Skip to content

Switch to actions/attest for build provenance#165350

Open
scop wants to merge 1 commit intodevfrom
scop-actions-attest
Open

Switch to actions/attest for build provenance#165350
scop wants to merge 1 commit intodevfrom
scop-actions-attest

Conversation

@scop
Copy link
Member

@scop scop commented Mar 11, 2026

Proposed change

https://github.com/actions/attest-build-provenance#usage

As of version 4, actions/attest-build-provenance is simply a wrapper
on top of actions/attest.

Type of change

  • Dependency upgrade
  • Bugfix (non-breaking change which fixes an issue)
  • New integration (thank you!)
  • New feature (which adds functionality to an existing integration)
  • Deprecation (breaking change to happen in the future)
  • Breaking change (fix/feature causing existing functionality to break)
  • Code quality improvements to existing code or addition of tests

Additional information

  • This PR fixes or closes issue: fixes #
  • This PR is related to issue:
  • Link to documentation pull request:
  • Link to developer documentation pull request:
  • Link to frontend pull request:

Checklist

  • I understand the code I am submitting and can explain how it works.
  • The code change is tested and works locally.
  • Local tests pass. Your PR cannot be merged unless tests pass
  • There is no commented out code in this PR.
  • I have followed the development checklist
  • I have followed the perfect PR recommendations
  • The code has been formatted using Ruff (ruff format homeassistant tests)
  • Tests have been added to verify that the new code works.
  • Any generated code has been carefully reviewed for correctness and compliance with project standards.

If user exposed functionality or configuration variables are added/changed:

If the code communicates with devices, web services, or third-party tools:

  • The manifest file has all fields filled out correctly.
    Updated and included derived files by running: python3 -m script.hassfest.
  • New or updated dependencies have been added to requirements_all.txt.
    Updated by running python3 -m script.gen_requirements_all.
  • For the updated dependencies a diff between library versions and ideally a link to the changelog/release notes is added to the PR description.

To help with the load of incoming pull requests:

@scop
Switch to actions/attest for build provenance
2294b7d 
https://github.com/actions/attest-build-provenance#usage
> As of version 4, actions/attest-build-provenance is simply a wrapper
> on top of actions/attest.
@scop scop requested a review from a team as a code owner March 11, 2026 19:56
Copilot AI review requested due to automatic review settings March 11, 2026 19:56
@home-assistant home-assistant bot added cla-signed code-quality small-pr PRs with less than 30 lines. labels Mar 11, 2026
Copilot AI reviewed Mar 11, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the Home Assistant build workflow to use the consolidated actions/attest action for generating build provenance attestations during image publishing.

Changes:

  • Replace actions/attest-build-provenance with actions/attest in the hassfest image build/publish job.
  • Keep existing attestation inputs (subject-name, subject-digest, push-to-registry) and permissions unchanged.

You can also share your feedback on Copilot code review. Take the survey.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

cla-signed code-quality small-pr PRs with less than 30 lines.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@scop