Merge branch 'main' into dependabot/uv/uv-build-gte-0.9.28-and-lt-0.11.0

Author: milsman2

.github/workflows/cache-uv-build.yaml

@@ -13,7 +13,7 @@ jobs:
   build-cache:
     runs-on: ubuntu-latest
     env:
-      UV_VERSION: '0.9.28'
+      UV_VERSION: '0.10.2'
       PYTHON_VERSION: '3.13'
 
     steps:

.github/workflows/docker-build-and-scan.yaml

@@ -1,10 +1,6 @@
 name: Docker Build and Trivy Scan
 
 on:
-  push:
-    branches:
-      - '**'
-
   workflow_call:
     inputs:
       DOCKER_PATH_CONTEXT:
@@ -13,46 +9,45 @@ on:
       DOCKER_BUILD_DOCKERFILE:
         required: true
         type: string
-      DOCKER_LOAD_BOOL:
-        required: true
-        type: boolean
       DOCKER_TAGS:
         required: true
         type: string
+      DOCKER_LOAD_BOOL:
+        required: false
+        type: boolean
+        default: false
+      DOCKER_PUSH_BOOL:
+        required: false
+        type: boolean
+        default: false
 
 jobs:
   build-and-scan:
     runs-on: ubuntu-latest
-    env:
-      DOCKER_PATH_CONTEXT: .
-      DOCKER_BUILD_DOCKERFILE: Dockerfile
-      DOCKER_LOAD_BOOL: true
-      DOCKER_TAGS: sample-python-app:${{ github.sha }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
-        if: github.event_name == 'workflow_call'
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build (and maybe push) Docker image
         uses: docker/build-push-action@v6
         with:
-          context: ${{ github.event_name == 'workflow_call' && inputs.DOCKER_PATH_CONTEXT || env.DOCKER_PATH_CONTEXT }}
-          file: ${{ github.event_name == 'workflow_call' && inputs.DOCKER_BUILD_DOCKERFILE || env.DOCKER_BUILD_DOCKERFILE }}
-          load: ${{ github.event_name != 'workflow_call' }}
-          push: ${{ github.event_name == 'workflow_call' }}
-          tags: ${{ github.event_name == 'workflow_call' && inputs.DOCKER_TAGS || env.DOCKER_TAGS }}
-      - name: Run Trivy vulnerability scanner
+          context: ${{  inputs.DOCKER_PATH_CONTEXT }}
+          file: ${{  inputs.DOCKER_BUILD_DOCKERFILE}}
+          load: ${{ inputs.DOCKER_LOAD_BOOL }}
+          push: ${{ inputs.DOCKER_PUSH_BOOL }}
+          tags: ${{  inputs.DOCKER_TAGS }}
+      - name: Run Trivy vulnerability scanner (remote)
         uses: aquasecurity/trivy-action@0.33.1
         with:
-          image-ref: ${{ inputs.DOCKER_TAGS || env.DOCKER_TAGS }}
+          image-ref: docker.io/${{ inputs.DOCKER_TAGS }}
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true

.github/workflows/pylint.yaml

@@ -11,7 +11,7 @@ jobs:
     permissions:
       contents: read
     env:
-      UV_VERSION: '0.9.28'
+      UV_VERSION: '0.10.2'
       PYTHON_VERSION: '3.13'
 
     steps:

.github/workflows/pytest.yaml

@@ -11,7 +11,7 @@ jobs:
     permissions:
       contents: read
     env:
-      UV_VERSION: '0.9.28'
+      UV_VERSION: '0.10.2'
       PYTHON_VERSION: '3.13'
     steps:
       - name: Checkout repository

.github/workflows/release.yaml

@@ -19,7 +19,7 @@ jobs:
       dist_artifacts_name: dist
       dist_artifacts_dir: dist
       lock_file_artifact: uv.lock
-      UV_VERSION: '0.9.28'
+      UV_VERSION: '0.10.2'
       PYTHON_VERSION: '3.13'
       GITHUB_ACTIONS_AUTHOR_NAME: github-actions
       GITHUB_ACTIONS_AUTHOR_EMAIL: actions@users.noreply.github.com
@@ -77,12 +77,13 @@ jobs:
             .venv
           key: uv-main-${{ env.UV_VERSION }}-${{ env.PYTHON_VERSION }}-${{ hashFiles('pyproject.toml', 'uv.lock') }}
 
-  docker-build-and-scan:
+  Docker-Release:
+    uses: ./.github/workflows/docker-build-and-scan.yaml
     needs: Semantic-Release
-    uses: milsman2/python-app-template/.github/workflows/docker-build-and-scan.yaml@main
     secrets: inherit
     with:
       DOCKER_PATH_CONTEXT: .
       DOCKER_BUILD_DOCKERFILE: Dockerfile
-      DOCKER_LOAD_BOOL: true
+      DOCKER_LOAD_BOOL: false
       DOCKER_TAGS: milsman2/sample-python-app:${{ needs.Semantic-Release.outputs.tag }}
+      DOCKER_PUSH_BOOL: true

.github/workflows/run-branch-scan.yaml

@@ -0,0 +1,16 @@
+name: Scan Release Branch with Trivy
+
+on:
+  push:
+    branches-ignore:
+      - main
+jobs:
+  docker-build-and-scan:
+    uses: ./.github/workflows/docker-build-and-scan.yaml
+    secrets: inherit
+    with:
+      DOCKER_PATH_CONTEXT: .
+      DOCKER_BUILD_DOCKERFILE: Dockerfile
+      DOCKER_LOAD_BOOL: true
+      DOCKER_TAGS: sample-python-app:${{ github.sha }}
+      DOCKER_PUSH_BOOL: false

pyproject.toml

@@ -21,7 +21,7 @@ dependencies = [
 ]
 
 [project.optional-dependencies]
-build = ["uv >= 0.9.28"]
+build = ["uv >= 0.10.2"]
 
 [build-system]
 requires = ["uv_build>=0.9.28,<0.11.0"]