Josh Jacobs
ab60a1c20e
chore: adjust Docker build workflow to conditionally push images
2025-10-26 16:24:01 +00:00
Josh Jacobs
2756d3b0c8
chore: harden compose + entrypoint; docs refresh; ignore artifacts; dependabot
...
- docker-compose.yml.example: drop privileged; add cap_add (NET_ADMIN, NET_RAW) and sysctls; quote env vars
- entrypoint.sh: add strict mode + traps; wait for service; idempotent iptables; graceful shutdown
- README.md: update to multi-arch + non-privileged run guidance; fix examples
- .gitignore: ignore sbom.spdx.json and results.sarif
- .github/dependabot.yml: monitor Dockerfiles weekly
No functional changes intended; improves security, robustness, and maintainability.
2025-10-26 15:50:49 +00:00
Josh Jacobs
9ab36f2593
ci: simplify multi-arch build, add cache & concurrency; fix release token
...
- Add workflow-level concurrency to avoid overlapping releases
- Enable BuildKit cache (GHA) for faster Docker builds
- Simplify to a single multi-arch build (linux/amd64, linux/arm64)
- Remove digest export/upload and manifest merge steps
- Push manifest directly from buildx with tag `latest`
- Fix GitHub Release token casing to use `secrets.GITHUB_TOKEN`
- Update Dockerfile to use TARGETARCH for correct package selection
- Pass VERSION consistently; write version to image
No functional change to runtime behavior expected; improves speed, reliability, and maintainability of the release pipeline.
2025-10-26 15:38:44 +00:00
Josh Jacobs
2e84ed575c
refactor(workflow): rename MergeRefs job to clarify purpose
2025-10-26 15:26:41 +00:00
Josh Jacobs
96ebbf805d
fix(workflow): update artifact naming and handling in docker-build.yml
...
- Changed artifact name to include architecture in upload step.
- Updated download step to use a pattern for artifact names and enabled merging of multiple artifacts.
2025-10-26 15:19:15 +00:00
dependabot[bot]
9a725ba61f
chore(deps): bump softprops/action-gh-release from 1 to 2
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-version: '2'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-26 15:04:48 +00:00
dependabot[bot]
c82c86099a
chore(deps): bump actions/checkout from 4 to 5
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-26 15:04:37 +00:00
dependabot[bot]
13f56130ca
chore(deps): bump anchore/scan-action from 3 to 7
...
Bumps [anchore/scan-action](https://github.com/anchore/scan-action ) from 3 to 7.
- [Release notes](https://github.com/anchore/scan-action/releases )
- [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md )
- [Commits](https://github.com/anchore/scan-action/compare/v3...v7 )
---
updated-dependencies:
- dependency-name: anchore/scan-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-26 15:04:10 +00:00
dependabot[bot]
6a3d0a9f23
chore(deps): bump docker/build-push-action from 5 to 6
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-26 15:02:58 +00:00
dependabot[bot]
b08ce9f821
chore(deps): bump github/codeql-action from 2 to 4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2 to 4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v4 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-26 15:02:47 +00:00
dependabot[bot]
e987eeb8f4
chore(deps): bump TriPSs/conventional-changelog-action from 3 to 6
...
Bumps [TriPSs/conventional-changelog-action](https://github.com/tripss/conventional-changelog-action ) from 3 to 6.
- [Release notes](https://github.com/tripss/conventional-changelog-action/releases )
- [Changelog](https://github.com/TriPSs/conventional-changelog-action/blob/releases/v6/CHANGELOG.md )
- [Commits](https://github.com/tripss/conventional-changelog-action/compare/v3...v6 )
---
updated-dependencies:
- dependency-name: TriPSs/conventional-changelog-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-26 15:02:32 +00:00
dependabot[bot]
85cd3af0ff
chore(deps): bump actions/download-artifact from 3 to 6
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v3...v6 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-26 15:02:08 +00:00
dependabot[bot]
3c0a4bb93e
chore(deps): bump actions/upload-artifact from 3 to 5
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v5 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-26 14:58:09 +00:00
Josh Jacobs
8a260aebd1
chore: add dependabot configuration for GitHub Actions updates
2025-10-26 14:54:23 +00:00
Josh J
704859e91a
ci: changelog needs permissions to commit to repo
...
consider breaking this out into another workflow to segregate permission
2023-10-17 09:09:03 +01:00
Josh J
63e3bea752
ci: must checkout before changelog
2023-10-17 08:59:47 +01:00
Josh J
fdd8bbbdda
ci: needs to be able to publish security reports
2023-10-17 08:52:23 +01:00
Josh J
ffea17e8e8
ci: only do final build on main branch
...
oitherwise there's no tag to pull from
2023-10-17 08:43:10 +01:00
b144c39680
ci: only build PRs with main as base
2023-10-03 07:21:37 +00:00
a48a9286a2
ci: only build issue branches
2023-10-03 07:19:51 +00:00
511a78b182
ci: only build assigned PRs
2023-10-03 07:18:49 +00:00
2d7d9c7f3b
ci: add permissions to actions file
2023-10-03 07:08:31 +00:00
46ee60cbc9
fix: set latest tag
2023-09-23 22:31:27 +00:00
bca9ec3df7
fix: 401
2023-09-23 21:49:35 +00:00
5cd683cb7a
fix: remove tag to hopefully fix digest pushing
2023-09-23 21:44:42 +00:00
8d550748cd
fix: push by digest again
2023-09-23 21:39:53 +00:00
f8d73263fd
fix: re-setup buildx
2023-09-23 21:33:13 +00:00
2c987a3bbe
fix: push by digest is breaking things
2023-09-23 21:30:17 +00:00
be55349cef
fix: correct deps
2023-09-23 21:28:42 +00:00
593036c8ad
fix: correct multiplatform builds
...
because apparently manifests are too difficult
2023-09-23 21:27:47 +00:00
aab5c079dc
feat: multi-platform builds
2023-09-23 21:06:25 +00:00
d3f10891c8
sec: lower vuln threshold
2023-09-22 21:09:20 +00:00
6e3c2690fc
fix: correct double message
2023-09-22 21:03:32 +00:00
977df48644
fix: only alert on CVEs that have a fix
2023-09-22 20:54:49 +00:00
89e29531f0
fix: upload sarif file
2023-09-22 20:37:00 +00:00
ec84d91bc3
Integrate Grype for Scanning
...
Fixes #11
2023-09-22 20:31:11 +00:00
ab9c1c4816
ci: remove duplicate artifact upload
2023-09-22 20:26:27 +00:00
24c26bea0d
ci: specify file output
2023-09-22 20:24:38 +00:00
8e6724ef25
ci: simplify sbom
2023-09-22 20:21:51 +00:00
3a0be9b7dd
ci: running on published instead of just created
2023-09-22 20:11:06 +00:00
c47edea183
ci: move sbom into it's own file
2023-09-22 20:07:21 +00:00
44e70e01be
ci: test shifting sbom around
2023-09-22 20:01:20 +00:00
ad8063651d
Integrate syft for SBOM
...
Fixes #12
2023-09-22 19:41:17 +00:00
c34324b998
fix: quick filter to not release on PRs
2023-09-22 19:34:26 +00:00
bc56fb09ad
ci: update workflow name
2023-09-22 19:23:33 +00:00
ab80272f60
Add a CI Release Process
...
Fixes #16
2023-09-22 19:18:19 +00:00
3a5eb50b13
fix: ci: use full registry name
2023-09-22 13:13:59 +00:00
f461592cbf
chore: update dep versions
2023-09-22 13:11:59 +00:00
fc24b78d4a
fix: ci: lowercase tag names
2023-09-22 13:03:36 +00:00
3b29bee4c6
fix: ci: use correct registry
2023-09-22 13:00:14 +00:00
