chore(deps): update ghcr.io/astral-sh/uv:latest docker digest to bb74… #294
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ["**"] | |
| pull_request: | |
| branches: [main] | |
| merge_group: | |
| branches: [main] | |
| workflow_call: | |
| workflow_dispatch: | |
| jobs: | |
| python: | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| python: [3.12] | |
| name: python | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| ENVIRONMENT: ci | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Set up UV | |
| uses: astral-sh/setup-uv@4db96194c378173c656ce18a155ffc14a9fc4355 # v5 | |
| - name: Set up Python | |
| id: setup-python | |
| uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5 | |
| with: | |
| python-version: ${{ matrix.python }} | |
| - name: Set up environment | |
| if: ${{ runner.os != 'Windows' }} | |
| run: | | |
| mkdir -p .venv | |
| echo "$(realpath .venv)/bin" >> ${GITHUB_PATH} | |
| - name: Set up environment (Windows) | |
| if: ${{ runner.os == 'Windows' }} | |
| run: | | |
| New-Item -Type Directory -Force .venv | |
| "$(Resolve-Path .venv)/Scripts" | Out-File -FilePath ${env:GITHUB_PATH} -Append | |
| - name: Install dependencies | |
| run: uv sync | |
| - name: Lint and test | |
| run: make lint test | |
| docker: | |
| name: docker | |
| permissions: | |
| contents: read | |
| packages: write | |
| runs-on: ubuntu-latest | |
| env: | |
| GHCR_IMAGE_NAME: ghcr.io/${{ github.repository }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| sparse-checkout: | | |
| Dockerfile | |
| uv.lock | |
| - name: Cache buildkit mounts | |
| uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 | |
| with: | |
| path: | | |
| var-cache-apt | |
| root-cache-pip | |
| root-cache-uv | |
| key: buildkit-mounts-${{ runner.os }}-${{ hashFiles('**/Dockerfile', '**/*.lock') }} | |
| restore-keys: | | |
| buildkit-mounts-${{ runner.os }} | |
| buildkit-mounts-${{ runner.os }} | |
| - name: Inject cache into docker | |
| uses: reproducible-containers/buildkit-cache-dance@5b6db76d1da5c8b307d5d2e0706d266521b710de # v3 | |
| with: | |
| cache-map: | | |
| { | |
| "var-cache-apt": "/var/cache/apt", | |
| "var-lib-apt": "/var/lib/apt", | |
| "root-cache-pip": "/root/.cache/pip", | |
| "root-cache-uv": "/root/.cache/uv" | |
| } | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3 | |
| - name: Build CI image | |
| id: build-ci | |
| env: | |
| ENVIRONMENT: ci | |
| uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 | |
| with: | |
| target: ${{ env.ENVIRONMENT }} | |
| cache-from: | | |
| ${{ env.GHCR_IMAGE_NAME }}:dev | |
| ${{ env.GHCR_IMAGE_NAME }}:cache | |
| load: true | |
| - name: Run CI image | |
| run: docker run --rm ${{ steps.build-ci.outputs.imageid }} | |
| - name: Docker metadata | |
| id: docker_metadata | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 | |
| with: | |
| images: ${{ env.GHCR_IMAGE_NAME }} | |
| - name: Login to GHCR | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push dev image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| ENVIRONMENT: dev | |
| uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 | |
| with: | |
| target: ${{ env.ENVIRONMENT }} | |
| cache-from: | | |
| ${{ env.GHCR_IMAGE_NAME }}:dev | |
| ${{ env.GHCR_IMAGE_NAME }}:cache | |
| cache-to: type=inline | |
| tags: ${{ env.GHCR_IMAGE_NAME }}:dev | |
| push: ${{ github.event_name != 'pull_request' }} | |
| - name: Build and push prod image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| ENVIRONMENT: prod | |
| uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 | |
| with: | |
| cache-from: | | |
| ${{ env.GHCR_IMAGE_NAME }}:dev | |
| ${{ env.GHCR_IMAGE_NAME }}:cache | |
| cache-to: type=registry,ref=${{ env.GHCR_IMAGE_NAME }}:cache,mode=max | |
| tags: ${{ steps.docker_metadata.outputs.tags }} | |
| labels: ${{ steps.docker_metadata.outputs.labels }} | |
| annotations: ${{ steps.docker_metadata.outputs.annotations }} | |
| push: ${{ github.event_name != 'pull_request' }} |