diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 3f51e33..a42fa03 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -22,15 +22,13 @@ jobs: fail-fast: false matrix: include: - - base-tag: act-latest - python-version: 3.11 + - python-version: 3.12.2 # renovate: python output-tags: | - type=raw,value=3.11 - - base-tag: act-latest - python-version: 3.12 - output-tags: | - type=raw,value=3.12 type=raw,value=latest + type=raw,value=3.12 + - python-version: 3.11.8 # renovate: python + output-tags: | + type=raw,value=3.11 runs-on: ubuntu-latest permissions: @@ -50,6 +48,9 @@ jobs: if: (github.event_name != 'pull_request') && !startsWith(github.ref, 'refs/heads/renovate') uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Setup Docker buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 @@ -79,14 +80,13 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5 with: context: . - platforms: linux/amd64 + platforms: linux/amd64,linux/arm64 push: ${{ (github.event_name != 'pull_request') && !startsWith(github.ref, 'refs/heads/renovate') }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max build-args: | - BASE_TAG=${{ matrix.base-tag }} PYTHON_VERSION=${{ matrix.python-version }} # Sign the resulting Docker image digest except on PRs. diff --git a/Dockerfile b/Dockerfile index ff217d7..b177908 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,29 +1,43 @@ ARG BASE_TAG=act-latest@sha256:efce7c01d75493a457c82c7394d2707119e30becb706ec1865e64c7c820a3c94 FROM catthehacker/ubuntu:${BASE_TAG} +ARG TARGETARCH + # python -# renovate: datasource=custom.setup-python depName=python extractVersion=^(?\d+\.\d+)\.\d+$ -ARG PYTHON_VERSION=3.12 +# renovate: datasource=custom.setup-python depName=python +ARG PYTHON_VERSION=3.12.2 COPY python.sh . RUN ./python.sh && rm python.sh ENV PATH="/python/bin:$PATH" # poetry +# renovate: datasource=github-releases depName=python-poetry/poetry +ARG POETRY_VERSION=1.7.1 ENV POETRY_HOME="/poetry" RUN curl -sSL https://install.python-poetry.org | python3 - ENV PATH="$POETRY_HOME/bin:$PATH" # yq -RUN wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && \ +# renovate: datasource=github-releases depName=mikefarah/yq +ARG YQ_VERSION=v4.41.1 +RUN wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${TARGETARCH} -O /usr/bin/yq && \ chmod +x /usr/bin/yq # rclone -RUN curl https://rclone.org/install.sh | bash +# renovate: datasource=github-releases depName=rclone/rclone +ARG RCLONE_VERSION=v1.65.2 +ENV RCLONE_ARCHIVE=rclone-${RCLONE_VERSION}-linux-${TARGETARCH} +RUN wget https://github.com/rclone/rclone/releases/download/${RCLONE_VERSION}/${RCLONE_ARCHIVE}.zip && \ + unzip ${RCLONE_ARCHIVE}.zip && \ + mv rclone-${RCLONE_VERSION}-linux-${TARGETARCH}/rclone /usr/bin/rclone && \ + rm -rf ${RCLONE_ARCHIVE}* # hugo -# renovate: datasource=github-tags depName=gohugoio/hugo extractVersion=^v?(?.*)$ +# renovate: datasource=github-releases depName=gohugoio/hugo extractVersion=^v?(?.*)$ ARG HUGO_VERSION=0.122.0 -RUN wget https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_linux-amd64.tar.gz && \ - tar -xzf hugo_${HUGO_VERSION}_linux-amd64.tar.gz && \ - mv hugo /usr/bin/hugo && \ - rm hugo_${HUGO_VERSION}_linux-amd64.tar.gz +ENV HUGO_ARCHIVE=hugo_${HUGO_VERSION}_linux-${TARGETARCH} +RUN wget https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/${HUGO_ARCHIVE}.tar.gz && \ + mkdir hugo_release && \ + tar xzf ${HUGO_ARCHIVE}.tar.gz -C hugo_release && \ + mv hugo_release/hugo /usr/bin/hugo && \ + rm -rf ${HUGO_ARCHIVE}* hugo_release diff --git a/python.sh b/python.sh index 9a77f76..661a003 100755 --- a/python.sh +++ b/python.sh @@ -1,20 +1,17 @@ #!/bin/sh -xe - MANIFEST_URL=https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json -LATEST_MINOR=$( - curl $MANIFEST_URL | - jq -r .[].version | - grep $PYTHON_VERSION | - head -n 1 # assuming that the latest minor version is the first one -) +ARCH=$TARGETARCH +if [ "$ARCH" = "amd64" ]; then + ARCH=x64 +fi ARCHIVE_URL=$( curl $MANIFEST_URL | jq -r ".[] - | select(.version == \"${LATEST_MINOR}\") + | select(.version == \"${PYTHON_VERSION}\") | .files[] - | select(.arch == \"x64\" and .platform_version == \"${LSB_RELEASE}\") + | select(.arch == \"${ARCH}\" and .platform_version == \"${LSB_RELEASE}\") | .download_url" ) diff --git a/renovate.json b/renovate.json index 592d3b2..730868d 100644 --- a/renovate.json +++ b/renovate.json @@ -4,6 +4,29 @@ "github>Japan7/renovate-config", "github>Japan7/renovate-config:python" ], + "packageRules": [ + { + "matchFileNames": [".github/workflows/*.yml"], + "matchPackageNames": ["python"], + "major": { + "enabled": false + }, + "minor": { + "enabled": false + } + } + ], + "customManagers": [ + { + "customType": "regex", + "fileMatch": [".*\\.ya?ml$"], + "matchStrings": [ + "(?\\S+) # renovate: python(?: extractVersion=(?\\S+))?" + ], + "depNameTemplate": "python", + "datasourceTemplate": "custom.setup-python" + } + ], "customDatasources": { "setup-python": { "defaultRegistryUrlTemplate": "https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json",