Copier update: base image

.copier-answers.yml

@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier
-_commit: v0.0.93
+_commit: v0.0.94
 _src_path: gh:LabAutomationAndScreening/copier-base-template.git
 description: Managing Central Infrastructure of an AWS Organization
 install_claude_cli: false

.devcontainer/Dockerfile

@@ -1,19 +1,22 @@
 # base image tags available at https://mcr.microsoft.com/v2/devcontainers/universal/tags/list
 # added the platform flag to override any local settings since this image is only compatible with linux/amd64. since this image is only x64 compatible, suppressing the hadolint rule
 # hadolint ignore=DL3029
-FROM --platform=linux/amd64 mcr.microsoft.com/devcontainers/universal:2.13.1-focal
+FROM --platform=linux/amd64 mcr.microsoft.com/devcontainers/universal:5.1.1-noble
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
+# temporary hack until yarn updates its GPG key
+RUN rm /etc/apt/sources.list.d/yarn.list || true
+
 RUN apt-get update -y && apt-get install -y \
-    "bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.10' | head -n 1)" --no-install-recommends \
+    "bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" --no-install-recommends \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
 # Create the venv folder and set permissions for anyone to modify---this is necessary to be able to break out the venv folder as a separate docker volume for better performance on Windows hosts
 ARG REPO_NAME=copier-base-template
 ENV VENV_PATH=/workspaces/${REPO_NAME}/.venv
-RUN mkdir -p /workspace && \
+RUN mkdir -p /workspaces && \
     mkdir -p ${VENV_PATH} && \
     chmod -R 777 /workspaces ${VENV_PATH} && \
     chgrp -R 0 /workspaces ${VENV_PATH}

.devcontainer/devcontainer.json

@@ -16,7 +16,7 @@
       "extensions": [
         // basic tooling
         // "eamodio.gitlens@15.5.1",
-        "coderabbit.coderabbit-vscode@0.16.4",
+        "coderabbit.coderabbit-vscode@0.16.6",
         "ms-vscode.live-server@0.5.2025051301",
         "MS-vsliveshare.vsliveshare@1.0.5905",
         "github.copilot@1.388.0",
@@ -58,5 +58,5 @@
   "initializeCommand": "sh .devcontainer/initialize-command.sh",
   "onCreateCommand": "sh .devcontainer/on-create-command.sh",
   "postStartCommand": "sh .devcontainer/post-start-command.sh"
-  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 3a22f18d # spellchecker:disable-line
+  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 7391afa0 # spellchecker:disable-line
 }

.devcontainer/install-ci-tooling.py

@@ -7,11 +7,11 @@
 import tempfile
 from pathlib import Path
 
-UV_VERSION = "0.9.21"
-PNPM_VERSION = "10.27.0"
-COPIER_VERSION = "==9.11.0"
+UV_VERSION = "0.9.26"
+PNPM_VERSION = "10.28.1"
+COPIER_VERSION = "==9.11.2"
 COPIER_TEMPLATE_EXTENSIONS_VERSION = "==0.3.3"
-PRE_COMMIT_VERSION = "4.5.0"
+PRE_COMMIT_VERSION = "4.5.1"
 GITHUB_WINDOWS_RUNNER_BIN_PATH = r"C:\Users\runneradmin\.local\bin"
 INSTALL_SSM_PLUGIN_BY_DEFAULT = False
 parser = argparse.ArgumentParser(description="Install CI tooling for the repo")

.github/actions/install_deps/action.yml

@@ -58,13 +58,13 @@ runs:
 
     - name: Setup python
       if: ${{ inputs.python-version != 'notUsing' }}
-      uses: actions/setup-python@v6.1.0
+      uses: actions/setup-python@v6.2.0
       with:
         python-version: ${{ env.PYTHON_VERSION }}
 
     - name: Setup node
       if: ${{ inputs.node-version != 'notUsing' }}
-      uses: actions/setup-node@v6.1.0
+      uses: actions/setup-node@v6.2.0
       with:
         node-version: ${{ inputs.node-version }}
 

.github/reusable_workflows/build-docker-image.yaml

@@ -156,7 +156,7 @@ jobs:
 
       - name: Upload Docker Image Artifact
         if: ${{ inputs.save-as-artifact }}
-        uses: actions/upload-artifact@v5.0.0
+        uses: actions/upload-artifact@v6.0.0
         with:
           name: ${{ steps.calculate-build-context-hash.outputs.image_name_no_slashes }}
           path: ${{ steps.calculate-build-context-hash.outputs.image_name_no_slashes }}.tar

.github/workflows/ci.yaml

@@ -111,7 +111,7 @@ jobs:
         timeout-minutes: 8  # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it
 
       - name: Cache Pre-commit hooks
-        uses: actions/cache@v4.3.0
+        uses: actions/cache@v5.0.2
         env:
           cache-name: cache-pre-commit-hooks
         with:

.github/workflows/pre-commit.yaml

@@ -59,7 +59,7 @@ jobs:
         timeout-minutes: 8  # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it
 
       - name: Cache Pre-commit hooks
-        uses: actions/cache@v4.3.0
+        uses: actions/cache@v5.0.2
         env:
           cache-name: cache-pre-commit-hooks
         with:

copier.yml

@@ -1,3 +1,9 @@
+# Questions specific to this template
+
+
+
+
+
 # Questions managed by upstream template
 repo_name:
     type: str
@@ -27,6 +33,11 @@ ssh_port_number:
     # Pick a random port, but ensure it's not in the excluded port range on Windows (powershell: `netsh int ipv4 show excludedportrange protocol=tcp`)
     default: "{{ ( (range(49152, 49752)   | list) + (range(49852, 50000)   | list) + (range(50060, 50160)   | list) + (range(50160, 50260)   | list) + (range(50260, 50360)   | list) + (range(50914, 51014)   | list) + (range(51114, 51214)   | list) + (range(51214, 51314)   | list) + (range(51314, 51414)   | list) + (range(51623, 51723)   | list) + (range(51723, 51823)   | list) + (range(65269, 65369)   | list) + (range(65369, 65469)   | list) ) | random }}"
 
+pull_from_ecr:
+    type: bool
+    help: Will you need to pull images from a central AWS Elastic Container Registry?
+    default: no
+
 use_windows_in_ci:
     type: bool
     help: Should CI in the instantiated template also use Windows runners?
@@ -51,24 +62,24 @@ python_package_registry:
 aws_identity_center_id:
     type: str
     help: What's the ID of your Organization's AWS Identity center, e.g. d-9145c20053?
-    when: "{{ python_package_registry == 'AWS CodeArtifact' or install_aws_ssm_port_forwarding_plugin or True }}"
+    when: "{{ python_package_registry == 'AWS CodeArtifact' or install_aws_ssm_port_forwarding_plugin or pull_from_ecr or True }}"
 
 aws_org_home_region:
     type: str
     help: What is the home region of the AWS Organization (where all of the central infrastructure is deployed)?
     default: us-east-1
-    when: "{{ python_package_registry == 'AWS CodeArtifact' or install_aws_ssm_port_forwarding_plugin or True }}"
+    when: "{{ python_package_registry == 'AWS CodeArtifact' or install_aws_ssm_port_forwarding_plugin or pull_from_ecr or True }}"
 
 aws_central_infrastructure_account_id:
     type: str
     help: What's the ID of your Organization's AWS Account containing Central Infrastructure (e.g. CodeArtifact)?
-    when: "{{ python_package_registry == 'AWS CodeArtifact' }}"
+    when: "{{ python_package_registry == 'AWS CodeArtifact' or pull_from_ecr }}"
     default: "000000000000"
 
 core_infra_base_access_profile_name:
     type: str
     help: What's the AWS Identity Center Profile name for base access to the Central Infrastructure account (i.e. to read from CodeArtifact)?
-    when: "{{ python_package_registry == 'AWS CodeArtifact' }}"
+    when: "{{ python_package_registry == 'AWS CodeArtifact' or pull_from_ecr }}"
     default: CoreInfraBaseAccess
 
 

extensions/context.py

@@ -10,15 +10,15 @@ class ContextUpdater(ContextHook):
 
     @override
     def hook(self, context: dict[Any, Any]) -> dict[Any, Any]:
-        context["uv_version"] = "0.9.21"
-        context["pnpm_version"] = "10.27.0"
-        context["pre_commit_version"] = "4.5.0"
-        context["pyright_version"] = ">=1.1.407"
+        context["uv_version"] = "0.9.26"
+        context["pnpm_version"] = "10.28.1"
+        context["pre_commit_version"] = "4.5.1"
+        context["pyright_version"] = ">=1.1.408"
         context["pytest_version"] = ">=9.0.2"
         context["pytest_randomly_version"] = ">=4.0.1"
         context["pytest_cov_version"] = ">=7.0.0"
-        context["ty_version"] = ">=0.0.9"
-        context["copier_version"] = "==9.11.0"
+        context["ty_version"] = ">=0.0.13"
+        context["copier_version"] = "==9.11.2"
         context["copier_template_extensions_version"] = "==0.3.3"
         context["sphinx_version"] = "9.0.4"
         context["pulumi_version"] = ">=3.214.1"
@@ -32,14 +32,14 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]:
         context["pydantic_version"] = ">=2.12.5"
         context["pyinstaller_version"] = ">=6.17.0"
         context["setuptools_version"] = "80.7.1"
-        context["strawberry_graphql_version"] = ">=0.287.0"
+        context["strawberry_graphql_version"] = ">=0.289.2"
         context["fastapi_version"] = ">=0.128.0"
         context["fastapi_offline_version"] = ">=1.7.4"
         context["uvicorn_version"] = ">=0.40.0"
         context["lab_auto_pulumi_version"] = ">=0.1.18"
         context["ariadne_codegen_version"] = ">=0.17.0"
         context["pytest_mock_version"] = ">=3.15.1"
-        context["uuid_utils_version"] = ">=0.12.0"
+        context["uuid_utils_version"] = ">=0.14.0"
         context["syrupy_version"] = ">=5.0.0"
         context["structlog_version"] = ">=25.5.0"
         context["httpx_version"] = "0.28.1"
@@ -82,17 +82,17 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]:
         context["node_kiota_bundle_version"] = "1.0.0-preview.99"
 
         context["gha_checkout"] = "v6.0.1"
-        context["gha_setup_python"] = "v6.1.0"
-        context["gha_cache"] = "v4.3.0"
-        context["gha_upload_artifact"] = "v5.0.0"
-        context["gha_download_artifact"] = "v6.0.0"
+        context["gha_setup_python"] = "v6.2.0"
+        context["gha_cache"] = "v5.0.2"
+        context["gha_upload_artifact"] = "v6.0.0"
+        context["gha_download_artifact"] = "v7.0.0"
         context["gha_github_script"] = "v7.0.1"
         context["gha_setup_buildx"] = "v3.11.1"
         context["buildx_version"] = "v0.27.0"
         context["gha_docker_build_push"] = "v6.18.0"
         context["gha_configure_aws_credentials"] = "v5.1.1"
         context["gha_amazon_ecr_login"] = "v2.0.1"
-        context["gha_setup_node"] = "v6.1.0"
+        context["gha_setup_node"] = "v6.2.0"
         context["gha_action_gh_release"] = "v2.2.1"
         context["gha_mutex"] = "1ebad517141198e08d47cf72f3c0975316620a65 # v1.0.0-alpha.10"
         context["gha_pypi_publish"] = "v1.13.0"
@@ -104,7 +104,7 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]:
         context["gha_long_timeout_minutes"] = "15"
         context["gha_xlong_timeout_minutes"] = "45"
 
-        context["debian_release_name"] = "bookworm"
+        context["debian_release_name"] = "trixie"
         context["alpine_image_version"] = "3.23"
         context["nginx_image_version"] = "1.29.4"
 

pyproject.toml

@@ -12,8 +12,8 @@ dependencies = [
     "pytest>=9.0.2",
     "pytest-cov>=7.0.0",
     "pytest-randomly>=4.0.1",
-    "pyright[nodejs]>=1.1.407",
-    "ty>=0.0.9",
-    "copier==9.11.0",
+    "pyright[nodejs]>=1.1.408",
+    "ty>=0.0.13",
+    "copier==9.11.2",
     "copier-template-extensions==0.3.3"
 ]

template/.devcontainer/Dockerfile

@@ -1,19 +1,22 @@
 # base image tags available at https://mcr.microsoft.com/v2/devcontainers/universal/tags/list
 # added the platform flag to override any local settings since this image is only compatible with linux/amd64. since this image is only x64 compatible, suppressing the hadolint rule
 # hadolint ignore=DL3029
-FROM --platform=linux/amd64 mcr.microsoft.com/devcontainers/universal:2.13.1-focal
+FROM --platform=linux/amd64 mcr.microsoft.com/devcontainers/universal:5.1.1-noble
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
+# temporary hack until yarn updates its GPG key
+RUN rm /etc/apt/sources.list.d/yarn.list || true
+
 RUN apt-get update -y && apt-get install -y \
-    "bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.10' | head -n 1)" --no-install-recommends \
+    "bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" --no-install-recommends \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
 # Create the venv folder and set permissions for anyone to modify---this is necessary to be able to break out the venv folder as a separate docker volume for better performance on Windows hosts
 ARG REPO_NAME=copier-base-template
 ENV VENV_PATH=/workspaces/${REPO_NAME}/.venv
-RUN mkdir -p /workspace && \
+RUN mkdir -p /workspaces && \
     mkdir -p ${VENV_PATH} && \
     chmod -R 777 /workspaces ${VENV_PATH} && \
     chgrp -R 0 /workspaces ${VENV_PATH}

template/.devcontainer/devcontainer.json.jinja

@@ -28,7 +28,7 @@
         "-AmazonWebServices.aws-toolkit-vscode", // the AWS CLI feature installs this automatically, but it's causing problems in VS Code{% endraw %}{% endif %}{% raw %}
         // basic tooling
         // "eamodio.gitlens@15.5.1",
-        "coderabbit.coderabbit-vscode@0.16.4",
+        "coderabbit.coderabbit-vscode@0.16.6",
         "ms-vscode.live-server@0.5.2025051301",
         "MS-vsliveshare.vsliveshare@1.0.5905",
         "github.copilot@1.388.0",

template/.github/actions/install_deps/action.yml

@@ -58,13 +58,13 @@ runs:
 
     - name: Setup python
       if: ${{ inputs.python-version != 'notUsing' }}
-      uses: actions/setup-python@v6.1.0
+      uses: actions/setup-python@v6.2.0
       with:
         python-version: ${{ env.PYTHON_VERSION }}
 
     - name: Setup node
       if: ${{ inputs.node-version != 'notUsing' }}
-      uses: actions/setup-node@v6.1.0
+      uses: actions/setup-node@v6.2.0
       with:
         node-version: ${{ inputs.node-version }}
 

template/.github/actions/pulumi_ephemeral_deploy/action.yml

@@ -93,9 +93,9 @@ runs:
       uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b
       with:
         message: |
-          :eyes: **Pulumi Preview for ${{ inputs.deploy-script-module-name }}:** :eyes:
+          :eyes: **Pulumi Preview for ${{ inputs.deploy-script-module-name }} stack ${{ inputs.stack-name }}:** :eyes:
 
           ```bash
           ${{ steps.pulumi-run.outputs.stdout }}
           ```
-        comment-tag: previewonpr-${{ inputs.deploy-script-module-name }}
+        comment-tag: previewonpr-${{ inputs.deploy-script-module-name }}-${{ inputs.stack-name }}

template/.github/workflows/pre-commit.yaml

@@ -59,7 +59,7 @@ jobs:
         timeout-minutes: 8  # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it
 
       - name: Cache Pre-commit hooks
-        uses: actions/cache@v4.3.0
+        uses: actions/cache@v5.0.2
         env:
           cache-name: cache-pre-commit-hooks
         with:

template/.github/workflows/pulumi-aws.yml

@@ -124,7 +124,7 @@ jobs:
           python-version: ${{ inputs.PYTHON_VERSION }}
 
       - name: Download Artifact
-        uses: actions/download-artifact@v6.0.0
+        uses: actions/download-artifact@v7.0.0
         if: ${{ inputs.DOWNLOAD_ARTIFACT_NAME != '' }}
         with:
           name: ${{ inputs.DOWNLOAD_ARTIFACT_NAME }}

tests/copier_data/data1.yaml

@@ -5,6 +5,7 @@ is_open_source: true
 description: Doing amazing things
 install_claude_cli: false
 ssh_port_number: 12345
+pull_from_ecr: false
 use_windows_in_ci: false
 
 

tests/copier_data/data2.yaml

@@ -5,6 +5,7 @@ is_open_source: false
 description: Doing crazy things! So many things!
 install_claude_cli: true
 ssh_port_number: 54321
+pull_from_ecr: true
 use_windows_in_ci: true
 
 

tests/copier_data/data3.yaml

@@ -5,6 +5,7 @@ is_open_source: false
 description: Doing crazy things! So many things!
 install_claude_cli: false
 ssh_port_number: 54321
+pull_from_ecr: false
 use_windows_in_ci: true