Skip to content

Copier update: base image #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ejfine merged 9 commits into from
Jan 26, 2026
Merged

Copier update: base image #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
ced2562
copier
ejfine Jan 26, 2026
53f57b9
ci
ejfine Jan 26, 2026
3f700bb
lint
ejfine Jan 26, 2026
b3f2135
space
ejfine Jan 26, 2026
e086c8a
more ci
ejfine Jan 26, 2026
bb321aa
api
ejfine Jan 26, 2026
48bc07e
context
ejfine Jan 26, 2026
a43a081
quote
ejfine Jan 26, 2026
745c32f
nocenxt
ejfine Jan 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .copier-answers.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Changes here will be overwritten by Copier
_commit: v0.0.93
_commit: v0.0.94
_src_path: gh:LabAutomationAndScreening/copier-base-template.git
description: Managing an AWS Organization
install_claude_cli: false
Expand Down
9 changes: 6 additions & 3 deletions .devcontainer/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,22 @@
# base image tags available at https://mcr.microsoft.com/v2/devcontainers/universal/tags/list
# added the platform flag to override any local settings since this image is only compatible with linux/amd64. since this image is only x64 compatible, suppressing the hadolint rule
# hadolint ignore=DL3029
FROM --platform=linux/amd64 mcr.microsoft.com/devcontainers/universal:2.13.1-focal
FROM --platform=linux/amd64 mcr.microsoft.com/devcontainers/universal:5.1.1-noble

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# temporary hack until yarn updates its GPG key
RUN rm /etc/apt/sources.list.d/yarn.list || true
Comment on lines +8 to +9
Copy link

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

Yarn APT repository GPG key issue Ubuntu noble 2025 2026 resolved fixed

💡 Result:

On Ubuntu 24.04 “noble” (and upgrades to it), the Yarn APT repo commonly fails with a GPG error like:

  • EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx> (signature/key expired) when running apt update. [1]

This isn’t a “noble-only” bug so much as an outdated/expired Yarn repo signing key on your system (often installed long ago via apt-key, which is now deprecated). The practical fix in 2025–2026 is to replace the old Yarn key with the current one and pin the repo to it via signed-by=. Yarn’s current official install instructions for Debian/Ubuntu are: [2]

sudo mkdir -p /etc/apt/keyrings
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg \
  | gpg --dearmor \
  | sudo tee /etc/apt/keyrings/yarn-archive-keyring.gpg >/dev/null

echo "deb [signed-by=/etc/apt/keyrings/yarn-archive-keyring.gpg] https://dl.yarnpkg.com/debian/ stable main" \
  | sudo tee /etc/apt/sources.list.d/yarn.list

sudo apt update

If you previously added Yarn with apt-key, also remove the old key (or legacy trusted.gpg entry) to avoid confusion, then re-run sudo apt update. (A real-world report of fixing the exact EXPKEYSIG ... Yarn Packaging error by re-installing the key and updating the signed-by config is shown here.) [1]

Sources: [1] [2]

Replace the temporary workaround with the proper Yarn GPG key fix.

The Yarn APT repository signing key issue persists in 2025–2026. Instead of removing the source entirely, install the current Yarn GPG key and configure the repo with the modern signed-by= approach:

mkdir -p /etc/apt/keyrings && \
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /etc/apt/keyrings/yarn-archive-keyring.gpg >/dev/null && \
echo "deb [signed-by=/etc/apt/keyrings/yarn-archive-keyring.gpg] https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list

This allows Yarn to be properly installed and updated in the container rather than masked by removing the repository.

🤖 Prompt for AI Agents 
In @.devcontainer/Dockerfile around lines 8 - 9, Replace the temporary removal
of the Yarn APT source (the RUN rm /etc/apt/sources.list.d/yarn.list || true
line) with steps that install and use the Yarn GPG keyring: create
/etc/apt/keyrings, fetch and dearmor the Yarn pubkey into
/etc/apt/keyrings/yarn-archive-keyring.gpg, and write the Yarn APT entry using
the signed-by=/etc/apt/keyrings/yarn-archive-keyring.gpg option so the repo can
be used safely for installing/updating Yarn instead of deleting the source list.


RUN apt-get update -y && apt-get install -y \
"bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.10' | head -n 1)" --no-install-recommends \
"bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" --no-install-recommends \
&& apt-get clean \
Comment on lines 11 to 13
Copy link

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🏁 Script executed:

find . -name Dockerfile -path "*/.devcontainer/*" -type f

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 155

🏁 Script executed:

cat -n .devcontainer/Dockerfile | head -30

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 1473

🌐 Web query:

bash-completion package versions Ubuntu noble jammy

💡 Result:

  • Ubuntu 24.04 LTS (Noble Numbat): bash-completion 1:2.11-8. [1]
  • Ubuntu 22.04 LTS (Jammy Jellyfish): bash-completion 1:2.11-5ubuntu1. [2]

Sources: Ubuntu Packages for Noble [1] and Ubuntu Packages index for Jammy (shells subsection) showing bash-completion version [2].

Consider adding a guard for bash-completion version as defensive practice.

Ubuntu noble includes bash-completion 1:2.11-8, so the current pin will resolve correctly. However, the proposed refactor below is still recommended to fail fast with a clear message if the version becomes unavailable in future updates, rather than silently failing with an opaque apt error.

♻️ Proposed defensive guard 
-RUN apt-get update -y && apt-get install -y \
-    "bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" --no-install-recommends \
+RUN apt-get update -y && \
+    bash_comp_ver="$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" && \
+    [ -n "$bash_comp_ver" ] || { echo "bash-completion 1:2.11 not found"; exit 1; } && \
+    apt-get install -y "bash-completion=${bash_comp_ver}" --no-install-recommends \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
RUN apt-get update -y && apt-get install -y \
"bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.10' | head -n 1)" --no-install-recommends \
"bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" --no-install-recommends \
&& apt-get clean \
RUN apt-get update -y && \
bash_comp_ver="$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" && \
[ -n "$bash_comp_ver" ] || { echo "bash-completion 1:2.11 not found"; exit 1; } && \
apt-get install -y "bash-completion=${bash_comp_ver}" --no-install-recommends \
&& apt-get clean \
🤖 Prompt for AI Agents 
In @.devcontainer/Dockerfile around lines 11 - 13, The RUN line that pins
"bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep
'^1:2.11' | head -n 1)'" should include a defensive guard to fail fast with a
clear message when the desired version cannot be resolved; modify the Dockerfile
RUN block to capture the resolved version from apt-cache/madison into a
variable, test if it's non-empty, and if empty emit a descriptive error (e.g.,
echo "Desired bash-completion 1:2.11 not found" >&2 && exit 1) before calling
apt-get install, so the build fails with an explicit message rather than an
opaque apt error.

&& rm -rf /var/lib/apt/lists/*

# Create the venv folder and set permissions for anyone to modify---this is necessary to be able to break out the venv folder as a separate docker volume for better performance on Windows hosts
ARG REPO_NAME=copier-base-template
ENV VENV_PATH=/workspaces/${REPO_NAME}/.venv
RUN mkdir -p /workspace && \
RUN mkdir -p /workspaces && \
mkdir -p ${VENV_PATH} && \
chmod -R 777 /workspaces ${VENV_PATH} && \
chgrp -R 0 /workspaces ${VENV_PATH}
Expand Down
4 changes: 2 additions & 2 deletions .devcontainer/devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
"extensions": [
// basic tooling
// "eamodio.gitlens@15.5.1",
"coderabbit.coderabbit-vscode@0.16.4",
"coderabbit.coderabbit-vscode@0.16.6",
"ms-vscode.live-server@0.5.2025051301",
"MS-vsliveshare.vsliveshare@1.0.5905",
"github.copilot@1.388.0",
Expand Down Expand Up @@ -58,5 +58,5 @@
"initializeCommand": "sh .devcontainer/initialize-command.sh",
"onCreateCommand": "sh .devcontainer/on-create-command.sh",
"postStartCommand": "sh .devcontainer/post-start-command.sh"
// Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 0e0d301f # spellchecker:disable-line
// Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 4a72eb57 # spellchecker:disable-line
}
8 changes: 4 additions & 4 deletions .devcontainer/install-ci-tooling.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@
import tempfile
from pathlib import Path

UV_VERSION = "0.9.21"
PNPM_VERSION = "10.27.0"
COPIER_VERSION = "==9.11.0"
UV_VERSION = "0.9.26"
PNPM_VERSION = "10.28.1"
COPIER_VERSION = "==9.11.2"
COPIER_TEMPLATE_EXTENSIONS_VERSION = "==0.3.3"
PRE_COMMIT_VERSION = "4.5.0"
PRE_COMMIT_VERSION = "4.5.1"
Comment on lines +10 to +14
Copy link

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

uv 0.9.26 release latest version January 2026

💡 Result:

As of January 26, 2026, the latest released version of Astral’s uv is 0.9.26, published on January 15, 2026. [1]

0.9.26 highlights include adding support for CPython 3.15.0a5 plus various enhancements and bug fixes. [2]

🌐 Web query:

pnpm 10.28.1 release latest version January 2026

💡 Result:

As of January 26, 2026, the latest stable pnpm release is 10.28.1, released on January 19, 2026 (marked “Latest” on the official GitHub releases page). [1] This matches the “latest” listed for pnpm v10 on endoflife.date as well. [2]

The preceding stable release was 10.28.0 (January 2026). [3]

Sources: [1], [2], [3]

🌐 Web query:

copier 9.11.2 Python package release latest version 2025

💡 Result:

  • Copier 9.11.2 was released on January 20, 2026 (so it is not a 2025 release). [1]
  • The latest Copier release in 2025 was 9.11.0, released November 20, 2025. [1]
  • The current latest version (as of Jan 26, 2026) is 9.11.3, released January 23, 2026. [1]

Sources: [1]

🌐 Web query:

pre-commit 4.5.1 release latest version 2025

💡 Result:

pre-commit v4.5.1 was released on December 16, 2025, and it is the latest pre-commit version (as of late 2025 / into 2026 unless a newer release has appeared since). [1], [2]

Release notes highlight (v4.5.1): fixes language: python with repo: local when additional_dependencies is not set. [2]

Sources: PyPI release history / files for v4.5.1 [1]; GitHub Releases page showing v4.5.1 as “Latest” [2].

🌐 Web query:

copier-template-extensions 0.3.3 PyPI package latest version

💡 Result:

The latest released version of the copier-template-extensions PyPI package is 0.3.3 (released July 15, 2025). [1]

Update copier to 9.11.3 (released January 23, 2026).
Most versions are current: uv 0.9.26, pnpm 10.28.1, and pre-commit 4.5.1 are all latest stable releases with no breaking changes reported. However, copier 9.11.2 has a newer patch release (9.11.3) available. Since copier-template-extensions 0.3.3 is also current, update copier for consistency.

🤖 Prompt for AI Agents 
In @.devcontainer/install-ci-tooling.py around lines 10 - 14, Bump the copier
pin from "==9.11.2" to "==9.11.3" by updating the COPIER_VERSION constant; keep
COPIER_TEMPLATE_EXTENSIONS_VERSION ("==0.3.3") unchanged for consistency and
ensure any checksum/lock references elsewhere that depend on COPIER_VERSION are
updated accordingly (search for COPIER_VERSION) so CI uses copier 9.11.3.

GITHUB_WINDOWS_RUNNER_BIN_PATH = r"C:\Users\runneradmin\.local\bin"
INSTALL_SSM_PLUGIN_BY_DEFAULT = False
parser = argparse.ArgumentParser(description="Install CI tooling for the repo")
Expand Down
4 changes: 2 additions & 2 deletions .github/actions/install_deps/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,13 +58,13 @@ runs:

- name: Setup python
if: ${{ inputs.python-version != 'notUsing' }}
uses: actions/setup-python@v6.1.0
uses: actions/setup-python@v6.2.0
with:
python-version: ${{ env.PYTHON_VERSION }}

- name: Setup node
if: ${{ inputs.node-version != 'notUsing' }}
uses: actions/setup-node@v6.1.0
uses: actions/setup-node@v6.2.0
with:
node-version: ${{ inputs.node-version }}

Expand Down
2 changes: 1 addition & 1 deletion .github/reusable_workflows/build-docker-image.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ jobs:

- name: Upload Docker Image Artifact
if: ${{ inputs.save-as-artifact }}
uses: actions/upload-artifact@v5.0.0
uses: actions/upload-artifact@v6.0.0
with:
name: ${{ steps.calculate-build-context-hash.outputs.image_name_no_slashes }}
path: ${{ steps.calculate-build-context-hash.outputs.image_name_no_slashes }}.tar
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ jobs:
timeout-minutes: 8 # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it

- name: Cache Pre-commit hooks
uses: actions/cache@v4.3.0
uses: actions/cache@v5.0.2
env:
cache-name: cache-pre-commit-hooks
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pre-commit.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ jobs:
timeout-minutes: 8 # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it

- name: Cache Pre-commit hooks
uses: actions/cache@v4.3.0
uses: actions/cache@v5.0.2
env:
cache-name: cache-pre-commit-hooks
with:
Expand Down
19 changes: 15 additions & 4 deletions copier.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
# Questions specific to this template





Comment on lines +1 to +6
Copy link

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Remove excessive leading blank lines to satisfy yamllint.
This triggers a lint error and may block CI.

🧹 Proposed fix 
-# Questions specific to this template
-
-
-
-
-
+# Questions specific to this template
Based on static analysis hints.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Questions specific to this template
# Questions specific to this template
🧰 Tools
🪛 YAMLlint (1.38.0)

[error] 6-6: too many blank lines (5 > 2)

(empty-lines)

🤖 Prompt for AI Agents 
In `@copier.yml` around lines 1 - 6, Remove the excessive leading blank lines at
the top of copier.yml so the file begins immediately with the first YAML content
line (no empty lines before the first token); simply delete the blank lines at
the top of the file to satisfy yamllint and CI.

# Questions managed by upstream template
repo_name:
type: str
Expand Down Expand Up @@ -27,6 +33,11 @@ ssh_port_number:
# Pick a random port, but ensure it's not in the excluded port range on Windows (powershell: `netsh int ipv4 show excludedportrange protocol=tcp`)
default: "{{ ( (range(49152, 49752) | list) + (range(49852, 50000) | list) + (range(50060, 50160) | list) + (range(50160, 50260) | list) + (range(50260, 50360) | list) + (range(50914, 51014) | list) + (range(51114, 51214) | list) + (range(51214, 51314) | list) + (range(51314, 51414) | list) + (range(51623, 51723) | list) + (range(51723, 51823) | list) + (range(65269, 65369) | list) + (range(65369, 65469) | list) ) | random }}"

pull_from_ecr:
type: bool
help: Will you need to pull images from a central AWS Elastic Container Registry?
default: no
Comment on lines +36 to +39
Copy link

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

YAML truthy rule: prefer explicit false for the new default.
default: no is flagged by yamllint’s truthy rule; use false or align the lint config.

✅ Proposed fix 
-pull_from_ecr:
-    type: bool
-    help: Will you need to pull images from a central AWS Elastic Container Registry?
-    default: no
+pull_from_ecr:
+    type: bool
+    help: Will you need to pull images from a central AWS Elastic Container Registry?
+    default: false
Based on static analysis hints.
🧰 Tools
🪛 YAMLlint (1.38.0)

[warning] 39-39: truthy value should be one of [false, true]

(truthy)

🤖 Prompt for AI Agents 
In `@copier.yml` around lines 36 - 39, The YAML key pull_from_ecr currently uses
the string default "no" which trips yamllint's truthy rule; change its default
to the explicit boolean false (i.e., set default: false) so the value is a
proper YAML boolean for the pull_from_ecr entry and satisfies the linter.


use_windows_in_ci:
type: bool
help: Should CI in the instantiated template also use Windows runners?
Expand All @@ -51,24 +62,24 @@ python_package_registry:
aws_identity_center_id:
type: str
help: What's the ID of your Organization's AWS Identity center, e.g. d-9145c20053?
when: "{{ python_package_registry == 'AWS CodeArtifact' or install_aws_ssm_port_forwarding_plugin or True }}"
when: "{{ python_package_registry == 'AWS CodeArtifact' or install_aws_ssm_port_forwarding_plugin or pull_from_ecr or True }}"

aws_org_home_region:
type: str
help: What is the home region of the AWS Organization (where all of the central infrastructure is deployed)?
default: us-east-1
when: "{{ python_package_registry == 'AWS CodeArtifact' or install_aws_ssm_port_forwarding_plugin or True }}"
when: "{{ python_package_registry == 'AWS CodeArtifact' or install_aws_ssm_port_forwarding_plugin or pull_from_ecr or True }}"

aws_central_infrastructure_account_id:
type: str
help: What's the ID of your Organization's AWS Account containing Central Infrastructure (e.g. CodeArtifact)?
when: "{{ python_package_registry == 'AWS CodeArtifact' }}"
when: "{{ python_package_registry == 'AWS CodeArtifact' or pull_from_ecr }}"
default: "000000000000"

core_infra_base_access_profile_name:
type: str
help: What's the AWS Identity Center Profile name for base access to the Central Infrastructure account (i.e. to read from CodeArtifact)?
when: "{{ python_package_registry == 'AWS CodeArtifact' }}"
when: "{{ python_package_registry == 'AWS CodeArtifact' or pull_from_ecr }}"
default: CoreInfraBaseAccess


Expand Down
28 changes: 14 additions & 14 deletions extensions/context.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,15 @@ class ContextUpdater(ContextHook):

@override
def hook(self, context: dict[Any, Any]) -> dict[Any, Any]:
context["uv_version"] = "0.9.21"
context["pnpm_version"] = "10.27.0"
context["pre_commit_version"] = "4.5.0"
context["pyright_version"] = ">=1.1.407"
context["uv_version"] = "0.9.26"
context["pnpm_version"] = "10.28.1"
context["pre_commit_version"] = "4.5.1"
context["pyright_version"] = ">=1.1.408"
context["pytest_version"] = ">=9.0.2"
context["pytest_randomly_version"] = ">=4.0.1"
context["pytest_cov_version"] = ">=7.0.0"
context["ty_version"] = ">=0.0.9"
context["copier_version"] = "==9.11.0"
context["ty_version"] = ">=0.0.13"
context["copier_version"] = "==9.11.2"
context["copier_template_extensions_version"] = "==0.3.3"
context["sphinx_version"] = "9.0.4"
context["pulumi_version"] = ">=3.214.1"
Expand All @@ -32,14 +32,14 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]:
context["pydantic_version"] = ">=2.12.5"
context["pyinstaller_version"] = ">=6.17.0"
context["setuptools_version"] = "80.7.1"
context["strawberry_graphql_version"] = ">=0.287.0"
context["strawberry_graphql_version"] = ">=0.289.2"
context["fastapi_version"] = ">=0.128.0"
context["fastapi_offline_version"] = ">=1.7.4"
context["uvicorn_version"] = ">=0.40.0"
context["lab_auto_pulumi_version"] = ">=0.1.18"
context["ariadne_codegen_version"] = ">=0.17.0"
context["pytest_mock_version"] = ">=3.15.1"
context["uuid_utils_version"] = ">=0.12.0"
context["uuid_utils_version"] = ">=0.14.0"
context["syrupy_version"] = ">=5.0.0"
context["structlog_version"] = ">=25.5.0"
context["httpx_version"] = "0.28.1"
Expand Down Expand Up @@ -82,17 +82,17 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]:
context["node_kiota_bundle_version"] = "1.0.0-preview.99"

context["gha_checkout"] = "v6.0.1"
context["gha_setup_python"] = "v6.1.0"
context["gha_cache"] = "v4.3.0"
context["gha_upload_artifact"] = "v5.0.0"
context["gha_download_artifact"] = "v6.0.0"
context["gha_setup_python"] = "v6.2.0"
context["gha_cache"] = "v5.0.2"
context["gha_upload_artifact"] = "v6.0.0"
context["gha_download_artifact"] = "v7.0.0"
context["gha_github_script"] = "v7.0.1"
context["gha_setup_buildx"] = "v3.11.1"
context["buildx_version"] = "v0.27.0"
context["gha_docker_build_push"] = "v6.18.0"
context["gha_configure_aws_credentials"] = "v5.1.1"
context["gha_amazon_ecr_login"] = "v2.0.1"
context["gha_setup_node"] = "v6.1.0"
context["gha_setup_node"] = "v6.2.0"
context["gha_action_gh_release"] = "v2.2.1"
context["gha_mutex"] = "1ebad517141198e08d47cf72f3c0975316620a65 # v1.0.0-alpha.10"
context["gha_pypi_publish"] = "v1.13.0"
Expand All @@ -104,7 +104,7 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]:
context["gha_long_timeout_minutes"] = "15"
context["gha_xlong_timeout_minutes"] = "45"

context["debian_release_name"] = "bookworm"
context["debian_release_name"] = "trixie"
Copy link

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# First, let's check the current state of extensions/context.py around line 107
head -n 120 extensions/context.py | tail -n 20

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 904

🏁 Script executed:

# Check for any previous value references in git history or comments
rg "bookworm|trixie" extensions/context.py -B2 -A2

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 294

🏁 Script executed:

# Run the suggested verification script to find all uses of debian_release_name
rg -n "debian_release_name" --type-add 'jinja:*.jinja' --type-add 'jinja:*.j2' -t jinja -t yaml

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 75

🏁 Script executed:

# Also search for debian_release_name in all file types to be thorough
rg -n "debian_release_name"

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 168

🏁 Script executed:

# Check Dockerfile for the base image change mentioned
fd -name "Dockerfile*" -type f | head -20

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 323

🏁 Script executed:

# If Dockerfile exists, check the base image
find . -name "Dockerfile*" -type f -exec grep -l "focal\|noble" {} \;

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 155

🏁 Script executed:

# Check the Dockerfile files for focal/noble changes
cat .devcontainer/Dockerfile

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 1298

🏁 Script executed:

# Check the template Dockerfile
cat template/.devcontainer/Dockerfile

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 1298

🏁 Script executed:

# Broader search for debian_release_name in all files without type restrictions
rg "debian_release_name" -A2 -B2

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 404

🏁 Script executed:

# Search for bookworm references to understand the previous state
rg "bookworm" -A2 -B2

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 75

🏁 Script executed:

# Search more broadly for how debian_release_name might be used
rg "debian_release_name" --no-type-add

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 534

🏁 Script executed:

# Check git history to see if this was bookworm before
git log -p --follow -S "debian_release_name" -- extensions/context.py | head -100

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 75

🏁 Script executed:

# Search in template directory for any references to the variable
find template -type f \( -name "*.jinja" -o -name "*.j2" -o -name "*.yaml" -o -name "*.yml" -o -name "*.txt" \) | xargs grep -l "debian_release_name" 2>/dev/null || echo "No matches found"

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 109

🏁 Script executed:

# Let's also check if there are any references to trixie or bookworm in the template directory
find template -type f | xargs grep -l "trixie\|bookworm" 2>/dev/null | head -20

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 75

🏁 Script executed:

# Let's search more broadly across all files for any potential usages or references
rg "debian_release_name" . 2>/dev/null

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 166

🏁 Script executed:

# Check if there are any .copierignore or similar files that might indicate which files are processed
find . -name ".copier*" -o -name "copier.yml" -o -name "copier.yaml" | head -10

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 164

🏁 Script executed:

# Check the repository structure to understand how this template is used
ls -la | head -30

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 1902

🏁 Script executed:

# Check the copier.yml to understand the template structure and how context is used
cat copier.yml

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 5261

🏁 Script executed:

# Let's look at the template directory structure to see what templates exist
find template -type f -name "*.jinja" -o -name "*.j2" | head -20

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 840

🏁 Script executed:

# Search more broadly for any apt-get, package, or Debian-related operations in templates
rg "apt-get|apt-cache|debian|ubuntu|trixie|bookworm" template --type-add 'jinja:*.jinja' --type-add 'jinja:*.j2' | head -30

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 75

🏁 Script executed:

# Let's do a comprehensive search for debian_release_name across the entire repository
rg "debian_release_name" -r '$0' . 2>&1

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 166

🏁 Script executed:

# Check if there are any generated files or build artifacts that might use this value
find . -type f \( -name "*.txt" -o -name "*.md" -o -name "*.sh" \) | xargs grep -l "debian_release_name" 2>/dev/null || echo "No matches in text files"

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 117

🏁 Script executed:

# Let's check the git log more carefully to see what changed in this commit
git log --oneline -20

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 108

🏁 Script executed:

# Check git diff to see what was actually changed in this commit
git diff HEAD~1 HEAD extensions/context.py 2>/dev/null || git show HEAD:extensions/context.py | grep -A5 -B5 "debian_release_name"

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 498

🏁 Script executed:

# Let me check if debian_release_name appears in the git diff of this specific commit
git diff HEAD~1 HEAD -- extensions/context.py 2>/dev/null || echo "Git diff not available"

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 115

🏁 Script executed:

# Check what the previous value was by looking at git show with the parent commit
git show HEAD~1:extensions/context.py 2>/dev/null | grep -A2 -B2 "debian_release_name" || echo "Previous version not accessible"

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 124

🏁 Script executed:

# Let's also check if there's any documentation or README that mentions how these context variables are used
rg "context\[" template --type-add 'jinja:*.jinja' --type-add 'jinja:*.j2' | head -20

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 75

🏁 Script executed:

# Search for any usage of context variables in the templates to understand the pattern
rg "{{ " template -t jinja | head -30

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 171

🏁 Script executed:

# Let's check if the context variables are used in generated output or if this is just a value holder
cat extensions/context.py

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 5655

🏁 Script executed:

# Search for how context variables are typically used in the Jinja templates
rg "{{ debian_release_name|{{ alpine_image_version|{{ nginx_image_version" template 2>/dev/null || echo "No direct template usage found"

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 123

🏁 Script executed:

# Check if there's any comment or documentation about these context variables
grep -n "debian_release_name" extensions/context.py -B10 -A10

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 1096

🏁 Script executed:

# Let's check if debian_release_name might be used in downstream generated code or documentation
find template -type f | xargs grep -l "trixie\|bookworm\|debian" 2>/dev/null | head -10

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 143

🏁 Script executed:

# Check if there's any usage pattern of context variables in the templates by looking at actual variable interpolation
grep -r '\{\{.*\}\}' template --include="*.jinja" | head -20

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 122

🏁 Script executed:

# Let's verify the Ubuntu/Debian mapping for the base images mentioned
# focal = Ubuntu 20.04 (based on Debian Bullseye)
# noble = Ubuntu 24.04 (based on Debian Trixie)
# Let's check if there's any documentation about this in the repo
rg "focal|noble|bullseye" . 2>/dev/null

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 75

🏁 Script executed:

# Let's check the install-ci-tooling.py.jinja file to see if it uses debian_release_name
cat template/.devcontainer/install-ci-tooling.py.jinja

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 6665

🏁 Script executed:

# Also check if there are any references to the context variable being passed to templates
grep -r "debian_release_name" template 2>/dev/null || echo "Not found in template"

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 114

🏁 Script executed:

# Let's search for any actual usage of this context variable by checking if it's rendered in any output
rg "trixie" . 2>/dev/null

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 166

🏁 Script executed:

# Let's check if there are child templates or if this is meant to be used by downstream repositories
find . -name "*.md" -o -name "README*" | xargs grep -l "debian\|context\|template" 2>/dev/null | head -5

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 176

🏁 Script executed:

# Check the README to understand how this template is used
cat README.md

Repository: LabAutomationAndScreening/copier-aws-organization

Length of output: 2534

Update Debian release name to trixie.

This changes the Debian release from bookworm to trixie, aligning with the base image update to mcr.microsoft.com/devcontainers/universal:5.1.1-noble (Ubuntu 24.04, which is based on Debian trixie).

Note: This context variable is not currently referenced in any templates within the repository. Clarify whether it is intended for future use in generated downstream code, or remove it if unused.

🤖 Prompt for AI Agents 
In `@extensions/context.py` at line 107, The context key
context["debian_release_name"] was changed to "trixie" but is not referenced
anywhere; either remove this unused context entry or document and wire it into
downstream templates. If it's intended for future generated code, add a brief
inline comment next to context["debian_release_name"] explaining its purpose and
expected usage and update any template/renderer code to consume this key (search
for template rendering functions that accept context to locate where to plug it
in); otherwise delete the context["debian_release_name"] assignment to avoid
dead configuration.

context["alpine_image_version"] = "3.23"
context["nginx_image_version"] = "1.29.4"

Expand Down
6 changes: 3 additions & 3 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ dependencies = [
"pytest>=9.0.2",
"pytest-cov>=7.0.0",
"pytest-randomly>=4.0.1",
"pyright[nodejs]>=1.1.407",
"ty>=0.0.9",
"copier==9.11.0",
"pyright[nodejs]>=1.1.408",
"ty>=0.0.13",
"copier==9.11.2",
"copier-template-extensions==0.3.3"
]
9 changes: 6 additions & 3 deletions template/.devcontainer/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,22 @@
# base image tags available at https://mcr.microsoft.com/v2/devcontainers/universal/tags/list
# added the platform flag to override any local settings since this image is only compatible with linux/amd64. since this image is only x64 compatible, suppressing the hadolint rule
# hadolint ignore=DL3029
FROM --platform=linux/amd64 mcr.microsoft.com/devcontainers/universal:2.13.1-focal
FROM --platform=linux/amd64 mcr.microsoft.com/devcontainers/universal:5.1.1-noble

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# temporary hack until yarn updates its GPG key
RUN rm /etc/apt/sources.list.d/yarn.list || true
Comment on lines +8 to +9
Copy link

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Consider adding a tracking reference for the yarn GPG key workaround.

The comment indicates this is a temporary hack. Consider adding a link to a GitHub issue or upstream tracking reference so this can be removed when yarn updates its GPG key.

💡 Suggested improvement 
-# temporary hack until yarn updates its GPG key
+# temporary hack until yarn updates its GPG key - see https://github.com/yarnpkg/yarn/issues/XXXX
 RUN rm /etc/apt/sources.list.d/yarn.list || true
🤖 Prompt for AI Agents 
In `@template/.devcontainer/Dockerfile` around lines 8 - 9, Add a tracking
reference to the temporary GPG key workaround by updating the comment near the
RUN rm /etc/apt/sources.list.d/yarn.list command: include a short note with a
link to the upstream Yarn issue or PR (or a GitHub issue number) and a TODO with
an expected review date or condition for removal so reviewers know this is
temporary and can remove the hack when the yarn GPG key is updated.


RUN apt-get update -y && apt-get install -y \
"bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.10' | head -n 1)" --no-install-recommends \
"bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" --no-install-recommends \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

# Create the venv folder and set permissions for anyone to modify---this is necessary to be able to break out the venv folder as a separate docker volume for better performance on Windows hosts
ARG REPO_NAME=copier-base-template
ENV VENV_PATH=/workspaces/${REPO_NAME}/.venv
RUN mkdir -p /workspace && \
RUN mkdir -p /workspaces && \
mkdir -p ${VENV_PATH} && \
chmod -R 777 /workspaces ${VENV_PATH} && \
chgrp -R 0 /workspaces ${VENV_PATH}
Expand Down
2 changes: 1 addition & 1 deletion template/.devcontainer/devcontainer.json.jinja
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
"-AmazonWebServices.aws-toolkit-vscode", // the AWS CLI feature installs this automatically, but it's causing problems in VS Code{% endraw %}{% endif %}{% raw %}
// basic tooling
// "eamodio.gitlens@15.5.1",
"coderabbit.coderabbit-vscode@0.16.4",
"coderabbit.coderabbit-vscode@0.16.6",
"ms-vscode.live-server@0.5.2025051301",
"MS-vsliveshare.vsliveshare@1.0.5905",
Comment on lines 29 to 33
Copy link

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

coderabbit.coderabbit-vscode 0.16.6 VS Code marketplace

💡 Result:

The VS Code Marketplace listing for the CodeRabbit extension is “CodeRabbit” (publisher CodeRabbit Inc.) with identifier CodeRabbit.coderabbit-vscode. [1]

I couldn’t find any evidence that version 0.16.6 exists on the VS Code Marketplace for this extension; third‑party archives of the Marketplace package list the latest available Marketplace version as 0.16.0 (updated Nov 19, 2025). [2]

Sources: [1], [2]

Update CodeRabbit extension to version 0.16.0 (non-existent version pinned).
Version 0.16.6 does not exist on the VS Code Marketplace; the latest available version is 0.16.0 (released Nov 19, 2025). Update the pin from "CodeRabbit.coderabbit-vscode@0.16.6" to "CodeRabbit.coderabbit-vscode@0.16.0" to ensure the devcontainer builds successfully.

🤖 Prompt for AI Agents 
In `@template/.devcontainer/devcontainer.json.jinja` around lines 29 - 33, Update
the pinned CodeRabbit extension version: replace the non-existent extension
identifier "coderabbit.coderabbit-vscode@0.16.6" with the available release
"CodeRabbit.coderabbit-vscode@0.16.0" in the devcontainer extensions list so the
devcontainer can install the correct marketplace version.

"github.copilot@1.388.0",
Expand Down
4 changes: 2 additions & 2 deletions template/.github/actions/install_deps/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,13 +58,13 @@ runs:

- name: Setup python
if: ${{ inputs.python-version != 'notUsing' }}
uses: actions/setup-python@v6.1.0
uses: actions/setup-python@v6.2.0
with:
python-version: ${{ env.PYTHON_VERSION }}

- name: Setup node
if: ${{ inputs.node-version != 'notUsing' }}
uses: actions/setup-node@v6.1.0
uses: actions/setup-node@v6.2.0
with:
node-version: ${{ inputs.node-version }}

Expand Down
4 changes: 2 additions & 2 deletions template/.github/actions/pulumi_ephemeral_deploy/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,9 +93,9 @@ runs:
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b
with:
message: |
:eyes: **Pulumi Preview for ${{ inputs.deploy-script-module-name }}:** :eyes:
:eyes: **Pulumi Preview for ${{ inputs.deploy-script-module-name }} stack ${{ inputs.stack-name }}:** :eyes:

```bash
${{ steps.pulumi-run.outputs.stdout }}
```
comment-tag: previewonpr-${{ inputs.deploy-script-module-name }}
comment-tag: previewonpr-${{ inputs.deploy-script-module-name }}-${{ inputs.stack-name }}
Loading
Loading