Summary

python-version-patch-pr rewrote FROM public.ecr.aws/lambda/python:3.13.2025.08.15.14 to FROM public.ecr.aws/lambda/python:3.13.8.08.15.14. The replacement assumes the third component after the major.minor pair is a Python patch version, but 3.13.2025.08.15.14 already contains a date-based build identifier. This leads to invalid tags being produced.

Expected behavior

When normalizing image tags, the automation should only alter the patch component when it is an actual Python patch version. Tags where the "patch" component is not a simple integer (e.g. contains four segments for build metadata) should be left untouched or validated against an allowlist.

Suggested fix

Add validation to the tag parser so that it recognizes when the third component is not a plain integer patch version. Skip or log those tags instead of rewriting them, or enhance the parser to handle date-based build identifiers correctly.