mirror of
https://github.com/astral-sh/ruff
synced 2026-01-21 05:20:49 -05:00
41fec5171f
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v4` -> `v4.6.2` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.6.2`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.2) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.6.1...v4.6.2) #### What's Changed - Update to use artifact 2.3.2 package & prepare for new upload-artifact release by [@​salmanmkc](https://redirect.github.com/salmanmkc) in [https://github.com/actions/upload-artifact/pull/685](https://redirect.github.com/actions/upload-artifact/pull/685) #### New Contributors - [@​salmanmkc](https://redirect.github.com/salmanmkc) made their first contribution in [https://github.com/actions/upload-artifact/pull/685](https://redirect.github.com/actions/upload-artifact/pull/685) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.6.2 ### [`v4.6.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.1) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.6.0...v4.6.1) #### What's Changed - Update to use artifact 2.2.2 package by [@​yacaovsnc](https://redirect.github.com/yacaovsnc) in [https://github.com/actions/upload-artifact/pull/673](https://redirect.github.com/actions/upload-artifact/pull/673) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.6.1 ### [`v4.6.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.5.0...v4.6.0) ##### What's Changed - Expose env vars to control concurrency and timeout by [@​yacaovsnc](https://redirect.github.com/yacaovsnc) in [https://github.com/actions/upload-artifact/pull/662](https://redirect.github.com/actions/upload-artifact/pull/662) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.6.0 ### [`v4.5.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.5.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0) ##### What's Changed - fix: deprecated `Node.js` version in action by [@​hamirmahal](https://redirect.github.com/hamirmahal) in [https://github.com/actions/upload-artifact/pull/578](https://redirect.github.com/actions/upload-artifact/pull/578) - Add new `artifact-digest` output by [@​bdehamer](https://redirect.github.com/bdehamer) in [https://github.com/actions/upload-artifact/pull/656](https://redirect.github.com/actions/upload-artifact/pull/656) ##### New Contributors - [@​hamirmahal](https://redirect.github.com/hamirmahal) made their first contribution in [https://github.com/actions/upload-artifact/pull/578](https://redirect.github.com/actions/upload-artifact/pull/578) - [@​bdehamer](https://redirect.github.com/bdehamer) made their first contribution in [https://github.com/actions/upload-artifact/pull/656](https://redirect.github.com/actions/upload-artifact/pull/656) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0 ### [`v4.4.3`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.3) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3) #### What's Changed - Undo indirect dependency updates from [#​627](https://redirect.github.com/actions/upload-artifact/issues/627) by [@​joshmgross](https://redirect.github.com/joshmgross) in [https://github.com/actions/upload-artifact/pull/632](https://redirect.github.com/actions/upload-artifact/pull/632) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3 ### [`v4.4.2`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.2) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2) #### What's Changed - Bump `@actions/artifact` to 2.1.11 by [@​robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/627](https://redirect.github.com/actions/upload-artifact/pull/627) - Includes fix for relative symlinks not resolving properly **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2 ### [`v4.4.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.1) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1) #### What's Changed - Add a section about hidden files by [@​joshmgross](https://redirect.github.com/joshmgross) in [https://github.com/actions/upload-artifact/pull/607](https://redirect.github.com/actions/upload-artifact/pull/607) - Add workflow file for publishing releases to immutable action package by [@​Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/upload-artifact/pull/621](https://redirect.github.com/actions/upload-artifact/pull/621) - Update [@​actions/artifact](https://redirect.github.com/actions/artifact) to latest version, includes symlink and timeout fixes by [@​robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/625](https://redirect.github.com/actions/upload-artifact/pull/625) #### New Contributors - [@​Jcambass](https://redirect.github.com/Jcambass) made their first contribution in [https://github.com/actions/upload-artifact/pull/621](https://redirect.github.com/actions/upload-artifact/pull/621) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1 ### [`v4.4.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0) #### Notice: Breaking Changes ⚠️ We will no longer include hidden files and folders by default in the `upload-artifact` action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, `include-hidden-files`, to continue to do so. See ["Notice of upcoming deprecations and breaking changes in GitHub Actions runners"](https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/) changelog and [this issue](https://redirect.github.com/actions/upload-artifact/issues/602) for more details. #### What's Changed - Exclude hidden files by default by [@​joshmgross](https://redirect.github.com/joshmgross) in [https://github.com/actions/upload-artifact/pull/598](https://redirect.github.com/actions/upload-artifact/pull/598) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0 ### [`v4.3.6`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.6) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) #### What's Changed - Revert to [@​actions/artifact](https://redirect.github.com/actions/artifact) 2.1.8 by [@​robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/594](https://redirect.github.com/actions/upload-artifact/pull/594) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.3.6 ### [`v4.3.5`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.5) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) #### What's Changed - Bump [@​actions/artifact](https://redirect.github.com/actions/artifact) to v2.1.9 by [@​robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/588](https://redirect.github.com/actions/upload-artifact/pull/588) - Fixed artifact upload chunk timeout logic [#​1774](https://redirect.github.com/actions/toolkit/pull/1774) - Use lazy stream to prevent issues with open file limits [#​1771](https://redirect.github.com/actions/toolkit/pull/1771) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5 ### [`v4.3.4`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.4) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4) #### What's Changed - Update [@​actions/artifact](https://redirect.github.com/actions/artifact) version, bump dependencies by [@​robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/584](https://redirect.github.com/actions/upload-artifact/pull/584) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4 ### [`v4.3.3`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) #### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://redirect.github.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://redirect.github.com/actions/upload-artifact/pull/565) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3 ### [`v4.3.2`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://redirect.github.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://redirect.github.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://redirect.github.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://redirect.github.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://redirect.github.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://redirect.github.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://redirect.github.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://redirect.github.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://redirect.github.com/actions/upload-artifact/pull/523) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2 ### [`v4.3.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.1) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.0...v4.3.1) - Bump [@​actions/artifacts](https://redirect.github.com/actions/artifacts) to latest version to include [updated GHES host check](https://redirect.github.com/actions/toolkit/pull/1648) ### [`v4.3.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.2.0...v4.3.0) #### What's Changed - Reorganize upload code in prep for merge logic & add more tests by [@​robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/504](https://redirect.github.com/actions/upload-artifact/pull/504) - Add sub-action to merge artifacts by [@​robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/505](https://redirect.github.com/actions/upload-artifact/pull/505) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.3.0 ### [`v4.2.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.2.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.1.0...v4.2.0) #### What's Changed - Ability to overwrite an Artifact by [@​robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/501](https://redirect.github.com/actions/upload-artifact/pull/501) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.2.0 ### [`v4.1.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.1.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4...v4.1.0) #### What's Changed - Add migrations docs by [@​robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/482](https://redirect.github.com/actions/upload-artifact/pull/482) - Update README.md by [@​samuelwine](https://redirect.github.com/samuelwine) in [https://github.com/actions/upload-artifact/pull/492](https://redirect.github.com/actions/upload-artifact/pull/492) - Support artifact-url output by [@​konradpabjan](https://redirect.github.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/496](https://redirect.github.com/actions/upload-artifact/pull/496) - Update readme to reflect new 500 artifact per job limit by [@​robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/497](https://redirect.github.com/actions/upload-artifact/pull/497) #### New Contributors - [@​samuelwine](https://redirect.github.com/samuelwine) made their first contribution in [https://github.com/actions/upload-artifact/pull/492](https://redirect.github.com/actions/upload-artifact/pull/492) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.1.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
300 lines
13 KiB
YAML
300 lines
13 KiB
YAML
# Build and publish a Docker image.
|
|
#
|
|
# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a local
|
|
# artifacts job within `cargo-dist`.
|
|
#
|
|
# TODO(charlie): Ideally, the publish step would happen as a publish job within `cargo-dist`, but
|
|
# sharing the built image as an artifact between jobs is challenging.
|
|
name: "[ruff] Build Docker image"
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
plan:
|
|
required: true
|
|
type: string
|
|
pull_request:
|
|
paths:
|
|
- .github/workflows/build-docker.yml
|
|
|
|
env:
|
|
RUFF_BASE_IMG: ghcr.io/${{ github.repository_owner }}/ruff
|
|
|
|
jobs:
|
|
docker-build:
|
|
name: Build Docker image (ghcr.io/astral-sh/ruff) for ${{ matrix.platform }}
|
|
runs-on: ubuntu-latest
|
|
environment:
|
|
name: release
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
platform:
|
|
- linux/amd64
|
|
- linux/arm64
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
submodules: recursive
|
|
persist-credentials: false
|
|
|
|
- uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
|
|
|
|
- uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Check tag consistency
|
|
if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
|
|
env:
|
|
TAG: ${{ inputs.plan != '' && fromJson(inputs.plan).announcement_tag || 'dry-run' }}
|
|
run: |
|
|
version=$(grep -m 1 "^version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g')
|
|
if [ "${TAG}" != "${version}" ]; then
|
|
echo "The input tag does not match the version from pyproject.toml:" >&2
|
|
echo "${TAG}" >&2
|
|
echo "${version}" >&2
|
|
exit 1
|
|
else
|
|
echo "Releasing ${version}"
|
|
fi
|
|
|
|
- name: Extract metadata (tags, labels) for Docker
|
|
id: meta
|
|
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
|
|
with:
|
|
images: ${{ env.RUFF_BASE_IMG }}
|
|
# Defining this makes sure the org.opencontainers.image.version OCI label becomes the actual release version and not the branch name
|
|
tags: |
|
|
type=raw,value=dry-run,enable=${{ inputs.plan == '' || fromJson(inputs.plan).announcement_tag_is_implicit }}
|
|
type=pep440,pattern={{ version }},value=${{ inputs.plan != '' && fromJson(inputs.plan).announcement_tag || 'dry-run' }},enable=${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
|
|
|
|
- name: Normalize Platform Pair (replace / with -)
|
|
run: |
|
|
platform=${{ matrix.platform }}
|
|
echo "PLATFORM_TUPLE=${platform//\//-}" >> "$GITHUB_ENV"
|
|
|
|
# Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
|
|
- name: Build and push by digest
|
|
id: build
|
|
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6
|
|
with:
|
|
context: .
|
|
platforms: ${{ matrix.platform }}
|
|
cache-from: type=gha,scope=ruff-${{ env.PLATFORM_TUPLE }}
|
|
cache-to: type=gha,mode=min,scope=ruff-${{ env.PLATFORM_TUPLE }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
outputs: type=image,name=${{ env.RUFF_BASE_IMG }},push-by-digest=true,name-canonical=true,push=${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
|
|
|
|
- name: Export digests
|
|
env:
|
|
digest: ${{ steps.build.outputs.digest }}
|
|
run: |
|
|
mkdir -p /tmp/digests
|
|
touch "/tmp/digests/${digest#sha256:}"
|
|
|
|
- name: Upload digests
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: digests-${{ env.PLATFORM_TUPLE }}
|
|
path: /tmp/digests/*
|
|
if-no-files-found: error
|
|
retention-days: 1
|
|
|
|
docker-publish:
|
|
name: Publish Docker image (ghcr.io/astral-sh/ruff)
|
|
runs-on: ubuntu-latest
|
|
environment:
|
|
name: release
|
|
needs:
|
|
- docker-build
|
|
if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
|
|
steps:
|
|
- name: Download digests
|
|
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
|
|
with:
|
|
path: /tmp/digests
|
|
pattern: digests-*
|
|
merge-multiple: true
|
|
|
|
- uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
|
|
|
|
- name: Extract metadata (tags, labels) for Docker
|
|
id: meta
|
|
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
|
|
with:
|
|
images: ${{ env.RUFF_BASE_IMG }}
|
|
# Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
|
|
tags: |
|
|
type=pep440,pattern={{ version }},value=${{ fromJson(inputs.plan).announcement_tag }}
|
|
type=pep440,pattern={{ major }}.{{ minor }},value=${{ fromJson(inputs.plan).announcement_tag }}
|
|
|
|
- uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
# Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
|
|
- name: Create manifest list and push
|
|
working-directory: /tmp/digests
|
|
# The jq command expands the docker/metadata json "tags" array entry to `-t tag1 -t tag2 ...` for each tag in the array
|
|
# The printf will expand the base image with the `<RUFF_BASE_IMG>@sha256:<sha256> ...` for each sha256 in the directory
|
|
# The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...`
|
|
run: |
|
|
# shellcheck disable=SC2046
|
|
docker buildx imagetools create \
|
|
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
|
|
$(printf "${RUFF_BASE_IMG}@sha256:%s " *)
|
|
|
|
docker-publish-extra:
|
|
name: Publish additional Docker image based on ${{ matrix.image-mapping }}
|
|
runs-on: ubuntu-latest
|
|
environment:
|
|
name: release
|
|
needs:
|
|
- docker-publish
|
|
if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
# Mapping of base image followed by a comma followed by one or more base tags (comma separated)
|
|
# Note, org.opencontainers.image.version label will use the first base tag (use the most specific tag first)
|
|
image-mapping:
|
|
- alpine:3.21,alpine3.21,alpine
|
|
- debian:bookworm-slim,bookworm-slim,debian-slim
|
|
- buildpack-deps:bookworm,bookworm,debian
|
|
steps:
|
|
- uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
|
|
|
|
- uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Generate Dynamic Dockerfile Tags
|
|
shell: bash
|
|
env:
|
|
TAG_VALUE: ${{ fromJson(inputs.plan).announcement_tag }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
# Extract the image and tags from the matrix variable
|
|
IFS=',' read -r BASE_IMAGE BASE_TAGS <<< "${{ matrix.image-mapping }}"
|
|
|
|
# Generate Dockerfile content
|
|
cat <<EOF > Dockerfile
|
|
FROM ${BASE_IMAGE}
|
|
COPY --from=${RUFF_BASE_IMG}:latest /ruff /usr/local/bin/ruff
|
|
ENTRYPOINT []
|
|
CMD ["/usr/local/bin/ruff"]
|
|
EOF
|
|
|
|
# Initialize a variable to store all tag docker metadata patterns
|
|
TAG_PATTERNS=""
|
|
|
|
# Loop through all base tags and append its docker metadata pattern to the list
|
|
# Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
|
|
IFS=','; for TAG in ${BASE_TAGS}; do
|
|
TAG_PATTERNS="${TAG_PATTERNS}type=pep440,pattern={{ version }},suffix=-${TAG},value=${TAG_VALUE}\n"
|
|
TAG_PATTERNS="${TAG_PATTERNS}type=pep440,pattern={{ major }}.{{ minor }},suffix=-${TAG},value=${TAG_VALUE}\n"
|
|
TAG_PATTERNS="${TAG_PATTERNS}type=raw,value=${TAG}\n"
|
|
done
|
|
|
|
# Remove the trailing newline from the pattern list
|
|
TAG_PATTERNS="${TAG_PATTERNS%\\n}"
|
|
|
|
# Export image cache name
|
|
echo "IMAGE_REF=${BASE_IMAGE//:/-}" >> "$GITHUB_ENV"
|
|
|
|
# Export tag patterns using the multiline env var syntax
|
|
{
|
|
echo "TAG_PATTERNS<<EOF"
|
|
echo -e "${TAG_PATTERNS}"
|
|
echo EOF
|
|
} >> "$GITHUB_ENV"
|
|
|
|
- name: Extract metadata (tags, labels) for Docker
|
|
id: meta
|
|
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
|
|
# ghcr.io prefers index level annotations
|
|
env:
|
|
DOCKER_METADATA_ANNOTATIONS_LEVELS: index
|
|
with:
|
|
images: ${{ env.RUFF_BASE_IMG }}
|
|
flavor: |
|
|
latest=false
|
|
tags: |
|
|
${{ env.TAG_PATTERNS }}
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6
|
|
with:
|
|
context: .
|
|
platforms: linux/amd64,linux/arm64
|
|
# We do not really need to cache here as the Dockerfile is tiny
|
|
#cache-from: type=gha,scope=ruff-${{ env.IMAGE_REF }}
|
|
#cache-to: type=gha,mode=min,scope=ruff-${{ env.IMAGE_REF }}
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
annotations: ${{ steps.meta.outputs.annotations }}
|
|
|
|
# This is effectively a duplicate of `docker-publish` to make https://github.com/astral-sh/ruff/pkgs/container/ruff
|
|
# show the ruff base image first since GitHub always shows the last updated image digests
|
|
# This works by annotating the original digests (previously non-annotated) which triggers an update to ghcr.io
|
|
docker-republish:
|
|
name: Annotate Docker image (ghcr.io/astral-sh/ruff)
|
|
runs-on: ubuntu-latest
|
|
environment:
|
|
name: release
|
|
needs:
|
|
- docker-publish-extra
|
|
if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
|
|
steps:
|
|
- name: Download digests
|
|
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
|
|
with:
|
|
path: /tmp/digests
|
|
pattern: digests-*
|
|
merge-multiple: true
|
|
|
|
- uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
|
|
|
|
- name: Extract metadata (tags, labels) for Docker
|
|
id: meta
|
|
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
|
|
env:
|
|
DOCKER_METADATA_ANNOTATIONS_LEVELS: index
|
|
with:
|
|
images: ${{ env.RUFF_BASE_IMG }}
|
|
# Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
|
|
tags: |
|
|
type=pep440,pattern={{ version }},value=${{ fromJson(inputs.plan).announcement_tag }}
|
|
type=pep440,pattern={{ major }}.{{ minor }},value=${{ fromJson(inputs.plan).announcement_tag }}
|
|
|
|
- uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
# Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
|
|
- name: Create manifest list and push
|
|
working-directory: /tmp/digests
|
|
# The readarray part is used to make sure the quoting and special characters are preserved on expansion (e.g. spaces)
|
|
# The jq command expands the docker/metadata json "tags" array entry to `-t tag1 -t tag2 ...` for each tag in the array
|
|
# The printf will expand the base image with the `<RUFF_BASE_IMG>@sha256:<sha256> ...` for each sha256 in the directory
|
|
# The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...`
|
|
run: |
|
|
readarray -t lines <<< "$DOCKER_METADATA_OUTPUT_ANNOTATIONS"; annotations=(); for line in "${lines[@]}"; do annotations+=(--annotation "$line"); done
|
|
|
|
# shellcheck disable=SC2046
|
|
docker buildx imagetools create \
|
|
"${annotations[@]}" \
|
|
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
|
|
$(printf "${RUFF_BASE_IMG}@sha256:%s " *)
|