Skip to content
ci

chore(deps): lock file maintenance #505

Sign in to view logs

chore(deps): lock file maintenance

chore(deps): lock file maintenance #505

Workflow file for this run

.github/workflows/ci.yml at 1a21a4f
name: ci
on:
push:
branches: [main]
tags: ["**"]
pull_request:
branches: [main]
merge_group:
branches: [main]
workflow_call:
workflow_dispatch:
permissions: {}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }}
jobs:
python:
permissions:
contents: read
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python: [3.12]
fail-fast: false
runs-on: ${{ matrix.os }}
env:
ENVIRONMENT: ci
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 # v5
- id: setup-python
uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5
with:
python-version: ${{ matrix.python }}
- name: Set up environment
if: ${{ runner.os != 'Windows' }}
run: |
mkdir -p .venv
echo "$(realpath .venv)/bin" >> "${GITHUB_PATH}"
- name: Set up environment (Windows)
if: ${{ runner.os == 'Windows' }}
run: |
New-Item -Type Directory -Force .venv
"$(Resolve-Path .venv)/Scripts" | Out-File -FilePath "${env:GITHUB_PATH}" -Append
- run: |
uv lock --check
uv sync --frozen
- run: make lint test
docker:
permissions:
contents: read
packages: write
runs-on: ubuntu-latest
env:
GHCR_IMAGE_NAME: ghcr.io/${{ github.repository }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
sparse-checkout: |
Dockerfile
uv.lock
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4
with:
path: |
var-cache-apt
var-lib-apt
root-cache-uv
key: buildkit-mounts-${{ runner.os }}-${{ hashFiles('**/Dockerfile', '**/*.lock') }}
restore-keys: |
buildkit-mounts-${{ runner.os }}
- uses: reproducible-containers/buildkit-cache-dance@5b6db76d1da5c8b307d5d2e0706d266521b710de # v3
with:
cache-map: |
{
"var-cache-apt": "/var/cache/apt",
"var-lib-apt": "/var/lib/apt",
"root-cache-uv": "/root/.cache/uv"
}
- uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
- id: build-ci
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6
with:
target: ${{ env.ENVIRONMENT }}
cache-from: |
${{ env.GHCR_IMAGE_NAME }}:dev
${{ env.GHCR_IMAGE_NAME }}:cache
load: true
env:
ENVIRONMENT: ci
- run: docker run --rm "${IMAGE_ID}"
env:
IMAGE_ID: ${{ steps.build-ci.outputs.imageid }}
- id: docker_metadata
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
with:
images: ${{ env.GHCR_IMAGE_NAME }}
- if: ${{ github.event_name == 'push' || github.ref_name == github.event.repository.default_branch }}
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- if: ${{ github.event_name == 'push' || github.ref_name == github.event.repository.default_branch }}
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6
with:
target: ${{ env.ENVIRONMENT }}
cache-from: |
${{ env.GHCR_IMAGE_NAME }}:dev
${{ env.GHCR_IMAGE_NAME }}:cache
cache-to: type=inline
tags: ${{ env.GHCR_IMAGE_NAME }}:dev
push: ${{ github.event_name == 'push' || github.ref_name == github.event.repository.default_branch }}
env:
ENVIRONMENT: dev
- if: ${{ github.event_name == 'push' || github.ref_name == github.event.repository.default_branch }}
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6
with:
cache-from: |
${{ env.GHCR_IMAGE_NAME }}:dev
${{ env.GHCR_IMAGE_NAME }}:cache
cache-to: type=registry,ref=${{ env.GHCR_IMAGE_NAME }}:cache,mode=max
tags: ${{ steps.docker_metadata.outputs.tags }}
labels: ${{ steps.docker_metadata.outputs.labels }}
annotations: ${{ steps.docker_metadata.outputs.annotations }}
push: ${{ github.event_name == 'push' || github.ref_name == github.event.repository.default_branch }}
env:
ENVIRONMENT: prod