Skip to content

Use https://github.com/docker/github-builder to build and push image#152

Open
yubiuser wants to merge 4 commits intomasterfrom
github-builder
Open

Use https://github.com/docker/github-builder to build and push image#152
yubiuser wants to merge 4 commits intomasterfrom
github-builder

Conversation

@yubiuser
Copy link
Copy Markdown
Member

@yubiuser yubiuser commented Mar 30, 2026

What does this PR aim to accomplish?:

Use https://github.com/docker/github-builder to build and push image.
It's the same we use now in https://github.com/pi-hole/docker-pi-hole/blob/development/.github/workflows/build-and-publish.yml.
It reduced complexity a lot and offloads maintenance to the resueable workflow maintainers.

Supersedes #149

By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code and I have tested my changes.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)
  6. I have checked that another pull request for this purpose does not exist.
  7. I have considered, and confirmed that this submission will be valuable to others.
  8. I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
  9. I give this submission freely, and claim no ownership to its content.
  • I have read the above and my PR is ready for review. Check this box to confirm

@yubiuser yubiuser requested a review from a team as a code owner March 30, 2026 15:13
@yubiuser yubiuser mentioned this pull request Mar 30, 2026
Closed
1 task
@PromoFaux
Copy link
Copy Markdown
Member

PromoFaux commented Mar 30, 2026

Thanks for looking at this - it was on my todo list to get around to!

@yubiuser
Copy link
Copy Markdown
Member Author

yubiuser commented Mar 30, 2026

If you feel like porting some ideas from #135 feel free to push to this branch.
I already submitted docker/github-builder#158 which can be useful for our slow and fragile RISCV friend here

@yubiuser yubiuser force-pushed the github-builder branch 2 times, most recently from 68b1a2c to 50ef829 Compare March 30, 2026 17:36
@yubiuser
Use https://github.com/docker/github-builder to build and push image
9214ec1 
Signed-off-by: yubiuser <github@yubiuser.dev>
@yubiuser
Copy link
Copy Markdown
Member Author

yubiuser commented Mar 30, 2026

Look how nicely it re-used the cache (RISCV finished in 47 secs) 🥰

@yubiuser
Don't sign images as it spams the registry
27196cd 
Signed-off-by: yubiuser <github@yubiuser.dev>
@rdwebdesign
Copy link
Copy Markdown
Member

rdwebdesign commented Mar 30, 2026

Are there any disadvantages/downsides to not signing the images?

@yubiuser
Copy link
Copy Markdown
Member Author

yubiuser commented Mar 31, 2026
edited
Loading

We don't get

Signed SLSA provenance for every build.
BuildKit generates SLSA-compliant provenance attestation artifacts that are signed with an identity bound to the GitHub workflow. Downstream consumers can verify:

which builder commit produced the image
which source code commit produced the image
which workflow and job executed the build
what inputs and build parameters were used

We reduce down stream supply chain security a bit if we don't sign.

P.s. so far we also did not sign the image.

@PromoFaux PromoFaux mentioned this pull request Mar 31, 2026
Closed
1 task
@PromoFaux
Bring across tag logic from #135 and update readme to include this in…
2c046b0 
…formation

Signed-off-by: Adam Warner <me@adamwarner.co.uk>
@PromoFaux
Set cache-mode: max
66b562f 
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@yubiuser @PromoFaux @rdwebdesign