Copier update (github action versions)

.copier-answers.yml

@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier
-_commit: v0.0.64
+_commit: v0.0.69
 _src_path: gh:LabAutomationAndScreening/copier-base-template.git
 description: Copier template for creating Python libraries and executables
 python_ci_versions:

.devcontainer/devcontainer.json

@@ -23,12 +23,12 @@
         "eamodio.gitlens@15.5.1",
         "ms-vscode.live-server@0.5.2025051301",
         "MS-vsliveshare.vsliveshare@1.0.5905",
-        "github.copilot@1.320.1564",
-        "github.copilot-chat@0.28.2025051402",
+        "github.copilot@1.366.1775",
+        "github.copilot-chat@0.31.2025090401",
 
         // Python
-        "ms-python.python@2025.7.2025051401",
-        "ms-python.vscode-pylance@2025.4.104",
+        "ms-python.python@2025.13.2025090201",
+        "ms-python.vscode-pylance@2025.7.102",
         "ms-vscode-remote.remote-containers@0.414.0",
         "charliermarsh.ruff@2025.24.0",
 
@@ -61,5 +61,5 @@
   "initializeCommand": "sh .devcontainer/initialize-command.sh",
   "onCreateCommand": "sh .devcontainer/on-create-command.sh",
   "postStartCommand": "sh .devcontainer/post-start-command.sh"
-  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): d72f90f7 # spellchecker:disable-line
+  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): bec12e35 # spellchecker:disable-line
 }

.devcontainer/install-ci-tooling.py

@@ -7,10 +7,10 @@
 import tempfile
 from pathlib import Path
 
-UV_VERSION = "0.8.4"
-PNPM_VERSION = "10.14.0"
-COPIER_VERSION = "9.9.1"
-COPIER_TEMPLATE_EXTENSIONS_VERSION = "0.3.2"
+UV_VERSION = "0.8.15"
+PNPM_VERSION = "10.15.1"
+COPIER_VERSION = "9.10.1"
+COPIER_TEMPLATE_EXTENSIONS_VERSION = "0.3.3"
 PRE_COMMIT_VERSION = "4.3.0"
 GITHUB_WINDOWS_RUNNER_BIN_PATH = r"C:\Users\runneradmin\.local\bin"
 INSTALL_SSM_PLUGIN_BY_DEFAULT = False
@@ -31,10 +31,10 @@
     "--no-node", action="store_true", default=False, help="Do not process any environments using node package managers"
 )
 _ = parser.add_argument(
-    "--install-ssm-plugin",
+    "--skip-installing-ssm-plugin",
     action="store_true",
-    default=INSTALL_SSM_PLUGIN_BY_DEFAULT,
-    help="Install the SSM plugin for AWS CLI",
+    default=False,
+    help="Skip installing the SSM plugin for AWS CLI",
 )
 
 
@@ -117,26 +117,43 @@ def main():
                 else [cmd]
             )
             _ = subprocess.run(cmd, shell=True, check=True)
-    if args.install_ssm_plugin:
-        if is_windows:
-            raise NotImplementedError("SSM plugin installation is not implemented for Windows")
+    if INSTALL_SSM_PLUGIN_BY_DEFAULT and not args.skip_installing_ssm_plugin:
         with tempfile.TemporaryDirectory() as tmp_dir:
-            local_package_path = Path(tmp_dir) / "session-manager-plugin.deb"
-            # Based on https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-debian-and-ubuntu.html
-            # no specific reason for that version, just pinning it for best practice
-            _ = subprocess.run(
-                [
-                    "curl",
-                    "https://s3.amazonaws.com/session-manager-downloads/plugin/1.2.707.0/ubuntu_64bit/session-manager-plugin.deb",
-                    "-o",
-                    f"{local_package_path}",
-                ],
-                check=True,
-            )
-            _ = subprocess.run(
-                ["sudo", "dpkg", "-i", str(local_package_path)],
-                check=True,
-            )
+            if is_windows:
+                local_package_path = Path(tmp_dir) / "SessionManagerPluginSetup.exe"
+                # Based on https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-windows.html
+                # no specific reason for that version, just pinning it for best practice
+                _ = subprocess.run(
+                    [
+                        "curl",
+                        "https://s3.amazonaws.com/session-manager-downloads/plugin/1.2.707.0/windows/SessionManagerPluginSetup.exe",
+                        "-o",
+                        f"{local_package_path}",
+                    ],
+                    check=True,
+                )
+                _ = subprocess.run(
+                    [str(local_package_path), "/quiet"],
+                    check=True,
+                )
+            else:
+                local_package_path = Path(tmp_dir) / "session-manager-plugin.deb"
+                # Based on https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-debian-and-ubuntu.html
+                # no specific reason for that version, just pinning it for best practice
+                _ = subprocess.run(
+                    [
+                        "curl",
+                        "https://s3.amazonaws.com/session-manager-downloads/plugin/1.2.707.0/ubuntu_64bit/session-manager-plugin.deb",
+                        "-o",
+                        f"{local_package_path}",
+                    ],
+                    check=True,
+                )
+                _ = subprocess.run(
+                    ["sudo", "dpkg", "-i", str(local_package_path)],
+                    check=True,
+                )
+            print("SSM Plugin Manager Version: ")
             _ = subprocess.run(
                 ["session-manager-plugin", "--version"],
                 check=True,

.github/actions/install_deps/action.yml

@@ -16,6 +16,11 @@ inputs:
     default: true
     type: boolean
     description: Whether to run the setup-deps script, or just to setup basic CI tooling
+  skip-installing-ssm-plugin-manager:
+    required: false
+    default: false
+    type: boolean
+    description: Whether to explicitly skip installing the SSM Plugin manager when setting up basic CI tooling
   project-dir:
     type: string
     description: What's the relative path to the project?
@@ -48,24 +53,24 @@ runs:
 
     - name: Setup python
       if: ${{ inputs.python-version != 'notUsing' }}
-      uses: actions/setup-python@v5.6.0
+      uses: actions/setup-python@v6.0.0
       with:
         python-version: ${{ env.PYTHON_VERSION }}
 
     - name: Setup node
       if: ${{ inputs.node-version != 'notUsing' }}
-      uses: actions/setup-node@v4.4.0
+      uses: actions/setup-node@v5.0.0
       with:
         node-version: ${{ inputs.node-version }}
 
     - name: Install tooling
       # the funky syntax is github action ternary
-      run: python .devcontainer/install-ci-tooling.py ${{ inputs.python-version == 'notUsing' && '--no-python' || '' }} ${{ inputs.node-version == 'notUsing' && '--no-node' || '' }}
+      run: python .devcontainer/install-ci-tooling.py ${{ inputs.python-version == 'notUsing' && '--no-python' || '' }} ${{ inputs.node-version == 'notUsing' && '--no-node' || '' }} ${{ inputs.skip-installing-ssm-plugin-manager && '--skip-installing-ssm-plugin' || '' }}
       shell: pwsh
 
     - name: OIDC Auth for CodeArtifact
       if: ${{ inputs.code-artifact-auth-role-name != 'no-code-artifact' }}
-      uses: aws-actions/configure-aws-credentials@v4.2.0
+      uses: aws-actions/configure-aws-credentials@v5.0.0
       with:
         role-to-assume: arn:aws:iam::${{ inputs.code-artifact-auth-role-account-id }}:role/${{ inputs.code-artifact-auth-role-name }}
         aws-region: ${{ inputs.code-artifact-auth-region }}

.github/actions/update-devcontainer-hash/action.yml

@@ -27,7 +27,7 @@ runs:
       shell: bash
 
     - name: Checkout code
-      uses: actions/checkout@v4.2.2
+      uses: actions/checkout@v5.0.0
       with:
         persist-credentials: true
         fetch-depth: 1

.github/reusable_workflows/build-docker-image.yaml

@@ -31,6 +31,10 @@ on:
         description: 'Should the image be saved as an artifact?'
         required: false
         default: false
+    outputs:
+      artifact-name:
+        description: 'The name of the uploaded artifact of the image tarball'
+        value: ${{ jobs.build-image.outputs.artifact-name }}
 
 permissions:
     id-token: write
@@ -40,6 +44,8 @@ jobs:
   build-image:
     name: Build Docker Image
     runs-on: ubuntu-24.04
+    outputs:
+      artifact-name: ${{ steps.calculate-build-context-hash.outputs.image_name_no_slashes }}
     steps:
       - name: Parse ECR URL
         if: ${{ inputs.push-role-name != 'no-push' }}
@@ -59,11 +65,11 @@ jobs:
         shell: bash
 
       - name: Checkout code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
 
       - name: OIDC Auth for ECR
         if: ${{ inputs.push-role-name != 'no-push' }}
-        uses: aws-actions/configure-aws-credentials@v4.2.0
+        uses: aws-actions/configure-aws-credentials@v5.0.0
         with:
           role-to-assume: arn:aws:iam::${{ steps.parse_ecr_url.outputs.aws_account_id }}:role/${{ inputs.push-role-name }}
           aws-region: ${{ steps.parse_ecr_url.outputs.aws_region }}
@@ -114,9 +120,9 @@ jobs:
 
       - name: Set up Docker Buildx
         if: ${{ (inputs.save-as-artifact && inputs.push-role-name == 'no-push') || steps.check-if-exists.outputs.status == 'notfound' }}
-        uses: docker/setup-buildx-action@v3.10.0
+        uses: docker/setup-buildx-action@v3.11.1
         with:
-          version: v0.22.0
+          version: v0.27.0
 
       - name: Build Docker Image
         if: ${{ (inputs.save-as-artifact && inputs.push-role-name == 'no-push') || steps.check-if-exists.outputs.status == 'notfound' }}

.github/workflows/ci.yaml

@@ -53,7 +53,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
 
       - name: Move python script that replaces private package registry information to temp folder so it doesn't get deleted
         run: |
@@ -108,7 +108,7 @@ jobs:
         timeout-minutes: 30 # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it
 
       - name: Cache Pre-commit hooks
-        uses: actions/cache@v4.2.3
+        uses: actions/cache@v4.2.4
         env:
           cache-name: cache-pre-commit-hooks
         with:

.github/workflows/get-values.yaml

@@ -25,7 +25,7 @@ jobs:
       pr-short-num: ${{ steps.find-pr-num.outputs.number }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
 
       - name: Update Devcontainer Hash
         if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'push' }}

.github/workflows/pre-commit.yaml

@@ -32,19 +32,20 @@ jobs:
     steps:
       - name: Checkout code during push
         if: ${{ github.event_name == 'push' }}
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           ref: ${{ github.ref_name }} # explicitly get the head of the branch, which will include any new commits pushed if this is a dependabot branch
 
       - name: Checkout code not during push
         if: ${{ github.event_name != 'push' }}
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
 
       - name: Install latest versions of packages
         uses: ./.github/actions/install_deps
         with:
           python-version: ${{ inputs.python-version }}
           node-version: ${{ inputs.node-version }}
+          skip-installing-ssm-plugin-manager: true
 
       - name: Set up mutex # Github concurrency management is horrible, things get arbitrarily cancelled if queued up. So using mutex until github fixes itself. When multiple jobs are modifying cache at once, weird things can happen.  possible issue is https://github.com/actions/toolkit/issues/658
         if: ${{ runner.os != 'Windows' }} # we're just gonna have to YOLO on Windows, because this action doesn't support it yet https://github.com/ben-z/gh-action-mutex/issues/14
@@ -54,7 +55,7 @@ jobs:
         timeout-minutes: 30 # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it
 
       - name: Cache Pre-commit hooks
-        uses: actions/cache@v4.2.3
+        uses: actions/cache@v4.2.4
         env:
           cache-name: cache-pre-commit-hooks
         with:

.github/workflows/tag-on-merge.yaml

@@ -13,7 +13,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v5.0.0
         with:
           ref: ${{ github.event.pull_request.merge_commit_sha }}
           fetch-depth: '0'

.pre-commit-config.yaml

@@ -42,7 +42,7 @@ repos:
 
   # Reformatting (should generally come before any file format or other checks, because reformatting can change things)
   - repo: https://github.com/crate-ci/typos
-    rev: 7fb6e0951ad91e4772a2470012fc1ae621016b80  # frozen: v1
+    rev: 65a25783d8705c6a72d9fead19c44d87b4ff03c3  # frozen: v1
     hooks:
       - id: typos
         exclude:
@@ -218,15 +218,15 @@ repos:
         exclude: docs/.*\.rst$
 
   - repo: https://github.com/hadolint/hadolint
-    rev: c3dc18df7a501f02a560a2cc7ba3c69a85ca01d3 # frozen: v2.13.1-beta
+    rev: 87de847754330ad47ae16bdfe2d1a757ccb4b4d4  # frozen: v2.13.1
     hooks:
       - id: hadolint-docker
         name: Lint Dockerfiles
         exclude: .*\.jinja$
         description: Runs hadolint to lint Dockerfiles
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: 54a455f7ce629598b7535ff828fd5fb796f4b83f  # frozen: v0.12.9
+    rev: db90487f48a9dd992d243ef63c156eaffddeaf28  # frozen: v0.12.11
     hooks:
       - id: ruff
         name: ruff-src