From a11ccaf16ca77cdb93d05a07ce7bf3e54f87220b Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Thu, 30 Oct 2025 05:50:42 +0100
Subject: [PATCH] disable digest pinning for our images, since Forgejo cleans
 them up

Since Forgejo seems to clean up older tag versions, so older digests,
disable digest pinning for our images.
While generally resulting in undeployable config, with ansible-pull the
breakage is especially noticeable.
---
 renovate.json                                             | 6 ++++++
 .../chaosknoten/keycloak/docker_compose/compose.yaml.j2   | 8 ++++----
 resources/chaosknoten/pad/docker_compose/compose.yaml.j2  | 2 +-
 resources/z9/dooris/docker_compose/compose.yaml.j2        | 2 +-
 resources/z9/yate/docker_compose/compose.yaml.j2          | 4 ++--
 5 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/renovate.json b/renovate.json
index 9dc45bf..7e604c1 100644
--- a/renovate.json
+++ b/renovate.json
@@ -28,6 +28,12 @@
       "matchDatasources": ["docker"],
       "matchPackageNames": ["docker.io/pretix/standalone"],
       "versioning": "regex:^(?<major>\\d+\\.\\d+)(?:\\.(?<minor>\\d+))$"
+    },
+    // Since Forgejo seems to clean up older tag versions, so older digests, disable digest pinning for our images.
+    {
+      "matchDatasources": ["docker"],
+      "matchPackageNames": ["git.hamburg.ccc.de/*"],
+      "pinDigests": false
     }
   ],
   "customManagers": [
diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
index 92a6afb..d91a254 100644
--- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
@@ -22,7 +22,7 @@
 
 services:
   keycloak:
-    image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.4@sha256:06bfa760dfa40bd3d4305a67ce02e9dc70113151f09820a3bc6c75f5f7ece855
+    image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.4
     pull_policy: always
     restart: unless-stopped
     command: start --optimized
@@ -58,7 +58,7 @@ services:
       POSTGRES_DB: keycloak
 
   id-invite-web:
-    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a
+    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
     command: web
     restart: unless-stopped
     networks:
@@ -84,7 +84,7 @@ services:
       - "BOTTLE_HOST=0.0.0.0"
 
   id-invite-email:
-    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a
+    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
     command: email
     restart: unless-stopped
     networks:
@@ -99,7 +99,7 @@ services:
       - "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}"
 
   id-invite-keycloak:
-    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a
+    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
     command: keycloak
     restart: unless-stopped
     networks:
diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
index 5513381..70dc7e6 100644
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@@ -46,7 +46,7 @@ services:
       - database
 
   hedgedoc-expire:
-    image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest@sha256:9be261712a8ee57ff89068c3926a8c5d7c96ff80aa629f98eec239786c6158b1
+    image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest
     # command: "emailcheck"
     command: "cron"
     environment:
diff --git a/resources/z9/dooris/docker_compose/compose.yaml.j2 b/resources/z9/dooris/docker_compose/compose.yaml.j2
index b722aa7..38db85a 100644
--- a/resources/z9/dooris/docker_compose/compose.yaml.j2
+++ b/resources/z9/dooris/docker_compose/compose.yaml.j2
@@ -2,7 +2,7 @@
 
 services:
   dooris:
-    image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest@sha256:a895989b0955936cbe0641de0309bcb343a9da9c2c8d6184d906a66bf1151303
+    image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest
     environment:
       HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27"
       HMDOORIS_CCUJACK_CERTIFICATE_PATH: false
diff --git a/resources/z9/yate/docker_compose/compose.yaml.j2 b/resources/z9/yate/docker_compose/compose.yaml.j2
index c39afa4..562b318 100644
--- a/resources/z9/yate/docker_compose/compose.yaml.j2
+++ b/resources/z9/yate/docker_compose/compose.yaml.j2
@@ -2,7 +2,7 @@
 
 services:
   yate:
-    image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest@sha256:66f77d63dc52c9aeb09481e48b9d62f5f95439f86eab3766fce94daea7b2e26a
+    image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest
     # command:
     #   - sh
     #   - "-c"
@@ -17,4 +17,4 @@ services:
       - ./configs/accfile.conf:/opt/yate/etc/yate/accfile.conf
       - ./configs/regexroute.conf:/opt/yate/etc/yate/regexroute.conf
       - ./configs/regfile.conf:/opt/yate/etc/yate/regfile.conf
-      - ./lib-yate:/var/lib/yate
\ No newline at end of file
+      - ./lib-yate:/var/lib/yate