mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
ci(api): simplify SDK release pin to a single uv lock --upgrade-package (#11287)
This commit is contained in:
@@ -133,37 +133,15 @@ jobs:
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: Pin prowler SDK to latest master commit and refresh lockfile
|
||||
if: github.event_name == 'push'
|
||||
- name: Refresh prowler SDK pin to current branch tip
|
||||
run: |
|
||||
set -e
|
||||
LATEST_SHA=$(git ls-remote https://github.com/prowler-cloud/prowler.git refs/heads/master | cut -f1)
|
||||
sed -i "s|prowler-cloud/prowler.git@master|prowler-cloud/prowler.git@${LATEST_SHA}|" api/pyproject.toml
|
||||
# Refresh api/uv.lock so it matches the pinned SHA above; the API
|
||||
# Dockerfile runs `uv sync --locked`, which aborts on any drift
|
||||
# between pyproject.toml and uv.lock.
|
||||
# api/pyproject.toml has `@master` on master and `@v5.X` on release
|
||||
# branches (set by prepare-release.yml). uv lock --upgrade-package
|
||||
# re-resolves whichever ref is present against the current branch tip
|
||||
# and writes the SHA into api/uv.lock. The Dockerfile runs
|
||||
# `uv sync --locked`, which is what actually drives the install.
|
||||
pip install --no-cache-dir "uv==0.11.14"
|
||||
(cd api && uv lock)
|
||||
|
||||
- name: Pin prowler SDK to latest release branch (v5.Y) commit and refresh lockfile
|
||||
if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
|
||||
run: |
|
||||
set -e
|
||||
# RELEASE_TAG looks like "5.14.0"; the SDK release branch is "v5.14".
|
||||
VERSION="${RELEASE_TAG#v}"
|
||||
VERSION_BRANCH="v$(echo "${VERSION}" | cut -d. -f1,2)"
|
||||
LATEST_SHA=$(git ls-remote https://github.com/prowler-cloud/prowler.git "refs/heads/${VERSION_BRANCH}" | cut -f1)
|
||||
if [ -z "${LATEST_SHA}" ]; then
|
||||
echo "ERROR: release branch ${VERSION_BRANCH} not found in prowler-cloud/prowler"
|
||||
exit 1
|
||||
fi
|
||||
echo "Pinning SDK to ${VERSION_BRANCH}@${LATEST_SHA}"
|
||||
sed -i "s|prowler-cloud/prowler.git@master|prowler-cloud/prowler.git@${LATEST_SHA}|" api/pyproject.toml
|
||||
# Refresh api/uv.lock so it matches the pinned SHA above; the API
|
||||
# Dockerfile runs `uv sync --locked`, which aborts on any drift
|
||||
# between pyproject.toml and uv.lock.
|
||||
pip install --no-cache-dir "uv==0.11.14"
|
||||
(cd api && uv lock)
|
||||
(cd api && uv lock --upgrade-package prowler)
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
|
||||
|
||||
Reference in New Issue
Block a user