From 7ff837783706f61f15d69936cb43fc683924629d Mon Sep 17 00:00:00 2001 From: Dennis Effing Date: Wed, 6 Aug 2025 09:01:21 +0200 Subject: [PATCH 01/94] chore: remove uncustomized containers --- apps/actions-runner/Dockerfile | 44 --- apps/actions-runner/docker-bake.hcl | 42 --- apps/actions-runner/tests.yaml | 6 - apps/bazarr/Dockerfile | 73 ----- apps/bazarr/docker-bake.hcl | 42 --- apps/bazarr/entrypoint.sh | 9 - apps/bazarr/tests.yaml | 16 -- apps/beets/Dockerfile | 89 ------ apps/beets/defaults/config-beets.yaml | 149 ---------- apps/beets/defaults/config-betanin.toml | 11 - apps/beets/docker-bake.hcl | 42 --- apps/beets/entrypoint.sh | 29 -- apps/beets/tests.yaml | 11 - apps/busybox/Dockerfile | 4 - apps/busybox/docker-bake.hcl | 42 --- apps/busybox/tests.yaml | 6 - apps/byparr/Dockerfile | 59 ---- apps/byparr/docker-bake.hcl | 42 --- apps/byparr/entrypoint.sh | 4 - apps/byparr/tests.yaml | 11 - apps/cni-plugins/Dockerfile | 24 -- apps/cni-plugins/docker-bake.hcl | 42 --- apps/cni-plugins/tests.yaml | 6 - apps/deluge/Dockerfile | 47 --- apps/deluge/defaults/core.conf | 95 ------ apps/deluge/docker-bake.hcl | 42 --- apps/deluge/entrypoint.sh | 20 -- apps/deluge/tests.yaml | 13 - apps/emby/Dockerfile | 42 --- apps/emby/docker-bake.hcl | 42 --- apps/emby/entrypoint.sh | 22 -- apps/emby/tests.yaml | 11 - apps/esphome/Dockerfile | 56 ---- apps/esphome/docker-bake.hcl | 42 --- apps/esphome/entrypoint.sh | 16 -- apps/esphome/tests.yaml | 11 - apps/irqbalance/Dockerfile | 11 - apps/irqbalance/docker-bake.hcl | 42 --- apps/irqbalance/tests.yaml | 8 - apps/it-tools/Dockerfile | 17 -- apps/it-tools/docker-bake.hcl | 42 --- apps/it-tools/tests.yaml | 11 - apps/jackett/Dockerfile | 36 --- apps/jackett/docker-bake.hcl | 42 --- apps/jackett/entrypoint.sh | 7 - apps/jackett/tests.yaml | 13 - apps/jbops/Dockerfile | 49 ---- apps/jbops/docker-bake.hcl | 41 --- apps/jbops/entrypoint.sh | 6 - apps/jbops/tests.yaml | 6 - apps/k8s-sidecar/Dockerfile | 14 - apps/k8s-sidecar/docker-bake.hcl | 42 --- apps/k8s-sidecar/tests.yaml | 5 - apps/lidarr/Dockerfile | 42 --- apps/lidarr/docker-bake.hcl | 42 --- apps/lidarr/entrypoint.sh | 7 - apps/lidarr/tests.yaml | 12 - apps/nzbget/Dockerfile | 51 ---- apps/nzbget/docker-bake.hcl | 42 --- apps/nzbget/entrypoint.sh | 21 -- apps/nzbget/tests.yaml | 11 - apps/nzbhydra2/Dockerfile | 42 --- apps/nzbhydra2/docker-bake.hcl | 42 --- apps/nzbhydra2/entrypoint.sh | 23 -- apps/nzbhydra2/tests.yaml | 11 - apps/opentofu-runner/Dockerfile | 13 - apps/opentofu-runner/docker-bake.hcl | 42 --- apps/opentofu-runner/tests.yaml | 6 - apps/plex/Dockerfile | 50 ---- apps/plex/docker-bake.hcl | 42 --- apps/plex/entrypoint.sh | 113 -------- apps/plex/tests.yaml | 5 - apps/postgres-init/Dockerfile | 15 - apps/postgres-init/docker-bake.hcl | 42 --- apps/postgres-init/entrypoint.sh | 75 ----- apps/postgres-init/tests.yaml | 6 - apps/prowlarr/Dockerfile | 40 --- apps/prowlarr/docker-bake.hcl | 42 --- apps/prowlarr/entrypoint.sh | 7 - apps/prowlarr/tests.yaml | 12 - apps/qbittorrent/Dockerfile | 50 ---- apps/qbittorrent/defaults/qBittorrent.conf | 32 --- apps/qbittorrent/docker-bake.hcl | 42 --- apps/qbittorrent/entrypoint.sh | 19 -- apps/qbittorrent/tests.yaml | 18 -- apps/radarr/Dockerfile | 40 --- apps/radarr/docker-bake.hcl | 42 --- apps/radarr/entrypoint.sh | 7 - apps/radarr/tests.yaml | 12 - apps/sabnzbd/Dockerfile | 63 ---- apps/sabnzbd/defaults/sabnzbd.ini | 304 -------------------- apps/sabnzbd/docker-bake.hcl | 42 --- apps/sabnzbd/entrypoint.sh | 27 -- apps/sabnzbd/tests.yaml | 27 -- apps/smartctl-exporter/Dockerfile | 18 -- apps/smartctl-exporter/docker-bake.hcl | 42 --- apps/smartctl-exporter/tests.yaml | 8 - apps/sonarr/Dockerfile | 40 --- apps/sonarr/docker-bake.hcl | 42 --- apps/sonarr/entrypoint.sh | 7 - apps/sonarr/tests.yaml | 11 - apps/tautulli/Dockerfile | 58 ---- apps/tautulli/docker-bake.hcl | 42 --- apps/tautulli/entrypoint.sh | 9 - apps/tautulli/tests.yaml | 14 - apps/theme-park/Dockerfile | 23 -- apps/theme-park/docker-bake.hcl | 42 --- apps/theme-park/tests.yaml | 11 - apps/tqm/Dockerfile | 20 -- apps/tqm/docker-bake.hcl | 42 --- apps/tqm/tests.yaml | 6 - apps/transmission/Dockerfile | 44 --- apps/transmission/defaults/settings.json.j2 | 83 ------ apps/transmission/docker-bake.hcl | 43 --- apps/transmission/entrypoint.sh | 13 - apps/transmission/tests.yaml | 15 - apps/webhook/Dockerfile | 54 ---- apps/webhook/docker-bake.hcl | 42 --- apps/webhook/entrypoint.sh | 15 - apps/webhook/tests.yaml | 11 - apps/whisparr/Dockerfile | 42 --- apps/whisparr/docker-bake.hcl | 42 --- apps/whisparr/entrypoint.sh | 7 - apps/whisparr/tests.yaml | 12 - 124 files changed, 4093 deletions(-) delete mode 100644 apps/actions-runner/Dockerfile delete mode 100644 apps/actions-runner/docker-bake.hcl delete mode 100644 apps/actions-runner/tests.yaml delete mode 100644 apps/bazarr/Dockerfile delete mode 100644 apps/bazarr/docker-bake.hcl delete mode 100755 apps/bazarr/entrypoint.sh delete mode 100644 apps/bazarr/tests.yaml delete mode 100644 apps/beets/Dockerfile delete mode 100644 apps/beets/defaults/config-beets.yaml delete mode 100644 apps/beets/defaults/config-betanin.toml delete mode 100644 apps/beets/docker-bake.hcl delete mode 100755 apps/beets/entrypoint.sh delete mode 100644 apps/beets/tests.yaml delete mode 100644 apps/busybox/Dockerfile delete mode 100644 apps/busybox/docker-bake.hcl delete mode 100644 apps/busybox/tests.yaml delete mode 100644 apps/byparr/Dockerfile delete mode 100644 apps/byparr/docker-bake.hcl delete mode 100755 apps/byparr/entrypoint.sh delete mode 100644 apps/byparr/tests.yaml delete mode 100644 apps/cni-plugins/Dockerfile delete mode 100644 apps/cni-plugins/docker-bake.hcl delete mode 100644 apps/cni-plugins/tests.yaml delete mode 100644 apps/deluge/Dockerfile delete mode 100644 apps/deluge/defaults/core.conf delete mode 100644 apps/deluge/docker-bake.hcl delete mode 100755 apps/deluge/entrypoint.sh delete mode 100644 apps/deluge/tests.yaml delete mode 100644 apps/emby/Dockerfile delete mode 100644 apps/emby/docker-bake.hcl delete mode 100755 apps/emby/entrypoint.sh delete mode 100644 apps/emby/tests.yaml delete mode 100644 apps/esphome/Dockerfile delete mode 100644 apps/esphome/docker-bake.hcl delete mode 100755 apps/esphome/entrypoint.sh delete mode 100644 apps/esphome/tests.yaml delete mode 100644 apps/irqbalance/Dockerfile delete mode 100644 apps/irqbalance/docker-bake.hcl delete mode 100644 apps/irqbalance/tests.yaml delete mode 100644 apps/it-tools/Dockerfile delete mode 100644 apps/it-tools/docker-bake.hcl delete mode 100644 apps/it-tools/tests.yaml delete mode 100644 apps/jackett/Dockerfile delete mode 100644 apps/jackett/docker-bake.hcl delete mode 100755 apps/jackett/entrypoint.sh delete mode 100644 apps/jackett/tests.yaml delete mode 100644 apps/jbops/Dockerfile delete mode 100644 apps/jbops/docker-bake.hcl delete mode 100755 apps/jbops/entrypoint.sh delete mode 100644 apps/jbops/tests.yaml delete mode 100644 apps/k8s-sidecar/Dockerfile delete mode 100644 apps/k8s-sidecar/docker-bake.hcl delete mode 100644 apps/k8s-sidecar/tests.yaml delete mode 100644 apps/lidarr/Dockerfile delete mode 100644 apps/lidarr/docker-bake.hcl delete mode 100755 apps/lidarr/entrypoint.sh delete mode 100644 apps/lidarr/tests.yaml delete mode 100644 apps/nzbget/Dockerfile delete mode 100644 apps/nzbget/docker-bake.hcl delete mode 100755 apps/nzbget/entrypoint.sh delete mode 100644 apps/nzbget/tests.yaml delete mode 100644 apps/nzbhydra2/Dockerfile delete mode 100644 apps/nzbhydra2/docker-bake.hcl delete mode 100755 apps/nzbhydra2/entrypoint.sh delete mode 100644 apps/nzbhydra2/tests.yaml delete mode 100644 apps/opentofu-runner/Dockerfile delete mode 100644 apps/opentofu-runner/docker-bake.hcl delete mode 100644 apps/opentofu-runner/tests.yaml delete mode 100644 apps/plex/Dockerfile delete mode 100644 apps/plex/docker-bake.hcl delete mode 100755 apps/plex/entrypoint.sh delete mode 100644 apps/plex/tests.yaml delete mode 100644 apps/postgres-init/Dockerfile delete mode 100644 apps/postgres-init/docker-bake.hcl delete mode 100755 apps/postgres-init/entrypoint.sh delete mode 100644 apps/postgres-init/tests.yaml delete mode 100644 apps/prowlarr/Dockerfile delete mode 100644 apps/prowlarr/docker-bake.hcl delete mode 100755 apps/prowlarr/entrypoint.sh delete mode 100644 apps/prowlarr/tests.yaml delete mode 100644 apps/qbittorrent/Dockerfile delete mode 100644 apps/qbittorrent/defaults/qBittorrent.conf delete mode 100644 apps/qbittorrent/docker-bake.hcl delete mode 100755 apps/qbittorrent/entrypoint.sh delete mode 100644 apps/qbittorrent/tests.yaml delete mode 100644 apps/radarr/Dockerfile delete mode 100644 apps/radarr/docker-bake.hcl delete mode 100755 apps/radarr/entrypoint.sh delete mode 100644 apps/radarr/tests.yaml delete mode 100644 apps/sabnzbd/Dockerfile delete mode 100644 apps/sabnzbd/defaults/sabnzbd.ini delete mode 100644 apps/sabnzbd/docker-bake.hcl delete mode 100755 apps/sabnzbd/entrypoint.sh delete mode 100644 apps/sabnzbd/tests.yaml delete mode 100644 apps/smartctl-exporter/Dockerfile delete mode 100644 apps/smartctl-exporter/docker-bake.hcl delete mode 100644 apps/smartctl-exporter/tests.yaml delete mode 100644 apps/sonarr/Dockerfile delete mode 100644 apps/sonarr/docker-bake.hcl delete mode 100755 apps/sonarr/entrypoint.sh delete mode 100644 apps/sonarr/tests.yaml delete mode 100644 apps/tautulli/Dockerfile delete mode 100644 apps/tautulli/docker-bake.hcl delete mode 100755 apps/tautulli/entrypoint.sh delete mode 100644 apps/tautulli/tests.yaml delete mode 100644 apps/theme-park/Dockerfile delete mode 100644 apps/theme-park/docker-bake.hcl delete mode 100644 apps/theme-park/tests.yaml delete mode 100644 apps/tqm/Dockerfile delete mode 100644 apps/tqm/docker-bake.hcl delete mode 100644 apps/tqm/tests.yaml delete mode 100644 apps/transmission/Dockerfile delete mode 100644 apps/transmission/defaults/settings.json.j2 delete mode 100644 apps/transmission/docker-bake.hcl delete mode 100755 apps/transmission/entrypoint.sh delete mode 100644 apps/transmission/tests.yaml delete mode 100644 apps/webhook/Dockerfile delete mode 100644 apps/webhook/docker-bake.hcl delete mode 100755 apps/webhook/entrypoint.sh delete mode 100644 apps/webhook/tests.yaml delete mode 100644 apps/whisparr/Dockerfile delete mode 100644 apps/whisparr/docker-bake.hcl delete mode 100755 apps/whisparr/entrypoint.sh delete mode 100644 apps/whisparr/tests.yaml diff --git a/apps/actions-runner/Dockerfile b/apps/actions-runner/Dockerfile deleted file mode 100644 index 5fb2631d0..000000000 --- a/apps/actions-runner/Dockerfile +++ /dev/null @@ -1,44 +0,0 @@ -# syntax=docker/dockerfile:1 - -ARG VERSION -FROM ghcr.io/actions/actions-runner:${VERSION} -ARG TARGETARCH - -ENV HOMEBREW_NO_ANALYTICS=1 \ - HOMEBREW_NO_ENV_HINTS=1 \ - HOMEBREW_NO_INSTALL_CLEANUP=1 - -USER root - -RUN \ - apt-get -qq update \ - && \ - apt-get -qq install -y --no-install-recommends --no-install-suggests \ - ca-certificates \ - jo \ - moreutils \ - wget \ - zstd \ - && \ - case "${TARGETARCH}" in \ - 'amd64') apt-get -qq install -y --no-install-recommends --no-install-suggests gcc ;; \ - esac \ - && \ - curl -fsSL "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${TARGETARCH}" -o /usr/local/bin/yq \ - && chmod +x /usr/local/bin/yq \ - && \ - mkdir -p -m 755 /etc/apt/keyrings \ - && out=$(mktemp) && wget -nv -O$out https://cli.github.com/packages/githubcli-archive-keyring.gpg \ - && cat $out | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \ - && chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \ - && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ - && apt update \ - && apt install gh -y \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -USER runner - -RUN \ - case "${TARGETARCH}" in \ - 'amd64') /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" ;; \ - esac diff --git a/apps/actions-runner/docker-bake.hcl b/apps/actions-runner/docker-bake.hcl deleted file mode 100644 index a0db1c798..000000000 --- a/apps/actions-runner/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "actions-runner" -} - -variable "VERSION" { - // renovate: datasource=docker depName=ghcr.io/actions/actions-runner - default = "2.327.1" -} - -variable "SOURCE" { - default = "https://github.com/actions/runner" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/actions-runner/tests.yaml b/apps/actions-runner/tests.yaml deleted file mode 100644 index 70482ccb4..000000000 --- a/apps/actions-runner/tests.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -schemaVersion: "2.0.0" -fileExistenceTests: - - name: yq - path: /usr/local/bin/yq - shouldExist: true diff --git a/apps/bazarr/Dockerfile b/apps/bazarr/Dockerfile deleted file mode 100644 index 36dae41cc..000000000 --- a/apps/bazarr/Dockerfile +++ /dev/null @@ -1,73 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/python:3.13-alpine3.22 -ARG VENDOR -ARG VERSION - -ENV \ - CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ - PIP_BREAK_SYSTEM_PACKAGES=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - PIP_NO_CACHE_DIR=1 \ - PIP_ROOT_USER_ACTION=ignore \ - PYTHONDONTWRITEBYTECODE=1 \ - PYTHONUNBUFFERED=1 \ - UV_NO_CACHE=true \ - UV_SYSTEM_PYTHON=true \ - UV_EXTRA_INDEX_URL="https://wheel-index.linuxserver.io/alpine-3.22/" - -ENV \ - BAZARR__PORT=6767 \ - BAZARR_PACKAGE_AUTHOR=${VENDOR} \ - BAZARR_PACKAGE_VERSION=${VERSION} \ - BAZARR_VERSION=${VERSION} - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - ffmpeg \ - jq \ - libxml2 \ - libpq \ - libxslt \ - mediainfo \ - nano \ - trurl \ - tzdata \ - unzip \ - && \ - apk add --no-cache --virtual .build-deps \ - build-base \ - cargo \ - libffi-dev \ - libpq-dev \ - libxml2-dev \ - libxslt-dev \ - && \ - curl -fsSL -o /tmp/app.zip "https://github.com/morpheus65535/bazarr/releases/download/${VERSION}/bazarr.zip" \ - && unzip -q /tmp/app.zip -d /app/bin \ - && sed -i '/Pillow>/s/ --only-binary=Pillow//; /Pillow>/a --only-binary=Pillow' /app/bin/requirements.txt \ - && pip install uv \ - && uv pip install \ - --requirement /app/bin/requirements.txt \ - --requirement /app/bin/postgres-requirements.txt \ - && chown -R root:root /app && chmod -R 755 /app \ - && pip uninstall --yes uv && apk del --purge .build-deps \ - && rm -rf /root/.cache /root/.cargo /tmp/* /app/bin/bin - -COPY . / - -COPY --from=ghcr.io/linuxserver/unrar:latest /usr/bin/unrar-alpine /usr/bin/unrar - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/bazarr/docker-bake.hcl b/apps/bazarr/docker-bake.hcl deleted file mode 100644 index 5a54a9eb6..000000000 --- a/apps/bazarr/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "bazarr" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=morpheus65535/bazarr - default = "v1.5.2" -} - -variable "SOURCE" { - default = "https://github.com/morpheus65535/bazarr" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/bazarr/entrypoint.sh b/apps/bazarr/entrypoint.sh deleted file mode 100755 index 72a56fa40..000000000 --- a/apps/bazarr/entrypoint.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -exec \ - /usr/local/bin/python \ - /app/bin/bazarr.py \ - --no-update True \ - --config /config \ - --port ${BAZARR__PORT} \ - "$@" diff --git a/apps/bazarr/tests.yaml b/apps/bazarr/tests.yaml deleted file mode 100644 index 2321b138d..000000000 --- a/apps/bazarr/tests.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - python: - running: true -port: - tcp:6767: - listening: true -http: - http://localhost:6767: - status: 200 -file: - /usr/local/bin/python: - exists: true - /usr/bin/unrar: - exists: true diff --git a/apps/beets/Dockerfile b/apps/beets/Dockerfile deleted file mode 100644 index 5829431f3..000000000 --- a/apps/beets/Dockerfile +++ /dev/null @@ -1,89 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/node:22-alpine AS betanin -WORKDIR /src -ADD https://github.com/sentriz/betanin.git . -WORKDIR /src/betanin_client -ENV PRODUCTION=true -ENV NODE_OPTIONS=--openssl-legacy-provider -RUN npm install && npm run-script build - -FROM docker.io/library/python:3.13-alpine3.22 -ARG VERSION - -WORKDIR /src - -ENV \ - CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ - PIP_BREAK_SYSTEM_PACKAGES=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - PIP_NO_CACHE_DIR=1 \ - PIP_ROOT_USER_ACTION=ignore \ - PYTHONDONTWRITEBYTECODE=1 \ - PYTHONUNBUFFERED=1 \ - UV_NO_CACHE=true \ - UV_SYSTEM_PYTHON=true \ - UV_EXTRA_INDEX_URL="https://wheel-index.linuxserver.io/alpine-3.22/" - -ENV HOME=/config \ - BETANIN_HOST=0.0.0.0 \ - BETANIN_PORT=8080 - -RUN \ - apk add --no-cache \ - bash \ - catatonit \ - chromaprint \ - curl \ - expat \ - ffmpeg \ - fftw \ - flac \ - gdbm \ - gobject-introspection \ - gst-plugins-good \ - gstreamer \ - imagemagick \ - jpeg \ - jq \ - lame \ - libffi \ - libpng \ - mpg123 \ - openjpeg \ - sqlite-libs \ - tzdata \ - && \ - apk add --no-cache --virtual=.build-deps \ - git \ - && \ - apk add --no-cache --repository="https://dl-cdn.alpinelinux.org/alpine/edge/community/" \ - mp3gain \ - && \ - apk add --no-cache --repository="https://dl-cdn.alpinelinux.org/alpine/edge/testing/" \ - mp3val \ - && \ - pip install uv \ - && \ - uv pip install \ - https://github.com/beetbox/beets/releases/download/${VERSION}/beets-${VERSION#*v}-py3-none-any.whl \ - git+https://github.com/sentriz/betanin.git \ - beetcamp \ - beets-extrafiles \ - beets-lidarr-fields \ - beets-noimport \ - pyacoustid \ - pylast \ - python3-discogs-client \ - && pip uninstall --yes uv \ - && apk del --purge .build-deps \ - && rm -rf /tmp/* - -COPY --from=betanin /src/betanin_client/dist/ /usr/local/lib/python3.13/site-packages/betanin_client/dist/ -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/beets/defaults/config-beets.yaml b/apps/beets/defaults/config-beets.yaml deleted file mode 100644 index 648932006..000000000 --- a/apps/beets/defaults/config-beets.yaml +++ /dev/null @@ -1,149 +0,0 @@ -library: /config/beets.db -directory: /Music - -import: - write: yes - copy: yes - move: no - link: no - hardlink: no - reflink: no - delete: no - resume: ask - incremental: no - incremental_skip_later: no - from_scratch: no - quiet_fallback: skip - none_rec_action: ask - timid: no - log: - autotag: yes - quiet: no - singletons: no - default_action: apply - languages: [] - detail: no - flat: no - group_albums: no - pretend: false - search_ids: [] - duplicate_action: ask - bell: no - set_fields: {} - -clutter: ["Thumbs.DB", ".DS_Store"] -ignore: [".*", "*~", "System Volume Information", "lost+found"] -ignore_hidden: yes - -replace: - '[\\/]': _ - '^\.': _ - '[\x00-\x1f]': _ - '[<>:"\?\*\|]': _ - '\.$': _ - '\s+$': '' - '^\s+': '' - '^-': _ -path_sep_replace: _ -drive_sep_replace: _ -asciify_paths: false -art_filename: cover -max_filename_length: 0 - -aunique: - keys: albumartist album - disambiguators: albumtype year label catalognum albumdisambig releasegroupdisambig - bracket: '[]' - -overwrite_null: - album: [] - track: [] - -plugins: [] -pluginpath: [] -threaded: yes -timeout: 5.0 -per_disc_numbering: no -verbose: 0 -terminal_encoding: -original_date: no -artist_credit: no -id3v23: no -va_name: "Various Artists" - -ui: - terminal_width: 80 - length_diff_thresh: 10.0 - color: yes - colors: - text_success: green - text_warning: yellow - text_error: red - text_highlight: red - text_highlight_minor: lightgray - action_default: turquoise - action: blue - -format_item: $artist - $album - $title -format_album: $albumartist - $album -time_format: '%Y-%m-%d %H:%M:%S' -format_raw_length: no - -sort_album: albumartist+ album+ -sort_item: artist+ album+ disc+ track+ -sort_case_insensitive: yes - -paths: - default: $albumartist/$album%aunique{}/$track $title - singleton: Non-Album/$artist/$title - comp: Compilations/$album%aunique{}/$track $title - -statefile: state.pickle - -musicbrainz: - host: musicbrainz.org - https: no - ratelimit: 1 - ratelimit_interval: 1.0 - searchlimit: 5 - extra_tags: [] - genres: no - -match: - strong_rec_thresh: 0.04 - medium_rec_thresh: 0.25 - rec_gap_thresh: 0.25 - max_rec: - missing_tracks: medium - unmatched_tracks: medium - distance_weights: - source: 2.0 - artist: 3.0 - album: 3.0 - media: 1.0 - mediums: 1.0 - year: 1.0 - country: 0.5 - label: 0.5 - catalognum: 0.5 - albumdisambig: 0.5 - album_id: 5.0 - tracks: 2.0 - missing_tracks: 0.9 - unmatched_tracks: 0.6 - track_title: 3.0 - track_artist: 2.0 - track_index: 1.0 - track_length: 2.0 - track_id: 5.0 - preferred: - countries: [] - media: [] - original_year: no - ignored: [] - required: [] - ignored_media: [] - ignore_data_tracks: yes - ignore_video_tracks: yes - track_length_grace: 10 - track_length_max: 30 diff --git a/apps/beets/defaults/config-betanin.toml b/apps/beets/defaults/config-betanin.toml deleted file mode 100644 index cfb1195ce..000000000 --- a/apps/beets/defaults/config-betanin.toml +++ /dev/null @@ -1,11 +0,0 @@ -[frontend] -username = "beets" -password = "" -[clients] -api_key = "" -[server] -num_parallel_jobs = 1 -[notifications.services] -[notifications.strings] -title = "Music Imported" -body = "$name" diff --git a/apps/beets/docker-bake.hcl b/apps/beets/docker-bake.hcl deleted file mode 100644 index ba3609e0c..000000000 --- a/apps/beets/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "beets" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=beetbox/beets - default = "v2.3.1" -} - -variable "SOURCE" { - default = "https://github.com/beetbox/beets" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/beets/entrypoint.sh b/apps/beets/entrypoint.sh deleted file mode 100755 index 3635efb3e..000000000 --- a/apps/beets/entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash - -export BEETSDIR="/config/.config/beets" -export BETANINDIR="/config/.config/betanin" - -if [[ ! -f "${BEETSDIR}/config.yaml" ]]; then - mkdir -p "${BEETSDIR}" - cp /defaults/config-beets.yaml "${BEETSDIR}/config.yaml" -fi - -if [[ ! -f "${BETANINDIR}/config.toml" ]]; then - mkdir -p "${BETANINDIR}" - cp /defaults/config-betanin.toml "${BETANINDIR}/config.toml" - - password=$(tr -dc 'a-z0-9' < /dev/urandom | fold -w 32 | head -n 1) - api_key=$(tr -dc 'a-z0-9' < /dev/urandom | fold -w 32 | head -n 1) - sed -i -e "s/^password *=.*$/password = \"${password}\"/g" "${BETANINDIR}/config.toml" - sed -i -e "s/^api_key *=.*$/api_key = \"${api_key}\"/g" "${BETANINDIR}/config.toml" - echo "Created password and api keys for the user beets:" - echo "Password: ${password}" - echo "API Key: ${api_key}" -fi - -[[ -n "${BETANIN__PASSWORD}" ]] && sed -i -e "s/^password *=.*$/password = \"${BETANIN__PASSWORD}\"/g" "${BETANINDIR}/config.toml" -[[ -n "${BETANIN__API_KEY}" ]] && sed -i -e "s/^api_key *=.*$/api_key = \"${BETANIN__API_KEY}\"/g" "${BETANINDIR}/config.toml" - -exec \ - /usr/local/bin/betanin \ - "$@" diff --git a/apps/beets/tests.yaml b/apps/beets/tests.yaml deleted file mode 100644 index 589818719..000000000 --- a/apps/beets/tests.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - betanin: - running: true -port: - tcp:8080: - listening: true -http: - http://localhost:8080: - status: 200 diff --git a/apps/busybox/Dockerfile b/apps/busybox/Dockerfile deleted file mode 100644 index 6e9b006dc..000000000 --- a/apps/busybox/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -# syntax=docker/dockerfile:1 - -ARG VERSION -FROM docker.io/library/busybox:${VERSION} diff --git a/apps/busybox/docker-bake.hcl b/apps/busybox/docker-bake.hcl deleted file mode 100644 index 21c84ac18..000000000 --- a/apps/busybox/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "busybox" -} - -variable "VERSION" { - // renovate: datasource=docker depName=docker.io/library/busybox - default = "1.37.0" -} - -variable "SOURCE" { - default = "https://www.busybox.net" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/busybox/tests.yaml b/apps/busybox/tests.yaml deleted file mode 100644 index 2a27be9f0..000000000 --- a/apps/busybox/tests.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -schemaVersion: "2.0.0" -fileExistenceTests: - - name: sh - path: /bin/sh - shouldExist: true diff --git a/apps/byparr/Dockerfile b/apps/byparr/Dockerfile deleted file mode 100644 index fa3773ab2..000000000 --- a/apps/byparr/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/python:3.13-alpine3.22 -ARG VERSION - -ENV \ - CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ - PIP_BREAK_SYSTEM_PACKAGES=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - PIP_NO_CACHE_DIR=1 \ - PIP_ROOT_USER_ACTION=ignore \ - PYTHONDONTWRITEBYTECODE=1 \ - PYTHONUNBUFFERED=1 \ - UV_NO_CACHE=true \ - UV_SYSTEM_PYTHON=true - -ENV \ - GITHUB_BUILD="false" \ - VERSION=${VERSION} - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - jq \ - nano \ - tzdata \ - xauth \ - xvfb \ - scrot \ - chromium \ - chromium-chromedriver \ - && \ - apk add --no-cache --virtual=.build-deps \ - build-base \ - libffi-dev \ - openssl-dev \ - musl-dev \ - git \ - && \ - git clone --single-branch --branch "${VERSION}" https://github.com/ThePhaseless/Byparr.git . \ - && pip install uv \ - && uv sync \ - && cd .venv/lib/*/site-packages/seleniumbase/drivers && rm -f uc_driver && ln -s /usr/bin/chromedriver uc_driver \ - && chown -R root:root /app && chmod -R 755 /app \ - && apk del --purge .build-deps \ - && rm -rf /root/.cache /root/.cargo /tmp/* - -COPY . / - -USER nobody:nogroup - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/byparr/docker-bake.hcl b/apps/byparr/docker-bake.hcl deleted file mode 100644 index e8f143c1b..000000000 --- a/apps/byparr/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "byparr" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=ThePhaseless/Byparr - default = "v1.2.1" -} - -variable "SOURCE" { - default = "https://github.com/ThePhaseless/Byparr" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/byparr/entrypoint.sh b/apps/byparr/entrypoint.sh deleted file mode 100755 index e26b35430..000000000 --- a/apps/byparr/entrypoint.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env bash - -exec \ - uv run main.py diff --git a/apps/byparr/tests.yaml b/apps/byparr/tests.yaml deleted file mode 100644 index 21b64b499..000000000 --- a/apps/byparr/tests.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - uv: - running: true -port: - tcp:8191: - listening: true -http: - http://localhost:8191: - status: 200 diff --git a/apps/cni-plugins/Dockerfile b/apps/cni-plugins/Dockerfile deleted file mode 100644 index 7d5fe04fa..000000000 --- a/apps/cni-plugins/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 -ARG TARGETARCH -ARG VERSION - -ENV CNI_BIN_DIR=/host/opt/cni/bin - -USER root - -RUN \ - apk add --no-cache \ - rsync \ - && \ - apk add --no-cache --virtual=.build-deps \ - curl \ - tar \ - && mkdir -p /plugins \ - && curl -fsSL "https://github.com/containernetworking/plugins/releases/download/${VERSION}/cni-plugins-linux-${TARGETARCH}-${VERSION}.tgz" \ - | tar xzf - -C /plugins --strip-components=1 \ - && apk del --purge .build-deps \ - && rm -rf /tmp/* - -CMD rsync -av /plugins/* $CNI_BIN_DIR diff --git a/apps/cni-plugins/docker-bake.hcl b/apps/cni-plugins/docker-bake.hcl deleted file mode 100644 index 8288ded7f..000000000 --- a/apps/cni-plugins/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "cni-plugins" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=containernetworking/plugins - default = "v1.7.1" -} - -variable "SOURCE" { - default = "https://github.com/containernetworking/plugins" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/cni-plugins/tests.yaml b/apps/cni-plugins/tests.yaml deleted file mode 100644 index b3c53ca05..000000000 --- a/apps/cni-plugins/tests.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -schemaVersion: "2.0.0" -fileExistenceTests: - - name: macvlan - path: /plugins/macvlan - shouldExist: true diff --git a/apps/deluge/Dockerfile b/apps/deluge/Dockerfile deleted file mode 100644 index 686232eb7..000000000 --- a/apps/deluge/Dockerfile +++ /dev/null @@ -1,47 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 -ARG VERSION - -ENV DELUGE_BIN="deluged" \ - XDG_CONFIG_HOME="/config" \ - PYTHON_EGG_CACHE="/config/plugins/.python-eggs" \ - TMPDIR="/tmp" - -USER root - -RUN \ - apk add --no-cache \ - 7zip \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - jq \ - nano \ - py3-future \ - py3-requests \ - tzdata \ - && \ - apk add --no-cache --repository="https://dl-cdn.alpinelinux.org/alpine/edge/community" \ - deluge=="${VERSION}" \ - && \ - apk add --no-cache --repository="https://dl-cdn.alpinelinux.org/alpine/edge/testing" \ - py3-geoip \ - && \ - mkdir -p /usr/share/GeoIP \ - && \ - curl -fsSL "https://mailfud.org/geoip-legacy/GeoIP.dat.gz" \ - | gunzip > /usr/share/GeoIP/GeoIP.dat \ - && rm -rf /tmp/* - -COPY . / - -COPY --from=ghcr.io/linuxserver/unrar:latest /usr/bin/unrar-alpine /usr/bin/unrar - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/deluge/defaults/core.conf b/apps/deluge/defaults/core.conf deleted file mode 100644 index 24bf0e960..000000000 --- a/apps/deluge/defaults/core.conf +++ /dev/null @@ -1,95 +0,0 @@ -{ - "file": 1, - "format": 1 -}{ - "add_paused": false, - "allow_remote": false, - "auto_manage_prefer_seeds": false, - "auto_managed": true, - "cache_expiry": 60, - "cache_size": 512, - "copy_torrent_file": false, - "daemon_port": 58846, - "del_copy_torrent_file": false, - "dht": true, - "dont_count_slow_torrents": false, - "download_location": "/downloads", - "download_location_paths_list": [], - "enabled_plugins": [], - "enc_in_policy": 1, - "enc_level": 2, - "enc_out_policy": 1, - "geoip_db_location": "/usr/share/GeoIP/GeoIP.dat", - "ignore_limits_on_local_network": true, - "info_sent": 0.0, - "listen_interface": "", - "listen_ports": [ - 6881, - 6891 - ], - "listen_random_port": 51765, - "listen_reuse_port": true, - "listen_use_sys_port": false, - "lsd": true, - "max_active_downloading": 3, - "max_active_limit": 8, - "max_active_seeding": 5, - "max_connections_global": 200, - "max_connections_per_second": 20, - "max_connections_per_torrent": -1, - "max_download_speed": -1.0, - "max_download_speed_per_torrent": -1, - "max_half_open_connections": 50, - "max_upload_slots_global": 4, - "max_upload_slots_per_torrent": -1, - "max_upload_speed": -1.0, - "max_upload_speed_per_torrent": -1, - "move_completed": false, - "move_completed_path": "/downloads", - "move_completed_paths_list": [], - "natpmp": true, - "new_release_check": true, - "outgoing_interface": "", - "outgoing_ports": [ - 0, - 0 - ], - "path_chooser_accelerator_string": "Tab", - "path_chooser_auto_complete_enabled": true, - "path_chooser_max_popup_rows": 20, - "path_chooser_show_chooser_button_on_localhost": true, - "path_chooser_show_hidden_files": false, - "peer_tos": "0x00", - "plugins_location": "/config/plugins", - "pre_allocate_storage": false, - "prioritize_first_last_pieces": false, - "proxy": { - "anonymous_mode": false, - "force_proxy": false, - "hostname": "", - "password": "", - "port": 8080, - "proxy_hostnames": true, - "proxy_peer_connections": true, - "proxy_tracker_connections": true, - "type": 0, - "username": "" - }, - "queue_new_to_top": false, - "random_outgoing_ports": true, - "random_port": true, - "rate_limit_ip_overhead": true, - "remove_seed_at_ratio": false, - "seed_time_limit": 180, - "seed_time_ratio_limit": 7.0, - "send_info": false, - "sequential_download": false, - "share_ratio_limit": 2.0, - "shared": false, - "stop_seed_at_ratio": false, - "stop_seed_ratio": 2.0, - "super_seeding": false, - "torrentfiles_location": "/config/torrents", - "upnp": true, - "utpex": true -} diff --git a/apps/deluge/docker-bake.hcl b/apps/deluge/docker-bake.hcl deleted file mode 100644 index f3a10e9f0..000000000 --- a/apps/deluge/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "deluge" -} - -variable "VERSION" { - // renovate: datasource=repology depName=alpine_edge/deluge - default = "2.2.0-r0" -} - -variable "SOURCE" { - default = "https://github.com/deluge-torrent/deluge" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/deluge/entrypoint.sh b/apps/deluge/entrypoint.sh deleted file mode 100755 index 397157248..000000000 --- a/apps/deluge/entrypoint.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env bash - -if [[ ! -f /config/core.conf ]]; then - cp /defaults/core.conf /config/core.conf -fi - -mkdir -p /config/plugins/.python-eggs - -DELUGE_OPTS=( - "--do-not-daemonize" - "--config" "/config" -) - -if [[ ${DELUGE_BIN} == "deluged" ]]; then - DELUGE_OPTS+=("--loglevel" "info") -elif [[ ${DELUGE_BIN} == "deluge-web" ]]; then - DELUGE_OPTS+=("--loglevel" "warning") -fi - -exec ${DELUGE_BIN} "${DELUGE_OPTS[@]}" "$@" diff --git a/apps/deluge/tests.yaml b/apps/deluge/tests.yaml deleted file mode 100644 index 09bfea29e..000000000 --- a/apps/deluge/tests.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - deluged: - running: true -port: - tcp:58846: - listening: true -file: - /usr/bin/python3: - exists: true - /usr/bin/unrar: - exists: true diff --git a/apps/emby/Dockerfile b/apps/emby/Dockerfile deleted file mode 100644 index 757eba5a8..000000000 --- a/apps/emby/Dockerfile +++ /dev/null @@ -1,42 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/ubuntu:24.04 -ARG TARGETARCH -ARG VERSION - -ENV DEBIAN_FRONTEND="noninteractive" \ - NVIDIA_DRIVER_CAPABILITIES="compute,video,utility" - -USER root - -RUN \ - apt-get update \ - && \ - apt-get install -y --no-install-recommends --no-install-suggests \ - bash \ - ca-certificates \ - catatonit \ - curl \ - jq \ - nano \ - tzdata \ - && \ - curl -fsSL -o /tmp/emby.deb \ - "https://github.com/MediaBrowser/Emby.Releases/releases/download/${VERSION}/emby-server-deb_${VERSION}_${TARGETARCH}.deb" \ - && \ - mkdir -p /app/bin /tmp/emby \ - && dpkg-deb -xv /tmp/emby.deb /tmp/emby/ \ - && mv -t /app/bin/ /tmp/emby/opt/emby-server/* \ - && chown -R root:root /app && chmod -R 755 /app \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - && apt-get autoremove -y \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/emby/docker-bake.hcl b/apps/emby/docker-bake.hcl deleted file mode 100644 index ef0ba7e43..000000000 --- a/apps/emby/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "emby" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=MediaBrowser/Emby.Releases versioning=loose - default = "4.8.11.0" -} - -group "default" { - targets = ["image-local"] -} - -variable "SOURCE" { - default = "https://github.com/MediaBrowser/Emby.Releases" -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/emby/entrypoint.sh b/apps/emby/entrypoint.sh deleted file mode 100755 index 3e585418f..000000000 --- a/apps/emby/entrypoint.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash - -APP_DIR="/app/bin" - -export AMDGPU_IDS="${APP_DIR}/extra/share/libdrm/amdgpu.ids" -export FONTCONFIG_PATH="${APP_DIR}/etc/fonts" -export LD_LIBRARY_PATH="${APP_DIR}/lib:${APP_DIR}/extra/lib" -export OCL_ICD_VENDORS="${APP_DIR}/extra/etc/OpenCL/vendors" -export PCI_IDS_PATH="${APP_DIR}/share/hwdata/pci.ids" -export SSL_CERT_FILE="${APP_DIR}/etc/ssl/certs/ca-certificates.crt" -if [ -d "/lib/x86_64-linux-gnu" ]; then - export LIBVA_DRIVERS_PATH="/usr/lib/x86_64-linux-gnu/dri:${APP_DIR}/extra/lib/dri" -fi - -exec \ - /app/bin/system/EmbyServer \ - -programdata /config \ - -ffdetect /app/bin/bin/ffdetect \ - -ffmpeg /app/bin/bin/ffmpeg \ - -ffprobe /app/bin/bin/ffprobe \ - -restartexitcode 3 \ - "$@" diff --git a/apps/emby/tests.yaml b/apps/emby/tests.yaml deleted file mode 100644 index 410f4a287..000000000 --- a/apps/emby/tests.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - EmbyServer: - running: true -port: - tcp6:8096: - listening: true -http: - http://localhost:8096: - status: 200 diff --git a/apps/esphome/Dockerfile b/apps/esphome/Dockerfile deleted file mode 100644 index 5d645b1d3..000000000 --- a/apps/esphome/Dockerfile +++ /dev/null @@ -1,56 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/python:3.13-slim -ARG VERSION - -ENV \ - CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ - PIP_BREAK_SYSTEM_PACKAGES=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - PIP_NO_CACHE_DIR=1 \ - PIP_ROOT_USER_ACTION=ignore \ - PYTHONDONTWRITEBYTECODE=1 \ - PYTHONUNBUFFERED=1 \ - UV_NO_CACHE=true \ - UV_SYSTEM_PYTHON=true \ - UV_EXTRA_INDEX_URL="https://wheels.home-assistant.io/musllinux/" - -ENV \ - HOME="/config" \ - PLATFORMIO_CORE_DIR=/cache/pio \ - ESPHOME_BUILD_PATH=/cache/build \ - ESPHOME_DATA_DIR=/cache/data - -USER root -WORKDIR /app - -RUN \ - apt-get update \ - && \ - apt-get install -y --no-install-recommends --no-install-suggests \ - ca-certificates \ - catatonit \ - curl \ - git \ - iputils-ping \ - libcairo2 \ - libmagic1 \ - openssh-client \ - patch \ - && pip install uv \ - && uv pip install \ - setuptools \ - "esphome[displays]==${VERSION}" \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - && apt-get autoremove -y \ - && apt-get clean \ - && rm -rf /tmp/* /var/{cache,log}/* /var/lib/apt/lists/* /usr/src/* - -COPY . / - -USER nobody:nogroup - -WORKDIR /config - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] -CMD ["dashboard", "/config"] diff --git a/apps/esphome/docker-bake.hcl b/apps/esphome/docker-bake.hcl deleted file mode 100644 index 346df72c8..000000000 --- a/apps/esphome/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "esphome" -} - -variable "VERSION" { - // renovate: datasource=pypi depName=esphome - default = "2025.7.5" -} - -variable "SOURCE" { - default = "https://github.com/esphome/esphome" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/esphome/entrypoint.sh b/apps/esphome/entrypoint.sh deleted file mode 100755 index 21763b290..000000000 --- a/apps/esphome/entrypoint.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -PLATFORMIO_CORE_DIR=${PLATFORMIO_CORE_DIR:-/cache/pio} -ESPHOME_BUILD_PATH=${ESPHOME_BUILD_PATH:-/cache/build} -ESPHOME_DATA_DIR=${ESPHOME_DATA_DIR:-/cache/data} - -# Make sure cache folders exist -mkdir -p "${PLATFORMIO_CORE_DIR}" -mkdir -p "${ESPHOME_BUILD_PATH}" -mkdir -p "${ESPHOME_DATA_DIR}" - -# Prune PIO files -pio system prune --force - -# Launch ESPHome -exec /usr/local/bin/esphome "$@" diff --git a/apps/esphome/tests.yaml b/apps/esphome/tests.yaml deleted file mode 100644 index 1dea53892..000000000 --- a/apps/esphome/tests.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - esphome: - running: true -port: - tcp:6052: - listening: true -http: - http://localhost:6052: - status: 200 diff --git a/apps/irqbalance/Dockerfile b/apps/irqbalance/Dockerfile deleted file mode 100644 index 1ef9b096e..000000000 --- a/apps/irqbalance/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 -ARG VERSION -USER root -RUN \ - apk add --no-cache \ - bash \ - irqbalance=="${VERSION}" \ - && rm -rf /tmp/* -ENTRYPOINT ["/usr/sbin/irqbalance", "--foreground"] diff --git a/apps/irqbalance/docker-bake.hcl b/apps/irqbalance/docker-bake.hcl deleted file mode 100644 index 2fabe158f..000000000 --- a/apps/irqbalance/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "irqbalance" -} - -variable "VERSION" { - // renovate: datasource=repology depName=alpine_3_22/irqbalance - default = "1.9.4-r1" -} - -variable "SOURCE" { - default = "https://github.com/irqbalance/irqbalance" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/irqbalance/tests.yaml b/apps/irqbalance/tests.yaml deleted file mode 100644 index 7511d093c..000000000 --- a/apps/irqbalance/tests.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - irqbalance: - running: true -file: - /usr/sbin/irqbalance: - exists: true diff --git a/apps/it-tools/Dockerfile b/apps/it-tools/Dockerfile deleted file mode 100644 index 489d6c037..000000000 --- a/apps/it-tools/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/node:22-alpine AS builder -ARG VERSION -WORKDIR /tmp -ADD https://github.com/CorentinTh/it-tools.git#${VERSION} . -RUN npm install -g corepack@latest \ - && corepack enable \ - && corepack prepare pnpm@latest --activate \ - && pnpm install --prefer-offline \ - && pnpm build - -FROM ghcr.io/nginxinc/nginx-unprivileged:1.27-alpine -ENV NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=1 -COPY --from=builder --chown=nginx:nginx /tmp/dist/ /usr/share/nginx/html -USER nginx -WORKDIR /usr/share/nginx/html diff --git a/apps/it-tools/docker-bake.hcl b/apps/it-tools/docker-bake.hcl deleted file mode 100644 index b35ccf3f0..000000000 --- a/apps/it-tools/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "it-tools" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=CorentinTh/it-tools - default = "v2024.10.22-7ca5933" -} - -variable "SOURCE" { - default = "https://github.com/CorentinTh/it-tools" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/it-tools/tests.yaml b/apps/it-tools/tests.yaml deleted file mode 100644 index c7f6ee0a9..000000000 --- a/apps/it-tools/tests.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - nginx: - running: true -port: - tcp:8080: - listening: true -http: - http://localhost:8080: - status: 200 diff --git a/apps/jackett/Dockerfile b/apps/jackett/Dockerfile deleted file mode 100644 index 40e2f6a40..000000000 --- a/apps/jackett/Dockerfile +++ /dev/null @@ -1,36 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 -ARG TARGETARCH -ARG TARGETARCH=${TARGETARCH/arm64/ARM64} -ARG TARGETARCH=${TARGETARCH/amd64/AMDx64} -ARG VERSION - -ENV XDG_CONFIG_HOME=/config - -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - icu-data-full \ - icu-libs \ - jq \ - libintl \ - nano \ - tzdata \ - && mkdir -p /app/bin \ - && curl -fsSL "https://github.com/Jackett/Jackett/releases/download/${VERSION}/Jackett.Binaries.LinuxMusl${TARGETARCH}.tar.gz" \ - | tar xzf - -C /app/bin --strip-components 1 \ - && chown -R root:root /app && chmod -R 755 /app \ - && rm -rf /tmp/* /app/bin/JackettUpdater* - -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/jackett/docker-bake.hcl b/apps/jackett/docker-bake.hcl deleted file mode 100644 index c897dad37..000000000 --- a/apps/jackett/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "jackett" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=Jackett/Jackett - default = "v0.22.2233" -} - -variable "SOURCE" { - default = "https://github.com/Jackett/Jackett" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/jackett/entrypoint.sh b/apps/jackett/entrypoint.sh deleted file mode 100755 index 374dc84b9..000000000 --- a/apps/jackett/entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -exec \ - /app/bin/jackett \ - --NoUpdates \ - --ListenPublic \ - "$@" diff --git a/apps/jackett/tests.yaml b/apps/jackett/tests.yaml deleted file mode 100644 index 07fa36913..000000000 --- a/apps/jackett/tests.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - jackett: - running: true -port: - tcp6:9117: - listening: true -http: - http://localhost:9117: - status: 400 - body: - - Cookies required diff --git a/apps/jbops/Dockerfile b/apps/jbops/Dockerfile deleted file mode 100644 index a9fcea0d7..000000000 --- a/apps/jbops/Dockerfile +++ /dev/null @@ -1,49 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/python:3.13-alpine3.22 -ARG VERSION - -ENV \ - PYTHONDONTWRITEBYTECODE=1 \ - PYTHONUNBUFFERED=1 \ - PIP_ROOT_USER_ACTION=ignore \ - PIP_NO_CACHE_DIR=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - PIP_BREAK_SYSTEM_PACKAGES=1 \ - CRYPTOGRAPHY_DONT_BUILD_RUST=1 - -ENV PLEXAPI_CONFIG_PATH="/config/config.ini" \ - JBOPS__SCRIPT_PATH="fun/plexapi_haiku.py" - -USER root -WORKDIR /app - -RUN apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - jq \ - nano \ - tzdata \ - && \ - apk add --no-cache --virtual=.build-deps \ - build-base \ - libffi-dev \ - openssl-dev \ - musl-dev \ - git \ - && \ - git clone --single-branch --branch "${VERSION}" https://github.com/blacktwin/JBOPS.git . \ - && \ - pip install --upgrade --requirement requirements.txt \ - && chown -R root:root /app && chmod -R 755 /app \ - && apk del --purge .build-deps \ - && rm -rf /root/.cache /root/.cargo /tmp/* /app/maps - -COPY . / - -USER nobody:nogroup - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/jbops/docker-bake.hcl b/apps/jbops/docker-bake.hcl deleted file mode 100644 index febf5c5bc..000000000 --- a/apps/jbops/docker-bake.hcl +++ /dev/null @@ -1,41 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "jbops" -} - -variable "VERSION" { - default = "master" -} - -variable "SOURCE" { - default = "https://github.com/blacktwin/JBOPS" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/jbops/entrypoint.sh b/apps/jbops/entrypoint.sh deleted file mode 100755 index 785d7aa61..000000000 --- a/apps/jbops/entrypoint.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash - -exec \ - /usr/local/bin/python \ - "/app/${JBOPS__SCRIPT_PATH}" \ - "$@" diff --git a/apps/jbops/tests.yaml b/apps/jbops/tests.yaml deleted file mode 100644 index 3fed026d2..000000000 --- a/apps/jbops/tests.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -schemaVersion: "2.0.0" -fileExistenceTests: - - name: plexapi_haiku - path: /app/fun/plexapi_haiku.py - shouldExist: true diff --git a/apps/k8s-sidecar/Dockerfile b/apps/k8s-sidecar/Dockerfile deleted file mode 100644 index bc29c849c..000000000 --- a/apps/k8s-sidecar/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -# syntax=docker/dockerfile:1 - -ARG VERSION -FROM ghcr.io/kiwigrid/k8s-sidecar:${VERSION} -USER root -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - curl \ - jq \ - tzdata \ - && rm -rf /tmp/* -USER nobody:nogroup diff --git a/apps/k8s-sidecar/docker-bake.hcl b/apps/k8s-sidecar/docker-bake.hcl deleted file mode 100644 index a9a87675b..000000000 --- a/apps/k8s-sidecar/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "k8s-sidecar" -} - -variable "VERSION" { - // renovate: datasource=docker depName=ghcr.io/kiwigrid/k8s-sidecar - default = "1.30.7" -} - -variable "SOURCE" { - default = "https://github.com/kiwigrid/k8s-sidecar" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/k8s-sidecar/tests.yaml b/apps/k8s-sidecar/tests.yaml deleted file mode 100644 index 2b716a022..000000000 --- a/apps/k8s-sidecar/tests.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - python: - running: true diff --git a/apps/lidarr/Dockerfile b/apps/lidarr/Dockerfile deleted file mode 100644 index 1f07282bc..000000000 --- a/apps/lidarr/Dockerfile +++ /dev/null @@ -1,42 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 -ARG TARGETARCH -ARG VENDOR -ARG VERSION - -ENV DOTNET_EnableDiagnostics=0 \ - LIDARR__UPDATE__BRANCH=develop - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - chromaprint \ - coreutils \ - curl \ - ffmpeg \ - icu-libs \ - jq \ - libintl \ - nano \ - sqlite-libs \ - tzdata \ - && mkdir -p /app/bin \ - && curl -fsSL "https://lidarr.servarr.com/v1/update/${LIDARR__UPDATE__BRANCH}/updatefile?version=${VERSION}&os=linuxmusl&runtime=netcore&arch=${TARGETARCH/amd64/x64}" \ - | tar xzf - -C /app/bin --strip-components=1 \ - && printf "UpdateMethod=docker\nBranch=%s\nPackageVersion=%s\nPackageAuthor=[%s](https://github.com/%s)\n" "${LIDARR__UPDATE__BRANCH}" "${VERSION}" "${VENDOR}" "${VENDOR}" > /app/package_info \ - && chown -R root:root /app && chmod -R 755 /app \ - && rm -rf /tmp/* /app/bin/Lidarr.Update /app/bin/fpcalc - -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/lidarr/docker-bake.hcl b/apps/lidarr/docker-bake.hcl deleted file mode 100644 index 1494fea21..000000000 --- a/apps/lidarr/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "lidarr" -} - -variable "VERSION" { - // renovate: datasource=custom.servarr-develop depName=lidarr versioning=loose - default = "2.13.1.4681" -} - -variable "SOURCE" { - default = "https://github.com/Lidarr/Lidarr" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/lidarr/entrypoint.sh b/apps/lidarr/entrypoint.sh deleted file mode 100755 index c8bb766ce..000000000 --- a/apps/lidarr/entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - - exec \ - /app/bin/Lidarr \ - --nobrowser \ - --data=/config \ - "$@" diff --git a/apps/lidarr/tests.yaml b/apps/lidarr/tests.yaml deleted file mode 100644 index 98d3550e7..000000000 --- a/apps/lidarr/tests.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - Lidarr: - running: true -port: - tcp6:8686: - listening: true -http: - http://localhost:8686: - status: 200 - timeout: 5000 diff --git a/apps/nzbget/Dockerfile b/apps/nzbget/Dockerfile deleted file mode 100644 index 5558f9041..000000000 --- a/apps/nzbget/Dockerfile +++ /dev/null @@ -1,51 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/python:3.13-alpine3.22 -ARG VERSION - -ENV \ - CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ - PIP_BREAK_SYSTEM_PACKAGES=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - PIP_NO_CACHE_DIR=1 \ - PIP_ROOT_USER_ACTION=ignore \ - PYTHONDONTWRITEBYTECODE=1 \ - PYTHONUNBUFFERED=1 \ - UV_NO_CACHE=true \ - UV_SYSTEM_PYTHON=true \ - UV_EXTRA_INDEX_URL="https://wheel-index.linuxserver.io/alpine-3.22/" - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - 7zip \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - jq \ - nano \ - tzdata \ - && \ - curl -fsSL -o /tmp/nzbget.run \ - "https://github.com/nzbgetcom/nzbget/releases/download/v${VERSION}/nzbget-${VERSION}-bin-linux.run" \ - && \ - sh /tmp/nzbget.run --destdir /app \ - && pip install uv \ - && uv pip install apprise pynzb requests \ - && chown -R root:root /app && chmod -R 755 /app \ - && pip uninstall --yes uv \ - && rm -rf /root/.cache /root/.cargo /tmp/* - -COPY . / - -COPY --from=ghcr.io/linuxserver/unrar:latest /usr/bin/unrar-alpine /usr/bin/unrar - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/nzbget/docker-bake.hcl b/apps/nzbget/docker-bake.hcl deleted file mode 100644 index 3dc4d7527..000000000 --- a/apps/nzbget/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "nzbget" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=nzbgetcom/nzbget versioning=loose - default = "25.2" -} - -variable "SOURCE" { - default = "https://github.com/nzbgetcom/nzbget" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/nzbget/entrypoint.sh b/apps/nzbget/entrypoint.sh deleted file mode 100755 index cac4f2439..000000000 --- a/apps/nzbget/entrypoint.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -CONFIG_FILE="/config/nzbget.conf" - -if [[ ! -f "${CONFIG_FILE}" ]]; then - cp /app/nzbget.conf "${CONFIG_FILE}" - sed -i \ - -e "s|^MainDir=.*|MainDir=/config/downloads|g" \ - -e "s|^QueueDir=.*|QueueDir=/config/queue|g" \ - -e "s|^LockFile=.*|LockFile=/config/nzbget.lock|g" \ - -e "s|^LogFile=.*|LogFile=/config/nzbget.log|g" \ - -e "s|^ShellOverride=.*|ShellOverride=.py=/usr/bin/python3;.sh=/bin/bash|g" \ - "${CONFIG_FILE}" -fi - -exec \ - /app/nzbget \ - --server \ - --option "OutputMode=log" \ - --configfile "${CONFIG_FILE}" \ - "$@" diff --git a/apps/nzbget/tests.yaml b/apps/nzbget/tests.yaml deleted file mode 100644 index 6954bad02..000000000 --- a/apps/nzbget/tests.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - nzbget: - running: true -port: - tcp:6789: - listening: true -http: - http://localhost:6789: - status: 200 diff --git a/apps/nzbhydra2/Dockerfile b/apps/nzbhydra2/Dockerfile deleted file mode 100644 index e7a2269ac..000000000 --- a/apps/nzbhydra2/Dockerfile +++ /dev/null @@ -1,42 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/amazoncorretto:17-alpine3.22 - -ARG TARGETARCH -ARG VENDOR -ARG VERSION - -ENV JAVA_TOOL_OPTIONS="-Xmx256M" - -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - freetype \ - jq \ - nano \ - tzdata \ - unzip \ - && mkdir -p /app/bin \ - && curl -fsSL -o /tmp/nzbhydra2.zip \ - "https://github.com/theotherp/nzbhydra2/releases/download/${VERSION}/nzbhydra2-${VERSION#*v}-generic.zip" \ - && unzip -q /tmp/nzbhydra2.zip -d /tmp \ - && cp /tmp/lib/core-${VERSION#*v}-exec.jar /app/bin/nzbhydra2.jar \ - && mkdir -p /defaults \ - && curl -fsSL -o /defaults/nzbhydra.yml \ - "https://raw.githubusercontent.com/theotherp/nzbhydra2/${VERSION}/core/src/main/resources/config/baseConfig.yml" \ - && sed -i 's/mapIpToHost: true/mapIpToHost: false/' /defaults/nzbhydra.yml \ - && sed -i 's/checkOpenPort: true/checkOpenPort: false/' /defaults/nzbhydra.yml \ - && chown -R root:root /app && chmod -R 755 /app \ - && rm -rf /tmp/* - -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/nzbhydra2/docker-bake.hcl b/apps/nzbhydra2/docker-bake.hcl deleted file mode 100644 index d8d7d2a4f..000000000 --- a/apps/nzbhydra2/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "nzbhydra2" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=theotherp/nzbhydra2 - default = "v7.16.0" -} - -variable "SOURCE" { - default = "https://github.com/theotherp/nzbhydra2" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/nzbhydra2/entrypoint.sh b/apps/nzbhydra2/entrypoint.sh deleted file mode 100755 index 09b813a31..000000000 --- a/apps/nzbhydra2/entrypoint.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env bash - -mkdir -p /config/logs - -if [[ ! -f /config/nzbhydra.yml ]]; then - cp /defaults/nzbhydra.yml /config/nzbhydra.yml -fi - -exec \ - java \ - -DfromWrapper \ - -noverify \ - -XX:TieredStopAtLevel=1 \ - -XX:+HeapDumpOnOutOfMemoryError \ - -XX:HeapDumpPath=/config/logs \ - -Xlog:gc:/config/logs/gclog-"$(date +"%F_%H-%M-%S")".log::filecount=5,filesize=5000 \ - -Dspring.output.ansi.enabled=ALWAYS \ - -Dsun.security.pkcs11.enable-solaris=false \ - -Dfile.encoding=UTF8 \ - -DinternalApiKey="${NZBHYDRA2__API_KEY:-}" \ - -jar /app/bin/nzbhydra2.jar \ - --datafolder /config \ - "$@" diff --git a/apps/nzbhydra2/tests.yaml b/apps/nzbhydra2/tests.yaml deleted file mode 100644 index 0904908b1..000000000 --- a/apps/nzbhydra2/tests.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - java: - running: true -port: - tcp6:5076: - listening: true -http: - http://localhost:5076: - status: 200 diff --git a/apps/opentofu-runner/Dockerfile b/apps/opentofu-runner/Dockerfile deleted file mode 100644 index 7883c1bcd..000000000 --- a/apps/opentofu-runner/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 AS builder -ARG TARGETARCH -ARG VERSION -RUN apk add --no-cache curl \ - && curl -fsSL "https://github.com/opentofu/opentofu/releases/download/v${VERSION}/tofu_${VERSION}_linux_${TARGETARCH}.tar.gz" \ - | tar xzf - -C /tmp - -FROM ghcr.io/flux-iac/tf-runner:v0.16.0-rc.5 -USER root -COPY --from=builder --chown=65532:65532 --chmod=755 /tmp/tofu /usr/local/bin/terraform -USER 65532:65532 diff --git a/apps/opentofu-runner/docker-bake.hcl b/apps/opentofu-runner/docker-bake.hcl deleted file mode 100644 index b08764d81..000000000 --- a/apps/opentofu-runner/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "opentofu-runner" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=opentofu/opentofu - default = "1.10.5" -} - -variable "SOURCE" { - default = "https://github.com/opentofu/opentofu" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/opentofu-runner/tests.yaml b/apps/opentofu-runner/tests.yaml deleted file mode 100644 index b1e9cb960..000000000 --- a/apps/opentofu-runner/tests.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -schemaVersion: "2.0.0" -fileExistenceTests: - - name: terraform - path: /usr/local/bin/terraform - shouldExist: true diff --git a/apps/plex/Dockerfile b/apps/plex/Dockerfile deleted file mode 100644 index 285695ea7..000000000 --- a/apps/plex/Dockerfile +++ /dev/null @@ -1,50 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/ubuntu:24.04 -ARG TARGETARCH -ARG VENDOR -ARG VERSION - -ENV DEBIAN_FRONTEND="noninteractive" \ - NVIDIA_DRIVER_CAPABILITIES="compute,video,utility" \ - PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR="/config/Library/Application Support" \ - PLEX_MEDIA_SERVER_HOME="/usr/lib/plexmediaserver" \ - PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS="6" \ - PLEX_MEDIA_SERVER_INFO_VENDOR="Docker" \ - PLEX_MEDIA_SERVER_INFO_DEVICE="Docker Container (${VENDOR})" - -USER root -WORKDIR /app - -RUN \ - apt-get update \ - && \ - apt-get install -y --no-install-recommends --no-install-suggests \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - jq \ - nano \ - tzdata \ - uuid-runtime \ - xmlstarlet \ - && \ - curl -fsSL -o /tmp/plex.deb \ - "https://downloads.plex.tv/plex-media-server-new/${VERSION}/debian/plexmediaserver_${VERSION}_${TARGETARCH}.deb" \ - && \ - dpkg -i /tmp/plex.deb \ - && chmod -R 755 "${PLEX_MEDIA_SERVER_HOME}" \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - && apt-get autoremove -y \ - && apt-get clean \ - && rm -rf /etc/default/plexmediaserver /tmp/* /var/lib/apt/lists/* /var/tmp/ - -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/plex/docker-bake.hcl b/apps/plex/docker-bake.hcl deleted file mode 100644 index b1fbad115..000000000 --- a/apps/plex/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "plex" -} - -variable "VERSION" { - // renovate: datasource=custom.plex depName=plex versioning=loose - default = "1.41.9.9961-46083195d" -} - -variable "SOURCE" { - default = "https://github.com/plexinc/pms-docker" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/plex/entrypoint.sh b/apps/plex/entrypoint.sh deleted file mode 100755 index 337cd6fdc..000000000 --- a/apps/plex/entrypoint.sh +++ /dev/null @@ -1,113 +0,0 @@ -#!/usr/bin/env bash - -export PLEX_MEDIA_SERVER_INFO_MODEL=$(uname -m) -export PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION=$(uname -r) - -function getPref { - local key="$1" - xmlstarlet sel -T -t -m "/Preferences" -v "@${key}" -n "${prefFile}" -} - -function setPref { - local key="$1" - local value="$2" - count="$(xmlstarlet sel -t -v "count(/Preferences/@${key})" "${prefFile}")" - count=$((count + 0)) - if [[ $count -gt 0 ]]; then - xmlstarlet ed --inplace --update "/Preferences/@${key}" -v "${value}" "${prefFile}" - else - xmlstarlet ed --inplace --insert "/Preferences" --type attr -n "${key}" -v "${value}" "${prefFile}" - fi -} - -prefFile="${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}/Plex Media Server/Preferences.xml" - -# Create empty Preferences.xml file if it doesn't exist already -if [ ! -e "${prefFile}" ]; then - echo "Creating pref shell" - mkdir -p "$(dirname "${prefFile}")" - cat > "${prefFile}" <<-EOF - - -EOF -fi - -# Setup Server's client identifier -serial="$(getPref "MachineIdentifier")" -if [[ -z "${serial}" ]]; then - serial="$(cat /proc/sys/kernel/random/uuid)" - setPref "MachineIdentifier" "${serial}" -fi -clientId="$(getPref "ProcessedMachineIdentifier")" -if [[ -z "${clientId}" ]]; then - clientId="$(echo -n "${serial}- Plex Media Server" | sha1sum | cut -b 1-40)" - setPref "ProcessedMachineIdentifier" "${clientId}" -fi - -# Get server token and only turn claim token into server token if we have former but not latter. -token="$(getPref "PlexOnlineToken")" -if [[ -n "${PLEX_CLAIM_TOKEN}" ]] && [[ -z "${token}" ]]; then - echo "Attempting to obtain server token from claim token..." - loginInfo="$(curl -fsSL -X POST \ - -H 'X-Plex-Client-Identifier: '"${clientId}" \ - -H 'X-Plex-Product: Plex Media Server'\ - -H 'X-Plex-Version: 1.1' \ - -H 'X-Plex-Provides: server' \ - -H 'X-Plex-Platform: Linux' \ - -H 'X-Plex-Platform-Version: 1.0' \ - -H 'X-Plex-Device-Name: PlexMediaServer' \ - -H 'X-Plex-Device: Linux' \ - "https://plex.tv/api/claim/exchange?token=${PLEX_CLAIM_TOKEN}")" - token="$(echo "$loginInfo" | sed -n 's/.*\(.*\)<\/authentication-token>.*/\1/p')" - - if [[ "$token" ]]; then - echo "Token obtained successfully!" - setPref "PlexOnlineToken" "${token}" - fi -fi - -# Set other preferences -[[ -n "${ADVERTISE_IP}" ]] && PLEX_ADVERTISE_URL=${ADVERTISE_IP} -if [[ -n "${PLEX_ADVERTISE_URL}" ]]; then - echo "Setting customConnections to: ${PLEX_ADVERTISE_URL}" - setPref "customConnections" "${PLEX_ADVERTISE_URL}" -fi - -[[ -n "${ALLOWED_NETWORKS}" ]] && PLEX_NO_AUTH_NETWORKS=${ALLOWED_NETWORKS} -if [[ -n "${PLEX_NO_AUTH_NETWORKS}" ]]; then - echo "Setting allowedNetworks to: ${PLEX_NO_AUTH_NETWORKS}" - setPref "allowedNetworks" "${PLEX_NO_AUTH_NETWORKS}" -fi - -# Set transcoder directory if not yet set -if [[ -z "$(getPref "TranscoderTempDirectory")" ]]; then - echo "Setting TranscoderTempDirectory to: /transcode" - setPref "TranscoderTempDirectory" "/transcode" -fi - -# Parse list of all exported variables that start with PLEX_PREFERENCE_ -# The format of which is PLEX_PREFERENCE_="Key=Value" -# Where Key is the EXACT key to use in the Plex Preference file -# And Value is the EXACT value to use in the Plex Preference file for that key. -# Please note it looks like many of the key's are camelCase in some fashion. -# Additionally there are likely some preferences where environment variable injection -# doesn't really work for. -for var in "${!PLEX_PREFERENCE_@}"; do - value="${!var}" - PreferenceValue="${value#*=}" - PreferenceKey="${value%=*}" - setPref "${PreferenceKey}" "${PreferenceValue}" -done - -# Remove pid file -rm -f "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}/Plex Media Server/plexmediaserver.pid" - -# Purge Codecs folder -if [[ "${PLEX_PURGE_CODECS}" == "true" ]]; then - echo "Purging Codecs folder..." - find "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}/Plex Media Server/Codecs" -mindepth 1 -not -name '.device-id' -print -delete -fi - -exec \ - /usr/lib/plexmediaserver/Plex\ Media\ Server \ - "$@" diff --git a/apps/plex/tests.yaml b/apps/plex/tests.yaml deleted file mode 100644 index c3f49e303..000000000 --- a/apps/plex/tests.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -port: - tcp6:32400: - listening: true diff --git a/apps/postgres-init/Dockerfile b/apps/postgres-init/Dockerfile deleted file mode 100644 index 5f15fdf8c..000000000 --- a/apps/postgres-init/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 -ARG VERSION -USER root -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - postgresql17-client=="${VERSION}" \ - && rm -rf /tmp/* -COPY . / -USER nobody:nogroup -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/postgres-init/docker-bake.hcl b/apps/postgres-init/docker-bake.hcl deleted file mode 100644 index fa2a9189f..000000000 --- a/apps/postgres-init/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "postgres-init" -} - -variable "VERSION" { - // renovate: datasource=repology depName=alpine_3_22/postgresql17-client versioning=loose - default = "17.5-r0" -} - -variable "SOURCE" { - default = "https://github.com/postgres/postgres" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/postgres-init/entrypoint.sh b/apps/postgres-init/entrypoint.sh deleted file mode 100755 index 7a855f981..000000000 --- a/apps/postgres-init/entrypoint.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env bash - -# This is most commonly set to the user 'postgres' -export INIT_POSTGRES_SUPER_USER=${INIT_POSTGRES_SUPER_USER:-postgres} -export INIT_POSTGRES_PORT=${INIT_POSTGRES_PORT:-5432} -export INIT_POSTGRES_UTF8=${INIT_POSTGRES_UTF8:-"false"} - -if [[ -z "${INIT_POSTGRES_HOST}" || - -z "${INIT_POSTGRES_SUPER_PASS}" || - -z "${INIT_POSTGRES_USER}" || - -z "${INIT_POSTGRES_PASS}" || - -z "${INIT_POSTGRES_DBNAME}" -]]; then - printf "\e[1;32m%-6s\e[m\n" "Invalid configuration - missing a required environment variable" - [[ -z "${INIT_POSTGRES_HOST}" ]] && printf "\e[1;32m%-6s\e[m\n" "INIT_POSTGRES_HOST: unset" - [[ -z "${INIT_POSTGRES_SUPER_PASS}" ]] && printf "\e[1;32m%-6s\e[m\n" "INIT_POSTGRES_SUPER_PASS: unset" - [[ -z "${INIT_POSTGRES_USER}" ]] && printf "\e[1;32m%-6s\e[m\n" "INIT_POSTGRES_USER: unset" - [[ -z "${INIT_POSTGRES_PASS}" ]] && printf "\e[1;32m%-6s\e[m\n" "INIT_POSTGRES_PASS: unset" - [[ -z "${INIT_POSTGRES_DBNAME}" ]] && printf "\e[1;32m%-6s\e[m\n" "INIT_POSTGRES_DBNAME: unset" - exit 1 -fi - -# These env are for the psql CLI -export PGHOST="${INIT_POSTGRES_HOST}" -export PGUSER="${INIT_POSTGRES_SUPER_USER}" -export PGPASSWORD="${INIT_POSTGRES_SUPER_PASS}" -export PGPORT="${INIT_POSTGRES_PORT}" - -until pg_isready; do - printf "\e[1;32m%-6s\e[m\n" "Waiting for Host '${PGHOST}' on port '${PGPORT}' ..." - sleep 1 -done - -user_exists=$(\ - psql \ - --tuples-only \ - --csv \ - --command "SELECT 1 FROM pg_roles WHERE rolname = '${INIT_POSTGRES_USER}'" -) - -if [[ -z "${user_exists}" ]]; then - printf "\e[1;32m%-6s\e[m\n" "Create User ${INIT_POSTGRES_USER} ..." - createuser ${INIT_POSTGRES_USER_FLAGS} "${INIT_POSTGRES_USER}" -fi - -printf "\e[1;32m%-6s\e[m\n" "Update password for user ${INIT_POSTGRES_USER} ..." -psql --command "alter user \"${INIT_POSTGRES_USER}\" with encrypted password '${INIT_POSTGRES_PASS}';" - -for dbname in ${INIT_POSTGRES_DBNAME}; do - database_exists=$(\ - psql \ - --tuples-only \ - --csv \ - --command "SELECT 1 FROM pg_database WHERE datname = '${dbname}'" - ) - if [[ -z "${database_exists}" ]]; then - if [[ "${INIT_POSTGRES_UTF8}" == "true" ]]; then - printf "\e[1;32m%-6s\e[m\n" "Create Database ${dbname} with UTF8 encoding ..." - createdb --template template0 --encoding UTF8 --owner "${INIT_POSTGRES_USER}" "${dbname}" - else - printf "\e[1;32m%-6s\e[m\n" "Create Database ${dbname} ..." - createdb --owner "${INIT_POSTGRES_USER}" "${dbname}" - fi - database_init_file="/initdb/${dbname}.sql" - if [[ -f "${database_init_file}" ]]; then - printf "\e[1;32m%-6s\e[m\n" "Initialize Database ..." - psql \ - --dbname "${dbname}" \ - --echo-all \ - --file "${database_init_file}" - fi - fi - printf "\e[1;32m%-6s\e[m\n" "Update User Privileges on Database ..." - psql --command "grant all privileges on database \"${dbname}\" to \"${INIT_POSTGRES_USER}\";" -done diff --git a/apps/postgres-init/tests.yaml b/apps/postgres-init/tests.yaml deleted file mode 100644 index 78f7ee51c..000000000 --- a/apps/postgres-init/tests.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -schemaVersion: "2.0.0" -fileExistenceTests: - - name: psql - path: /usr/libexec/postgresql17/psql - shouldExist: true diff --git a/apps/prowlarr/Dockerfile b/apps/prowlarr/Dockerfile deleted file mode 100644 index b8d5f3ed4..000000000 --- a/apps/prowlarr/Dockerfile +++ /dev/null @@ -1,40 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 -ARG TARGETARCH -ARG VENDOR -ARG VERSION - -ENV DOTNET_EnableDiagnostics=0 \ - PROWLARR__UPDATE__BRANCH=develop - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - icu-libs \ - jq \ - libintl \ - nano \ - sqlite-libs \ - tzdata \ - && mkdir -p /app/bin \ - && curl -fsSL "https://prowlarr.servarr.com/v1/update/${PROWLARR__UPDATE__BRANCH}/updatefile?version=${VERSION}&os=linuxmusl&runtime=netcore&arch=${TARGETARCH/amd64/x64}" \ - | tar xzf - -C /app/bin --strip-components=1 \ - && printf "UpdateMethod=docker\nBranch=%s\nPackageVersion=%s\nPackageAuthor=[%s](https://github.com/%s)\n" "${PROWLARR__UPDATE__BRANCH}" "${VERSION}" "${VENDOR}" "${VENDOR}" > /app/package_info \ - && chown -R root:root /app && chmod -R 755 /app \ - && rm -rf /tmp/* /app/bin/Prowlarr.Update - -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/prowlarr/docker-bake.hcl b/apps/prowlarr/docker-bake.hcl deleted file mode 100644 index dcfeaf759..000000000 --- a/apps/prowlarr/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "prowlarr" -} - -variable "VERSION" { - // renovate: datasource=custom.servarr-develop depName=prowlarr versioning=loose - default = "2.0.2.5116" -} - -variable "SOURCE" { - default = "https://github.com/Prowlarr/Prowlarr" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/prowlarr/entrypoint.sh b/apps/prowlarr/entrypoint.sh deleted file mode 100755 index ffb77c602..000000000 --- a/apps/prowlarr/entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -exec \ - /app/bin/Prowlarr \ - --nobrowser \ - --data=/config \ - "$@" diff --git a/apps/prowlarr/tests.yaml b/apps/prowlarr/tests.yaml deleted file mode 100644 index 7867d50db..000000000 --- a/apps/prowlarr/tests.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - Prowlarr: - running: true -port: - tcp6:9696: - listening: true -http: - http://localhost:9696: - status: 200 - timeout: 5000 diff --git a/apps/qbittorrent/Dockerfile b/apps/qbittorrent/Dockerfile deleted file mode 100644 index d07a81769..000000000 --- a/apps/qbittorrent/Dockerfile +++ /dev/null @@ -1,50 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/python:3.13-alpine3.22 -ARG TARGETARCH -ARG QBARCH=${TARGETARCH/arm64/aarch64} -ARG QBARCH=${QBARCH/amd64/x86_64} -ARG VERSION - -# renovate: datasource=github-releases depName=ludviglundgren/qbittorrent-cli -ARG QBITORRENT_CLI_VERSION=v2.2.0 - -ENV QBT_CONFIRM_LEGAL_NOTICE=1 \ - HOME="/config" \ - XDG_CONFIG_HOME="/config" \ - XDG_DATA_HOME="/config" - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - 7zip \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - jq \ - nano \ - tzdata \ - && \ - mkdir -p /app \ - && LIBTORRENT=$(curl -sL "https://github.com/userdocs/qbittorrent-nox-static/releases/latest/download/dependency-version.json" | jq -r '.libtorrent_2_0') \ - && curl -fsSL -o /app/qbittorrent-nox "https://github.com/userdocs/qbittorrent-nox-static/releases/download/release-${VERSION}_v${LIBTORRENT}/${QBARCH}-qbittorrent-nox" \ - && chown -R root:root /app/qbittorrent-nox \ - && chmod -R 755 /app/qbittorrent-nox \ - && \ - curl -fsSL https://github.com/ludviglundgren/qbittorrent-cli/releases/download/${QBITORRENT_CLI_VERSION}/qbittorrent-cli_${QBITORRENT_CLI_VERSION#*v}_linux_${TARGETARCH}.tar.gz \ - | tar xzf - -C /usr/local/bin \ - && rm -rf /tmp/* - -COPY . / - -COPY --from=ghcr.io/linuxserver/unrar:latest /usr/bin/unrar-alpine /usr/bin/unrar - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/qbittorrent/defaults/qBittorrent.conf b/apps/qbittorrent/defaults/qBittorrent.conf deleted file mode 100644 index 744aef431..000000000 --- a/apps/qbittorrent/defaults/qBittorrent.conf +++ /dev/null @@ -1,32 +0,0 @@ -[AutoRun] -enabled=false -program= - -[LegalNotice] -Accepted=true - -[BitTorrent] -Session\AsyncIOThreadsCount=10 -Session\DiskCacheSize=-1 -Session\DiskIOReadMode=DisableOSCache -Session\DiskIOType=SimplePreadPwrite -Session\DiskIOWriteMode=EnableOSCache -Session\DiskQueueSize=4194304 -Session\FilePoolSize=40 -Session\HashingThreadsCount=2 -Session\Port=50413 -Session\ResumeDataStorageType=SQLite -Session\UseOSCache=true - -[Preferences] -Connection\PortRangeMin=6881 -Connection\UPnP=false -General\Locale=en -General\UseRandomPort=false -WebUI\Address=* -WebUI\CSRFProtection=false -WebUI\HostHeaderValidation=false -WebUI\LocalHostAuth=false -WebUI\Port=8080 -WebUI\ServerDomains=* -WebUI\UseUPnP=false diff --git a/apps/qbittorrent/docker-bake.hcl b/apps/qbittorrent/docker-bake.hcl deleted file mode 100644 index db9d1601a..000000000 --- a/apps/qbittorrent/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "qbittorrent" -} - -variable "VERSION" { - // renovate: datasource=custom.qbittorrent depName=qbittorrent - default = "5.1.2" -} - -variable "SOURCE" { - default = "https://github.com/qbittorrent/qBittorrent" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/qbittorrent/entrypoint.sh b/apps/qbittorrent/entrypoint.sh deleted file mode 100755 index 866313c1d..000000000 --- a/apps/qbittorrent/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -CONFIG_FILE="/config/qBittorrent/qBittorrent.conf" -LOG_FILE="/config/qBittorrent/logs/qbittorrent.log" - -# Ensure the config file exists, copy default if missing -if [[ ! -f "${CONFIG_FILE}" ]]; then - mkdir -p "${CONFIG_FILE%/*}" - cp /defaults/qBittorrent.conf "${CONFIG_FILE}" -fi - -# Set up log file to redirect to stdout -if [[ ! -f "${LOG_FILE}" ]]; then - mkdir -p "${LOG_FILE%/*}" - ln -sf /proc/self/fd/1 "${LOG_FILE}" -fi - -# Execute qBittorrent -exec /app/qbittorrent-nox "$@" diff --git a/apps/qbittorrent/tests.yaml b/apps/qbittorrent/tests.yaml deleted file mode 100644 index 85a7d919f..000000000 --- a/apps/qbittorrent/tests.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - qbittorrent-nox: - running: true -port: - tcp6:8080: - listening: true -http: - http://localhost:8080: - status: 200 -file: - /usr/local/bin/python: - exists: true - /usr/bin/unrar: - exists: true - /usr/local/bin/qbt: - exists: true diff --git a/apps/radarr/Dockerfile b/apps/radarr/Dockerfile deleted file mode 100644 index 62a127f0b..000000000 --- a/apps/radarr/Dockerfile +++ /dev/null @@ -1,40 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 -ARG TARGETARCH -ARG VENDOR -ARG VERSION - -ENV DOTNET_EnableDiagnostics=0 \ - RADARR__UPDATE__BRANCH=develop - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - icu-libs \ - jq \ - libintl \ - nano \ - sqlite-libs \ - tzdata \ - && mkdir -p /app/bin \ - && curl -fsSL "https://radarr.servarr.com/v1/update/${RADARR__UPDATE__BRANCH}/updatefile?version=${VERSION}&os=linuxmusl&runtime=netcore&arch=${TARGETARCH/amd64/x64}" \ - | tar xzf - -C /app/bin --strip-components=1 \ - && printf "UpdateMethod=docker\nBranch=%s\nPackageVersion=%s\nPackageAuthor=[%s](https://github.com/%s)\n" "${RADARR__UPDATE__BRANCH}" "${VERSION}" "${VENDOR}" "${VENDOR}" > /app/package_info \ - && chown -R root:root /app && chmod -R 755 /app \ - && rm -rf /tmp/* /app/bin/Radarr.Update - -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/radarr/docker-bake.hcl b/apps/radarr/docker-bake.hcl deleted file mode 100644 index 6841c7033..000000000 --- a/apps/radarr/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "radarr" -} - -variable "VERSION" { - // renovate: datasource=custom.servarr-develop depName=radarr versioning=loose - default = "5.27.3.10153" -} - -variable "SOURCE" { - default = "https://github.com/Radarr/Radarr" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/radarr/entrypoint.sh b/apps/radarr/entrypoint.sh deleted file mode 100755 index 5f2262ad2..000000000 --- a/apps/radarr/entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -exec \ - /app/bin/Radarr \ - --nobrowser \ - --data=/config \ - "$@" diff --git a/apps/radarr/tests.yaml b/apps/radarr/tests.yaml deleted file mode 100644 index 0c9d8c5d8..000000000 --- a/apps/radarr/tests.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - Radarr: - running: true -port: - tcp6:7878: - listening: true -http: - http://localhost:7878: - status: 200 - timeout: 5000 diff --git a/apps/sabnzbd/Dockerfile b/apps/sabnzbd/Dockerfile deleted file mode 100644 index 4df8a2dcd..000000000 --- a/apps/sabnzbd/Dockerfile +++ /dev/null @@ -1,63 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/python:3.13-alpine3.22 -ARG VERSION - -ENV \ - CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ - PIP_BREAK_SYSTEM_PACKAGES=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - PIP_NO_CACHE_DIR=1 \ - PIP_ROOT_USER_ACTION=ignore \ - PYTHONDONTWRITEBYTECODE=1 \ - PYTHONUNBUFFERED=1 \ - UV_NO_CACHE=true \ - UV_SYSTEM_PYTHON=true \ - UV_EXTRA_INDEX_URL="https://wheel-index.linuxserver.io/alpine-3.22/" - -ENV SABNZBD__ADDRESS="[::]" \ - SABNZBD__PORT="8080" - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - 7zip \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - jq \ - nano \ - tzdata \ - && \ - apk add --no-cache --repository="https://dl-cdn.alpinelinux.org/alpine/edge/testing/" \ - par2cmdline-turbo \ - && \ - apk add --no-cache --virtual=.build-deps \ - build-base \ - cargo \ - libffi-dev \ - musl-dev \ - openssl-dev \ - && mkdir -p /app \ - && curl -fsSL "https://github.com/sabnzbd/sabnzbd/releases/download/${VERSION}/SABnzbd-${VERSION}-src.tar.gz" \ - | tar xzf - -C /app --strip-components=1 \ - && python tools/make_mo.py \ - && pip install uv \ - && uv pip install --requirement /app/requirements.txt \ - && chown -R root:root /app && chmod -R 755 /app \ - && pip uninstall --yes uv && apk del --purge .build-deps \ - && rm -rf /root/.cache /root/.cargo /tmp/* - -COPY . / - -COPY --from=ghcr.io/linuxserver/unrar:latest /usr/bin/unrar-alpine /usr/bin/unrar - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/sabnzbd/defaults/sabnzbd.ini b/apps/sabnzbd/defaults/sabnzbd.ini deleted file mode 100644 index 8884a0453..000000000 --- a/apps/sabnzbd/defaults/sabnzbd.ini +++ /dev/null @@ -1,304 +0,0 @@ -__version__ = 19 -__encoding__ = utf-8 -[misc] -pre_script = None -queue_complete = "" -queue_complete_pers = 0 -bandwidth_perc = 100 -refresh_rate = 0 -interface_settings = "" -queue_limit = 20 -config_lock = 0 -sched_converted = 0 -notified_new_skin = 0 -direct_unpack_tested = 0 -check_new_rel = 1 -auto_browser = 0 -language = en -enable_https_verification = 1 -host = 0.0.0.0 -port = 8080 -https_port = "" -username = "" -password = "" -bandwidth_max = "" -cache_limit = "" -web_dir = Glitter -web_color = "" -https_cert = server.cert -https_key = server.key -https_chain = "" -enable_https = 0 -inet_exposure = 0 -local_ranges = , -api_key = "" -nzb_key = "" -permissions = "" -download_dir = Downloads/incomplete -download_free = "" -complete_dir = Downloads/complete -complete_free = "" -fulldisk_autoresume = 0 -script_dir = "" -nzb_backup_dir = "" -admin_dir = admin -dirscan_dir = "" -dirscan_speed = 5 -password_file = "" -log_dir = logs -max_art_tries = 3 -load_balancing = 2 -top_only = 0 -sfv_check = 1 -quick_check_ext_ignore = nfo, sfv, srr -script_can_fail = 0 -enable_recursive = 1 -flat_unpack = 0 -par_option = "" -pre_check = 0 -nice = "" -win_process_prio = 3 -ionice = "" -fail_hopeless_jobs = 1 -fast_fail = 1 -auto_disconnect = 1 -no_dupes = 0 -no_series_dupes = 0 -series_propercheck = 1 -pause_on_pwrar = 1 -ignore_samples = 0 -deobfuscate_final_filenames = 0 -auto_sort = "" -direct_unpack = 0 -direct_unpack_threads = 3 -propagation_delay = 0 -folder_rename = 1 -replace_spaces = 0 -replace_dots = 0 -safe_postproc = 1 -pause_on_post_processing = 0 -sanitize_safe = 0 -cleanup_list = , -unwanted_extensions = , -action_on_unwanted_extensions = 0 -new_nzb_on_failure = 0 -history_retention = 0 -enable_meta = 1 -quota_size = "" -quota_day = "" -quota_resume = 0 -quota_period = m -rating_enable = 0 -rating_host = "" -rating_api_key = "" -rating_filter_enable = 0 -rating_filter_abort_audio = 0 -rating_filter_abort_video = 0 -rating_filter_abort_encrypted = 0 -rating_filter_abort_encrypted_confirm = 0 -rating_filter_abort_spam = 0 -rating_filter_abort_spam_confirm = 0 -rating_filter_abort_downvoted = 0 -rating_filter_abort_keywords = "" -rating_filter_pause_audio = 0 -rating_filter_pause_video = 0 -rating_filter_pause_encrypted = 0 -rating_filter_pause_encrypted_confirm = 0 -rating_filter_pause_spam = 0 -rating_filter_pause_spam_confirm = 0 -rating_filter_pause_downvoted = 0 -rating_filter_pause_keywords = "" -enable_tv_sorting = 0 -tv_sort_string = "" -tv_sort_countries = 1 -tv_categories = "" -enable_movie_sorting = 0 -movie_sort_string = "" -movie_sort_extra = -cd%1 -movie_extra_folder = 0 -movie_categories = movies, -enable_date_sorting = 0 -date_sort_string = "" -date_categories = tv, -schedlines = , -rss_rate = 60 -ampm = 0 -replace_illegal = 1 -start_paused = 0 -enable_all_par = 0 -enable_par_cleanup = 1 -enable_unrar = 1 -enable_unzip = 1 -enable_7zip = 1 -enable_filejoin = 1 -enable_tsjoin = 1 -overwrite_files = 0 -ignore_unrar_dates = 0 -backup_for_duplicates = 1 -empty_postproc = 0 -wait_for_dfolder = 0 -rss_filenames = 0 -api_logging = 1 -html_login = 1 -osx_menu = 1 -osx_speed = 1 -warn_dupl_jobs = 1 -helpfull_warnings = 1 -keep_awake = 1 -win_menu = 1 -allow_incomplete_nzb = 0 -enable_broadcast = 1 -max_art_opt = 0 -ipv6_hosting = 0 -fixed_ports = 1 -api_warnings = 1 -disable_api_key = 0 -no_penalties = 0 -x_frame_options = 1 -require_modern_tls = 0 -num_decoders = 3 -rss_odd_titles = nzbindex.nl/, nzbindex.com/, nzbclub.com/ -req_completion_rate = 100.2 -selftest_host = self-test.sabnzbd.org -movie_rename_limit = 100M -size_limit = 0 -show_sysload = 2 -history_limit = 10 -wait_ext_drive = 5 -max_foldername_length = 246 -nomedia_marker = "" -ipv6_servers = 1 -url_base = /sabnzbd -host_whitelist = 2b4152ea8457, -max_url_retries = 10 -downloader_sleep_time = 10 -ssdp_broadcast_interval = 15 -email_server = "" -email_to = , -email_from = "" -email_account = "" -email_pwd = "" -email_endjob = 0 -email_full = 0 -email_dir = "" -email_rss = 0 -email_cats = *, -[logging] -log_level = 1 -max_log_size = 5242880 -log_backups = 5 -[ncenter] -ncenter_enable = 0 -ncenter_cats = *, -ncenter_prio_startup = 1 -ncenter_prio_download = 0 -ncenter_prio_pause_resume = 0 -ncenter_prio_pp = 0 -ncenter_prio_complete = 1 -ncenter_prio_failed = 1 -ncenter_prio_disk_full = 1 -ncenter_prio_new_login = 0 -ncenter_prio_warning = 0 -ncenter_prio_error = 0 -ncenter_prio_queue_done = 1 -ncenter_prio_other = 1 -[acenter] -acenter_enable = 0 -acenter_cats = *, -acenter_prio_startup = 0 -acenter_prio_download = 0 -acenter_prio_pause_resume = 0 -acenter_prio_pp = 0 -acenter_prio_complete = 1 -acenter_prio_failed = 1 -acenter_prio_disk_full = 1 -acenter_prio_new_login = 0 -acenter_prio_warning = 0 -acenter_prio_error = 0 -acenter_prio_queue_done = 1 -acenter_prio_other = 1 -[ntfosd] -ntfosd_enable = 1 -ntfosd_cats = *, -ntfosd_prio_startup = 1 -ntfosd_prio_download = 0 -ntfosd_prio_pause_resume = 0 -ntfosd_prio_pp = 0 -ntfosd_prio_complete = 1 -ntfosd_prio_failed = 1 -ntfosd_prio_disk_full = 1 -ntfosd_prio_new_login = 0 -ntfosd_prio_warning = 0 -ntfosd_prio_error = 0 -ntfosd_prio_queue_done = 1 -ntfosd_prio_other = 1 -[prowl] -prowl_enable = 0 -prowl_cats = *, -prowl_apikey = "" -prowl_prio_startup = -3 -prowl_prio_download = -3 -prowl_prio_pause_resume = -3 -prowl_prio_pp = -3 -prowl_prio_complete = 0 -prowl_prio_failed = 1 -prowl_prio_disk_full = 1 -prowl_prio_new_login = -3 -prowl_prio_warning = -3 -prowl_prio_error = -3 -prowl_prio_queue_done = 0 -prowl_prio_other = 0 -[pushover] -pushover_token = "" -pushover_userkey = "" -pushover_device = "" -pushover_emergency_expire = 3600 -pushover_emergency_retry = 60 -pushover_enable = 0 -pushover_cats = *, -pushover_prio_startup = -3 -pushover_prio_download = -2 -pushover_prio_pause_resume = -2 -pushover_prio_pp = -3 -pushover_prio_complete = -1 -pushover_prio_failed = -1 -pushover_prio_disk_full = 1 -pushover_prio_new_login = -3 -pushover_prio_warning = 1 -pushover_prio_error = 1 -pushover_prio_queue_done = -1 -pushover_prio_other = -1 -[pushbullet] -pushbullet_enable = 0 -pushbullet_cats = *, -pushbullet_apikey = "" -pushbullet_device = "" -pushbullet_prio_startup = 0 -pushbullet_prio_download = 0 -pushbullet_prio_pause_resume = 0 -pushbullet_prio_pp = 0 -pushbullet_prio_complete = 1 -pushbullet_prio_failed = 1 -pushbullet_prio_disk_full = 1 -pushbullet_prio_new_login = 0 -pushbullet_prio_warning = 0 -pushbullet_prio_error = 0 -pushbullet_prio_queue_done = 0 -pushbullet_prio_other = 1 -[nscript] -nscript_enable = 0 -nscript_cats = *, -nscript_script = "" -nscript_parameters = "" -nscript_prio_startup = 1 -nscript_prio_download = 0 -nscript_prio_pause_resume = 0 -nscript_prio_pp = 0 -nscript_prio_complete = 1 -nscript_prio_failed = 1 -nscript_prio_disk_full = 1 -nscript_prio_new_login = 0 -nscript_prio_warning = 0 -nscript_prio_error = 0 -nscript_prio_queue_done = 1 -nscript_prio_other = 1 diff --git a/apps/sabnzbd/docker-bake.hcl b/apps/sabnzbd/docker-bake.hcl deleted file mode 100644 index ca28cc40d..000000000 --- a/apps/sabnzbd/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "sabnzbd" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=sabnzbd/sabnzbd - default = "4.5.2" -} - -variable "SOURCE" { - default = "https://github.com/sabnzbd/sabnzbd" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/sabnzbd/entrypoint.sh b/apps/sabnzbd/entrypoint.sh deleted file mode 100755 index 269ec817f..000000000 --- a/apps/sabnzbd/entrypoint.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -if [[ ! -f "/config/sabnzbd.ini" ]]; then - printf "Copying over default configuration ...\n" - mkdir -p /config/sabnzbd - cp /defaults/sabnzbd.ini /config/sabnzbd.ini - - printf "Creating api keys ...\n" - api_key=$(tr -dc 'a-z0-9' < /dev/urandom | fold -w 32 | head -n 1) - nzb_key=$(tr -dc 'a-z0-9' < /dev/urandom | fold -w 32 | head -n 1) - sed -i -e "s|^api_key *=.*$|api_key = ${api_key}|g" /config/sabnzbd.ini - sed -i -e "s|^nzb_key *=.*$|nzb_key = ${nzb_key}|g" /config/sabnzbd.ini -fi - -[[ -n "${SABNZBD__API_KEY}" ]] && sed -i -e "s|^api_key *=.*$|api_key = ${SABNZBD__API_KEY}|g" /config/sabnzbd.ini -[[ -n "${SABNZBD__NZB_KEY}" ]] && sed -i -e "s|^nzb_key *=.*$|nzb_key = ${SABNZBD__NZB_KEY}|g" /config/sabnzbd.ini -[[ -n "${SABNZBD__HOST_WHITELIST_ENTRIES}" ]] && sed -i -e "s|^host_whitelist *=.*$|host_whitelist = ${HOSTNAME:-sabnzbd}, ${SABNZBD__HOST_WHITELIST_ENTRIES}|g" /config/sabnzbd.ini -[[ -n "${SABNZBD__LOCAL_RANGES_ENTRIES}" ]] && sed -i -e "s|^local_ranges *=.*$|local_ranges = ${SABNZBD__LOCAL_RANGES_ENTRIES}|g" /config/sabnzbd.ini - -exec \ - /usr/local/bin/python \ - /app/SABnzbd.py \ - --browser 0 \ - --server ${SABNZBD__ADDRESS}:${SABNZBD__PORT} \ - --config-file /config/sabnzbd.ini \ - --console \ - "$@" diff --git a/apps/sabnzbd/tests.yaml b/apps/sabnzbd/tests.yaml deleted file mode 100644 index 0f67b8cba..000000000 --- a/apps/sabnzbd/tests.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - python: - running: true -port: - tcp6:8080: - listening: true -http: - http://localhost:8080/sabnzbd: - status: 200 -file: - /usr/local/bin/python: - exists: true - /usr/bin/unrar: - exists: true - /usr/bin/par2: - exists: true - /usr/bin/par2create: - exists: true - filetype: symlink - /usr/bin/par2repair: - exists: true - filetype: symlink - /usr/bin/par2verify: - exists: true - filetype: symlink diff --git a/apps/smartctl-exporter/Dockerfile b/apps/smartctl-exporter/Dockerfile deleted file mode 100644 index 46a1136c2..000000000 --- a/apps/smartctl-exporter/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 -ARG VERSION -ARG TARGETOS -ARG TARGETARCH -ARG TARGETPLATFORM - -RUN apk add --no-cache smartmontools \ - && wget "https://github.com/prometheus-community/smartctl_exporter/releases/download/v$VERSION/smartctl_exporter-$VERSION.$TARGETOS-$TARGETARCH.tar.gz" \ - && tar xvzf smartctl_exporter-$VERSION.$TARGETOS-$TARGETARCH.tar.gz \ - && ls -l smartctl_exporter-$VERSION.$TARGETOS-$TARGETARCH.tar.gz \ - && mv smartctl_exporter-$VERSION.$TARGETOS-$TARGETARCH/smartctl_exporter /bin/smartctl_exporter \ - && chmod +x /bin/smartctl_exporter \ - && rm -rf smartctl_exporter* - -USER nobody -ENTRYPOINT ["/bin/smartctl_exporter"] diff --git a/apps/smartctl-exporter/docker-bake.hcl b/apps/smartctl-exporter/docker-bake.hcl deleted file mode 100644 index 1af6f1457..000000000 --- a/apps/smartctl-exporter/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "smartctl-exporter" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=prometheus-community/smartctl_exporter - default = "0.14.0" -} - -variable "SOURCE" { - default = "https://github.com/prometheus-community/smartctl_exporter" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/smartctl-exporter/tests.yaml b/apps/smartctl-exporter/tests.yaml deleted file mode 100644 index e244fddca..000000000 --- a/apps/smartctl-exporter/tests.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -file: - /bin/smartctl_exporter: - exists: true -port: - tcp6:9633: - listening: true diff --git a/apps/sonarr/Dockerfile b/apps/sonarr/Dockerfile deleted file mode 100644 index 11b60b3d5..000000000 --- a/apps/sonarr/Dockerfile +++ /dev/null @@ -1,40 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 -ARG TARGETARCH -ARG VENDOR -ARG VERSION - -ENV DOTNET_EnableDiagnostics=0 \ - SONARR__UPDATE__BRANCH=develop - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - icu-libs \ - jq \ - libintl \ - nano \ - sqlite-libs \ - tzdata \ - && mkdir -p /app/bin \ - && curl -fsSL "https://services.sonarr.tv/v1/update/${SONARR__UPDATE__BRANCH}/download?version=${VERSION}&os=linuxmusl&runtime=netcore&arch=${TARGETARCH/amd64/x64}" \ - | tar xzf - -C /app/bin --strip-components=1 \ - && printf "UpdateMethod=docker\nBranch=%s\nPackageVersion=%s\nPackageAuthor=[%s](https://github.com/%s)\n" "${SONARR__UPDATE__BRANCH}" "${VERSION}" "${VENDOR}" "${VENDOR}" > /app/package_info \ - && chown -R root:root /app && chmod -R 755 /app \ - && rm -rf /tmp/* /app/bin/Sonarr.Update - -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/sonarr/docker-bake.hcl b/apps/sonarr/docker-bake.hcl deleted file mode 100644 index 5c0d4ba70..000000000 --- a/apps/sonarr/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "sonarr" -} - -variable "VERSION" { - // renovate: datasource=custom.sonarr-develop depName=sonarr versioning=loose - default = "4.0.15.2940" -} - -variable "SOURCE" { - default = "https://github.com/Sonarr/Sonarr" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/sonarr/entrypoint.sh b/apps/sonarr/entrypoint.sh deleted file mode 100755 index 6752edf9b..000000000 --- a/apps/sonarr/entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -exec \ - /app/bin/Sonarr \ - --nobrowser \ - --data=/config \ - "$@" diff --git a/apps/sonarr/tests.yaml b/apps/sonarr/tests.yaml deleted file mode 100644 index 6d8a67faa..000000000 --- a/apps/sonarr/tests.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - Sonarr: - running: true -port: - tcp6:8989: - listening: true -http: - http://localhost:8989: - status: 200 diff --git a/apps/tautulli/Dockerfile b/apps/tautulli/Dockerfile deleted file mode 100644 index 0a4d48222..000000000 --- a/apps/tautulli/Dockerfile +++ /dev/null @@ -1,58 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/python:3.13-alpine3.22 -ARG VERSION - -ENV \ - CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ - PIP_BREAK_SYSTEM_PACKAGES=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - PIP_NO_CACHE_DIR=1 \ - PIP_ROOT_USER_ACTION=ignore \ - PYTHONDONTWRITEBYTECODE=1 \ - PYTHONUNBUFFERED=1 \ - UV_NO_CACHE=true \ - UV_SYSTEM_PYTHON=true \ - UV_EXTRA_INDEX_URL="https://wheel-index.linuxserver.io/alpine-3.22/" - -ENV TAUTULLI_DOCKER="True" - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - jq \ - nano \ - tzdata \ - && \ - apk add --no-cache --virtual .build-deps \ - build-base \ - cargo \ - libffi-dev \ - musl-dev \ - openssl-dev \ - && pip install uv \ - && uv pip install \ - --requirement "https://raw.githubusercontent.com/Tautulli/tautulli-baseimage/python3/requirements.txt" \ - && mkdir -p /app \ - && curl -fsSL "https://github.com/Tautulli/Tautulli/archive/v${VERSION}.tar.gz" \ - | tar xzf - -C /app --strip-components 1 \ - && echo "v${VERSION}" > /app/version.txt \ - && echo "master" > /app/branch.txt \ - && chown -R root:root /app && chmod -R 755 /app \ - && pip uninstall --yes uv && apk del --purge .build-deps \ - && rm -rf /root/.cache /root/.cargo /tmp/* - -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/tautulli/docker-bake.hcl b/apps/tautulli/docker-bake.hcl deleted file mode 100644 index 1d2a4c9e9..000000000 --- a/apps/tautulli/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "tautulli" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=Tautulli/Tautulli - default = "2.15.3" -} - -variable "SOURCE" { - default = "https://github.com/Tautulli/Tautulli" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/tautulli/entrypoint.sh b/apps/tautulli/entrypoint.sh deleted file mode 100755 index d09ecb123..000000000 --- a/apps/tautulli/entrypoint.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -exec \ - /usr/local/bin/python \ - /app/Tautulli.py \ - --nolaunch \ - --config /config/config.ini \ - --datadir /config \ - "$@" diff --git a/apps/tautulli/tests.yaml b/apps/tautulli/tests.yaml deleted file mode 100644 index f2fdf729d..000000000 --- a/apps/tautulli/tests.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - python: - running: true -port: - tcp:8181: - listening: true -http: - http://localhost:8181: - status: 200 -file: - /usr/local/bin/python: - exists: true diff --git a/apps/theme-park/Dockerfile b/apps/theme-park/Dockerfile deleted file mode 100644 index ad3f79b5f..000000000 --- a/apps/theme-park/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/python:3.13-alpine3.22 AS builder -ARG VERSION -RUN \ - apk add --no-cache \ - curl \ - grep \ - sed \ - tar \ - && \ - curl -fsSL "https://github.com/themepark-dev/theme.park/archive/${VERSION}.tar.gz" \ - | tar xzf - -C /tmp --strip-components 1 \ - && python /tmp/themes.py \ - && grep -rl 'https://theme-park.dev' /tmp | xargs sed -i 's|https\://theme-park.dev||g' - -FROM ghcr.io/nginxinc/nginx-unprivileged:1.27-alpine -ENV NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=1 -COPY --from=builder --chown=nginx:nginx /tmp/index.html /usr/share/nginx/html/ -COPY --from=builder --chown=nginx:nginx /tmp/css /usr/share/nginx/html/css/ -COPY --from=builder --chown=nginx:nginx /tmp/resources /usr/share/nginx/html/resources/ -USER nginx -WORKDIR /usr/share/nginx/html diff --git a/apps/theme-park/docker-bake.hcl b/apps/theme-park/docker-bake.hcl deleted file mode 100644 index 421a8ef71..000000000 --- a/apps/theme-park/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "theme-park" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=themepark-dev/theme.park - default = "1.21.2" -} - -variable "SOURCE" { - default = "https://github.com/themepark-dev/theme.park" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/theme-park/tests.yaml b/apps/theme-park/tests.yaml deleted file mode 100644 index c7f6ee0a9..000000000 --- a/apps/theme-park/tests.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - nginx: - running: true -port: - tcp:8080: - listening: true -http: - http://localhost:8080: - status: 200 diff --git a/apps/tqm/Dockerfile b/apps/tqm/Dockerfile deleted file mode 100644 index 633b3dc83..000000000 --- a/apps/tqm/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/golang:1.24-alpine AS builder -ARG VERSION - -USER root -WORKDIR /app - -RUN apk add --no-cache git \ - && git clone --single-branch --branch "${VERSION}" https://github.com/autobrr/tqm.git . \ - && go mod download \ - && \ - CGO_ENABLED=0 go build \ - -trimpath \ - -ldflags "-s -w -X github.com/autobrr/tqm/runtime.Version=${VERSION}" \ - -o tqm ./cmd/tqm - -FROM scratch -COPY --from=builder /app/tqm /tqm -ENTRYPOINT ["/tqm"] diff --git a/apps/tqm/docker-bake.hcl b/apps/tqm/docker-bake.hcl deleted file mode 100644 index 783c248ad..000000000 --- a/apps/tqm/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "tqm" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=autobrr/tqm - default = "v1.16.0" -} - -variable "SOURCE" { - default = "https://github.com/autobrr/tqm" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/tqm/tests.yaml b/apps/tqm/tests.yaml deleted file mode 100644 index 5e631297b..000000000 --- a/apps/tqm/tests.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -schemaVersion: "2.0.0" -fileExistenceTests: - - name: tqm - path: /tqm - shouldExist: true diff --git a/apps/transmission/Dockerfile b/apps/transmission/Dockerfile deleted file mode 100644 index be5943890..000000000 --- a/apps/transmission/Dockerfile +++ /dev/null @@ -1,44 +0,0 @@ -# syntax=docker/dockerfile:1 - -# NOTE: Alpine version is tied to the version in the Renovate annotation in docker-bake.hcl -FROM docker.io/library/python:3.13-alpine3.22 -ARG TARGETARCH -ARG MINIJINJA_ARCH=${TARGETARCH/arm64/aarch64} -ARG MINIJINJA_ARCH=${MINIJINJA_ARCH/amd64/x86_64} -ARG VERSION - -ENV HOME="/config" \ - XDG_CONFIG_HOME="/config" \ - XDG_DATA_HOME="/config" \ - TRANSMISSION_WEB_HOME="/usr/share/transmission/public_html" - -RUN \ - apk add --no-cache \ - 7zip \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - jq \ - nano \ - transmission-daemon=="${VERSION}" \ - transmission-cli=="${VERSION}" \ - transmission-extra=="${VERSION}" \ - transmission-remote=="${VERSION}" \ - tzdata \ - && \ - curl -fsSL https://github.com/mitsuhiko/minijinja/releases/download/2.8.0/minijinja-cli-${MINIJINJA_ARCH}-unknown-linux-musl.tar.xz \ - | tar xJf - -C /usr/local/bin/ --strip-components=1 \ - && \ - rm -rf /tmp/* - -COPY . / - -COPY --from=ghcr.io/linuxserver/unrar:latest /usr/bin/unrar-alpine /usr/bin/unrar - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/transmission/defaults/settings.json.j2 b/apps/transmission/defaults/settings.json.j2 deleted file mode 100644 index 5a5d0eecc..000000000 --- a/apps/transmission/defaults/settings.json.j2 +++ /dev/null @@ -1,83 +0,0 @@ -{ - "alt-speed-down": {{ ENV.TRANSMISSION__ALT_SPEED_DOWN | default(50) }}, - "alt-speed-enabled": {{ ENV.TRANSMISSION__ALT_SPEED_ENABLED | default(false) }}, - "alt-speed-time-begin": {{ ENV.TRANSMISSION__ALT_SPEED_TIME_BEGIN | default(540) }}, - "alt-speed-time-day": {{ ENV.TRANSMISSION__ALT_SPEED_TIME_DAY | default(127) }}, - "alt-speed-time-enabled": {{ ENV.TRANSMISSION__ALT_SPEED_TIME_ENABLED | default(false) }}, - "alt-speed-time-end": {{ ENV.TRANSMISSION__ALT_SPEED_TIME_END | default(1020) }}, - "alt-speed-up": {{ ENV.TRANSMISSION__ALT_SPEED_UP | default(50) }}, - "announce-ip": {{ ENV.TRANSMISSION__ANNOUNCE_IP }}, - "announce-ip-enabled": {{ ENV.TRANSMISSION__ANNOUNCE_IP_ENABLED | default(false) }}, - "anti-brute-force-enabled": {{ ENV.TRANSMISSION__ANTI_BRUTE_FORCE_ENABLED | default(false) }}, - "anti-brute-force-threshold": {{ ENV.TRANSMISSION__ANTI_BRUTE_FORCE_THRESHOLD | default(100) }}, - "bind-address-ipv4": {{ ENV.TRANSMISSION__BIND_ADDRESS_IPV4 | default('0.0.0.0') }}, - "bind-address-ipv6": {{ ENV.TRANSMISSION__BIND_ADDRESS_IPV6 | default('::') }}, - "blocklist-enabled": {{ ENV.TRANSMISSION__BLOCKLIST_ENABLED | default(false) }}, - "blocklist-url": {{ ENV.TRANSMISSION__BLOCKLIST_URL }}, - "cache-size-mb": {{ ENV.TRANSMISSION__CACHE_SIZE_MB | default(4) }}, - "default-trackers": {{ ENV.TRANSMISSION__DEFAULT_TRACKERS }}, - "dht-enabled": {{ ENV.TRANSMISSION__DHT_ENABLED | default(true) }}, - "download-dir": {{ ENV.TRANSMISSION__DOWNLOAD_DIR | default('/downloads/complete') }}, - "download-queue-enabled": {{ ENV.TRANSMISSION__DOWNLOAD_QUEUE_ENABLED | default(true) }}, - "download-queue-size": {{ ENV.TRANSMISSION__DOWNLOAD_QUEUE_SIZE | default(5) }}, - "encryption": {{ ENV.TRANSMISSION__ENCRYPTION | default(1) }}, - "idle-seeding-limit": {{ ENV.TRANSMISSION__IDLE_SEEDING_LIMIT | default(30) }}, - "idle-seeding-limit-enabled": {{ ENV.TRANSMISSION__IDLE_SEEDING_LIMIT_ENABLED | default(false) }}, - "incomplete-dir": {{ ENV.TRANSMISSION__INCOMPLETE_DIR | default('/downloads/incomplete') }}, - "incomplete-dir-enabled": {{ ENV.TRANSMISSION__INCOMPLETE_DIR_ENABLED | default(true) }}, - "lpd-enabled": {{ ENV.TRANSMISSION__LPD_ENABLED | default(false) }}, - "message-level": {{ ENV.TRANSMISSION__MESSAGE_LEVEL | default(2) }}, - "peer-congestion-algorithm": {{ ENV.TRANSMISSION__PEER_CONGESTION_ALGORITHM }}, - "peer-id-ttl-hours": {{ ENV.TRANSMISSION__PEER_ID_TTL_HOURS | default(6) }}, - "peer-limit-global": {{ ENV.TRANSMISSION__PEER_LIMIT_GLOBAL | default(200) }}, - "peer-limit-per-torrent": {{ ENV.TRANSMISSION__PEER_LIMIT_PER_TORRENT | default(50) }}, - "peer-port": {{ ENV.TRANSMISSION__PEER_PORT | default(51413) }}, - "peer-port-random-high": {{ ENV.TRANSMISSION__PEER_PORT_RANDOM_HIGH | default(65535) }}, - "peer-port-random-low": {{ ENV.TRANSMISSION__PEER_PORT_RANDOM_LOW | default(49152) }}, - "peer-port-random-on-start": {{ ENV.TRANSMISSION__PEER_PORT_RANDOM_ON_START | default(false) }}, - "peer-socket-tos": {{ ENV.TRANSMISSION__PEER_SOCKET_TOS | default('le') }}, - "pex-enabled": {{ ENV.TRANSMISSION__PEX_ENABLED | default(true) }}, - "port-forwarding-enabled": {{ ENV.TRANSMISSION__PORT_FORWARDING_ENABLED | default(false) }}, - "preallocation": {{ ENV.TRANSMISSION__PREALLOCATION | default(1) }}, - "prefetch-enabled": {{ ENV.TRANSMISSION__PREFETCH_ENABLED | default(true) }}, - "queue-stalled-enabled": {{ ENV.TRANSMISSION__QUEUE_STALLED_ENABLED | default(true) }}, - "queue-stalled-minutes": {{ ENV.TRANSMISSION__QUEUE_STALLED_MINUTES | default(30) }}, - "ratio-limit": {{ ENV.TRANSMISSION__RATIO_LIMIT | default(2) }}, - "ratio-limit-enabled": {{ ENV.TRANSMISSION__RATIO_LIMIT_ENABLED | default(false) }}, - "rename-partial-files": {{ ENV.TRANSMISSION__RENAME_PARTIAL_FILES | default(true) }}, - "rpc-authentication-required": {{ ENV.TRANSMISSION__RPC_AUTHENTICATION_REQUIRED | default(false) }}, - "rpc-bind-address": {{ ENV.TRANSMISSION__RPC_BIND_ADDRESS | default('0.0.0.0') }}, - "rpc-enabled": {{ ENV.TRANSMISSION__RPC_ENABLED | default(true) }}, - "rpc-host-whitelist": {{ ENV.TRANSMISSION__RPC_HOST_WHITELIST }}, - "rpc-host-whitelist-enabled": {{ ENV.TRANSMISSION__RPC_HOST_WHITELIST_ENABLED | default(false) }}, - "rpc-password": {{ ENV.TRANSMISSION__RPC_PASSWORD }}, - "rpc-port": {{ ENV.TRANSMISSION__RPC_PORT | default(9091) }}, - "rpc-socket-mode": {{ ENV.TRANSMISSION__RPC_SOCKET_MODE | default(0750) }}, - "rpc-url": {{ ENV.TRANSMISSION__RPC_URL | default('/transmission/') }}, - "rpc-username": {{ ENV.TRANSMISSION__RPC_USERNAME }}, - "rpc-whitelist": {{ ENV.TRANSMISSION__RPC_WHITELIST }}, - "rpc-whitelist-enabled": {{ ENV.TRANSMISSION__RPC_WHITELIST_ENABLED | default(false) }}, - "scrape-paused-torrents-enabled": {{ ENV.TRANSMISSION__SCRAPE_PAUSED_TORRENTS_ENABLED | default(true) }}, - "script-torrent-added-enabled": {{ ENV.TRANSMISSION__SCRIPT_TORRENT_ADDED_ENABLED | default(false) }}, - "script-torrent-added-filename": {{ ENV.TRANSMISSION__SCRIPT_TORRENT_ADDED_FILENAME }}, - "script-torrent-done-enabled": {{ ENV.TRANSMISSION__SCRIPT_TORRENT_DONE_ENABLED | default(false) }}, - "script-torrent-done-filename": {{ ENV.TRANSMISSION__SCRIPT_TORRENT_DONE_FILENAME }}, - "script-torrent-done-seeding-enabled": {{ ENV.TRANSMISSION__SCRIPT_TORRENT_DONE_SEEDING_ENABLED | default(false) }}, - "script-torrent-done-seeding-filename": {{ ENV.TRANSMISSION__SCRIPT_TORRENT_DONE_SEEDING_FILENAME }}, - "seed-queue-enabled": {{ ENV.TRANSMISSION__SEED_QUEUE_ENABLED | default(false) }}, - "seed-queue-size": {{ ENV.TRANSMISSION__SEED_QUEUE_SIZE | default(10) }}, - "speed-limit-down": {{ ENV.TRANSMISSION__SPEED_LIMIT_DOWN | default(100) }}, - "speed-limit-down-enabled": {{ ENV.TRANSMISSION__SPEED_LIMIT_DOWN_ENABLED | default(false) }}, - "speed-limit-up": {{ ENV.TRANSMISSION__SPEED_LIMIT_UP | default(100) }}, - "speed-limit-up-enabled": {{ ENV.TRANSMISSION__SPEED_LIMIT_UP_ENABLED | default(false) }}, - "start-added-torrents": {{ ENV.TRANSMISSION__START_ADDED_TORRENTS | default(true) }}, - "tcp-enabled": {{ ENV.TRANSMISSION__TCP_ENABLED | default(true) }}, - "torrent-added-verify-mode": {{ ENV.TRANSMISSION__TORRENT_ADDED_VERIFY_MODE | default('fast') }}, - "trash-original-torrent-files": {{ ENV.TRANSMISSION__TRASH_ORIGINAL_TORRENT_FILES | default(false) }}, - "umask": {{ ENV.TRANSMISSION__UMASK | default(002) }}, - "upload-slots-per-torrent": {{ ENV.TRANSMISSION__UPLOAD_SLOTS_PER_TORRENT | default(14) }}, - "utp-enabled": {{ ENV.TRANSMISSION__UTP_ENABLED | default(true) }}, - "watch-dir": {{ ENV.TRANSMISSION__WATCH_DIR | default('/watch') }}, - "watch-dir-enabled": {{ ENV.TRANSMISSION__WATCH_DIR_ENABLED | default(false) }}, - "watch-dir-force-generic": {{ ENV.TRANSMISSION__WATCH_FORCE_GENERIC | default(false) }} -} diff --git a/apps/transmission/docker-bake.hcl b/apps/transmission/docker-bake.hcl deleted file mode 100644 index 9a708f510..000000000 --- a/apps/transmission/docker-bake.hcl +++ /dev/null @@ -1,43 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "transmission" -} - -variable "VERSION" { - // NOTE: Alpine version is tied to the version of the base image in the Dockerfile - // renovate: datasource=repology depName=alpine_3_22/transmission-daemon versioning=loose - default = "4.0.6-r4" -} - -variable "SOURCE" { - default = "https://github.com/transmission/transmission" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/transmission/entrypoint.sh b/apps/transmission/entrypoint.sh deleted file mode 100755 index ff19c5de3..000000000 --- a/apps/transmission/entrypoint.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash - -# Only template the config file if our custom env variables are present -if env | grep -q "^TRANSMISSION__"; then - minijinja-cli --env /defaults/settings.json.j2 > /config/settings.json -fi - -exec \ - /usr/bin/transmission-daemon \ - --foreground \ - --config-dir /config \ - --log-level "${TRANSMISSION_LOG_LEVEL:-info}" \ - "$@" diff --git a/apps/transmission/tests.yaml b/apps/transmission/tests.yaml deleted file mode 100644 index e4d5107f1..000000000 --- a/apps/transmission/tests.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -process: - transmission-da: - running: true -port: - tcp:9091: - listening: true -http: - http://localhost:9091: - status: 200 -file: - /usr/local/bin/python: - exists: true - /usr/bin/unrar: - exists: true diff --git a/apps/webhook/Dockerfile b/apps/webhook/Dockerfile deleted file mode 100644 index 91807deec..000000000 --- a/apps/webhook/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/python:3.13-alpine3.22 -ARG TARGETARCH -ARG VERSION - -ENV \ - CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ - PIP_BREAK_SYSTEM_PACKAGES=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - PIP_NO_CACHE_DIR=1 \ - PIP_ROOT_USER_ACTION=ignore \ - PYTHONDONTWRITEBYTECODE=1 \ - PYTHONUNBUFFERED=1 \ - UV_NO_CACHE=true \ - UV_SYSTEM_PYTHON=true \ - UV_EXTRA_INDEX_URL="https://wheel-index.linuxserver.io/alpine-3.22/" - -ENV \ - WEBHOOK__PORT="9000" \ - WEBHOOK__URLPREFIX="hooks" - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - jo \ - jq \ - trurl \ - tzdata \ - && mkdir -p /app/bin \ - && \ - curl -fsSL "https://github.com/adnanh/webhook/releases/download/${VERSION}/webhook-linux-${TARGETARCH}.tar.gz" \ - | tar xzf - -C /app/bin --strip-components=1 \ - && \ - pip install uv \ - && uv pip install "apprise>=1, <2" \ - && chown -R root:root /app && chmod -R 755 /app \ - && pip uninstall --yes uv \ - && rm -rf /tmp/* - -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/webhook/docker-bake.hcl b/apps/webhook/docker-bake.hcl deleted file mode 100644 index 7808c63a3..000000000 --- a/apps/webhook/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "webhook" -} - -variable "VERSION" { - // renovate: datasource=github-releases depName=adnanh/webhook - default = "2.8.2" -} - -variable "SOURCE" { - default = "https://github.com/adnanh/webhook" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/webhook/entrypoint.sh b/apps/webhook/entrypoint.sh deleted file mode 100755 index 508bb2236..000000000 --- a/apps/webhook/entrypoint.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash - -HOOKS_FILE="/config/hooks.yaml" -if [[ -f /config/hooks.json ]]; then - HOOKS_FILE="/config/hooks.json" -fi - -exec \ - /app/bin/webhook \ - -port "${WEBHOOK__PORT}" \ - -urlprefix "${WEBHOOK__URLPREFIX}" \ - -hooks "${HOOKS_FILE}" \ - -template \ - -verbose \ - "$@" diff --git a/apps/webhook/tests.yaml b/apps/webhook/tests.yaml deleted file mode 100644 index dfb7454d1..000000000 --- a/apps/webhook/tests.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - webhook: - running: true -port: - tcp6:9000: - listening: true -http: - http://localhost:9000: - status: 200 diff --git a/apps/whisparr/Dockerfile b/apps/whisparr/Dockerfile deleted file mode 100644 index eed62d338..000000000 --- a/apps/whisparr/Dockerfile +++ /dev/null @@ -1,42 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM docker.io/library/alpine:3.22 -ARG TARGETARCH -ARG VENDOR -ARG VERSION - -ENV COMPlus_EnableDiagnostics=0 \ - WHISPARR__UPDATE__BRANCH=nightly - -USER root -WORKDIR /app - -RUN \ - apk add --no-cache \ - bash \ - ca-certificates \ - catatonit \ - coreutils \ - curl \ - icu-libs \ - jq \ - libintl \ - nano \ - sqlite-libs \ - tzdata \ - && mkdir -p /app/bin \ - && curl -fsSL "https://whisparr.servarr.com/v1/update/${WHISPARR__UPDATE__BRANCH}/updatefile?version=${VERSION}&os=linuxmusl&runtime=netcore&arch=${TARGETARCH/amd64/x64}" \ - | tar xzf - -C /app/bin --strip-components=1 \ - && printf "UpdateMethod=docker\nBranch=%s\nPackageVersion=%s\nPackageAuthor=[%s](https://github.com/%s)\n" "${WHISPARR__UPDATE__BRANCH}" "${VERSION}" "${VENDOR}" "${VENDOR}" > /app/package_info \ - && chown -R root:root /app && chmod -R 755 /app \ - && rm -rf /tmp/* /app/bin/Whisparr.Update - -COPY . / - -USER nobody:nogroup -WORKDIR /config -VOLUME ["/config"] - -ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] - -LABEL org.opencontainers.image.source="https://github.com/Whisparr/Whisparr" diff --git a/apps/whisparr/docker-bake.hcl b/apps/whisparr/docker-bake.hcl deleted file mode 100644 index 67d3faaf6..000000000 --- a/apps/whisparr/docker-bake.hcl +++ /dev/null @@ -1,42 +0,0 @@ -target "docker-metadata-action" {} - -variable "APP" { - default = "whisparr" -} - -variable "VERSION" { - // renovate: datasource=custom.servarr-nightly depName=whisparr versioning=loose - default = "2.0.0.1222" -} - -variable "SOURCE" { - default = "https://github.com/Whisparr/Whisparr" -} - -group "default" { - targets = ["image-local"] -} - -target "image" { - inherits = ["docker-metadata-action"] - args = { - VERSION = "${VERSION}" - } - labels = { - "org.opencontainers.image.source" = "${SOURCE}" - } -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] - tags = ["${APP}:${VERSION}"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm64" - ] -} diff --git a/apps/whisparr/entrypoint.sh b/apps/whisparr/entrypoint.sh deleted file mode 100755 index 24af3ed06..000000000 --- a/apps/whisparr/entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -exec \ - /app/bin/Whisparr \ - --nobrowser \ - --data=/config \ - "$@" diff --git a/apps/whisparr/tests.yaml b/apps/whisparr/tests.yaml deleted file mode 100644 index 97bf1a826..000000000 --- a/apps/whisparr/tests.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml -process: - Whisparr: - running: true -port: - tcp6:6969: - listening: true -http: - http://localhost:6969: - status: 200 - timeout: 5000 From d4bbef90b78cb1880ee11aafd7eb4e96f800dea6 Mon Sep 17 00:00:00 2001 From: Dennis Effing Date: Wed, 6 Aug 2025 09:02:50 +0200 Subject: [PATCH 02/94] feat(home-assistant): patch dbus_fast to allow rootless bluetooth Refs: https://blog.troed.se/posts/bluetooth-and-home-assistant-in-rootless-docker/ --- apps/home-assistant/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/home-assistant/Dockerfile b/apps/home-assistant/Dockerfile index a387c9943..500214213 100644 --- a/apps/home-assistant/Dockerfile +++ b/apps/home-assistant/Dockerfile @@ -96,6 +96,8 @@ RUN \ && apk del --purge .build-deps \ && rm -rf /root/.cache /root/.cargo /tmp/* +RUN /bin/sed -i '/self\.negotiate_unix_fd = negotiate_unix_fd/a \ self.uid = UID_NOT_SPECIFIED' /usr/local/lib/python3.13/site-packages/dbus_fast/auth.py + COPY . / USER nobody:nogroup From 376846814eac2072ffd6fdc574278132f117d6e4 Mon Sep 17 00:00:00 2001 From: Dennis Effing Date: Wed, 6 Aug 2025 09:56:53 +0200 Subject: [PATCH 03/94] feat: add aws-signing-helper image --- apps/aws-signing-helper/Dockerfile | 35 +++++++++++++++++++++ apps/aws-signing-helper/docker-bake.hcl | 42 +++++++++++++++++++++++++ apps/aws-signing-helper/entrypoint.sh | 26 +++++++++++++++ 3 files changed, 103 insertions(+) create mode 100644 apps/aws-signing-helper/Dockerfile create mode 100644 apps/aws-signing-helper/docker-bake.hcl create mode 100755 apps/aws-signing-helper/entrypoint.sh diff --git a/apps/aws-signing-helper/Dockerfile b/apps/aws-signing-helper/Dockerfile new file mode 100644 index 000000000..ac5dae788 --- /dev/null +++ b/apps/aws-signing-helper/Dockerfile @@ -0,0 +1,35 @@ +FROM alpine:3.22.1 + +ARG TARGETARCH +ARG ARCH=${TARGETARCH/arm64/Aarch64} +ARG ARCH=${ARCH/amd64/X86_64} +ARG VERSION + +ENV HOME="/config" + +USER root +WORKDIR /app + +RUN \ + apk add --no-cache \ + bash \ + catatonit \ + curl \ + libc6-compat \ + libgcc \ + && mkdir -p /app/bin \ + && curl -fsSL -o /tmp/aws-signing-helper "https://rolesanywhere.amazonaws.com/releases/${VERSION}/${ARCH}/Linux/aws_signing_helper" \ + && mv -t /app/bin /tmp/aws-signing-helper \ + && chown -R root:root /app \ + && chmod -R 755 /app \ + && mkdir -p /config \ + && chown nobody:nogroup -R /config \ + && rm -rf /tmp/* + +COPY . / + +USER nobody:nogroup +WORKDIR /config +VOLUME ["/config"] + +ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] diff --git a/apps/aws-signing-helper/docker-bake.hcl b/apps/aws-signing-helper/docker-bake.hcl new file mode 100644 index 000000000..a760adf6e --- /dev/null +++ b/apps/aws-signing-helper/docker-bake.hcl @@ -0,0 +1,42 @@ +target "docker-metadata-action" {} + +variable "APP" { + default = "aws-signing-helper" +} + +variable "VERSION" { + // renovate: datasource=github-releases depName=aws/rolesanywhere-credential-helper + default = "1.7.0" +} + +variable "SOURCE" { + default = "https://github.com/aws/rolesanywhere-credential-helper" +} + +group "default" { + targets = ["image-local"] +} + +target "image" { + inherits = ["docker-metadata-action"] + args = { + VERSION = "${VERSION}" + } + labels = { + "org.opencontainers.image.source" = "${SOURCE}" + } +} + +target "image-local" { + inherits = ["image"] + output = ["type=docker"] + tags = ["${APP}:${VERSION}"] +} + +target "image-all" { + inherits = ["image"] + platforms = [ + "linux/amd64", + "linux/arm64" + ] +} diff --git a/apps/aws-signing-helper/entrypoint.sh b/apps/aws-signing-helper/entrypoint.sh new file mode 100755 index 000000000..a51fa7ccc --- /dev/null +++ b/apps/aws-signing-helper/entrypoint.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +if [[ -z "$TRUST_ANCHOR_ARN" ]]; then + echo "❌ Must provide TRUST_ANCHOR_ARN environment variable." 1>&2 + exit 1 +fi + +if [[ -z "$PROFILE_ARN" ]]; then + echo "❌ Must provide PROFILE_ARN environment variable." 1>&2 + exit 1 +fi + +if [[ -z "$ROLE_ARN" ]]; then + echo "❌ Must provide ROLE_ARN environment variable." 1>&2 + exit 1 +fi + +echo "🚀 Starting IMDSv2 endpoint with aws_signing_helper ..." + +exec \ + /app/bin/aws-signing-helper serve \ + --certificate /iamra/tls.crt \ + --private-key /iamra/tls.key \ + --trust-anchor-arn $TRUST_ANCHOR_ARN \ + --profile-arn $PROFILE_ARN \ + --role-arn $ROLE_ARN From 560c4d4f00788de467b603519e19a20202d01695 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Aug 2025 07:09:22 +0000 Subject: [PATCH 04/94] =?UTF-8?q?ci(github-action):=20update=20action=20ac?= =?UTF-8?q?tions/cache=20(v4.2.3=20=E2=86=92=20v4.2.4)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/vulnerability-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 907134026..3b358924c 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -36,7 +36,7 @@ jobs: - name: Restore Database id: database-restore - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: key: grype-db-${{ steps.cache.outputs.key }} path: ~/.cache/grype/db @@ -53,7 +53,7 @@ jobs: - if: ${{ always() && steps.database-restore.outputs.cache-hit != 'true' }} name: Cache Database - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: key: grype-db-${{ steps.cache.outputs.key }} path: ~/.cache/grype/db @@ -76,7 +76,7 @@ jobs: run: echo "key=$(date -u +'%Y-%m-%d')" >> $GITHUB_OUTPUT - name: Restore Database - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: key: grype-db-${{ steps.cache.outputs.key }} path: ~/.cache/grype/db From a22b37cf5bcba82fa1d985ac19c2a520da6d5ba6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Aug 2025 07:09:34 +0000 Subject: [PATCH 05/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.29.5=20=E2=86=92=20v3.29.7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index f2238e07e..09555e6f4 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.7 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.7 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 3b358924c..2e8192d79 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.7 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From 4da8c6d68e12fc1c921c6251a426f2fccf450da8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Aug 2025 06:39:06 +0000 Subject: [PATCH 06/94] =?UTF-8?q?ci(github-action):=20update=20action=20ac?= =?UTF-8?q?tions/create-github-app-token=20(v2.0.6=20=E2=86=92=20v2.1.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- .github/workflows/deprecate-app.yaml | 6 +++--- .github/workflows/label-sync.yaml | 2 +- .github/workflows/labeler.yaml | 2 +- .github/workflows/retry-release.yaml | 2 +- .github/workflows/stale.yaml | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 15f90c920..d20eef6da 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -258,7 +258,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/deprecate-app.yaml b/.github/workflows/deprecate-app.yaml index 395bf0e1e..9bfbdef06 100644 --- a/.github/workflows/deprecate-app.yaml +++ b/.github/workflows/deprecate-app.yaml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate Token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} @@ -94,7 +94,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/label-sync.yaml b/.github/workflows/label-sync.yaml index 742da6a90..77fb241c6 100644 --- a/.github/workflows/label-sync.yaml +++ b/.github/workflows/label-sync.yaml @@ -21,7 +21,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index ebf9c0c62..7d1440bc1 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -23,7 +23,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 620a60671..752e7e0f3 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -43,7 +43,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index b0b43fdc5..61dcc4c30 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -21,7 +21,7 @@ jobs: pull-requests: write steps: - name: Generate Token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" From dd41321bc071595573d434657d643afefc4ddb2c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 00:06:10 +0000 Subject: [PATCH 07/94] =?UTF-8?q?ci(github-action):=20update=20action=20ac?= =?UTF-8?q?tions/create-github-app-token=20(v2.1.0=20=E2=86=92=20v2.1.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- .github/workflows/deprecate-app.yaml | 6 +++--- .github/workflows/label-sync.yaml | 2 +- .github/workflows/labeler.yaml | 2 +- .github/workflows/retry-release.yaml | 2 +- .github/workflows/stale.yaml | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index d20eef6da..77d22fd0c 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -258,7 +258,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/deprecate-app.yaml b/.github/workflows/deprecate-app.yaml index 9bfbdef06..5bdd0bd20 100644 --- a/.github/workflows/deprecate-app.yaml +++ b/.github/workflows/deprecate-app.yaml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate Token - uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} @@ -94,7 +94,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/label-sync.yaml b/.github/workflows/label-sync.yaml index 77fb241c6..ae428d9b7 100644 --- a/.github/workflows/label-sync.yaml +++ b/.github/workflows/label-sync.yaml @@ -21,7 +21,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index 7d1440bc1..067341717 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -23,7 +23,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 752e7e0f3..5539674fc 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -43,7 +43,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 61dcc4c30..c96def784 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -21,7 +21,7 @@ jobs: pull-requests: write steps: - name: Generate Token - uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" From 6813ed2761d5e29262de5f5efdf680a78f392f28 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 00:06:22 +0000 Subject: [PATCH 08/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.29.7=20=E2=86=92=20v3.29.8)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 09555e6f4..680a81899 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.7 + uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.7 + uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 2e8192d79..2ad47341c 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.7 + uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From c97a68b007ffbdab418791e0e762a3865673c88a Mon Sep 17 00:00:00 2001 From: Dennis Effing Date: Fri, 15 Aug 2025 18:21:04 +0200 Subject: [PATCH 09/94] ci: fix retry release workflow --- .github/workflows/retry-release.yaml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 5539674fc..6a086178c 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -42,13 +42,6 @@ jobs: with: persist-credentials: false - - name: Generate Token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 - id: app-token - with: - app-id: ${{ secrets.BOT_APP_ID }} - private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }} - - name: Install Cosign uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 @@ -64,7 +57,7 @@ jobs: - name: Get Container Registry Version id: registry env: - GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | if ! version=$(regctl image inspect ghcr.io/${{ github.repository_owner }}/${{ matrix.app }}:rolling \ | jq --raw-output '.config.Labels["org.opencontainers.image.version"]' 2>/dev/null) || [[ -z "${version}" ]]; @@ -79,14 +72,14 @@ jobs: uses: juliangruber/find-pull-request-action@952b3bb1ddb2dcc0aa3479e98bb1c2d1a922f096 # v1.10.0 id: find-pull-request with: - github-token: ${{ steps.app-token.outputs.token }} + github-token: ${{ secrets.GITHUB_TOKEN }} labels: app/${{ matrix.app }} state: open - if: ${{ steps.find-pull-request.outputs.number != '' }} name: Retry Release env: - GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | # zizmor: ignore[template-injection] gh workflow run release.yaml \ --repo ${{ github.repository }} \ From 1506bd2d1aab750fec6b70e6f3d6013202280817 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Aug 2025 16:21:54 +0000 Subject: [PATCH 10/94] =?UTF-8?q?ci(github-action):=20update=20action=20an?= =?UTF-8?q?chore/sbom-action=20(v0.20.4=20=E2=86=92=20v0.20.5)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 77d22fd0c..7c76d251e 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -228,7 +228,7 @@ jobs: password: ${{ github.token }} - name: Upload Dependency Snapshot - uses: anchore/sbom-action@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4 + uses: anchore/sbom-action@da167eac915b4e86f08b264dbdbc867b61be6f0c # v0.20.5 with: dependency-snapshot: true image: ghcr.io/${{ github.repository_owner }}/${{ inputs.app }}@${{ needs.release.outputs.digest }} From 45f844e7b6f2487449104f4c0d4685ad2d11e3ff Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Aug 2025 16:22:05 +0000 Subject: [PATCH 11/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.29.8=20=E2=86=92=20v3.29.9)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 680a81899..a4dbd86cc 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 + uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 + uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 2ad47341c..16f7a6d06 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 + uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From aac9173119bcb2f07791da67caa734e4f1c0cc31 Mon Sep 17 00:00:00 2001 From: Dennis Effing Date: Fri, 15 Aug 2025 18:43:26 +0200 Subject: [PATCH 12/94] =?UTF-8?q?feat:=20update=20home-assistant=20(2025.7?= =?UTF-8?q?.4=20=E2=86=92=202025.8.2)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/home-assistant/docker-bake.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/home-assistant/docker-bake.hcl b/apps/home-assistant/docker-bake.hcl index f5dd96fd2..d03f25ba3 100644 --- a/apps/home-assistant/docker-bake.hcl +++ b/apps/home-assistant/docker-bake.hcl @@ -6,7 +6,7 @@ variable "APP" { variable "VERSION" { // renovate: datasource=pypi depName=homeassistant - default = "2025.7.4" + default = "2025.8.2" } variable "SOURCE" { From 5408b3696b7fa84d0a2392663f2cf87c6d5e5c84 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 16 Aug 2025 15:47:32 +0000 Subject: [PATCH 13/94] =?UTF-8?q?ci(github-action):=20update=20action=20ac?= =?UTF-8?q?tions/checkout=20(v4.2.2=20=E2=86=92=20v4.3.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 10 +++++----- .github/workflows/codeql.yaml | 2 +- .github/workflows/deprecate-app.yaml | 4 ++-- .github/workflows/label-sync.yaml | 2 +- .github/workflows/labeler.yaml | 2 +- .github/workflows/retry-release.yaml | 4 ++-- .github/workflows/test-version.yaml | 2 +- .github/workflows/vulnerability-scan.yaml | 2 +- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 7c76d251e..794008871 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -23,7 +23,7 @@ jobs: platforms: ${{ steps.app-options.outputs.platforms }} steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false @@ -79,7 +79,7 @@ jobs: runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }} steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false @@ -172,7 +172,7 @@ jobs: digest: ${{ steps.digest.outputs.digest }} steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false @@ -253,7 +253,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false @@ -298,7 +298,7 @@ jobs: steps: - if: ${{ contains(needs.*.result, 'failure') }} name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index a4dbd86cc..592e418d5 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -28,7 +28,7 @@ jobs: source-root: . steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false diff --git a/.github/workflows/deprecate-app.yaml b/.github/workflows/deprecate-app.yaml index 5bdd0bd20..56ff44429 100644 --- a/.github/workflows/deprecate-app.yaml +++ b/.github/workflows/deprecate-app.yaml @@ -29,7 +29,7 @@ jobs: pull-number: ${{ steps.pr.outputs.pull-request-number }} steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false @@ -89,7 +89,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false diff --git a/.github/workflows/label-sync.yaml b/.github/workflows/label-sync.yaml index ae428d9b7..b881f2e8d 100644 --- a/.github/workflows/label-sync.yaml +++ b/.github/workflows/label-sync.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index 067341717..eeed8ec18 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -18,7 +18,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 6a086178c..4d193f90a 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -18,7 +18,7 @@ jobs: apps: ${{ steps.inventory.outputs.apps }} steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false diff --git a/.github/workflows/test-version.yaml b/.github/workflows/test-version.yaml index 55c9754d0..2b642a928 100644 --- a/.github/workflows/test-version.yaml +++ b/.github/workflows/test-version.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 16f7a6d06..a2c3d3e7a 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -18,7 +18,7 @@ jobs: apps: ${{ steps.inventory.outputs.apps }} steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false From b5ab574785d9fb0954f69762a0b7c0d16d4a804b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 04:08:23 +0000 Subject: [PATCH 14/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(91a43cf=20=E2=86=92=2003ca0ee)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 4d193f90a..0b8c5fb64 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 - name: Install regctl - uses: regclient/actions/regctl-installer@91a43cffe6e8c0c49ff25e11ede826a3c6f45dbd # main + uses: regclient/actions/regctl-installer@03ca0eeb8348921b9447b7d5d6b6d350550ddb3b # main - name: Get Bake Options id: app-options From b6e436412be74bd10110236c354dc2e88f1f5cb5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 23 Aug 2025 11:56:48 +0000 Subject: [PATCH 15/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.29.9=20=E2=86=92=20v3.29.10)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 592e418d5..53fac9e9a 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 + uses: github/codeql-action/init@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 + uses: github/codeql-action/analyze@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index a2c3d3e7a..1e25d0f94 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 + uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From d1cecb522796d78d34cc7f87eb91924d9e0a4bea Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 23 Aug 2025 11:56:59 +0000 Subject: [PATCH 16/94] =?UTF-8?q?ci(github-action):=20update=20action=20sa?= =?UTF-8?q?risia/actions-status-discord=20(v1.15.3=20=E2=86=92=20v1.15.4)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 794008871..e1d1d2cef 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -311,7 +311,7 @@ jobs: - if: ${{ contains(needs.*.result, 'failure') }} name: Send Discord Webhook - uses: sarisia/actions-status-discord@5ddd3b114a98457dd80a39b2f00b6a998cd69008 # v1.15.3 + uses: sarisia/actions-status-discord@11a0bfe3b50977e38aa2bd4a4ebd296415e83c19 # v1.15.4 with: color: "0xFF0000" description: | From 0178e1643b684e4e33d3934cf96e433d00c5d122 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 24 Aug 2025 23:45:43 +0000 Subject: [PATCH 17/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.29.10=20=E2=86=92=20v3.29.11)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 53fac9e9a..39f103cb7 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 + uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 + uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 1e25d0f94..208ae13d2 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 + uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From 3c5ed17241a18881dbfe777f448aa79c3ec36cd5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 24 Aug 2025 23:46:14 +0000 Subject: [PATCH 18/94] =?UTF-8?q?ci(github-action):=20update=20action=20do?= =?UTF-8?q?cker/bake-action=20(v6.8.0=20=E2=86=92=20v6.9.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index e1d1d2cef..9f6dbcc7f 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -117,7 +117,7 @@ jobs: rsync -a --ignore-existing --progress ./include/ ./apps/${{ inputs.app }}/ - name: Build Application - uses: docker/bake-action@37816e747588cb137173af99ab33873600c46ea8 # v6.8.0 + uses: docker/bake-action@3acf805d94d93a86cce4ca44798a76464a75b88c # v6.9.0 id: bake with: files: | From 4c4f9ee45f9744f0bdd97b9e353a6d6facd3d3a6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 25 Aug 2025 16:07:56 +0000 Subject: [PATCH 19/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:cli/cl?= =?UTF-8?q?i=20(2.76.2=20=E2=86=92=202.78.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index bf5a88639..4a882a45b 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,5 +1,5 @@ [tools] -"aqua:cli/cli" = "2.76.2" +"aqua:cli/cli" = "2.78.0" "aqua:go-task/task" = "3.44.1" "aqua:GoogleContainerTools/container-structure-test" = "1.19.3" "aqua:jqlang/jq" = "1.8.0" From ba73fa76ea735311f976bad3d31f00f721020a38 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 6 Sep 2025 03:47:30 +0000 Subject: [PATCH 20/94] =?UTF-8?q?ci(github-action):=20update=20action=20ac?= =?UTF-8?q?tions/github-script=20(v7.0.1=20=E2=86=92=20v7.1.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/actions/app-exists/action.yaml | 2 +- .github/actions/app-inventory/action.yaml | 2 +- .github/actions/app-versions/action.yaml | 2 +- .github/actions/release-tag/action.yaml | 2 +- .github/workflows/app-builder.yaml | 2 +- .github/workflows/deprecate-app.yaml | 2 +- .github/workflows/release.yaml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/actions/app-exists/action.yaml b/.github/actions/app-exists/action.yaml index 22946ffbe..2c18c0f26 100644 --- a/.github/actions/app-exists/action.yaml +++ b/.github/actions/app-exists/action.yaml @@ -18,7 +18,7 @@ runs: steps: - name: Application Exists id: application - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 with: script: | const applicationName = '${{ inputs.app }}'; diff --git a/.github/actions/app-inventory/action.yaml b/.github/actions/app-inventory/action.yaml index e4e8aba42..7bfb593cd 100644 --- a/.github/actions/app-inventory/action.yaml +++ b/.github/actions/app-inventory/action.yaml @@ -12,7 +12,7 @@ runs: using: composite steps: - name: Application Inventory - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 id: inventory with: script: | diff --git a/.github/actions/app-versions/action.yaml b/.github/actions/app-versions/action.yaml index d2e3e8dec..e829fd5b3 100644 --- a/.github/actions/app-versions/action.yaml +++ b/.github/actions/app-versions/action.yaml @@ -35,7 +35,7 @@ runs: run: npm install semver - name: Application Versions - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 id: versions with: script: | diff --git a/.github/actions/release-tag/action.yaml b/.github/actions/release-tag/action.yaml index 1859844dc..9fcb68287 100644 --- a/.github/actions/release-tag/action.yaml +++ b/.github/actions/release-tag/action.yaml @@ -18,7 +18,7 @@ runs: steps: - name: Get Release Tag id: release - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 with: github-token: ${{ inputs.token }} script: | diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 9f6dbcc7f..2b6769778 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -84,7 +84,7 @@ jobs: persist-credentials: false - name: Get Target Architecture - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 id: target with: script: | diff --git a/.github/workflows/deprecate-app.yaml b/.github/workflows/deprecate-app.yaml index 56ff44429..42d4fd8a8 100644 --- a/.github/workflows/deprecate-app.yaml +++ b/.github/workflows/deprecate-app.yaml @@ -71,7 +71,7 @@ jobs: private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }} - name: Merge Pull Request - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 with: github-token: ${{ steps.app-token.outputs.token }} script: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7cd4cea1a..c3e4b0773 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -42,7 +42,7 @@ jobs: apps: ${{ steps.apps.outputs.apps }} steps: - name: Get Apps - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 id: apps env: APPS: ${{ github.event_name == 'workflow_dispatch' && inputs.app || join(fromJSON(needs.prepare.outputs.changed-files), ' ') }} From 9538f2616b7eadcc2f75b9e679125cea043c054d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 6 Sep 2025 03:47:42 +0000 Subject: [PATCH 21/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.29.11=20=E2=86=92=20v3.30.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 39f103cb7..e2c30cdca 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 + uses: github/codeql-action/init@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 + uses: github/codeql-action/analyze@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 208ae13d2..628d56eda 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 + uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From cb4122d4191b7132150723ea73009a7ac8eac377 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 7 Sep 2025 04:09:45 +0000 Subject: [PATCH 22/94] =?UTF-8?q?ci(github-action):=20update=20action=20nc?= =?UTF-8?q?ipollo/release-action=20(v1.18.0=20=E2=86=92=20v1.20.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- .github/workflows/deprecate-app.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 2b6769778..aaff7c15b 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -277,7 +277,7 @@ jobs: token: ${{ steps.app-token.outputs.token }} - name: Create Release - uses: ncipollo/release-action@bcfe5470707e8832e12347755757cec0eb3c22af # v1.18.0 + uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0 with: body: | > [!NOTE] diff --git a/.github/workflows/deprecate-app.yaml b/.github/workflows/deprecate-app.yaml index 42d4fd8a8..d5ee6f3d0 100644 --- a/.github/workflows/deprecate-app.yaml +++ b/.github/workflows/deprecate-app.yaml @@ -107,7 +107,7 @@ jobs: token: ${{ steps.app-token.outputs.token }} - name: Create Release - uses: ncipollo/release-action@bcfe5470707e8832e12347755757cec0eb3c22af # v1.18.0 + uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0 with: body: | > [!WARNING] From dc0fc92697b1f0bf2b6ce66f7c46682770df9a28 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Sep 2025 15:44:30 +0000 Subject: [PATCH 23/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(03ca0ee=20=E2=86=92=202a0bc4d)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 0b8c5fb64..b41289f42 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 - name: Install regctl - uses: regclient/actions/regctl-installer@03ca0eeb8348921b9447b7d5d6b6d350550ddb3b # main + uses: regclient/actions/regctl-installer@2a0bc4dd4f92bcc807db726c33ea1c88be3d435d # main - name: Get Bake Options id: app-options From 5b63e79aa8d68fb84bbfbba2a86fb2bd33ea44d5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Sep 2025 15:44:40 +0000 Subject: [PATCH 24/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.30.0=20=E2=86=92=20v3.30.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index e2c30cdca..154509fab 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 + uses: github/codeql-action/init@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 + uses: github/codeql-action/analyze@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 628d56eda..6ded1e2ba 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 + uses: github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From ff20e682867e973bb8cda594165219254728df84 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 10 Sep 2025 23:23:00 +0000 Subject: [PATCH 25/94] =?UTF-8?q?fix(mise):=20update=20tool=20aqua:mikefar?= =?UTF-8?q?ah/yq=20(4.47.1=20=E2=86=92=204.47.2)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 4a882a45b..4511a1679 100644 --- a/.mise.toml +++ b/.mise.toml @@ -3,7 +3,7 @@ "aqua:go-task/task" = "3.44.1" "aqua:GoogleContainerTools/container-structure-test" = "1.19.3" "aqua:jqlang/jq" = "1.8.0" -"aqua:mikefarah/yq" = "4.47.1" +"aqua:mikefarah/yq" = "4.47.2" [hooks] postinstall = [ From bcb8b00b701821425394427fa3a0a2849c06fcca Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 10 Sep 2025 23:23:12 +0000 Subject: [PATCH 26/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:cli/cl?= =?UTF-8?q?i=20(2.78.0=20=E2=86=92=202.79.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 4511a1679..17a874333 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,5 +1,5 @@ [tools] -"aqua:cli/cli" = "2.78.0" +"aqua:cli/cli" = "2.79.0" "aqua:go-task/task" = "3.44.1" "aqua:GoogleContainerTools/container-structure-test" = "1.19.3" "aqua:jqlang/jq" = "1.8.0" From 1426142e11f9512dd840f02919fb8712b0c6fa87 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Sep 2025 15:40:32 +0000 Subject: [PATCH 27/94] =?UTF-8?q?ci(github-action):=20update=20action=20ac?= =?UTF-8?q?tions/create-github-app-token=20(v2.1.1=20=E2=86=92=20v2.1.4)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- .github/workflows/deprecate-app.yaml | 6 +++--- .github/workflows/label-sync.yaml | 2 +- .github/workflows/labeler.yaml | 2 +- .github/workflows/stale.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index aaff7c15b..3052130b7 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -258,7 +258,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/deprecate-app.yaml b/.github/workflows/deprecate-app.yaml index d5ee6f3d0..eed04a7a8 100644 --- a/.github/workflows/deprecate-app.yaml +++ b/.github/workflows/deprecate-app.yaml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate Token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} @@ -94,7 +94,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/label-sync.yaml b/.github/workflows/label-sync.yaml index b881f2e8d..04f10b501 100644 --- a/.github/workflows/label-sync.yaml +++ b/.github/workflows/label-sync.yaml @@ -21,7 +21,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index eeed8ec18..1edb15e07 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -23,7 +23,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index c96def784..6ca6207c6 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -21,7 +21,7 @@ jobs: pull-requests: write steps: - name: Generate Token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" From d2643dbd5b949b52f3205a06440cda32c24b8b15 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Sep 2025 15:40:43 +0000 Subject: [PATCH 28/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.30.1=20=E2=86=92=20v3.30.3)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 154509fab..79f9dc44d 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 + uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 + uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 6ded1e2ba..07a189c6e 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 + uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From c318b53748a96484ca015796dabff9af054bf12f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Sep 2025 07:47:01 +0000 Subject: [PATCH 29/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(2a0bc4d=20=E2=86=92=20495560f)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index b41289f42..08d84fb64 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 - name: Install regctl - uses: regclient/actions/regctl-installer@2a0bc4dd4f92bcc807db726c33ea1c88be3d435d # main + uses: regclient/actions/regctl-installer@495560f7c3b510b71ff9f22d6c667c2c429b8e45 # main - name: Get Bake Options id: app-options From 840ad1dc64e5b31b395ed8596e7f254d0fd2ea58 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Sep 2025 07:47:14 +0000 Subject: [PATCH 30/94] =?UTF-8?q?ci(github-action):=20update=20action=20an?= =?UTF-8?q?chore/sbom-action=20(v0.20.5=20=E2=86=92=20v0.20.6)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 3052130b7..1346eda14 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -228,7 +228,7 @@ jobs: password: ${{ github.token }} - name: Upload Dependency Snapshot - uses: anchore/sbom-action@da167eac915b4e86f08b264dbdbc867b61be6f0c # v0.20.5 + uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6 with: dependency-snapshot: true image: ghcr.io/${{ github.repository_owner }}/${{ inputs.app }}@${{ needs.release.outputs.digest }} From a4c3980d9d26cbdc6dd4836c85121287c10b4776 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 18 Sep 2025 15:50:48 +0000 Subject: [PATCH 31/94] =?UTF-8?q?ci(github-action):=20update=20action=20si?= =?UTF-8?q?gstore/cosign-installer=20(v3.9.2=20=E2=86=92=20v3.10.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 08d84fb64..1aa5bbf4a 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -43,7 +43,7 @@ jobs: persist-credentials: false - name: Install Cosign - uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - name: Install regctl uses: regclient/actions/regctl-installer@495560f7c3b510b71ff9f22d6c667c2c429b8e45 # main From ffd5a7bb82cceb75290bad68e3b4aec49cac2f90 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 18 Sep 2025 15:51:06 +0000 Subject: [PATCH 32/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:go-tas?= =?UTF-8?q?k/task=20(3.44.1=20=E2=86=92=203.45.4)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 17a874333..31fd84e48 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,6 +1,6 @@ [tools] "aqua:cli/cli" = "2.79.0" -"aqua:go-task/task" = "3.44.1" +"aqua:go-task/task" = "3.45.4" "aqua:GoogleContainerTools/container-structure-test" = "1.19.3" "aqua:jqlang/jq" = "1.8.0" "aqua:mikefarah/yq" = "4.47.2" From 378b331598a2fd409e4d59baa4738d9780ebf4cb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 22 Sep 2025 19:44:13 +0000 Subject: [PATCH 33/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:google?= =?UTF-8?q?containertools/container-structure-test=20(1.19.3=20=E2=86=92?= =?UTF-8?q?=201.20.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 31fd84e48..0812cc9d7 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,7 +1,7 @@ [tools] "aqua:cli/cli" = "2.79.0" "aqua:go-task/task" = "3.45.4" -"aqua:GoogleContainerTools/container-structure-test" = "1.19.3" +"aqua:GoogleContainerTools/container-structure-test" = "1.20.0" "aqua:jqlang/jq" = "1.8.0" "aqua:mikefarah/yq" = "4.47.2" From 48ac7d5974c940a5e50ea14ab87a7120291105c8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 24 Sep 2025 23:47:44 +0000 Subject: [PATCH 34/94] =?UTF-8?q?ci(github-action):=20update=20action=20ac?= =?UTF-8?q?tions/cache=20(v4.2.4=20=E2=86=92=20v4.3.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/vulnerability-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 07a189c6e..8c5d95e77 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -36,7 +36,7 @@ jobs: - name: Restore Database id: database-restore - uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: key: grype-db-${{ steps.cache.outputs.key }} path: ~/.cache/grype/db @@ -53,7 +53,7 @@ jobs: - if: ${{ always() && steps.database-restore.outputs.cache-hit != 'true' }} name: Cache Database - uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: key: grype-db-${{ steps.cache.outputs.key }} path: ~/.cache/grype/db @@ -76,7 +76,7 @@ jobs: run: echo "key=$(date -u +'%Y-%m-%d')" >> $GITHUB_OUTPUT - name: Restore Database - uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: key: grype-db-${{ steps.cache.outputs.key }} path: ~/.cache/grype/db From ed33eb91cbaede9dbdeadc67f577530566dfedd9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 24 Sep 2025 23:48:00 +0000 Subject: [PATCH 35/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:cli/cl?= =?UTF-8?q?i=20(2.79.0=20=E2=86=92=202.80.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 0812cc9d7..09051ec90 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,5 +1,5 @@ [tools] -"aqua:cli/cli" = "2.79.0" +"aqua:cli/cli" = "2.80.0" "aqua:go-task/task" = "3.45.4" "aqua:GoogleContainerTools/container-structure-test" = "1.20.0" "aqua:jqlang/jq" = "1.8.0" From f9f1d2d3c5df02513ba0e11853f1d5a0844ab6e0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 29 Sep 2025 08:02:02 +0000 Subject: [PATCH 36/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.30.3=20=E2=86=92=20v3.30.4)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 79f9dc44d..8779a4829 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/init@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/analyze@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 8c5d95e77..d414d8fa8 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/upload-sarif@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From b55f0ad0db71972ec14e27a54f2ef1608dc50687 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 1 Oct 2025 18:46:54 +0000 Subject: [PATCH 37/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.30.4=20=E2=86=92=20v3.30.5)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 8779a4829..eb25ec970 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4 + uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4 + uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index d414d8fa8..289f3115b 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4 + uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From 4ebcba18e725c75f9d8aa9bec40cfc7d5ef8deb6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 1 Oct 2025 18:47:11 +0000 Subject: [PATCH 38/94] =?UTF-8?q?ci(github-action):=20update=20action=20do?= =?UTF-8?q?cker/login-action=20(v3.5.0=20=E2=86=92=20v3.6.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 1346eda14..d0ce1e320 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -97,7 +97,7 @@ jobs: app: ${{ inputs.app }} - name: Login to GitHub Container Registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -190,7 +190,7 @@ jobs: merge-multiple: true - name: Login to GitHub Container Registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -221,7 +221,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Login to GitHub Container Registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.actor }} From 570bc2cbfc0a4349c5d830ebf42570e95285e28d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 2 Oct 2025 12:08:01 +0000 Subject: [PATCH 39/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:cli/cl?= =?UTF-8?q?i=20(2.80.0=20=E2=86=92=202.81.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 09051ec90..df4e05373 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,5 +1,5 @@ [tools] -"aqua:cli/cli" = "2.80.0" +"aqua:cli/cli" = "2.81.0" "aqua:go-task/task" = "3.45.4" "aqua:GoogleContainerTools/container-structure-test" = "1.20.0" "aqua:jqlang/jq" = "1.8.0" From 33623fd78607a97c9884bc0baeb4d72dd3206d5c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 2 Oct 2025 12:08:20 +0000 Subject: [PATCH 40/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:google?= =?UTF-8?q?containertools/container-structure-test=20(1.20.0=20=E2=86=92?= =?UTF-8?q?=201.21.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index df4e05373..5369f8ca0 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,7 +1,7 @@ [tools] "aqua:cli/cli" = "2.81.0" "aqua:go-task/task" = "3.45.4" -"aqua:GoogleContainerTools/container-structure-test" = "1.20.0" +"aqua:GoogleContainerTools/container-structure-test" = "1.21.1" "aqua:jqlang/jq" = "1.8.0" "aqua:mikefarah/yq" = "4.47.2" From a796fecf54842c258c427d91efd4b0c03dd5e02b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 07:41:08 +0000 Subject: [PATCH 41/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.30.5=20=E2=86=92=20v3.30.6)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index eb25ec970..7fb003901 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 + uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 + uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 289f3115b..efa79d582 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 + uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From e19ef5489c2f289756c9b49ae4abda722555fe80 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 Oct 2025 03:43:43 +0000 Subject: [PATCH 42/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(495560f=20=E2=86=92=20e90c98f)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 1aa5bbf4a..28fb56dbb 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - name: Install regctl - uses: regclient/actions/regctl-installer@495560f7c3b510b71ff9f22d6c667c2c429b8e45 # main + uses: regclient/actions/regctl-installer@e90c98f47ac2fead0ab3cf8d7a59c5e6fc3b87d2 # main - name: Get Bake Options id: app-options From 688163d463c7bae98ceeb1ff3de19495077a24fb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 11 Oct 2025 04:14:28 +0000 Subject: [PATCH 43/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.30.6=20=E2=86=92=20v3.30.7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 7fb003901..b008f9fd8 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 + uses: github/codeql-action/init@a8d1ac45b9a34d11fe398d5503176af0d06b303e # v3.30.7 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 + uses: github/codeql-action/analyze@a8d1ac45b9a34d11fe398d5503176af0d06b303e # v3.30.7 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index efa79d582..0965dd75b 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 + uses: github/codeql-action/upload-sarif@a8d1ac45b9a34d11fe398d5503176af0d06b303e # v3.30.7 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From a24af1776e6be58abcfbb11900c4c9ffd2566ecc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 12 Oct 2025 10:38:04 +0000 Subject: [PATCH 44/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:mikefa?= =?UTF-8?q?rah/yq=20(4.47.2=20=E2=86=92=204.48.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 5369f8ca0..9d0a956b2 100644 --- a/.mise.toml +++ b/.mise.toml @@ -3,7 +3,7 @@ "aqua:go-task/task" = "3.45.4" "aqua:GoogleContainerTools/container-structure-test" = "1.21.1" "aqua:jqlang/jq" = "1.8.0" -"aqua:mikefarah/yq" = "4.47.2" +"aqua:mikefarah/yq" = "4.48.1" [hooks] postinstall = [ From 502a2b10b10546fead75a2cc267a1b26c7e5974c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 15 Oct 2025 07:10:38 +0000 Subject: [PATCH 45/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.30.7=20=E2=86=92=20v3.30.8)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index b008f9fd8..c59dc5efd 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@a8d1ac45b9a34d11fe398d5503176af0d06b303e # v3.30.7 + uses: github/codeql-action/init@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@a8d1ac45b9a34d11fe398d5503176af0d06b303e # v3.30.7 + uses: github/codeql-action/analyze@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 0965dd75b..84ade3bc7 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@a8d1ac45b9a34d11fe398d5503176af0d06b303e # v3.30.7 + uses: github/codeql-action/upload-sarif@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From 68066297d24ba52967dbbc7263125a2f66443f64 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 16 Oct 2025 23:45:15 +0000 Subject: [PATCH 46/94] =?UTF-8?q?ci(github-action):=20update=20action=20an?= =?UTF-8?q?chore/sbom-action=20(v0.20.6=20=E2=86=92=20v0.20.8)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index d0ce1e320..8aa211cc7 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -228,7 +228,7 @@ jobs: password: ${{ github.token }} - name: Upload Dependency Snapshot - uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6 + uses: anchore/sbom-action@aa0e114b2e19480f157109b9922bda359bd98b90 # v0.20.8 with: dependency-snapshot: true image: ghcr.io/${{ github.repository_owner }}/${{ inputs.app }}@${{ needs.release.outputs.digest }} From c4b45486fb7482241e0ce4678411313ce8aee61a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 16 Oct 2025 23:45:31 +0000 Subject: [PATCH 47/94] =?UTF-8?q?ci(github-action):=20update=20action=20si?= =?UTF-8?q?gstore/cosign-installer=20(v3.10.0=20=E2=86=92=20v3.10.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 28fb56dbb..e0ac302be 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -43,7 +43,7 @@ jobs: persist-credentials: false - name: Install Cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install regctl uses: regclient/actions/regctl-installer@e90c98f47ac2fead0ab3cf8d7a59c5e6fc3b87d2 # main From 9b1189f6ba7a456ac05e60f791cf5cfde59ea7f9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 18 Oct 2025 08:05:27 +0000 Subject: [PATCH 48/94] =?UTF-8?q?ci(github-action):=20update=20action=20bj?= =?UTF-8?q?w-s-labs/action-changed-files=20(v0.3.3=20=E2=86=92=20v0.4.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/pull-request.yaml | 2 +- .github/workflows/release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index bc9729911..5c2572c8c 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -15,7 +15,7 @@ jobs: steps: - name: Get changed files id: changed-files - uses: bjw-s-labs/action-changed-files@930cef8463348e168cab7235c47fe95a7a235f65 # v0.3.3 + uses: bjw-s-labs/action-changed-files@1a5aeab1bfa64d0c4e786f501d5a3f1fad4a24da # v0.4.1 with: path: apps include_only_directories: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c3e4b0773..529e85294 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,7 +27,7 @@ jobs: steps: - name: Get Changed Files id: changed-files - uses: bjw-s-labs/action-changed-files@930cef8463348e168cab7235c47fe95a7a235f65 # v0.3.3 + uses: bjw-s-labs/action-changed-files@1a5aeab1bfa64d0c4e786f501d5a3f1fad4a24da # v0.4.1 with: path: apps include_only_directories: true From 30a3e16532be8e32e6fd3c7c7bdc3221d2010a8a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 18 Oct 2025 08:05:41 +0000 Subject: [PATCH 49/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:cli/cl?= =?UTF-8?q?i=20(2.81.0=20=E2=86=92=202.82.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 9d0a956b2..05683d5a7 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,5 +1,5 @@ [tools] -"aqua:cli/cli" = "2.81.0" +"aqua:cli/cli" = "2.82.0" "aqua:go-task/task" = "3.45.4" "aqua:GoogleContainerTools/container-structure-test" = "1.21.1" "aqua:jqlang/jq" = "1.8.0" From f5f587d0f386e16937ca8cb05105cbba5a1c44c0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 20 Oct 2025 04:03:25 +0000 Subject: [PATCH 50/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(e90c98f=20=E2=86=92=20df29323)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index e0ac302be..5f5451560 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install regctl - uses: regclient/actions/regctl-installer@e90c98f47ac2fead0ab3cf8d7a59c5e6fc3b87d2 # main + uses: regclient/actions/regctl-installer@df29323daedc1f78ee74b261bd8d849327cb4ff0 # main - name: Get Bake Options id: app-options From 98b955bc413a8d0ccbefeb8217e8834d1b59ded3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 21 Oct 2025 07:46:05 +0000 Subject: [PATCH 51/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.30.8=20=E2=86=92=20v3.30.9)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index c59dc5efd..e852a1397 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8 + uses: github/codeql-action/init@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8 + uses: github/codeql-action/analyze@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 84ade3bc7..595c313c5 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8 + uses: github/codeql-action/upload-sarif@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From 0c05a694bd0e5f1b7b3beee3503428bc2c1a65e0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 25 Oct 2025 12:00:07 +0000 Subject: [PATCH 52/94] =?UTF-8?q?ci(github-action):=20update=20action=20an?= =?UTF-8?q?chore/sbom-action=20(v0.20.8=20=E2=86=92=20v0.20.9)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 8aa211cc7..0abdef633 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -228,7 +228,7 @@ jobs: password: ${{ github.token }} - name: Upload Dependency Snapshot - uses: anchore/sbom-action@aa0e114b2e19480f157109b9922bda359bd98b90 # v0.20.8 + uses: anchore/sbom-action@8e94d75ddd33f69f691467e42275782e4bfefe84 # v0.20.9 with: dependency-snapshot: true image: ghcr.io/${{ github.repository_owner }}/${{ inputs.app }}@${{ needs.release.outputs.digest }} From 8c8b0d520a7474cb9fc62174731437670e61cb77 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 25 Oct 2025 12:00:23 +0000 Subject: [PATCH 53/94] =?UTF-8?q?fix(mise):=20update=20tool=20aqua:cli/cli?= =?UTF-8?q?=20(2.82.0=20=E2=86=92=202.82.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 05683d5a7..e63dcf77c 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,5 +1,5 @@ [tools] -"aqua:cli/cli" = "2.82.0" +"aqua:cli/cli" = "2.82.1" "aqua:go-task/task" = "3.45.4" "aqua:GoogleContainerTools/container-structure-test" = "1.21.1" "aqua:jqlang/jq" = "1.8.0" From 22f9380ae3dd24ec1b0e29cad373fd115a2e9adb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 1 Nov 2025 11:57:15 +0000 Subject: [PATCH 54/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.30.9=20=E2=86=92=20v3.31.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index e852a1397..e37ce95e1 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9 + uses: github/codeql-action/init@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9 + uses: github/codeql-action/analyze@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 595c313c5..76cbacaaf 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9 + uses: github/codeql-action/upload-sarif@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From b955f5e0854e9fc04c5159e72395f483edbc7650 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 3 Nov 2025 23:49:36 +0000 Subject: [PATCH 55/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.31.0=20=E2=86=92=20v3.31.2)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index e37ce95e1..9173ccfc2 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 + uses: github/codeql-action/init@5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 + uses: github/codeql-action/analyze@5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 76cbacaaf..c01745eaa 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 + uses: github/codeql-action/upload-sarif@5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From b857e261466dd273477bd8b9f5a8c01e937f5c46 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 9 Nov 2025 11:35:03 +0000 Subject: [PATCH 56/94] =?UTF-8?q?ci(github-action):=20update=20action=20do?= =?UTF-8?q?cker/metadata-action=20(v5.8.0=20=E2=86=92=20v5.9.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 0abdef633..cc0639f0b 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -46,7 +46,7 @@ jobs: upstream-version: ${{ steps.app-options.outputs.version }} - name: Build Application Metadata - uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 + uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 id: meta env: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index From ae9d36b1696fb186edcbd743a564b4bc2133edef Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 9 Nov 2025 11:35:22 +0000 Subject: [PATCH 57/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:cli/cl?= =?UTF-8?q?i=20(2.82.1=20=E2=86=92=202.83.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index e63dcf77c..3f4c8da03 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,5 +1,5 @@ [tools] -"aqua:cli/cli" = "2.82.1" +"aqua:cli/cli" = "2.83.0" "aqua:go-task/task" = "3.45.4" "aqua:GoogleContainerTools/container-structure-test" = "1.21.1" "aqua:jqlang/jq" = "1.8.0" From 233a39c0863c61728f0f4ea68168f70fa78f1d2d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 16 Nov 2025 07:40:51 +0000 Subject: [PATCH 58/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(df29323=20=E2=86=92=20f61d18f)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 5f5451560..57445a42d 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install regctl - uses: regclient/actions/regctl-installer@df29323daedc1f78ee74b261bd8d849327cb4ff0 # main + uses: regclient/actions/regctl-installer@f61d18f46c86af724a9c804cb9ff2a6fec741c7c # main - name: Get Bake Options id: app-options From af678afce676ffb62d59ee6ee74dd5173591e636 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 16 Nov 2025 07:41:06 +0000 Subject: [PATCH 59/94] =?UTF-8?q?ci(github-action):=20update=20action=20sa?= =?UTF-8?q?risia/actions-status-discord=20(v1.15.4=20=E2=86=92=20v1.15.5)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index cc0639f0b..5cbe8551a 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -311,7 +311,7 @@ jobs: - if: ${{ contains(needs.*.result, 'failure') }} name: Send Discord Webhook - uses: sarisia/actions-status-discord@11a0bfe3b50977e38aa2bd4a4ebd296415e83c19 # v1.15.4 + uses: sarisia/actions-status-discord@b8381b25576cb341b2af39926ab42c5056cc44ed # v1.15.5 with: color: "0xFF0000" description: | From a0c47eba4f9160899ada32df7aa0b8bef4ce7590 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 19 Nov 2025 19:33:05 +0000 Subject: [PATCH 60/94] =?UTF-8?q?ci(github-action):=20update=20action=20ac?= =?UTF-8?q?tions/checkout=20(v4.3.0=20=E2=86=92=20v4.3.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 10 +++++----- .github/workflows/codeql.yaml | 2 +- .github/workflows/deprecate-app.yaml | 4 ++-- .github/workflows/label-sync.yaml | 2 +- .github/workflows/labeler.yaml | 2 +- .github/workflows/retry-release.yaml | 4 ++-- .github/workflows/test-version.yaml | 2 +- .github/workflows/vulnerability-scan.yaml | 2 +- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 5cbe8551a..7e46f702b 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -23,7 +23,7 @@ jobs: platforms: ${{ steps.app-options.outputs.platforms }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false @@ -79,7 +79,7 @@ jobs: runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false @@ -172,7 +172,7 @@ jobs: digest: ${{ steps.digest.outputs.digest }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false @@ -253,7 +253,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false @@ -298,7 +298,7 @@ jobs: steps: - if: ${{ contains(needs.*.result, 'failure') }} name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 9173ccfc2..1e6a88373 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -28,7 +28,7 @@ jobs: source-root: . steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false diff --git a/.github/workflows/deprecate-app.yaml b/.github/workflows/deprecate-app.yaml index eed04a7a8..59dad06d9 100644 --- a/.github/workflows/deprecate-app.yaml +++ b/.github/workflows/deprecate-app.yaml @@ -29,7 +29,7 @@ jobs: pull-number: ${{ steps.pr.outputs.pull-request-number }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false @@ -89,7 +89,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false diff --git a/.github/workflows/label-sync.yaml b/.github/workflows/label-sync.yaml index 04f10b501..dc9fbd12e 100644 --- a/.github/workflows/label-sync.yaml +++ b/.github/workflows/label-sync.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index 1edb15e07..027099419 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -18,7 +18,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 57445a42d..c3588033f 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -18,7 +18,7 @@ jobs: apps: ${{ steps.inventory.outputs.apps }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false @@ -38,7 +38,7 @@ jobs: fail-fast: false steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false diff --git a/.github/workflows/test-version.yaml b/.github/workflows/test-version.yaml index 2b642a928..4c89bbf87 100644 --- a/.github/workflows/test-version.yaml +++ b/.github/workflows/test-version.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index c01745eaa..e576148a0 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -18,7 +18,7 @@ jobs: apps: ${{ steps.inventory.outputs.apps }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: persist-credentials: false From 00674baf5d123e2240a835938cd46ab18da62dc7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 19 Nov 2025 19:33:20 +0000 Subject: [PATCH 61/94] =?UTF-8?q?ci(github-action):=20update=20action=20an?= =?UTF-8?q?chore/sbom-action=20(v0.20.9=20=E2=86=92=20v0.20.10)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 7e46f702b..306e499d5 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -228,7 +228,7 @@ jobs: password: ${{ github.token }} - name: Upload Dependency Snapshot - uses: anchore/sbom-action@8e94d75ddd33f69f691467e42275782e4bfefe84 # v0.20.9 + uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 with: dependency-snapshot: true image: ghcr.io/${{ github.repository_owner }}/${{ inputs.app }}@${{ needs.release.outputs.digest }} From 727acfd77e2e393466f3ed6ef9fe3e84ae7e771e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 15:31:05 +0000 Subject: [PATCH 62/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(f61d18f=20=E2=86=92=204cc6f5e)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index c3588033f..c5ce806b3 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install regctl - uses: regclient/actions/regctl-installer@f61d18f46c86af724a9c804cb9ff2a6fec741c7c # main + uses: regclient/actions/regctl-installer@4cc6f5e9e488007820236099c24498f00639b52c # main - name: Get Bake Options id: app-options From 7871253324037080347328a51084f59914e8cd5a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 22 Nov 2025 08:00:06 +0000 Subject: [PATCH 63/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.31.2=20=E2=86=92=20v3.31.3)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 1e6a88373..f02475c30 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2 + uses: github/codeql-action/init@f94c9befffa4412c356fb5463a959ab7821dd57e # v3.31.3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2 + uses: github/codeql-action/analyze@f94c9befffa4412c356fb5463a959ab7821dd57e # v3.31.3 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index e576148a0..5987ea781 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2 + uses: github/codeql-action/upload-sarif@f94c9befffa4412c356fb5463a959ab7821dd57e # v3.31.3 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From 11dd1ee682647a458547607521bfcace3a0174ef Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 22 Nov 2025 08:00:20 +0000 Subject: [PATCH 64/94] =?UTF-8?q?fix(mise):=20update=20tool=20aqua:cli/cli?= =?UTF-8?q?=20(2.83.0=20=E2=86=92=202.83.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 3f4c8da03..8642d403d 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,5 +1,5 @@ [tools] -"aqua:cli/cli" = "2.83.0" +"aqua:cli/cli" = "2.83.1" "aqua:go-task/task" = "3.45.4" "aqua:GoogleContainerTools/container-structure-test" = "1.21.1" "aqua:jqlang/jq" = "1.8.0" From 8a6d896729a3b576bc025f0e2085781e158616c0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 23 Nov 2025 10:37:07 +0000 Subject: [PATCH 65/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.31.3=20=E2=86=92=20v3.31.4)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index f02475c30..d2ff673bc 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@f94c9befffa4412c356fb5463a959ab7821dd57e # v3.31.3 + uses: github/codeql-action/init@c3d42c5d08633d8b33635fbd94b000a0e2585b3c # v3.31.4 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f94c9befffa4412c356fb5463a959ab7821dd57e # v3.31.3 + uses: github/codeql-action/analyze@c3d42c5d08633d8b33635fbd94b000a0e2585b3c # v3.31.4 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 5987ea781..d91c1baac 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@f94c9befffa4412c356fb5463a959ab7821dd57e # v3.31.3 + uses: github/codeql-action/upload-sarif@c3d42c5d08633d8b33635fbd94b000a0e2585b3c # v3.31.4 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From 6fc557c8ce6729ccbc02b6686e6a9e1afee36099 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 23 Nov 2025 10:37:21 +0000 Subject: [PATCH 66/94] =?UTF-8?q?fix(mise):=20update=20tool=20aqua:go-task?= =?UTF-8?q?/task=20(3.45.4=20=E2=86=92=203.45.5)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 8642d403d..564fc9d3a 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,6 +1,6 @@ [tools] "aqua:cli/cli" = "2.83.1" -"aqua:go-task/task" = "3.45.4" +"aqua:go-task/task" = "3.45.5" "aqua:GoogleContainerTools/container-structure-test" = "1.21.1" "aqua:jqlang/jq" = "1.8.0" "aqua:mikefarah/yq" = "4.48.1" From da3af33ac40803b733b38cc89a83836ba0a28cc9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 06:56:17 +0000 Subject: [PATCH 67/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(4cc6f5e=20=E2=86=92=20ed5268e)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index c5ce806b3..1de78bb28 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install regctl - uses: regclient/actions/regctl-installer@4cc6f5e9e488007820236099c24498f00639b52c # main + uses: regclient/actions/regctl-installer@ed5268e995795eb54f4187ada5728d118ad674f3 # main - name: Get Bake Options id: app-options From a763d30f16e48c0f79e054abcf70b34d43c3b1ef Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 06:56:37 +0000 Subject: [PATCH 68/94] =?UTF-8?q?ci(github-action):=20update=20action=20ac?= =?UTF-8?q?tions/create-github-app-token=20(v2.1.4=20=E2=86=92=20v2.2.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- .github/workflows/deprecate-app.yaml | 6 +++--- .github/workflows/label-sync.yaml | 2 +- .github/workflows/labeler.yaml | 2 +- .github/workflows/stale.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 306e499d5..6948ae9db 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -258,7 +258,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/deprecate-app.yaml b/.github/workflows/deprecate-app.yaml index 59dad06d9..22dd88ae9 100644 --- a/.github/workflows/deprecate-app.yaml +++ b/.github/workflows/deprecate-app.yaml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate Token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} @@ -94,7 +94,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/label-sync.yaml b/.github/workflows/label-sync.yaml index dc9fbd12e..e614d7d23 100644 --- a/.github/workflows/label-sync.yaml +++ b/.github/workflows/label-sync.yaml @@ -21,7 +21,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index 027099419..0abf4af9a 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -23,7 +23,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 6ca6207c6..36f055377 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -21,7 +21,7 @@ jobs: pull-requests: write steps: - name: Generate Token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" From 7f96009b7a1948a0434ee4aa91651bc73e5c85f2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 25 Nov 2025 07:37:38 +0000 Subject: [PATCH 69/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:google?= =?UTF-8?q?containertools/container-structure-test=20(1.21.1=20=E2=86=92?= =?UTF-8?q?=201.22.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 564fc9d3a..54275ccb5 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,7 +1,7 @@ [tools] "aqua:cli/cli" = "2.83.1" "aqua:go-task/task" = "3.45.5" -"aqua:GoogleContainerTools/container-structure-test" = "1.21.1" +"aqua:GoogleContainerTools/container-structure-test" = "1.22.0" "aqua:jqlang/jq" = "1.8.0" "aqua:mikefarah/yq" = "4.48.1" From 46bffdc217380bc513df8f5c75ca4448e0148b5f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 25 Nov 2025 07:37:56 +0000 Subject: [PATCH 70/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:mikefa?= =?UTF-8?q?rah/yq=20(4.48.1=20=E2=86=92=204.49.2)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 54275ccb5..7ecd50718 100644 --- a/.mise.toml +++ b/.mise.toml @@ -3,7 +3,7 @@ "aqua:go-task/task" = "3.45.5" "aqua:GoogleContainerTools/container-structure-test" = "1.22.0" "aqua:jqlang/jq" = "1.8.0" -"aqua:mikefarah/yq" = "4.48.1" +"aqua:mikefarah/yq" = "4.49.2" [hooks] postinstall = [ From e9351412a58eed3a8ad808a9de39190d86f3bdac Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 07:34:09 +0000 Subject: [PATCH 71/94] =?UTF-8?q?ci(github-action):=20update=20action=20pe?= =?UTF-8?q?ter-evans/create-pull-request=20(v7.0.8=20=E2=86=92=20v7.0.9)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deprecate-app.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deprecate-app.yaml b/.github/workflows/deprecate-app.yaml index 22dd88ae9..89e3cf0dd 100644 --- a/.github/workflows/deprecate-app.yaml +++ b/.github/workflows/deprecate-app.yaml @@ -45,7 +45,7 @@ jobs: rm -rf ./apps/${{ inputs.app }} - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 id: pr with: body: | From 722cd0b03c9d2f4a7e1344a8688bc1198ad785cc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 29 Nov 2025 06:57:26 +0000 Subject: [PATCH 72/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.31.4=20=E2=86=92=20v3.31.5)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index d2ff673bc..6c63525eb 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@c3d42c5d08633d8b33635fbd94b000a0e2585b3c # v3.31.4 + uses: github/codeql-action/init@d3ced5c96c16c4332e2a61eb6f3649d6f1b20bb8 # v3.31.5 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c3d42c5d08633d8b33635fbd94b000a0e2585b3c # v3.31.4 + uses: github/codeql-action/analyze@d3ced5c96c16c4332e2a61eb6f3649d6f1b20bb8 # v3.31.5 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index d91c1baac..f026b2829 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@c3d42c5d08633d8b33635fbd94b000a0e2585b3c # v3.31.4 + uses: github/codeql-action/upload-sarif@d3ced5c96c16c4332e2a61eb6f3649d6f1b20bb8 # v3.31.5 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From 1a843a678dc3297437562c916cae39db414cced1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 29 Nov 2025 06:57:47 +0000 Subject: [PATCH 73/94] =?UTF-8?q?ci(github-action):=20update=20action=20do?= =?UTF-8?q?cker/bake-action=20(v6.9.0=20=E2=86=92=20v6.10.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 6948ae9db..81dc7ba4e 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -117,7 +117,7 @@ jobs: rsync -a --ignore-existing --progress ./include/ ./apps/${{ inputs.app }}/ - name: Build Application - uses: docker/bake-action@3acf805d94d93a86cce4ca44798a76464a75b88c # v6.9.0 + uses: docker/bake-action@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6.10.0 id: bake with: files: | From c06a88b2f82bde6c6359c32ae967bae9d4f542bc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 30 Nov 2025 07:36:39 +0000 Subject: [PATCH 74/94] =?UTF-8?q?ci(github-action):=20update=20action=20do?= =?UTF-8?q?cker/metadata-action=20(v5.9.0=20=E2=86=92=20v5.10.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 81dc7ba4e..cd17b48b2 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -46,7 +46,7 @@ jobs: upstream-version: ${{ steps.app-options.outputs.version }} - name: Build Application Metadata - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 id: meta env: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index From 3830afeaccdcf14378e4d1e53b4905a54ba637bf Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 1 Dec 2025 23:08:03 +0000 Subject: [PATCH 75/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(ed5268e=20=E2=86=92=20f68c062)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 1de78bb28..20045c3cc 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install regctl - uses: regclient/actions/regctl-installer@ed5268e995795eb54f4187ada5728d118ad674f3 # main + uses: regclient/actions/regctl-installer@f68c06246bba172f86f7a54aec805411b2fac09a # main - name: Get Bake Options id: app-options From aea6ceb85062f5b56f33fef7e89f661eeddf0cb8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 19:23:58 +0000 Subject: [PATCH 76/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.31.5=20=E2=86=92=20v3.31.6)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 6c63525eb..05a45a41d 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@d3ced5c96c16c4332e2a61eb6f3649d6f1b20bb8 # v3.31.5 + uses: github/codeql-action/init@497990dfed22177a82ba1bbab381bc8f6d27058f # v3.31.6 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d3ced5c96c16c4332e2a61eb6f3649d6f1b20bb8 # v3.31.5 + uses: github/codeql-action/analyze@497990dfed22177a82ba1bbab381bc8f6d27058f # v3.31.6 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index f026b2829..c395ead50 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@d3ced5c96c16c4332e2a61eb6f3649d6f1b20bb8 # v3.31.5 + uses: github/codeql-action/upload-sarif@497990dfed22177a82ba1bbab381bc8f6d27058f # v3.31.6 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From 288d777e35b6dcce31b17f79a69716ed504899a7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 6 Dec 2025 06:00:57 +0000 Subject: [PATCH 77/94] =?UTF-8?q?ci(github-action):=20update=20action=20ac?= =?UTF-8?q?tions/create-github-app-token=20(v2.2.0=20=E2=86=92=20v2.2.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- .github/workflows/deprecate-app.yaml | 6 +++--- .github/workflows/label-sync.yaml | 2 +- .github/workflows/labeler.yaml | 2 +- .github/workflows/stale.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index cd17b48b2..cda24f957 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -258,7 +258,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/deprecate-app.yaml b/.github/workflows/deprecate-app.yaml index 89e3cf0dd..1a63d1a31 100644 --- a/.github/workflows/deprecate-app.yaml +++ b/.github/workflows/deprecate-app.yaml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate Token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} @@ -94,7 +94,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/label-sync.yaml b/.github/workflows/label-sync.yaml index e614d7d23..cb37411e6 100644 --- a/.github/workflows/label-sync.yaml +++ b/.github/workflows/label-sync.yaml @@ -21,7 +21,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index 0abf4af9a..105170d9c 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -23,7 +23,7 @@ jobs: persist-credentials: false - name: Generate Token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 36f055377..270e34888 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -21,7 +21,7 @@ jobs: pull-requests: write steps: - name: Generate Token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" From 7afd3ea86511fe4861a383e8c854ee4ed5794b9d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 8 Dec 2025 07:54:47 +0000 Subject: [PATCH 78/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(f68c062=20=E2=86=92=201ea6cfd)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 20045c3cc..f8308df27 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install regctl - uses: regclient/actions/regctl-installer@f68c06246bba172f86f7a54aec805411b2fac09a # main + uses: regclient/actions/regctl-installer@1ea6cfdb5365b98ff1201dde150f417efc4a2079 # main - name: Get Bake Options id: app-options From aa7b24b79a9713162c7d5fe7190e62b57386b4cb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 11 Dec 2025 23:08:26 +0000 Subject: [PATCH 79/94] =?UTF-8?q?ci(github-action):=20update=20action=20an?= =?UTF-8?q?chore/sbom-action=20(v0.20.10=20=E2=86=92=20v0.20.11)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index cda24f957..361460b0f 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -228,7 +228,7 @@ jobs: password: ${{ github.token }} - name: Upload Dependency Snapshot - uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 + uses: anchore/sbom-action@43a17d6e7add2b5535efe4dcae9952337c479a93 # v0.20.11 with: dependency-snapshot: true image: ghcr.io/${{ github.repository_owner }}/${{ inputs.app }}@${{ needs.release.outputs.digest }} From 43279af378f0041fa3a648719a4bf901bfc351c0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 11 Dec 2025 23:08:36 +0000 Subject: [PATCH 80/94] =?UTF-8?q?ci(github-action):=20update=20action=20pe?= =?UTF-8?q?ter-evans/create-pull-request=20(v7.0.9=20=E2=86=92=20v7.0.11)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deprecate-app.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deprecate-app.yaml b/.github/workflows/deprecate-app.yaml index 1a63d1a31..97a39014d 100644 --- a/.github/workflows/deprecate-app.yaml +++ b/.github/workflows/deprecate-app.yaml @@ -45,7 +45,7 @@ jobs: rm -rf ./apps/${{ inputs.app }} - name: Create Pull Request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11 id: pr with: body: | From 1fae0b4fbd8018f91859c65d3428581685065b30 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 13 Dec 2025 06:59:13 +0000 Subject: [PATCH 81/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.31.6=20=E2=86=92=20v3.31.7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 05a45a41d..f9979b8b5 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@497990dfed22177a82ba1bbab381bc8f6d27058f # v3.31.6 + uses: github/codeql-action/init@bffd034ab1518ad839a542b8a7356e13a240e076 # v3.31.7 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@497990dfed22177a82ba1bbab381bc8f6d27058f # v3.31.6 + uses: github/codeql-action/analyze@bffd034ab1518ad839a542b8a7356e13a240e076 # v3.31.7 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index c395ead50..9772528f8 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@497990dfed22177a82ba1bbab381bc8f6d27058f # v3.31.6 + uses: github/codeql-action/upload-sarif@bffd034ab1518ad839a542b8a7356e13a240e076 # v3.31.7 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From c438f94883b59e72ef66ca3b8e6cdbdaaf7b38b7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 13 Dec 2025 06:59:28 +0000 Subject: [PATCH 82/94] =?UTF-8?q?fix(mise):=20update=20tool=20aqua:cli/cli?= =?UTF-8?q?=20(2.83.1=20=E2=86=92=202.83.2)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 7ecd50718..50a9a6994 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,5 +1,5 @@ [tools] -"aqua:cli/cli" = "2.83.1" +"aqua:cli/cli" = "2.83.2" "aqua:go-task/task" = "3.45.5" "aqua:GoogleContainerTools/container-structure-test" = "1.22.0" "aqua:jqlang/jq" = "1.8.0" From 77ce9b137aae0ae8b75186661ce3d36f455b9838 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Dec 2025 23:41:21 +0000 Subject: [PATCH 83/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(1ea6cfd=20=E2=86=92=20fbe1652)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index f8308df27..5c7845028 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install regctl - uses: regclient/actions/regctl-installer@1ea6cfdb5365b98ff1201dde150f417efc4a2079 # main + uses: regclient/actions/regctl-installer@fbe1652f0f817997df4af08dfd7706bf45247cf2 # main - name: Get Bake Options id: app-options From 9ce93360cb4b5a16b4ca741a373bea487f13b9d8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Dec 2025 23:41:39 +0000 Subject: [PATCH 84/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:mikefa?= =?UTF-8?q?rah/yq=20(4.49.2=20=E2=86=92=204.50.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 50a9a6994..fa45c0af7 100644 --- a/.mise.toml +++ b/.mise.toml @@ -3,7 +3,7 @@ "aqua:go-task/task" = "3.45.5" "aqua:GoogleContainerTools/container-structure-test" = "1.22.0" "aqua:jqlang/jq" = "1.8.0" -"aqua:mikefarah/yq" = "4.49.2" +"aqua:mikefarah/yq" = "4.50.1" [hooks] postinstall = [ From 67c4f898be532a8b69455c0866c022ca08a6bd88 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 18 Dec 2025 11:40:52 +0000 Subject: [PATCH 85/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(fbe1652=20=E2=86=92=203bf6918)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index 5c7845028..a340387d2 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install regctl - uses: regclient/actions/regctl-installer@fbe1652f0f817997df4af08dfd7706bf45247cf2 # main + uses: regclient/actions/regctl-installer@3bf69189e904cf474978b10d944611b9d23a1ccc # main - name: Get Bake Options id: app-options From 4500f8809317dd7f7dbb4e24959ff05a9895aa0e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 18 Dec 2025 11:41:07 +0000 Subject: [PATCH 86/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.31.7=20=E2=86=92=20v3.31.8)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index f9979b8b5..a42627302 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@bffd034ab1518ad839a542b8a7356e13a240e076 # v3.31.7 + uses: github/codeql-action/init@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@bffd034ab1518ad839a542b8a7356e13a240e076 # v3.31.7 + uses: github/codeql-action/analyze@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index 9772528f8..ba22f42d9 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@bffd034ab1518ad839a542b8a7356e13a240e076 # v3.31.7 + uses: github/codeql-action/upload-sarif@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From d66b1739a839871c9119b59c1056d19209793462 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 12:05:27 +0000 Subject: [PATCH 87/94] =?UTF-8?q?fix(mise):=20update=20tool=20aqua:googlec?= =?UTF-8?q?ontainertools/container-structure-test=20(1.22.0=20=E2=86=92=20?= =?UTF-8?q?1.22.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index fa45c0af7..13b85fc08 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,7 +1,7 @@ [tools] "aqua:cli/cli" = "2.83.2" "aqua:go-task/task" = "3.45.5" -"aqua:GoogleContainerTools/container-structure-test" = "1.22.0" +"aqua:GoogleContainerTools/container-structure-test" = "1.22.1" "aqua:jqlang/jq" = "1.8.0" "aqua:mikefarah/yq" = "4.50.1" From eb1bb873de797e42913bb6f8f1f9ac4a87c11310 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 12:05:46 +0000 Subject: [PATCH 88/94] =?UTF-8?q?ci(github-action):=20update=20action=20do?= =?UTF-8?q?cker/setup-buildx-action=20(v3.11.1=20=E2=86=92=20v3.12.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 361460b0f..67599492d 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -110,7 +110,7 @@ jobs: path: ${{ runner.temp }} - name: Setup Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Add Include Directory to Build Context run: | From 6ecc2b919ee12579ce1581b318f2b061dcf8731b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 20 Dec 2025 14:54:58 +0000 Subject: [PATCH 89/94] =?UTF-8?q?ci(github-action):=20update=20action=20gi?= =?UTF-8?q?thub/codeql-action=20(v3.31.8=20=E2=86=92=20v3.31.9)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yaml | 4 ++-- .github/workflows/vulnerability-scan.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index a42627302..f5b7b89ad 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8 + uses: github/codeql-action/init@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} source-root: ${{ matrix.source-root }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8 + uses: github/codeql-action/analyze@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9 with: category: language:${{ matrix.language }} diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index ba22f42d9..e9084fdb7 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -90,7 +90,7 @@ jobs: severity-cutoff: high - name: Upload Report - uses: github/codeql-action/upload-sarif@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8 + uses: github/codeql-action/upload-sarif@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9 with: category: container:${{ matrix.app }} sarif_file: ${{ steps.scan.outputs.sarif }} From 5ae31677c355d86bdc16c8e237313389d0c9f685 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 20 Dec 2025 14:55:17 +0000 Subject: [PATCH 90/94] =?UTF-8?q?feat(mise):=20update=20tool=20aqua:go-tas?= =?UTF-8?q?k/task=20(3.45.5=20=E2=86=92=203.46.3)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 13b85fc08..fe3a8b44d 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,6 +1,6 @@ [tools] "aqua:cli/cli" = "2.83.2" -"aqua:go-task/task" = "3.45.5" +"aqua:go-task/task" = "3.46.3" "aqua:GoogleContainerTools/container-structure-test" = "1.22.1" "aqua:jqlang/jq" = "1.8.0" "aqua:mikefarah/yq" = "4.50.1" From 3ce78e47d51c1fa36efd022271d38a8e991d999c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 22 Dec 2025 20:14:24 +0000 Subject: [PATCH 91/94] =?UTF-8?q?ci(github-action):=20update=20action=20re?= =?UTF-8?q?gclient/actions=20(3bf6918=20=E2=86=92=2073d0a55)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/retry-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/retry-release.yaml b/.github/workflows/retry-release.yaml index a340387d2..f198311a6 100644 --- a/.github/workflows/retry-release.yaml +++ b/.github/workflows/retry-release.yaml @@ -46,7 +46,7 @@ jobs: uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install regctl - uses: regclient/actions/regctl-installer@3bf69189e904cf474978b10d944611b9d23a1ccc # main + uses: regclient/actions/regctl-installer@73d0a55cd4885dc9ce30ce2772a9c01b5753ffef # main - name: Get Bake Options id: app-options From 488ca7c63ad686d1c7b40176cac4e4a2a1a21cd2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 23 Dec 2025 16:05:22 +0000 Subject: [PATCH 92/94] =?UTF-8?q?ci(github-action):=20update=20action=20an?= =?UTF-8?q?chore/sbom-action=20(v0.20.11=20=E2=86=92=20v0.21.0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/app-builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml index 67599492d..56412cf52 100644 --- a/.github/workflows/app-builder.yaml +++ b/.github/workflows/app-builder.yaml @@ -228,7 +228,7 @@ jobs: password: ${{ github.token }} - name: Upload Dependency Snapshot - uses: anchore/sbom-action@43a17d6e7add2b5535efe4dcae9952337c479a93 # v0.20.11 + uses: anchore/sbom-action@a930d0ac434e3182448fe678398ba5713717112a # v0.21.0 with: dependency-snapshot: true image: ghcr.io/${{ github.repository_owner }}/${{ inputs.app }}@${{ needs.release.outputs.digest }} From 221ad20fbb495afb0dd5f337f248477daf63248f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 25 Dec 2025 10:49:58 +0000 Subject: [PATCH 93/94] =?UTF-8?q?fix(mise):=20update=20tool=20aqua:go-task?= =?UTF-8?q?/task=20(3.46.3=20=E2=86=92=203.46.4)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index fe3a8b44d..0bf26ed6d 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,6 +1,6 @@ [tools] "aqua:cli/cli" = "2.83.2" -"aqua:go-task/task" = "3.46.3" +"aqua:go-task/task" = "3.46.4" "aqua:GoogleContainerTools/container-structure-test" = "1.22.1" "aqua:jqlang/jq" = "1.8.0" "aqua:mikefarah/yq" = "4.50.1" From 9a28806f63c5040ae9f3112d906d2f1aa4c79b4b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 1 Jan 2026 15:47:44 +0000 Subject: [PATCH 94/94] =?UTF-8?q?ci(github-action)!:=20Update=20action=20a?= =?UTF-8?q?ctions/cache=20(v4.3.0=20=E2=86=92=20v5.0.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/vulnerability-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml index e9084fdb7..3be832500 100644 --- a/.github/workflows/vulnerability-scan.yaml +++ b/.github/workflows/vulnerability-scan.yaml @@ -36,7 +36,7 @@ jobs: - name: Restore Database id: database-restore - uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: key: grype-db-${{ steps.cache.outputs.key }} path: ~/.cache/grype/db @@ -53,7 +53,7 @@ jobs: - if: ${{ always() && steps.database-restore.outputs.cache-hit != 'true' }} name: Cache Database - uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: key: grype-db-${{ steps.cache.outputs.key }} path: ~/.cache/grype/db @@ -76,7 +76,7 @@ jobs: run: echo "key=$(date -u +'%Y-%m-%d')" >> $GITHUB_OUTPUT - name: Restore Database - uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: key: grype-db-${{ steps.cache.outputs.key }} path: ~/.cache/grype/db