guides: update python & add files component

.vale.ini

@@ -33,4 +33,4 @@ Vale.Terms = NO
 [*.md]
 BasedOnStyles = Docker, Vale
 TokenIgnores = ({{[^}]+}}\S*)
-BlockIgnores = (?m)^[ \t]*({{[^}]+}})[ \t]*$, (\[[^\]]*{{[^}]+}}[^\]]*\]\([^)]*\))
+BlockIgnores = (?m)^[ \t]*({{[^}]+}})[ \t]*$, (\[[^\]]*{{[^}]+}}[^\]]*\]\([^)]*\)), ({{<\s*file\s[^>]*>}}[\s\S]*?{{<\s*/\s*file\s*>}})

content/guides/python/configure-github-actions.md

@@ -27,12 +27,14 @@
 
 ## Overview
 
-GitHub Actions is a CI/CD (Continuous Integration and Continuous Deployment) automation tool built into GitHub. It allows you to define custom workflows for building, testing, and deploying your code when specific events occur (e.g., pushing code, creating a pull request, etc.). A workflow is a YAML-based automation script that defines a sequence of steps to be executed when triggered. Workflows are stored in the `.github/workflows/` directory of a repository.
+GitHub Actions is a CI/CD automation tool built into GitHub. A workflow is a
+YAML file that tells GitHub which jobs to run when something happens in your
+repository, like a push to a branch or a pull request opening. Workflows live
+in the `.github/workflows/` directory of your repository.
 
-In this section, you'll learn how to set up and use GitHub Actions to build your Docker image as well as push it to Docker Hub. You will complete the following steps:
-
-1. Define the GitHub Actions workflow.
-2. Run the workflow.
+In this section, you'll add a workflow that runs your linting, formatting, and
+type checks on every push to the main branch, then builds your Docker image
+and pushes it to Docker Hub.
 
 ## 1. Define the GitHub Actions workflow
 
@@ -45,13 +47,20 @@
 2. Select **set up a workflow yourself**.
 
    This takes you to a page for creating a new GitHub Actions workflow file in
-   your repository. By default, the file is created under `.github/workflows/main.yml`, let's change it name to `build.yml`.
+   your repository. By default, the file is created under `.github/workflows/main.yml`. Change the file name to `build.yml`.
 
 If you prefer to use your text editor, create a new file named `build.yml` in the `.github/workflows/` directory of your repository.
 
 Add the following content to the file:
 
+{{< files name="python-docker-example" >}}
+
+{{< file path=".github/workflows/build.yml" status="new" >}}
 ```yaml
+# GitHub Actions workflow that runs on every push to main.
+# - lint-test: runs pre-commit hooks (Ruff) and Pyright type checks.
+# - build_and_push: signs in to Docker Hub and the DHI registry, then
+#   builds and pushes the image (with SBOM and provenance attestations).
 name: Build and push Docker image
 
 on:
@@ -64,16 +73,17 @@
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@{{% param "checkout_action_version" %}}
-      
+
       - name: Set up Python
         uses: actions/setup-python@v6
         with:
-          python-version: '3.14'
+          python-version: '3.12'
 
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
           pip install -r requirements.txt
+          pip install pre-commit pyright
 
       - name: Run pre-commit hooks
         run: pre-commit run --all-files
@@ -84,12 +94,21 @@
   build_and_push:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@{{% param "checkout_action_version" %}}
+
       - name: Login to Docker Hub
         uses: docker/login-action@{{% param "login_action_version" %}}
         with:
           username: ${{ vars.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Login to Docker Hardened Images
+        uses: docker/login-action@{{% param "login_action_version" %}}
+        with:
+          registry: dhi.io
+          username: ${{ vars.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@{{% param "setup_buildx_action_version" %}}
 
@@ -99,6 +118,9 @@
           push: true
           tags: ${{ vars.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest
 ```
+{{< /file >}}
+
+{{< /files >}}
 
 Each GitHub Actions workflow includes one or several jobs. Each job consists of steps. Each step can either run a set of commands or use already [existing actions](https://github.com/marketplace?type=actions). The action above has three steps:
 
@@ -128,9 +150,12 @@
 
 - [Introduction to GitHub Actions](/guides/gha.md)
 - [Docker Build GitHub Actions](/manuals/build/ci/github-actions/_index.md)
-- [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
+- [docker/login-action](https://github.com/docker/login-action)
+- [docker/build-push-action](https://github.com/docker/build-push-action)
+- [Create a Docker Hub access token](/manuals/security/access-tokens.md#create-an-access-token)
 
 ## Next steps
 
-In the next section, you'll learn how you can develop locally using kubernetes.
+In the next section, you'll learn how to inspect and generate supply chain
+attestations for your image. See [Secure your supply chain](secure-supply-chain.md).