chore(deps): update uv (#162) #780
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # required for upload-sarif action | |
| # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#example-workflow-for-sarif-files-generated-outside-of-a-repository | |
| security-events: write | |
| steps: | |
| - name: Checkout ${{ github.repository }} | |
| uses: actions/[email protected] | |
| with: | |
| persist-credentials: false | |
| - name: Install uv | |
| uses: astral-sh/[email protected] | |
| id: setup-uv | |
| with: | |
| # renovate: datasource=pypi dependency=uv | |
| version: "0.9.16" | |
| - name: Install pre-commit | |
| run: | | |
| uv sync --locked --only-dev | |
| - uses: mschoettle/[email protected] | |
| env: | |
| SKIP: markdownlint-cli2 | |
| - name: Run markdownlint | |
| if: '!cancelled()' | |
| env: | |
| # renovate: datasource=docker depName=davidanson/markdownlint-cli2-rules versioning=semver | |
| MARKDOWNLINT_CLI2_VERSION: v0.19.1 | |
| uses: YannickTeKulve/docker-run-action@37eb44806428df732c5cc168b96f2b6be8153632 | |
| with: | |
| image: davidanson/markdownlint-cli2-rules:${{ env.MARKDOWNLINT_CLI2_VERSION }} | |
| # node user does not have permissions to workspace due to user id mismatch | |
| options: -v ${{ github.workspace }}:/workdir --user root | |
| # don't fail step if there are violations | |
| run: markdownlint-cli2 --config .github/markdownlint/.markdownlint-cli2.yaml "**/*.md" | |
| - name: Run the production stack | |
| run: docker compose up --build -d | |
| - name: Check | |
| run: uv run --script .github/redirects/check_redirects.py | |
| - name: Stop production stack | |
| run: docker compose down | |
| build: | |
| # https://docs.github.com/en/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners#standard-github-hosted-runners-for-public-repositories | |
| runs-on: ubuntu-24.04-arm | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/[email protected] | |
| with: | |
| persist-credentials: false | |
| lfs: true | |
| # fetch the full git history to be able to determine creation dates for pages | |
| # see: https://github.com/timvink/mkdocs-git-revision-date-localized-plugin?tab=readme-ov-file#note-when-using-build-environments | |
| fetch-depth: 0 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/[email protected] | |
| if: github.event_name != 'pull_request' | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| - name: Validate build configuration | |
| uses: docker/[email protected] | |
| with: | |
| call: check | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/[email protected] | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Build Docker image | |
| uses: docker/[email protected] | |
| with: | |
| # use path context to make .git available in build | |
| # https://github.com/docker/build-push-action?tab=readme-ov-file#git-context | |
| context: . | |
| platforms: linux/arm64 | |
| # load image into docker to test it in the next step | |
| load: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # https://docs.docker.com/build/ci/github-actions/cache/#github-cache | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Test image | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| run: docker run --rm "${TAGS}" --version | |
| - name: Push Docker image | |
| uses: docker/[email protected] | |
| with: | |
| # use path context to make .git available in build | |
| # https://github.com/docker/build-push-action?tab=readme-ov-file#git-context | |
| context: . | |
| platforms: linux/arm64 | |
| # only push to the registry when it is not a PR (i.e., main branch) | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # https://docs.docker.com/build/ci/github-actions/cache/#github-cache | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| deploy: | |
| uses: ./.github/workflows/cd.yml | |
| if: success() && github.ref == 'refs/heads/main' | |
| needs: | |
| - lint | |
| - build | |
| secrets: | |
| SSH_HOST: ${{ secrets.SSH_HOST }} | |
| SSH_PORT: ${{ secrets.SSH_PORT }} | |
| SSH_USER: ${{ secrets.SSH_USER }} | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} |