ci(api): simplify SDK release pin to a single uv lock --upgrade-package (#11287)

This commit is contained in:
César Arroba
2026-05-21 13:56:31 +02:00
committed by GitHub
parent a28f4994a8
commit ab69f3b665
+7 -29
View File
@@ -133,37 +133,15 @@ jobs:
with:
persist-credentials: false
- name: Pin prowler SDK to latest master commit and refresh lockfile
if: github.event_name == 'push'
- name: Refresh prowler SDK pin to current branch tip
run: |
set -e
LATEST_SHA=$(git ls-remote https://github.com/prowler-cloud/prowler.git refs/heads/master | cut -f1)
sed -i "s|prowler-cloud/prowler.git@master|prowler-cloud/prowler.git@${LATEST_SHA}|" api/pyproject.toml
# Refresh api/uv.lock so it matches the pinned SHA above; the API
# Dockerfile runs `uv sync --locked`, which aborts on any drift
# between pyproject.toml and uv.lock.
# api/pyproject.toml has `@master` on master and `@v5.X` on release
# branches (set by prepare-release.yml). uv lock --upgrade-package
# re-resolves whichever ref is present against the current branch tip
# and writes the SHA into api/uv.lock. The Dockerfile runs
# `uv sync --locked`, which is what actually drives the install.
pip install --no-cache-dir "uv==0.11.14"
(cd api && uv lock)
- name: Pin prowler SDK to latest release branch (v5.Y) commit and refresh lockfile
if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
run: |
set -e
# RELEASE_TAG looks like "5.14.0"; the SDK release branch is "v5.14".
VERSION="${RELEASE_TAG#v}"
VERSION_BRANCH="v$(echo "${VERSION}" | cut -d. -f1,2)"
LATEST_SHA=$(git ls-remote https://github.com/prowler-cloud/prowler.git "refs/heads/${VERSION_BRANCH}" | cut -f1)
if [ -z "${LATEST_SHA}" ]; then
echo "ERROR: release branch ${VERSION_BRANCH} not found in prowler-cloud/prowler"
exit 1
fi
echo "Pinning SDK to ${VERSION_BRANCH}@${LATEST_SHA}"
sed -i "s|prowler-cloud/prowler.git@master|prowler-cloud/prowler.git@${LATEST_SHA}|" api/pyproject.toml
# Refresh api/uv.lock so it matches the pinned SHA above; the API
# Dockerfile runs `uv sync --locked`, which aborts on any drift
# between pyproject.toml and uv.lock.
pip install --no-cache-dir "uv==0.11.14"
(cd api && uv lock)
(cd api && uv lock --upgrade-package prowler)
- name: Login to DockerHub
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0