From a11ccaf16ca77cdb93d05a07ce7bf3e54f87220b Mon Sep 17 00:00:00 2001 From: June Date: Thu, 30 Oct 2025 05:50:42 +0100 Subject: [PATCH 1/2] disable digest pinning for our images, since Forgejo cleans them up Since Forgejo seems to clean up older tag versions, so older digests, disable digest pinning for our images. While generally resulting in undeployable config, with ansible-pull the breakage is especially noticeable. --- renovate.json | 6 ++++++ .../chaosknoten/keycloak/docker_compose/compose.yaml.j2 | 8 ++++---- resources/chaosknoten/pad/docker_compose/compose.yaml.j2 | 2 +- resources/z9/dooris/docker_compose/compose.yaml.j2 | 2 +- resources/z9/yate/docker_compose/compose.yaml.j2 | 4 ++-- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/renovate.json b/renovate.json index 9dc45bf..7e604c1 100644 --- a/renovate.json +++ b/renovate.json @@ -28,6 +28,12 @@ "matchDatasources": ["docker"], "matchPackageNames": ["docker.io/pretix/standalone"], "versioning": "regex:^(?\\d+\\.\\d+)(?:\\.(?\\d+))$" + }, + // Since Forgejo seems to clean up older tag versions, so older digests, disable digest pinning for our images. + { + "matchDatasources": ["docker"], + "matchPackageNames": ["git.hamburg.ccc.de/*"], + "pinDigests": false } ], "customManagers": [ diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index 92a6afb..d91a254 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -22,7 +22,7 @@ services: keycloak: - image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.4@sha256:06bfa760dfa40bd3d4305a67ce02e9dc70113151f09820a3bc6c75f5f7ece855 + image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.4 pull_policy: always restart: unless-stopped command: start --optimized @@ -58,7 +58,7 @@ services: POSTGRES_DB: keycloak id-invite-web: - image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a + image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest command: web restart: unless-stopped networks: @@ -84,7 +84,7 @@ services: - "BOTTLE_HOST=0.0.0.0" id-invite-email: - image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a + image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest command: email restart: unless-stopped networks: @@ -99,7 +99,7 @@ services: - "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}" id-invite-keycloak: - image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a + image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest command: keycloak restart: unless-stopped networks: diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index 5513381..70dc7e6 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -46,7 +46,7 @@ services: - database hedgedoc-expire: - image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest@sha256:9be261712a8ee57ff89068c3926a8c5d7c96ff80aa629f98eec239786c6158b1 + image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest # command: "emailcheck" command: "cron" environment: diff --git a/resources/z9/dooris/docker_compose/compose.yaml.j2 b/resources/z9/dooris/docker_compose/compose.yaml.j2 index b722aa7..38db85a 100644 --- a/resources/z9/dooris/docker_compose/compose.yaml.j2 +++ b/resources/z9/dooris/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: dooris: - image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest@sha256:a895989b0955936cbe0641de0309bcb343a9da9c2c8d6184d906a66bf1151303 + image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest environment: HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27" HMDOORIS_CCUJACK_CERTIFICATE_PATH: false diff --git a/resources/z9/yate/docker_compose/compose.yaml.j2 b/resources/z9/yate/docker_compose/compose.yaml.j2 index c39afa4..562b318 100644 --- a/resources/z9/yate/docker_compose/compose.yaml.j2 +++ b/resources/z9/yate/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: yate: - image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest@sha256:66f77d63dc52c9aeb09481e48b9d62f5f95439f86eab3766fce94daea7b2e26a + image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest # command: # - sh # - "-c" @@ -17,4 +17,4 @@ services: - ./configs/accfile.conf:/opt/yate/etc/yate/accfile.conf - ./configs/regexroute.conf:/opt/yate/etc/yate/regexroute.conf - ./configs/regfile.conf:/opt/yate/etc/yate/regfile.conf - - ./lib-yate:/var/lib/yate \ No newline at end of file + - ./lib-yate:/var/lib/yate From 5e975d260126faa6bf0424577538967339164fa7 Mon Sep 17 00:00:00 2001 From: Renovate Date: Thu, 30 Oct 2025 05:02:02 +0000 Subject: [PATCH 2/2] Update docker.io/library/mariadb Docker tag to v12 --- resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 index ffe491b..174c929 100644 --- a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/mariadb:11@sha256:ae6119716edac6998ae85508431b3d2e666530ddf4e94c61a10710caec9b0f71 + image: docker.io/library/mariadb:12@sha256:5b6a1eac15b85b981a61afb89aea2a22bf76b5f58809d05f0bcc13ab6ec44cb8 environment: - "MARIADB_DATABASE=wordpress" - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}"