chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.22 #315
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: ["main", "renovate/*"] | |
| pull_request: | |
| branches: | |
| - "main" | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| env: | |
| REGISTRY: ghcr.io | |
| jobs: | |
| detect-changes: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.build-matrix.outputs.matrix }} | |
| has-changes: ${{ steps.build-matrix.outputs.has-changes }} | |
| steps: | |
| - name: Checkout containers repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Detect changed matrix files | |
| uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| list-files: json | |
| filters: | | |
| matrix: | |
| - 'matrix/*/config.yaml' | |
| - 'matrix/*/Dockerfile' | |
| - name: Build matrix from changed files | |
| id: build-matrix | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| # On workflow_dispatch, build all projects | |
| PROJECTS=$(find matrix -mindepth 1 -maxdepth 1 -type d -exec basename {} \;) | |
| elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" && "${{ steps.filter.outputs.matrix }}" == "true" ]]; then | |
| # On main push, only changed projects | |
| CHANGED_FILES=$(echo '${{ steps.filter.outputs.matrix_files }}' | jq -r '.[]') | |
| PROJECTS=$(echo "$CHANGED_FILES" | cut -d'/' -f2 | sort -u) | |
| elif [[ "${{ steps.filter.outputs.matrix }}" == "true" ]]; then | |
| # On PR/branch, only changed projects | |
| CHANGED_FILES=$(echo '${{ steps.filter.outputs.matrix_files }}' | jq -r '.[]') | |
| PROJECTS=$(echo "$CHANGED_FILES" | cut -d'/' -f2 | sort -u) | |
| else | |
| # No changes | |
| echo "has-changes=false" >> $GITHUB_OUTPUT | |
| echo "matrix={\"include\":[]}" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| # Convert YAML config files to JSON matrix | |
| MATRIX_JSON='{"include":[]}' | |
| for project in $PROJECTS; do | |
| config_file="matrix/$project/config.yaml" | |
| if [ -f "$config_file" ]; then | |
| # Convert YAML to JSON and add project name | |
| ENTRY=$(yq eval -o=json "$config_file" | jq -c ". + {project: \"$project\"}") | |
| MATRIX_JSON=$(echo "$MATRIX_JSON" | jq -c ".include += [$ENTRY]") | |
| fi | |
| done | |
| echo "has-changes=true" >> $GITHUB_OUTPUT | |
| echo "matrix=$MATRIX_JSON" >> $GITHUB_OUTPUT | |
| echo "Matrix: $MATRIX_JSON" | |
| build: | |
| needs: detect-changes | |
| if: needs.detect-changes.outputs.has-changes == 'true' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.detect-changes.outputs.matrix) }} | |
| env: | |
| REPOSITORY: ${{ matrix.owner && format('{0}/{1}', matrix.owner, matrix.repo) || '' }} | |
| IMAGE_NAME: ${{ github.repository_owner }}/${{ matrix.repo || matrix.name }} | |
| steps: | |
| - name: Checkout project repository | |
| if: matrix.owner | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: ${{ env.REPOSITORY }} | |
| ref: ${{ matrix.ref || matrix.tag }} | |
| - name: Checkout containers repository | |
| uses: actions/checkout@v6 | |
| with: | |
| path: ${{ matrix.owner && 'containers' || '.' }} | |
| - name: Apply .diff and set Dockerfile | |
| id: prepare | |
| run: | | |
| if [ -n "${{ matrix.owner }}" ]; then | |
| # Clone mode: check for diff and use matrix Dockerfile | |
| DIFF="containers/matrix/${{ matrix.project }}/patch.diff" | |
| if [ -f "$DIFF" ]; then | |
| echo "Applying $DIFF" | |
| git apply "$DIFF" | |
| fi | |
| CUSTOM_DOCKERFILE="containers/matrix/${{ matrix.project }}/Dockerfile" | |
| if [ -f "$CUSTOM_DOCKERFILE" ]; then | |
| DOCKERFILE="$CUSTOM_DOCKERFILE" | |
| else | |
| DOCKERFILE="Dockerfile" | |
| fi | |
| TAG="${{ matrix.branch || matrix.tag }}" | |
| else | |
| # No-clone mode: use matrix Dockerfile | |
| DOCKERFILE="matrix/${{ matrix.project }}/Dockerfile" | |
| TAG="${{ matrix.tag }}" | |
| fi | |
| echo "Will use $DOCKERFILE" | |
| echo "DOCKERFILE=$DOCKERFILE" >> $GITHUB_OUTPUT | |
| echo "TAG=$TAG" >> $GITHUB_OUTPUT | |
| - name: Install cosign | |
| if: github.ref == 'refs/heads/main' | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Setup Docker buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.ref == 'refs/heads/main' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ steps.prepare.outputs.TAG }} | |
| - name: Build and push Docker image | |
| id: build-and-push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ${{ steps.prepare.outputs.DOCKERFILE }} | |
| platforms: ${{ matrix.platforms }} | |
| push: ${{ github.ref == 'refs/heads/main' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Sign the published Docker image | |
| if: github.ref == 'refs/heads/main' | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} |