Harden CI workflows: reliability tests, least-privilege, build cache

Reliability (catch a bad image revision before prod): - Smoke-test the exact pushed digest in update-image-on-push.yml BEFORE the merge job tags it 'latest' (previously the prod artifact was never run). - Assert the p2pool banner reports the pinned P2POOL_BRANCH tag, and verify the container starts and stays up, instead of just sleeping 30s. Hardening: - Least-privilege 'permissions:' blocks (default contents: read; packages: write only on push/merge jobs; repo default token is currently write-all). - Concurrency groups (cancel superseded PR builds; serialize prod pushes). - persist-credentials: false on checkout; timeout-minutes on jobs. Build cache: - cache-to registry buildcache (mode=max, per-arch); read buildcache + latest. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Merge pull request #161 from sethforprivacy/fix-legacy-dockerfile-syntax
2026-06-23 12:22:36 -04:00 · 2026-06-23 09:16:30 -04:00 · 2026-06-23 08:45:47 -04:00 · 2026-06-23 08:20:40 -04:00 · 2026-06-23 07:36:59 -04:00 · 2026-06-23 11:11:44 +00:00
8 changed files with 152 additions and 74 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,11 +0,0 @@
-version: 2
-updates:
-  # Maintain dependencies for GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    groups:
-      dependency-updates:
-        patterns:
-          - "*"
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -0,0 +1,24 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    "docker:enableMajor",
+    "mergeConfidence:all-badges",
+    ":disableRateLimiting",
+    ":semanticCommits"
+  ],
+  "rebaseWhen": "conflicted",
+  "customManagers": [
+    {
+      "customType": "regex",
+      "managerFilePatterns": [
+        "/(^|/)Dockerfile$/"
+      ],
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\sARG .*?_VERSION=(?<currentValue>.*)(\\sARG .*?_CHECKSUM=(?<currentDigest>.*))?\\s",
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\sARG .*?_BRANCH=(?<currentValue>.*)(\\sARG .*?_COMMIT_HASH=(?<currentDigest>.*))?\\s"
+      ],
+      "versioningTemplate": "{{#if versioning}}{{versioning}}{{/if}}"
+    }
+  ]
+}
--- a/.github/workflows/build-image-on-push.yml
+++ b/.github/workflows/build-image-on-push.yml
@@ -11,12 +11,25 @@ on:
    - 'Dockerfile'
  workflow_dispatch:

+# Least-privilege default token (this workflow only reads the repo and pulls cache)
+permissions:
+  contents: read
+
+# Cancel superseded runs for the same ref to save CI minutes
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 env:
  GHCR_REPO: ghcr.io/${{ github.repository_owner }}/p2pool

 jobs:
  rebuild-container:
    name: "Build image with cache"
+    timeout-minutes: 60
+    permissions:
+      contents: read
+      packages: read
    strategy:
      fail-fast: false
      matrix:
@@ -35,26 +48,39 @@ jobs:
        run: |
          echo "PLATFORM=linux/amd64" >> $GITHUB_ENV
          echo "DIGEST_NAME=amd64" >> $GITHUB_ENV
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.11.1
-      -
-        name: Checkout repository
-        uses: actions/checkout@v5
-      -
-        name: Test build of image
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4.1.0
+      - name: Checkout repository
+        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
+      - name: Test build of image
        id: build
-        uses: docker/build-push-action@v6.18.0
+        uses: docker/build-push-action@v7.2.0
        with:
          push: false
          load: true
          platforms: ${{ env.PLATFORM }}
          tags: p2pool:testing
-          cache-from: type=registry,ref=${{ env.GHCR_REPO }}:latest
-      - 
-        name: Test-run image
+          cache-from: |
+            type=registry,ref=${{ env.GHCR_REPO }}:buildcache-${{ env.DIGEST_NAME }}
+            type=registry,ref=${{ env.GHCR_REPO }}:latest
+      - name: Verify reported version matches the pinned p2pool tag
        run: |
-          docker run --rm p2pool:testing --wallet 468ydghFfthE3UTc53eF5MP9UyrMcUiAHP5kizVYJsej5XGaXBoAAEzUHCcUF7t3E3RrYAX8Rs1ujhBdcvMpZSbH8qkb55R &
-          PID=$!
-          sleep 30
-          kill -SIGINT $PID # this will return a non-zero exit code if the container dies early on
+          set -euo pipefail
+          EXPECTED="$(awk -F= '/^ARG P2POOL_BRANCH=/{print $2; exit}' Dockerfile)"
+          echo "Expecting p2pool to report: ${EXPECTED}"
+          OUT="$(docker run --rm p2pool:testing --help 2>&1 || true)"
+          echo "${OUT}" | head -1
+          echo "${OUT}" | grep -q "${EXPECTED}" \
+            || { echo "::error::p2pool banner does not contain expected tag ${EXPECTED}"; exit 1; }
+      - name: Verify the container starts and stays up
+        run: |
+          set -uo pipefail
+          CID="$(docker run -d p2pool:testing --wallet 468ydghFfthE3UTc53eF5MP9UyrMcUiAHP5kizVYJsej5XGaXBoAAEzUHCcUF7t3E3RrYAX8Rs1ujhBdcvMpZSbH8qkb55R)"
+          sleep 20
+          if [ "$(docker inspect -f '{{.State.Running}}' "$CID" 2>/dev/null || echo false)" != "true" ]; then
+            echo "::error::container exited early"; docker logs "$CID" 2>&1 || true
+            docker rm -f "$CID" >/dev/null 2>&1 || true; exit 1
+          fi
+          docker rm -f "$CID" >/dev/null 2>&1 || true
--- a/.github/workflows/update-image-on-push.yml
+++ b/.github/workflows/update-image-on-push.yml
@@ -8,12 +8,26 @@ on:
    - 'Dockerfile'
  workflow_dispatch:

+# Least-privilege default; jobs that push opt into packages: write below
+permissions:
+  contents: read
+
+# Never run two prod pushes for the same ref concurrently (avoid racing the
+# manifest/`latest` tag); do not cancel an in-flight push.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
 env:
  GHCR_REPO: ghcr.io/${{ github.repository_owner }}/p2pool

 jobs:
  build:
    name: "Build container for multiple architectures and push by digest"
+    timeout-minutes: 60
+    permissions:
+      contents: read
+      packages: write
    strategy:
      fail-fast: false
      matrix:
@@ -34,32 +48,57 @@ jobs:
          echo "DIGEST_NAME=amd64" >> $GITHUB_ENV
      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
        with:
          images: |
            ${{ env.GHCR_REPO }}
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.11.1
-      -
-        name: Login to GitHub Container Registry
-        uses: docker/login-action@v3.5.0
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4.1.0
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v4.2.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Checkout repository
-        uses: actions/checkout@v5
-      -
-        name: Build and and push by digest
-        uses: docker/build-push-action@v6.18.0
+      - name: Checkout repository
+        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
+      - name: Build and push by digest
+        uses: docker/build-push-action@v7.2.0
        id: build
        with:
          outputs: type=image,"name=${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=true
          platforms: ${{ env.PLATFORM }}
          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ env.GHCR_REPO }}:latest
+          cache-from: |
+            type=registry,ref=${{ env.GHCR_REPO }}:buildcache-${{ env.DIGEST_NAME }}
+            type=registry,ref=${{ env.GHCR_REPO }}:latest
+          cache-to: type=registry,ref=${{ env.GHCR_REPO }}:buildcache-${{ env.DIGEST_NAME }},mode=max
+
+      # Smoke-test the exact artifact that was just pushed, BEFORE the merge job
+      # tags it `latest`. If this fails, the merge job (needs: build) never runs.
+      - name: Verify pushed image reports the pinned p2pool tag
+        run: |
+          set -euo pipefail
+          EXPECTED="$(awk -F= '/^ARG P2POOL_BRANCH=/{print $2; exit}' Dockerfile)"
+          REF="${GHCR_REPO}@${{ steps.build.outputs.digest }}"
+          echo "Expecting ${EXPECTED} from ${REF}"
+          OUT="$(docker run --rm "${REF}" --help 2>&1 || true)"
+          echo "${OUT}" | head -1
+          echo "${OUT}" | grep -q "${EXPECTED}" \
+            || { echo "::error::pushed image banner does not contain expected tag ${EXPECTED}"; exit 1; }
+      - name: Verify pushed image starts and stays up
+        run: |
+          set -uo pipefail
+          REF="${GHCR_REPO}@${{ steps.build.outputs.digest }}"
+          CID="$(docker run -d "${REF}" --wallet 468ydghFfthE3UTc53eF5MP9UyrMcUiAHP5kizVYJsej5XGaXBoAAEzUHCcUF7t3E3RrYAX8Rs1ujhBdcvMpZSbH8qkb55R)"
+          sleep 20
+          if [ "$(docker inspect -f '{{.State.Running}}' "$CID" 2>/dev/null || echo false)" != "true" ]; then
+            echo "::error::pushed image exited early"; docker logs "$CID" 2>&1 || true
+            docker rm -f "$CID" >/dev/null 2>&1 || true; exit 1
+          fi
+          docker rm -f "$CID" >/dev/null 2>&1 || true

      - name: Export digest
        run: |
@@ -68,7 +107,7 @@ jobs:
          touch "${{ runner.temp }}/digests/${digest#sha256:}"

      - name: Upload digest
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
        with:
          name: digests-${{ env.DIGEST_NAME }}
          path: ${{ runner.temp }}/digests/*
@@ -76,36 +115,43 @@ jobs:
          retention-days: 1

  merge:
+    name: "Merge digests and push with proper tags"
+    timeout-minutes: 15
    runs-on: ubuntu-latest
    needs:
      - build
+    permissions:
+      contents: read
+      packages: write
    steps:
      - name: Download digests
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v8
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-*
          merge-multiple: true

      - name: Login to GHCR
-        uses: docker/login-action@v3.5.0
+        uses: docker/login-action@v4.2.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.11.1
+        uses: docker/setup-buildx-action@v4.1.0

      - name: Checkout repository
-        uses: actions/checkout@v5
-      
+        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
+
      - name: Get p2pool release tag
        run: echo P2POOL_TAG="$(awk -F '=' '/P2POOL_BRANCH=/ {print $2}' Dockerfile)" >> $GITHUB_ENV

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
        with:
          images: |
            ${{ env.GHCR_REPO }}
--- a/25
+++ b/25
@@ -1,7 +1,8 @@
-ARG P2POOL_BRANCH=v4.9
+# renovate: datasource=github-releases depName=SChernykh/p2pool
+ARG P2POOL_BRANCH=v4.17

-# Select latest Ubuntu LTS for the build image base
-FROM ubuntu:latest as build
+# Pin to the latest Ubuntu LTS for the build image base (kept current by Renovate)
+FROM ubuntu:26.04 AS build
 LABEL author="sethforprivacy@protonmail.com" \
      maintainer="sethforprivacy@protonmail.com"

@@ -16,28 +17,30 @@ RUN apt-get update \

 ENV CFLAGS='-fPIC'
 ENV CXXFLAGS='-fPIC'
-ENV USE_SINGLE_BUILDDIR 1
-ENV BOOST_DEBUG         1
+ENV USE_SINGLE_BUILDDIR=1
+ENV BOOST_DEBUG=1

 # Switch to p2pool source directory
 WORKDIR /p2pool

 # Git pull p2pool source at specified tag/branch
 ARG P2POOL_BRANCH
-RUN git clone --recursive --branch ${P2POOL_BRANCH} https://github.com/SChernykh/p2pool .
+RUN git clone --recursive --depth 1 --shallow-submodules --branch ${P2POOL_BRANCH} https://github.com/SChernykh/p2pool .

 # Make static p2pool binary
 ARG NPROC
 RUN test -z "$NPROC" && nproc > /nproc || echo -n "$NPROC" > /nproc && mkdir build && cd build && cmake .. && make -j"$(cat /nproc)"

-# Select latest Ubuntu LTS for the image base
-FROM ubuntu:latest
+# Pin to the latest Ubuntu LTS for the image base (kept current by Renovate)
+FROM ubuntu:26.04

-# Install remaining dependencies
+# Install only the runtime shared libraries that the p2pool binary links against
+# (runtime equivalents of the build-stage -dev packages, verified via ldd on the
+# built binary against the pinned Ubuntu 24.04 base)
 RUN apt-get update \
    && apt-get upgrade -y \
-    && apt-get install --no-install-recommends -y libuv1-dev libzmq3-dev libsodium-dev \
-    libpgm-dev libnorm-dev libgss-dev libcurl4-openssl-dev libidn2-0-dev \
+    && apt-get install --no-install-recommends -y libuv1t64 libzmq5 libsodium23 \
+    libpgm-5.3-0t64 libnorm1t64 libgssapi-krb5-2 libcurl4t64 libidn2-0 \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2021 Seth Simmons (@sethsimmons)
+Copyright (c) 2021 Seth For Privacy (@sethforprivacy)

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@@ -3,8 +3,8 @@ A simple and straightforward Dockerized [p2pool](https://github.com/SChernykh/p2

 ## Actions

-[![Daily Update Rebuild](https://github.com/sethsimmons/p2pool-docker//actions/workflows/update-daily.yml/badge.svg)](https://github.com/sethsimmons/p2pool-docker/actions/workflows/update-daily.yml)  
-[![Weekly Update Rebuild](https://github.com/sethsimmons/p2pool-docker//actions/workflows/update-base-image.yml/badge.svg)](https://github.com/sethsimmons/p2pool-docker/actions/workflows/update-base-image.yml)  
+[![Daily Update Rebuild](https://github.com/sethforprivacy/p2pool-docker//actions/workflows/update-daily.yml/badge.svg)](https://github.com/sethforprivacy/p2pool-docker/actions/workflows/update-daily.yml)  
+[![Weekly Update Rebuild](https://github.com/sethforprivacy/p2pool-docker//actions/workflows/update-base-image.yml/badge.svg)](https://github.com/sethforprivacy/p2pool-docker/actions/workflows/update-base-image.yml)  

 # Docker Hub
 This repo is used to build the images available here on GHCR.
--- a/examples/docker-compose.yml
+++ b/examples/docker-compose.yml
@@ -1,7 +1,6 @@
-version: '3.5'
 services:
  monerod:
-    image: sethsimmons/simple-monerod:latest
+    image: ghcr.io/sethforprivacy/simple-monerod:latest
    restart: unless-stopped
    container_name: monerod
    volumes:
@@ -21,7 +20,7 @@ services:
      - "--out-peers=50"
  
  p2pool:
-    image: sethsimmons/p2pool:latest
+    image: ghcr.io/sethforprivacy/p2pool:latest
    restart: unless-stopped
    container_name: p2pool
    tty: true
@@ -52,15 +51,6 @@ services:
    volumes:
        - tor-keys:/var/lib/tor/hidden_service/

-  autoheal:
-    image: willfarrell/autoheal:latest
-    container_name: autoheal
-    restart: unless-stopped
-    environment:
-        AUTOHEAL_CONTAINER_LABEL: all
-    volumes:
-        - "/var/run/docker.sock:/var/run/docker.sock"
-
  watchtower:
    image: containrrr/watchtower:latest
    container_name: watchtower
Author	SHA1	Message	Date
Seth For Privacy	699b578ee7	Harden CI workflows: reliability tests, least-privilege, build cache Reliability (catch a bad image revision before prod): - Smoke-test the exact pushed digest in update-image-on-push.yml BEFORE the merge job tags it 'latest' (previously the prod artifact was never run). - Assert the p2pool banner reports the pinned P2POOL_BRANCH tag, and verify the container starts and stays up, instead of just sleeping 30s. Hardening: - Least-privilege 'permissions:' blocks (default contents: read; packages: write only on push/merge jobs; repo default token is currently write-all). - Concurrency groups (cancel superseded PR builds; serialize prod pushes). - persist-credentials: false on checkout; timeout-minutes on jobs. Build cache: - cache-to registry buildcache (mode=max, per-arch); read buildcache + latest. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-23 09:16:30 -04:00
Seth For Privacy	46d68375cd	Merge pull request #161 from sethforprivacy/fix-legacy-dockerfile-syntax Fix legacy Dockerfile syntax flagged by BuildKit	2026-06-23 08:45:47 -04:00
Seth For Privacy	1bb3947f60	Fix legacy Dockerfile syntax flagged by BuildKit - 'FROM ... as build' -> 'AS' (FromAsCasing) - 'ENV key value' -> 'ENV key=value' for USE_SINGLE_BUILDDIR and BOOST_DEBUG (LegacyKeyValueFormat) No functional change; 'docker build --check' now reports no warnings. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-23 08:20:40 -04:00
Seth For Privacy	df326bcf85	Merge pull request #160 from sethforprivacy/renovate/ubuntu-26.x chore(deps): update ubuntu docker tag to v26	2026-06-23 07:36:59 -04:00
renovate[bot]	f0f9059dd6	chore(deps): update ubuntu docker tag to v26	2026-06-23 11:11:44 +00:00
Seth For Privacy	93b13c156d	Merge pull request #157 from sethforprivacy/optimize-final-image Optimize final image: runtime libs instead of -dev, pin base image	2026-06-23 07:11:01 -04:00
Seth For Privacy	5b7ab876bf	Merge pull request #158 from sethforprivacy/add-renovate-config Add Renovate config for automated p2pool version bumps	2026-06-23 07:10:21 -04:00
Seth For Privacy	7e7cab924e	Add Renovate config for automated p2pool version bumps Adds .github/renovate.json based on the gold-standard config in sethforprivacy/simple-monerod-docker, plus a `# renovate:` annotation above ARG P2POOL_BRANCH so Renovate tracks the upstream p2pool release. - renovate.json: same extends + customManager regex as monerod. The customManager already matches `ARG ..._BRANCH=<value>` patterns, so it picks up P2POOL_BRANCH directly. The docker manager (via docker:enableMajor) will also keep the pinned ubuntu base image current. - Dockerfile: add `# renovate: datasource=github-releases depName=SChernykh/p2pool` immediately above `ARG P2POOL_BRANCH=v4.17`. Validated with `renovate-config-validator` (renovate@latest): "Config validated successfully". (Note: the field `managerFilePatterns` requires Renovate >= 39; the hosted Mend app on this owner runs current Renovate, matching the live monerod config.) The hosted Mend Renovate app is already active on this owner's repos and will pick this up automatically once merged. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-22 20:58:22 -04:00
Seth For Privacy	c0187089f4	Optimize final image: runtime libs instead of -dev, pin base image The final runtime stage installed full -dev packages (headers, static archives, build-time deps) when only the runtime shared libraries are needed. Replace them with the runtime-only equivalents, verified via `ldd` on the built p2pool binary against the pinned base. Changes: - Final stage: install runtime libs instead of -dev packages (libuv1t64, libzmq5, libsodium23, libpgm-5.3-0t64, libnorm1t64, libgssapi-krb5-2, libcurl4t64, libidn2-0). Note the t64 names on Ubuntu 24.04 due to the 64-bit time_t transition. - Pin both stages to ubuntu:24.04 (current LTS) instead of ubuntu:latest for reproducible builds. Renovate's docker manager keeps this current. - Add --depth 1 --shallow-submodules to the git clone for faster, lighter source checkout. Local verification (native arm64): - Build succeeds (exit 0). - `docker run --rm p2pool:test --help` prints "P2Pool v4.17" + usage. - `ldd` on the binary in the final image: all libs resolve, none missing. - Image size: 317MB -> 188MB (-129MB, -41%). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-22 20:57:26 -04:00
Seth For Privacy	6f18143ef1	Merge pull request #156 from sethforprivacy/purge-old-handle chore: purge old sethsimmons handle/branding	2026-06-22 20:18:01 -04:00
Seth For Privacy	81b47a06b7	chore: replace old sethsimmons handle/branding Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-22 20:15:30 -04:00
Seth For Privacy	a36f7e0a2f	Update GitHub Actions badges in README Updated GitHub Actions badges to reflect new repository links.	2026-06-21 14:02:50 -04:00
Seth For Privacy	0518013758	Update P2POOL_BRANCH to version v4.17	2026-06-21 14:01:02 -04:00
Seth For Privacy	24185da98c	Merge pull request #155 from sethforprivacy/renovate/actions-checkout-7.x Update actions/checkout action to v7	2026-06-18 15:59:53 -04:00
renovate[bot]	a0610a6215	Update actions/checkout action to v7	2026-06-18 19:52:11 +00:00
Seth For Privacy	f8867c29bb	Merge pull request #154 from hundehausen/bump/p2pool-v4.16 Bump P2Pool to version 4.16	2026-06-15 07:54:16 -04:00
hundehausen	6b67d40ec2	Update P2POOL_BRANCH to version 4.16	2026-06-13 18:45:10 +02:00
Seth For Privacy	3d1374df75	Merge pull request #153 from sethforprivacy/renovate/docker-setup-buildx-action-4.x Update docker/setup-buildx-action action to v4.1.0	2026-05-23 16:23:41 -04:00
renovate[bot]	599c70f413	Update docker/setup-buildx-action action to v4.1.0	2026-05-23 20:20:53 +00:00
Seth For Privacy	9303676316	Merge pull request #152 from sethforprivacy/renovate/docker-login-action-4.x Update docker/login-action action to v4.2.0	2026-05-23 16:20:22 -04:00
Seth For Privacy	c20c54e17d	Merge pull request #151 from sethforprivacy/renovate/docker-build-push-action-7.x Update docker/build-push-action action to v7.2.0	2026-05-23 16:20:05 -04:00
renovate[bot]	b3dca32ba0	Update docker/login-action action to v4.2.0	2026-05-23 15:50:07 +00:00
renovate[bot]	f96e9166dc	Update docker/build-push-action action to v7.2.0	2026-05-23 15:50:03 +00:00
Seth For Privacy	1ec1d51cfb	Update P2POOL_BRANCH to version 4.15.1	2026-05-12 11:01:18 -04:00
Seth For Privacy	d2bed819bd	Bump to v4.15	2026-05-01 18:46:30 -04:00
Seth For Privacy	ea2462edf8	Merge pull request #150 from sethforprivacy/renovate/docker-build-push-action-7.x Update docker/build-push-action action to v7.1.0	2026-04-10 12:22:11 -04:00
renovate[bot]	d30e72c868	Update docker/build-push-action action to v7.1.0	2026-04-10 14:04:03 +00:00
Seth For Privacy	943566c666	Delete .github/dependabot.yml	2026-04-04 09:56:58 -04:00
Seth For Privacy	2afef48805	Merge pull request #148 from sethforprivacy/renovate/docker-login-action-4.x Update docker/login-action action to v4.1.0	2026-04-04 09:56:35 -04:00
renovate[bot]	9c9a34f0d3	Update docker/login-action action to v4.1.0	2026-04-02 18:35:07 +00:00
Seth For Privacy	bd412b57f5	Merge pull request #147 from sethforprivacy/dependabot/github_actions/dependency-updates-d9df5d0194 Bump the dependency-updates group across 1 directory with 2 updates	2026-03-07 06:33:39 -05:00
dependabot[bot]	46a1067577	Bump the dependency-updates group across 1 directory with 2 updates Bumps the dependency-updates group with 2 updates in the / directory: [docker/build-push-action](https://github.com/docker/build-push-action) and [docker/metadata-action](https://github.com/docker/metadata-action). Updates `docker/build-push-action` from 6.19.2 to 7.0.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0) Updates `docker/metadata-action` from 5 to 6 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependency-updates - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependency-updates ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-06 20:42:38 +00:00
Seth For Privacy	fd9cf843cf	Merge pull request #143 from sethforprivacy/renovate/docker-setup-buildx-action-4.x Update docker/setup-buildx-action action to v4	2026-03-05 09:10:08 -05:00
renovate[bot]	e883973c01	Update docker/setup-buildx-action action to v4	2026-03-05 09:47:12 +00:00
Seth For Privacy	fa13d52fdb	Merge pull request #142 from sethforprivacy/renovate/docker-login-action-4.x Update docker/login-action action to v4	2026-03-04 06:05:52 -05:00
renovate[bot]	de5a18086b	Update docker/login-action action to v4	2026-03-04 10:46:25 +00:00
Seth For Privacy	99e34b3579	Update P2POOL_BRANCH to version v4.14	2026-03-01 20:12:03 -05:00
Seth For Privacy	21da5b959b	Merge pull request #139 from sethforprivacy/dependabot/github_actions/dependency-updates-985357984d Bump the dependency-updates group with 2 updates	2026-02-27 08:29:52 -05:00
dependabot[bot]	f2476cbaaa	Bump the dependency-updates group with 2 updates Bumps the dependency-updates group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) Updates `actions/download-artifact` from 7 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v7...v8) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependency-updates - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependency-updates ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-26 20:42:29 +00:00
Seth For Privacy	bf406b66a8	Merge pull request #137 from sethforprivacy/renovate/docker-build-push-action-6.x Update docker/build-push-action action to v6.19.2	2026-02-13 09:26:42 -05:00
renovate[bot]	cc76d47cc4	Update docker/build-push-action action to v6.19.2	2026-02-12 09:39:31 +00:00
Seth For Privacy	276ec16292	Merge pull request #136 from sethforprivacy/renovate/docker-build-push-action-6.x Update docker/build-push-action action to v6.19.0	2026-02-11 10:08:44 -05:00
renovate[bot]	366802894c	Update docker/build-push-action action to v6.19.0	2026-02-11 13:13:59 +00:00
Seth For Privacy	9fdc25b6b6	Merge pull request #135 from sethforprivacy/renovate/docker-login-action-3.x Update docker/login-action action to v3.7.0	2026-01-28 10:32:14 -05:00
renovate[bot]	868cfb9673	Update docker/login-action action to v3.7.0	2026-01-28 13:08:13 +00:00
Seth For Privacy	6ebfedde92	Merge pull request #134 from sethforprivacy/renovate/docker-setup-buildx-action-3.x Update docker/setup-buildx-action action to v3.12.0	2025-12-19 09:14:36 -05:00
renovate[bot]	6d4f11403b	Update docker/setup-buildx-action action to v3.12.0	2025-12-19 14:11:24 +00:00
Seth For Privacy	b82007d36e	Bump to v4.13	2025-12-18 09:57:08 -05:00
Seth For Privacy	8522817c89	Merge pull request #131 from sethforprivacy/dependabot/github_actions/dependency-updates-c2e7f7cad0 Bump the dependency-updates group with 2 updates	2025-12-15 11:21:33 -05:00
dependabot[bot]	8a2d4bd270	Bump the dependency-updates group with 2 updates Bumps the dependency-updates group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/upload-artifact` from 5 to 6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) Updates `actions/download-artifact` from 6 to 7 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependency-updates - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependency-updates ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-12 20:02:23 +00:00
Seth For Privacy	37d68bc1bd	Merge pull request #130 from sethforprivacy/renovate/actions-checkout-6.x Update actions/checkout action to v6	2025-11-20 13:25:41 -05:00
renovate[bot]	dae74873c4	Update actions/checkout action to v6	2025-11-20 17:46:57 +00:00
Seth For Privacy	d37c6f7bdf	Bump to v4.12	2025-11-05 13:26:05 -05:00
Seth For Privacy	84ebde54dd	Merge pull request #128 from sethforprivacy/renovate/actions-download-artifact-6.x	2025-10-26 12:35:08 -04:00
Seth For Privacy	e834b7e289	Merge pull request #127 from sethforprivacy/dependabot/github_actions/dependency-updates-3249c11fdc	2025-10-26 12:34:54 -04:00
renovate[bot]	389cc18843	Update actions/download-artifact action to v6	2025-10-24 20:02:31 +00:00
dependabot[bot]	93c985963a	Bump the dependency-updates group with 2 updates Bumps the dependency-updates group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/upload-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) Updates `actions/download-artifact` from 5 to 6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependency-updates - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependency-updates ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-24 20:02:11 +00:00
Seth For Privacy	8d209c335a	Merge pull request #126 from sethforprivacy/renovate/docker-login-action-3.x Update docker/login-action action to v3.6.0	2025-09-29 09:02:37 -04:00
renovate[bot]	2baed31844	Update docker/login-action action to v3.6.0	2025-09-29 10:52:23 +00:00
Seth For Privacy	c591b338f3	Update docker-compose.yml	2025-09-28 09:08:39 -04:00
Seth For Privacy	a1a95d5294	Bump to v4.11	2025-09-27 09:21:18 -04:00
Seth For Privacy	0bc7dba09d	Bump to v4.10.1	2025-09-10 06:53:06 -04:00
Seth For Privacy	49019ab2f9	Bump to v4.10	2025-09-09 05:37:30 -04:00
Seth For Privacy	53c1baaaf2	Bump to v4.9.1	2025-08-21 07:19:45 -04:00