chore(deps): update from template

Author: helmut-hoffer-von-ankershoffen

.copier-answers.yml

@@ -1,4 +1,4 @@
-_commit: v0.15.23
+_commit: v0.15.26
 _src_path: gh:helmut-hoffer-von-ankershoffen/oe-python-template
 attestations_enabled: true
 author_email: helmuthva@gmail.com

.dockerignore

@@ -93,4 +93,4 @@ docker-compose.yml
 profile.json
 profile.html
 
-# Application specific
+# Application specific

.github/workflows/_docker-publish.yml

@@ -36,63 +36,107 @@ jobs:
       - name: Log in to Docker Hub
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
-          username: ${{ secrets.DOCKER_IO_USERNAME }}
-          password: ${{ secrets.DOCKER_IO_PASSWORD }}
 
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
-      - name: Log in to GitHub Container Registry
+
+
+      - name: Log in to GitHub container registry
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
-          username: ${{ github.repository_owner }}
+
+          username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Extract metadata for Docker
-        id: meta
-        uses: docker/metadata-action@38b8a86137171c128513e9be0b97bc476fbffcb5 # v5.6.0
+
+      - name: "(all target): Extract metadata (tags, labels) for Docker"
+        id: meta-all
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
-          images: |
-            ghcr.io/helmut-hoffer-von-ankershoffen/oe-python-template-example
 
+
+          images: |
             ${{ env.DOCKER_IO_IMAGE_NAME_ALL }}
+            ghcr.io/${{ github.repository }}
+
+
 
-          flavor: |
-            latest=auto
-            prefix=
-            suffix=
           tags: |
-            type=semver,pattern=v
-            type=semver,pattern=v.
-            type=semver,pattern=v
+            # set latest tag for releases
+            type=raw,value=latest
+            # set semver tags from git tags (v1.2.3 -> 1.2.3, 1.2, 1)
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+
+      - name: "(slim target): Extract metadata (tags, labels) for Docker"
+        id: meta-slim
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        with:
+
+
+          images: |
+            ${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}
+            ghcr.io/${{ github.repository }}-slim
+
+
+
+          tags: |
+            # set latest tag for releases
+            type=raw,value=latest
+            # set semver tags from git tags (v1.2.3 -> 1.2.3, 1.2, 1)
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+
 
-      - name: Build and push Docker image (all)
-        uses: docker/build-push-action@e6ef1f314e8a75f35e85dbd71ebe08d4b3005fc8 # v6.2.0
+      - name: "(all target): Build and push Docker image"
+        id: build-and-push-all
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64
+          file: ./Dockerfile
           target: all
-          provenance: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta-all.outputs.tags }}
+          labels: ${{ steps.meta-all.outputs.labels }}
+
 
-      - name: Build and push Docker image (slim)
-        uses: docker/build-push-action@e6ef1f314e8a75f35e85dbd71ebe08d4b3005fc8 # v6.2.0
+
+      - name: "(slim target): Build and push Docker image"
+        id: build-and-push-slim
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .
+          file: ./Dockerfile
+          target: slim
+          platforms: linux/amd64,linux/arm64
           push: true
-          tags: |
-            ghcr.io/helmut-hoffer-von-ankershoffen/oe-python-template-example-slim:latest
-            ghcr.io/helmut-hoffer-von-ankershoffen/oe-python-template-example-slim:${{ github.ref_name }}
+          tags: ${{ steps.meta-slim.outputs.tags }}
+          labels: ${{ steps.meta-slim.outputs.labels }}
 
-            ${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}:latest
-            ${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}:${{ github.ref_name }}
 
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64
-          target: slim
-          provenance: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+
+
+
+      - name: "(all target): Generate artifact attestation"
+        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
+        with:
+          subject-name: ${{ env.DOCKER_IO_REGISTRY }}/${{ env.DOCKER_IO_IMAGE_NAME_ALL }}
+          subject-digest: ${{ steps.build-and-push-all.outputs.digest }}
+          push-to-registry: true
+
+
+
+
+      - name: "(slim target): Generate artifact attestation"
+        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
+        with:
+          subject-name: ${{ env.DOCKER_IO_REGISTRY }}/${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}
+          subject-digest: ${{ steps.build-and-push-slim.outputs.digest }}
+          push-to-registry: true

.github/workflows/_install_dev_tools_project.bash

@@ -13,4 +13,4 @@ log "Starting installation of development tools specific to OE Python Template E
 # Add your project specific installation commands below
 # sudo apt-get install --no-install-recommends -y YOUR_PACKAGE
 
-log "Completed installation of development tools specific to OE Python Template Example."
+log "Completed installation of development tools specific to OE Python Template Example."

.github/workflows/_package-publish.yml

@@ -6,7 +6,6 @@ on:
 
 jobs:
   package_publish:
-    environment: release
     runs-on: ubuntu-latest
     permissions:
       contents: write

.github/workflows/_vercel-preview.yml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   deploy-preview:
-    if: (!contains(github.event.head_commit.message, '[skip ci]'))
+    environment: Preview
     runs-on: ubuntu-latest
     permissions:
       contents: read

.github/workflows/_vercel-production.yml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   deploy-production:
-    if: (!contains(github.event.head_commit.message, '[skip ci]'))
+    environment: Production
     runs-on: ubuntu-latest
     permissions:
       contents: read

.github/workflows/ci-cd.yml

@@ -13,7 +13,9 @@ on:
     types: [created]
 
 jobs:
+
   lint:
+    if: (!contains(github.event.head_commit.message, '[skip ci]'))
     uses: ./.github/workflows/_lint.yml
     permissions:
       contents: read
@@ -22,6 +24,7 @@ jobs:
     secrets: inherit
 
   audit:
+    if: (!contains(github.event.head_commit.message, '[skip ci]'))
     uses: ./.github/workflows/_audit.yml
     permissions:
       contents: read
@@ -30,17 +33,18 @@ jobs:
     secrets: inherit
 
   test:
+    if: (!contains(github.event.head_commit.message, '[skip ci]'))
+    uses: ./.github/workflows/_test.yml
     permissions:
       attestations: write
       contents: read
       id-token: write
       packages: write
     secrets: inherit
-    uses: ./.github/workflows/_test.yml
 
 
   codeql:
-    if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') || (github.event_name == 'pull_request' && github.base_ref == 'main'))
+    if: (!contains(github.event.head_commit.message, '[skip ci]'))
     uses: ./.github/workflows/_codeql.yml
     permissions:
       actions: read
@@ -54,8 +58,8 @@ jobs:
 
     needs: [lint, audit, test, codeql]
 
-    if: (startsWith(github.ref, 'refs/tags/v'))
     uses: ./.github/workflows/_package-publish.yml
+    if: (startsWith(github.ref, 'refs/tags/v') && (!contains(github.event.head_commit.message, '[skip ci]')))
     permissions:
       contents: write
       packages: read
@@ -65,7 +69,7 @@ jobs:
 
     needs: [lint, audit, test, codeql]
 
-    if: (startsWith(github.ref, 'refs/tags/v'))
+    if: (startsWith(github.ref, 'refs/tags/v') && (!contains(github.event.head_commit.message, '[skip ci]')))
     uses: ./.github/workflows/_docker-publish.yml
     permissions:
       attestations: write
@@ -79,7 +83,7 @@ jobs:
 
     needs: [lint, audit, test, codeql]
 
-    if: (!contains(github.event.head_commit.message, '[skip ci]'))
+    if: (!(startsWith(github.ref, 'refs/tags/v') || (github.event_name == 'release')) && !contains(github.event.head_commit.message, '[skip ci]'))  
     uses: ./.github/workflows/_vercel-preview.yml
     permissions:
       contents: read
@@ -91,7 +95,7 @@ jobs:
 
     needs: [lint, audit, test, codeql]
 
-    if: (startsWith(github.ref, 'refs/tags/v') || github.event_name == 'release') && !contains(github.event.head_commit.message, '[skip ci]')
+    if: ((startsWith(github.ref, 'refs/tags/v') || (github.event_name == 'release')) && (!contains(github.event.head_commit.message, '[skip ci]')))
     uses: ./.github/workflows/_vercel-production.yml
     permissions:
       contents: read

.github/workflows/test-scheduled.yml

@@ -11,4 +11,3 @@ jobs:
       contents: read
       id-token: write
     secrets: inherit
-

ATTRIBUTIONS.md

@@ -12189,7 +12189,7 @@ License: LGPL-2.1-or-later
 
 ```
 
-## oe-python-template-example (0.4.13) - MIT License
+## oe-python-template-example (0.4.14) - MIT License
 
 🧠 Example project scaffolded and kept up to date with OE Python Template (oe-python-template).