Login to DockerHub
+ uses: docker/login-action@v1
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+ - name: Publish
+ uses: home-assistant/builder@master
+ with:
+ args: |
+ --all \
+ --target addon-folder \
+ --docker-hub user-name-or-space-name
```
## Arguments
@@ -68,7 +68,7 @@ jobs:
Options:
-h, --help
Display this help and exit.
-
+
Repository / Data
-r, --repository <REPOSITORY>
Set git repository to load data from.
@@ -76,7 +76,7 @@ jobs:
Set git branch for repository.
-t, --target <PATH_TO_BUILD>
Set local folder or path inside repository for build.
-
+
Version/Image handling
-v, --version <VERSION>
Overwrite version/tag of build.
@@ -88,7 +88,7 @@ jobs:
Use this as main tag.
--version-from <VERSION>
Use this to set build_from tag if not specified.
-
+
Architecture
--armhf
Build for arm v6.
@@ -102,7 +102,7 @@ jobs:
Build for intel/amd 32bit.
--all
Build all architecture.
-
+
Build handling
--test
Disable push to dockerhub.
@@ -124,7 +124,7 @@ jobs:
Password to login into docker with
Use the host docker socket if mapped into container:
/var/run/docker.sock
-
+
Internals:
--addon
Default on. Run all things for an addon build.
@@ -134,12 +134,10 @@ jobs:
Build our base images.
--machine <VERSION=ALL,X,Y>
Build the machine based image for a release/landingpage.
-
+
Security:
--with-codenotary <USER> <PASSWORD> <OWNER>
Enable signing images with CodeNotary. Need set follow env:
- --validate-from <ORG|signer>
- Validate the FROM image which is used to build the image.
--validate-cache <ORG|signer>
Validate the cache image which is used to build the image.
```
@@ -147,16 +145,19 @@ jobs:
## Local installation
amd64:
+
```bash
docker pull homeassistant/amd64-builder
```
armv7/armhf:
+
```bash
docker pull homeassistant/armv7-builder
```
aarch64:
+
```bash
docker pull homeassistant/aarch64-builder
```
diff --git a/builder.sh b/builder.sh
index bd53982..e64d17c 100755
--- a/builder.sh
+++ b/builder.sh
@@ -19,7 +19,6 @@ DOCKER_PASSWORD=
DOCKER_LOCAL=false
VCN_NOTARY=false
VCN_FROM=
-VCN_CACHE=
CODENOTARY_USER=
CODENOTARY_PASSWORD=
CODENOTARY_OWNER=
@@ -141,8 +140,6 @@ Options:
Enable signing images with CodeNotary. Need set follow env:
--validate-from <ORG|signer>
Validate the FROM image which is used to build the image.
- --validate-cache <ORG|signer>
- Validate the cache image which is used to build the image.
EOF
bashio::exit.nok
@@ -254,9 +251,7 @@ function run_build() {
fi
bashio::log.info "Init cache for ${repository}/${image}:${version} with tag ${cache_tag}"
- if docker pull "${repository}/${image}:${cache_tag}" > /dev/null 2>&1; then
- # Validate the cache image
- codenotary_validate "${VCN_CACHE}" "${repository}/${image}:${cache_tag}" "false"
+ if docker pull "${repository}/${image}:${cache_tag}" > /dev/null 2>&1 && codenotary_validate "${CODENOTARY_OWNER}" "${repository}/${image}:${cache_tag}" "false"; then
docker_cli+=("--cache-from" "${repository}/${image}:${cache_tag}")
else
docker_cli+=("--no-cache")
@@ -273,7 +268,9 @@ function run_build() {
docker_cli+=("--label" "org.opencontainers.image.version=${release}")
# Validate the base image
- codenotary_validate "${VCN_FROM}" "${build_from}" "true"
+ if ! codenotary_validate "${VCN_FROM}" "${build_from}" "true"; then
+ bashio::exit.nok "Invalid base image ${build_from}"
+ fi
# Build image
bashio::log.info "Run build for ${repository}/${image}:${version}"
@@ -740,8 +737,10 @@ function codenotary_validate() {
state="$(vcn authenticate "${vcn_cli[@]}" --output json "docker://${image}" | jq '.verification.status // 2')"
if [[ "${state}" != "0" ]]; then
- bashio::exit.nok "Validation of ${image} fails!"
+ bashio::log.warning "Validation of ${image} fails!"
+ return 1
fi
+
bashio::log.info "Image ${image} is trusted"
}
@@ -876,10 +875,6 @@ while [[ $# -gt 0 ]]; do
VCN_FROM=$2
shift
;;
- --validate-cache)
- VCN_CACHE=$2
- shift
- ;;
*)
bashio::exit.nok "$0 : Argument '$1' unknown"
;;