tinkerbell · rpardini · Mar 31, 2026 · Mar 31, 2026 · Mar 31, 2026 · Mar 31, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -22,10 +22,8 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v6
 
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
 
       - name: Install lint tools
         run: make lint-install
@@ -49,7 +47,7 @@ jobs:
 
       - name: Check amd64 kernel cache
         id: amd64-cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           path: |
             mkosi.output/kernel/${{ env.KERNEL_VERSION }}/amd64
@@ -58,7 +56,7 @@ jobs:
 
       - name: Check arm64 kernel cache
         id: arm64-cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           path: |
             mkosi.output/kernel/${{ env.KERNEL_VERSION }}/arm64
@@ -118,7 +116,7 @@ jobs:
             docker tag "${REMOTE}:${HASH}-${{ matrix.arch }}" "${{ env.BUILDER_IMAGE }}"
             echo "built=false" >> "$GITHUB_OUTPUT"
           else
-            docker build -t "${{ env.BUILDER_IMAGE }}:${HASH}" -t "${{ env.BUILDER_IMAGE }}" .
+            docker buildx build --progress=plain -t "${{ env.BUILDER_IMAGE }}:${HASH}" -t "${{ env.BUILDER_IMAGE }}" .
             echo "built=true" >> "$GITHUB_OUTPUT"
           fi
 
@@ -136,31 +134,31 @@ jobs:
 
       - name: Restore kernel cache
         id: kernel-cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           path: |
             mkosi.output/kernel/${{ env.KERNEL_VERSION }}/${{ matrix.arch }}
           key: ${{ steps.kernel-cache-key.outputs.key }}
 
-      - name: Install Python dependencies
-        run: pip install -r requirements.txt
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
 
       - name: Build kernel
-        run: ./build.py kernel
+        run: uv run ./build.py kernel
 
       - name: Fix output file ownership
         run: sudo chown -R "$(id -u):$(id -g)" mkosi.output/
 
       - name: Save kernel cache
         if: github.ref == 'refs/heads/main' && steps.kernel-cache.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@v5
         with:
           path: |
             mkosi.output/kernel/${{ env.KERNEL_VERSION }}/${{ matrix.arch }}
           key: ${{ steps.kernel-cache-key.outputs.key }}
 
       - name: Upload kernel artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: kernel-${{ matrix.arch }}
           path: |
@@ -188,30 +186,30 @@ jobs:
 
       - name: Restore tools cache
         id: tools-cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           path: |
             mkosi.output/tools/${{ matrix.arch }}/usr/local/bin
             mkosi.output/tools/${{ matrix.arch }}/opt/cni
           key: tools-${{ matrix.arch }}-${{ hashFiles('captain/tools.py') }}
 
-      - name: Install Python dependencies
-        run: pip install -r requirements.txt
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
 
       - name: Download tools
-        run: ./build.py tools
+        run: uv run ./build.py tools
 
       - name: Save tools cache
         if: github.ref == 'refs/heads/main' && steps.tools-cache.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@v5
         with:
           path: |
             mkosi.output/tools/${{ matrix.arch }}/usr/local/bin
             mkosi.output/tools/${{ matrix.arch }}/opt/cni
           key: tools-${{ matrix.arch }}-${{ hashFiles('captain/tools.py') }}
 
       - name: Upload tools artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: tools-${{ matrix.arch }}
           path: |
@@ -238,13 +236,13 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Download kernel artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: kernel-${{ matrix.arch }}
           path: mkosi.output/kernel/${{ env.KERNEL_VERSION }}/${{ matrix.arch }}
 
       - name: Download tools artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: tools-${{ matrix.arch }}
           path: mkosi.output/tools/${{ matrix.arch }}
@@ -257,24 +255,24 @@ jobs:
           chmod +x mkosi.output/tools/${{ matrix.arch }}/opt/cni/bin/*
 
       - name: Refresh apt cache
-        run: sudo apt-get update
+        run: sudo apt-get -o "Dpkg::Use-Pty=0" update
 
       - name: setup-mkosi
         uses: systemd/mkosi@v26
 
       - name: Install bubblewrap
         run: |
-          sudo apt-get update
-          sudo apt-get install -y bubblewrap
+          sudo apt-get -o "Dpkg::Use-Pty=0" update
+          sudo apt-get -o "Dpkg::Use-Pty=0" install -y bubblewrap
 
-      - name: Install Python dependencies
-        run: pip install -r requirements.txt
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
 
       - name: Build initramfs
-        run: ./build.py initramfs
+        run: uv run ./build.py initramfs
 
       - name: Upload initramfs artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: initramfs-${{ matrix.arch }}
           path: out/
@@ -341,13 +339,13 @@ jobs:
           docker push "${REMOTE}:${HASH}-${{ matrix.arch }}"
 
       - name: Download kernel artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: kernel-${{ matrix.arch }}
           path: mkosi.output/kernel/${{ env.KERNEL_VERSION }}/${{ matrix.arch }}
 
       - name: Download initramfs artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: initramfs-${{ matrix.arch }}
           path: out
@@ -358,14 +356,14 @@ jobs:
           cp "out/initramfs-${KERNEL_VERSION}-${{ matrix.output_arch }}" \
              "mkosi.output/initramfs/${KERNEL_VERSION}/${{ matrix.arch }}/image.cpio.zst"
 
-      - name: Install Python dependencies
-        run: pip install -r requirements.txt
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
 
       - name: Build ISO
-        run: ./build.py iso
+        run: uv run ./build.py iso
 
       - name: Upload ISO artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: iso-${{ matrix.arch }}
           path: out/captainos-${{ env.KERNEL_VERSION }}-${{ matrix.output_arch }}.iso
@@ -395,25 +393,25 @@ jobs:
         run: cat .github/config.env >> "$GITHUB_ENV"
 
       - name: Download kernel artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: kernel-${{ matrix.target }}
           path: mkosi.output/kernel/${{ env.KERNEL_VERSION }}/${{ matrix.target }}
 
       - name: Download initramfs artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: initramfs-${{ matrix.target }}
           path: out
 
       - name: Download ISO artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: iso-${{ matrix.target }}
           path: out
 
-      - name: Install Python dependencies
-        run: pip install -r requirements.txt
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
 
       - name: Log in to GHCR
         uses: docker/login-action@v3
@@ -423,7 +421,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Publish artifacts to GHCR
-        run: ./build.py release publish
+        run: uv run ./build.py release publish
 
   # -------------------------------------------------------------------
   # Publish combined multi-arch image (reuses per-arch registry blobs)
@@ -445,43 +443,43 @@ jobs:
         run: cat .github/config.env >> "$GITHUB_ENV"
 
       - name: Download kernel artifacts (amd64)
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: kernel-amd64
           path: mkosi.output/kernel/${{ env.KERNEL_VERSION }}/amd64
 
       - name: Download initramfs artifacts (amd64)
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: initramfs-amd64
           path: out
 
       - name: Download ISO artifact (amd64)
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: iso-amd64
           path: out
 
       - name: Download kernel artifacts (arm64)
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: kernel-arm64
           path: mkosi.output/kernel/${{ env.KERNEL_VERSION }}/arm64
 
       - name: Download initramfs artifacts (arm64)
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: initramfs-arm64
           path: out
 
       - name: Download ISO artifact (arm64)
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: iso-arm64
           path: out
 
-      - name: Install Python dependencies
-        run: pip install -r requirements.txt
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
 
       - name: Log in to GHCR
         uses: docker/login-action@v3
@@ -491,4 +489,4 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Publish combined image to GHCR
-        run: ./build.py release publish
+        run: uv run ./build.py release publish
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -27,13 +27,13 @@ jobs:
       - name: Load shared config
         run: cat .github/config.env >> "$GITHUB_ENV"
 
-      - name: Install Python dependencies
-        run: pip install -r requirements.txt
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
 
       - name: Pull release artifacts (combined)
         env:
           VERSION_EXCLUDE: ${{ github.ref_name }}
-        run: ./build.py release pull --target combined --pull-output artifacts/combined
+        run: uv run ./build.py release pull --target combined --pull-output artifacts/combined
 
       - name: Create GitHub Release
         env:
@@ -47,4 +47,4 @@ jobs:
       - name: Tag OCI artifacts with version
         env:
           VERSION_EXCLUDE: ${{ github.ref_name }}
-        run: ./build.py release tag ${{ github.ref_name }}
+        run: uv run ./build.py release tag ${{ github.ref_name }}
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -17,7 +17,7 @@ Please read and understand the DCO found [here](https://github.com/tinkerbell/or
 
 ## Environment Details
 
-Building is handled by a Python script, please see the [build.py](build.py) for details. Only Python >= 3.10 and Docker are required.
+Building is handled by a Python script, please see the [build.py](build.py) for details. Only `uv` (Python) and Docker are required.
 
 ## How to Submit Change Requests
 

diff --git a/Dockerfile b/Dockerfile
@@ -9,11 +9,7 @@ ARG MKOSI_VERSION=v26
 ENV DEBIAN_FRONTEND=noninteractive
 
 # Install mkosi runtime dependencies and kernel build dependencies in one layer
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    # mkosi runtime deps
-    python3 \
-    python3-pip \
-    python3-venv \
+RUN apt-get -o "Dpkg::Use-Pty=0" update && apt-get -o "Dpkg::Use-Pty=0" install -y --no-install-recommends \
     apt \
     dpkg \
     debian-archive-keyring \
@@ -59,20 +55,32 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     grub-common \
     && NATIVE_ARCH="$(dpkg --print-architecture)" \
     && FOREIGN_ARCH=$([ "$NATIVE_ARCH" = "amd64" ] && echo "arm64" || echo "amd64") \
-    && apt-get install -y --no-install-recommends "grub-efi-${NATIVE_ARCH}-bin" \
+    && apt-get -o "Dpkg::Use-Pty=0" install -y --no-install-recommends "grub-efi-${NATIVE_ARCH}-bin" \
     && dpkg --add-architecture "$FOREIGN_ARCH" \
-    && apt-get update \
-    && apt-get install -y --no-install-recommends "grub-efi-${FOREIGN_ARCH}-bin:${FOREIGN_ARCH}" \
+    && apt-get -o "Dpkg::Use-Pty=0" update \
+    && apt-get -o "Dpkg::Use-Pty=0" install -y --no-install-recommends "grub-efi-${FOREIGN_ARCH}-bin:${FOREIGN_ARCH}" \
     && rm -rf /var/lib/apt/lists/*
 
-# Install mkosi from GitHub (not on PyPI)
-RUN pip3 install --break-system-packages \
-    configargparse \
-    "git+https://github.com/systemd/mkosi.git@${MKOSI_VERSION}"
+# Install astral-sh's uv with a script - install to /usr for global access
+RUN curl -LsSf https://astral.sh/uv/install.sh | env UV_INSTALL_DIR="/usr/bin" sh
+
+# Verify uv is functional
+RUN uv --version
+
+# Install mkosi from GitHub (not on PyPI) via uv; symlink to /usr/bin for global access
+RUN uv tool install "git+https://github.com/systemd/mkosi.git@${MKOSI_VERSION}"
+RUN ln -sf ~/.local/bin/mkosi /usr/bin/mkosi
 
 # Verify mkosi is functional
 RUN mkosi --version
 
+# Prime uv's cache with our pyproject.toml to speed up runtime
+COPY pyproject.toml /tmp/pyproject.toml
+COPY captain /tmp/captain
+COPY build.py /tmp/build.py
+WORKDIR /tmp
+RUN uv --verbose run build.py --help
+
 WORKDIR /work
 ENTRYPOINT ["mkosi"]
 CMD ["build"]