Skip to content
2 changes: 1 addition & 1 deletion .github/workflows/cache-uv-build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
build-cache:
runs-on: ubuntu-latest
env:
UV_VERSION: '0.9.28'
UV_VERSION: '0.10.2'
PYTHON_VERSION: '3.13'

steps:
Expand Down
39 changes: 17 additions & 22 deletions .github/workflows/docker-build-and-scan.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,6 @@
name: Docker Build and Trivy Scan

on:
push:
branches:
- '**'

workflow_call:
inputs:
DOCKER_PATH_CONTEXT:
Expand All @@ -13,46 +9,45 @@ on:
DOCKER_BUILD_DOCKERFILE:
required: true
type: string
DOCKER_LOAD_BOOL:
required: true
type: boolean
DOCKER_TAGS:
required: true
type: string
DOCKER_LOAD_BOOL:
required: false
type: boolean
default: false
DOCKER_PUSH_BOOL:
required: false
type: boolean
default: false

jobs:
build-and-scan:
runs-on: ubuntu-latest
env:
DOCKER_PATH_CONTEXT: .
DOCKER_BUILD_DOCKERFILE: Dockerfile
DOCKER_LOAD_BOOL: true
DOCKER_TAGS: sample-python-app:${{ github.sha }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v6
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: github.event_name == 'workflow_call'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build (and maybe push) Docker image
uses: docker/build-push-action@v6
with:
context: ${{ github.event_name == 'workflow_call' && inputs.DOCKER_PATH_CONTEXT || env.DOCKER_PATH_CONTEXT }}
file: ${{ github.event_name == 'workflow_call' && inputs.DOCKER_BUILD_DOCKERFILE || env.DOCKER_BUILD_DOCKERFILE }}
load: ${{ github.event_name != 'workflow_call' }}
push: ${{ github.event_name == 'workflow_call' }}
tags: ${{ github.event_name == 'workflow_call' && inputs.DOCKER_TAGS || env.DOCKER_TAGS }}
- name: Run Trivy vulnerability scanner
context: ${{ inputs.DOCKER_PATH_CONTEXT }}
file: ${{ inputs.DOCKER_BUILD_DOCKERFILE}}
load: ${{ inputs.DOCKER_LOAD_BOOL }}
push: ${{ inputs.DOCKER_PUSH_BOOL }}
tags: ${{ inputs.DOCKER_TAGS }}
- name: Run Trivy vulnerability scanner (remote)
uses: aquasecurity/trivy-action@0.33.1
with:
image-ref: ${{ inputs.DOCKER_TAGS || env.DOCKER_TAGS }}
image-ref: docker.io/${{ inputs.DOCKER_TAGS }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pylint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
permissions:
contents: read
env:
UV_VERSION: '0.9.28'
UV_VERSION: '0.10.2'
PYTHON_VERSION: '3.13'

steps:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pytest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
permissions:
contents: read
env:
UV_VERSION: '0.9.28'
UV_VERSION: '0.10.2'
PYTHON_VERSION: '3.13'
steps:
- name: Checkout repository
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
dist_artifacts_name: dist
dist_artifacts_dir: dist
lock_file_artifact: uv.lock
UV_VERSION: '0.9.28'
UV_VERSION: '0.10.2'
PYTHON_VERSION: '3.13'
GITHUB_ACTIONS_AUTHOR_NAME: github-actions
GITHUB_ACTIONS_AUTHOR_EMAIL: actions@users.noreply.github.com
Expand Down Expand Up @@ -77,12 +77,13 @@ jobs:
.venv
key: uv-main-${{ env.UV_VERSION }}-${{ env.PYTHON_VERSION }}-${{ hashFiles('pyproject.toml', 'uv.lock') }}

docker-build-and-scan:
Docker-Release:
uses: ./.github/workflows/docker-build-and-scan.yaml
needs: Semantic-Release
uses: milsman2/python-app-template/.github/workflows/docker-build-and-scan.yaml@main
secrets: inherit
with:
DOCKER_PATH_CONTEXT: .
DOCKER_BUILD_DOCKERFILE: Dockerfile
DOCKER_LOAD_BOOL: true
DOCKER_LOAD_BOOL: false
DOCKER_TAGS: milsman2/sample-python-app:${{ needs.Semantic-Release.outputs.tag }}
DOCKER_PUSH_BOOL: true
16 changes: 16 additions & 0 deletions .github/workflows/run-branch-scan.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: Scan Release Branch with Trivy

on:
push:
branches-ignore:
- main
jobs:
docker-build-and-scan:
uses: ./.github/workflows/docker-build-and-scan.yaml
secrets: inherit
with:
DOCKER_PATH_CONTEXT: .
DOCKER_BUILD_DOCKERFILE: Dockerfile
DOCKER_LOAD_BOOL: true
DOCKER_TAGS: sample-python-app:${{ github.sha }}
DOCKER_PUSH_BOOL: false
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

<!-- version list -->

## v1.5.0 (2026-02-07)

### Features

- Update Docker workflow to include DockerHub login and adjust image tagging
([`f7a2866`](https://github.com/milsman2/python-app-template/commit/f7a286649cbc2d43dd036d8912efabae545ec37a))


## v1.4.0 (2026-02-07)

### Features
Expand Down
6 changes: 3 additions & 3 deletions pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[project]
name = "sample_python_app"
version = "1.4.0"
version = "1.5.0"
description = "Add your description here"
readme = "README.md"
requires-python = ">=3.13"
Expand All @@ -21,10 +21,10 @@ dependencies = [
]

[project.optional-dependencies]
build = ["uv >= 0.9.28"]
build = ["uv >= 0.10.2"]

[build-system]
requires = ["uv_build >= 0.9.28, < 0.10.0"]
requires = ["uv_build >= 0.10.2, < 0.11.0"]
build-backend = "uv_build"

[project.scripts]
Expand Down
Loading
Loading