From 1939c7bbb4bfbb48cb6416a0d909c326d4d694e2 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 26 Mar 2026 06:29:44 +0000
Subject: [PATCH] Fix build workflow: add fail-fast, BUILD_DATE,
 cache-gha-scope, persist-credentials

Reviewed against official home-assistant/apps-example commit b09b6e5d:

- Add fail-fast: false to prevent cascade cancellation of matrix builds
- Add BUILD_DATE build arg (117 Dockerfiles reference ARG BUILD_DATE)
- Add cache-gha-scope per addon to prevent cache collisions
- Add persist-credentials: false on checkout (security best practice)

Co-authored-by: alexbelgium <44178713+alexbelgium@users.noreply.github.com>
Agent-Logs-Url: https://github.com/alexbelgium/hassio-addons/sessions/fc2bf147-8d75-4c87-84be-7a093db2780a
---
 .github/workflows/onpush_builder.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/onpush_builder.yaml b/.github/workflows/onpush_builder.yaml
index c5abec95a..db4299817 100644
--- a/.github/workflows/onpush_builder.yaml
+++ b/.github/workflows/onpush_builder.yaml
@@ -115,6 +115,7 @@ jobs:
       contents: read
       packages: write
     strategy:
+      fail-fast: false
       matrix:
         addon: ${{ fromJSON(needs.detect-changed-addons.outputs.changedAddons) }}
         arch: ["aarch64", "amd64"]
@@ -125,6 +126,8 @@ jobs:
             runner: ubuntu-24.04-arm
     steps:
       - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
       - name: Resolve Symlinks (in repo)
         run: |
           find . -type l | while read -r link; do
@@ -199,6 +202,7 @@ jobs:
           echo "description=$description" >> "$GITHUB_OUTPUT"
           echo "architectures=$arch_list" >> "$GITHUB_OUTPUT"
           echo "build_from=$build_from" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date --rfc-3339=seconds --utc)" >> "$GITHUB_OUTPUT"
 
           echo "Addon: $ADDON, Arch: $ARCH"
           echo "  Version: $version"
@@ -228,6 +232,7 @@ jobs:
         uses: home-assistant/builder/actions/build-image@2026.03.2
         with:
           arch: ${{ matrix.arch }}
+          cache-gha-scope: ${{ matrix.addon }}
           context: "./${{ matrix.addon }}"
           image: ${{ steps.info.outputs.image }}
           image-tags: |
@@ -239,6 +244,7 @@ jobs:
           container-registry-password: ${{ secrets.GITHUB_TOKEN }}
           build-args: |
             BUILD_FROM=${{ steps.info.outputs.build_from }}
+            BUILD_DATE=${{ steps.info.outputs.build_date }}
             BUILD_DESCRIPTION=${{ steps.info.outputs.description }}
             BUILD_NAME=${{ steps.info.outputs.name }}
             BUILD_REF=${{ github.sha }}