Skip to content

Commit 2599a04

Browse files
raballewclaude
andcommitted
fix: drop container image digest pinning and bump Fedora to 44
Most container registries prune untagged manifests within weeks, so pinned digests break reproducibility instead of guaranteeing it and force an unsustainable biweekly update cycle. Disable pinDigests in Renovate while keeping GitHub Action commit-SHA pinning via helpers:pinGitHubActionDigests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 1cebbd0 commit 2599a04

16 files changed

Lines changed: 95 additions & 30 deletions

File tree

.devcontainer/Dockerfile

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,10 @@ ENV UV_LINK_MODE=copy
55

66
WORKDIR /opt
77

8-
COPY --from=ghcr.io/astral-sh/uv:0.11.19 /uv /bin/uv
9-
COPY --from=ghcr.io/astral-sh/uv:0.11.19 /uvx /bin/uvx
8+
COPY .uv-version /tmp/.uv-version
9+
RUN curl -LsSf "https://astral.sh/uv/$(cat /tmp/.uv-version)/install.sh" | sh && \
10+
mv /root/.local/bin/uv /bin/uv && mv /root/.local/bin/uvx /bin/uvx
1011
COPY ./.py-version ./.python-version
1112

1213
# Install required tools for development
13-
RUN apt-get update && apt-get install -y iperf3 libusb-dev
14+
RUN apt-get update && apt-get install -y iperf3 libusb-dev

.github/workflows/build-images.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ jobs:
5959
- image_name: jumpstarter-dev/jumpstarter-dev
6060
label: jumpstarter-dev
6161
dockerfile: python/.devfile/Containerfile
62-
context: python
62+
context: .
6363
- image_name: jumpstarter-dev/jumpstarter-devspace
6464
label: jumpstarter-devspace
6565
dockerfile: python/.devfile/Containerfile.client

.github/workflows/build-oci-bundle.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ on:
66
jobs:
77
build-fits:
88
runs-on: ubuntu-24.04-arm
9-
container: fedora:43
9+
container: fedora:44
1010
steps:
1111
- name: Checkout repository
1212
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6

.github/workflows/documentation.yaml

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -45,10 +45,12 @@ jobs:
4545
fetch-depth: 0
4646
fetch-tags: true
4747

48+
- id: uv
49+
run: echo "version=$(cat .uv-version)" >> "$GITHUB_OUTPUT"
4850
- name: Install uv
4951
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
5052
with:
51-
version: "0.11.6"
53+
version: ${{ steps.uv.outputs.version }}
5254
python-version-file: .py-version
5355

5456
- name: Setup Pages
@@ -81,10 +83,12 @@ jobs:
8183
fetch-depth: 0
8284
fetch-tags: true
8385

86+
- id: uv
87+
run: echo "version=$(cat .uv-version)" >> "$GITHUB_OUTPUT"
8488
- name: Install uv
8589
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
8690
with:
87-
version: "0.11.6"
91+
version: ${{ steps.uv.outputs.version }}
8892
python-version-file: .py-version
8993

9094
- name: Verify generated gRPC docs are up to date
@@ -103,10 +107,12 @@ jobs:
103107
fetch-depth: 0
104108
fetch-tags: true
105109

110+
- id: uv
111+
run: echo "version=$(cat .uv-version)" >> "$GITHUB_OUTPUT"
106112
- name: Install uv
107113
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
108114
with:
109-
version: "0.11.6"
115+
version: ${{ steps.uv.outputs.version }}
110116
python-version-file: .py-version
111117

112118
- name: Check documentation links

.github/workflows/e2e.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,9 +144,12 @@ jobs:
144144
with:
145145
fetch-depth: 0
146146

147+
- id: uv
148+
run: echo "version=$(cat .uv-version)" >> "$GITHUB_OUTPUT"
147149
- name: Install uv
148150
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
149151
with:
152+
version: ${{ steps.uv.outputs.version }}
150153
python-version-file: .py-version
151154

152155
- name: Cache python wheels
@@ -187,9 +190,12 @@ jobs:
187190
- name: Checkout repository
188191
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
189192

193+
- id: uv
194+
run: echo "version=$(cat .uv-version)" >> "$GITHUB_OUTPUT"
190195
- name: Install uv
191196
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
192197
with:
198+
version: ${{ steps.uv.outputs.version }}
193199
python-version-file: .py-version
194200

195201
- name: Install Go
@@ -245,9 +251,12 @@ jobs:
245251
- name: Checkout repository
246252
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
247253

254+
- id: uv
255+
run: echo "version=$(cat .uv-version)" >> "$GITHUB_OUTPUT"
248256
- name: Install uv
249257
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
250258
with:
259+
version: ${{ steps.uv.outputs.version }}
251260
python-version-file: .py-version
252261

253262
- name: Install Go
@@ -281,9 +290,12 @@ jobs:
281290
- name: Checkout repository
282291
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
283292

293+
- id: uv
294+
run: echo "version=$(cat .uv-version)" >> "$GITHUB_OUTPUT"
284295
- name: Install uv
285296
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
286297
with:
298+
version: ${{ steps.uv.outputs.version }}
287299
python-version-file: .py-version
288300

289301
- name: Install Go

.github/workflows/lint.yaml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
- 'python/**'
3939
- '.github/workflows/lint.yaml'
4040
renovate:
41-
- 'renovate.json'
41+
- 'renovate.jsonc'
4242
- '.github/workflows/lint.yaml'
4343
4444
lint-go:
@@ -94,10 +94,12 @@ jobs:
9494
steps:
9595
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
9696

97+
- id: uv
98+
run: echo "version=$(cat .uv-version)" >> "$GITHUB_OUTPUT"
9799
- name: Install uv
98100
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
99101
with:
100-
version: "0.11.19"
102+
version: ${{ steps.uv.outputs.version }}
101103
python-version-file: .py-version
102104

103105
- name: Run ty

.github/workflows/python-tests.yaml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,10 +53,12 @@ jobs:
5353
with:
5454
fetch-depth: 0
5555

56-
- name: Install the latest version of uv
56+
- id: uv
57+
run: echo "version=$(cat .uv-version)" >> "$GITHUB_OUTPUT"
58+
- name: Install uv
5759
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
5860
with:
59-
version: "0.11.19"
61+
version: ${{ steps.uv.outputs.version }}
6062
python-version: ${{ matrix.python-version }}
6163

6264
- name: Install Qemu (Linux)

.uv-version

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
0.11.19

e2e/compat/setup.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ install_dependencies() {
5858

5959
if ! command -v uv &> /dev/null; then
6060
log_info "Installing uv..."
61-
curl -LsSf https://astral.sh/uv/install.sh | sh
61+
curl -LsSf "https://astral.sh/uv/$(cat "$REPO_ROOT/.uv-version")/install.sh" | sh
6262
export PATH="$HOME/.cargo/bin:$PATH"
6363
fi
6464

e2e/setup-e2e.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ install_dependencies() {
4343
# Install uv if not already installed
4444
if ! command -v uv &> /dev/null; then
4545
log_info "Installing uv..."
46-
curl -LsSf https://astral.sh/uv/install.sh | sh
46+
curl -LsSf "https://astral.sh/uv/$(cat "$REPO_ROOT/.uv-version")/install.sh" | sh
4747
export PATH="$HOME/.cargo/bin:$PATH"
4848
fi
4949

0 commit comments

Comments
 (0)