From fe2fa571ab92047e881d16a3b0385110bc172ca0 Mon Sep 17 00:00:00 2001
From: Renovate <no-reply@git.hamburg.ccc.de>
Date: Thu, 30 Oct 2025 04:30:44 +0000
Subject: [PATCH 1/3] Update docker.io/library/redis Docker tag to v8

---
 resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
index deb9f50..8564028 100644
--- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
@@ -13,7 +13,7 @@ services:
     restart: unless-stopped
 
   redis:
-    image: docker.io/library/redis:7.4.6@sha256:a9cc41d6d01da2aa26c219e4f99ecbeead955a7b656c1c499cce8922311b2514
+    image: docker.io/library/redis:8.2.2@sha256:4521b581dbddea6e7d81f8fe95ede93f5648aaa66a9dacd581611bf6fe7527bd
     ports:
       - "6379:6379"
     volumes:

From a11ccaf16ca77cdb93d05a07ce7bf3e54f87220b Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Thu, 30 Oct 2025 05:50:42 +0100
Subject: [PATCH 2/3] disable digest pinning for our images, since Forgejo
 cleans them up

Since Forgejo seems to clean up older tag versions, so older digests,
disable digest pinning for our images.
While generally resulting in undeployable config, with ansible-pull the
breakage is especially noticeable.
---
 renovate.json                                             | 6 ++++++
 .../chaosknoten/keycloak/docker_compose/compose.yaml.j2   | 8 ++++----
 resources/chaosknoten/pad/docker_compose/compose.yaml.j2  | 2 +-
 resources/z9/dooris/docker_compose/compose.yaml.j2        | 2 +-
 resources/z9/yate/docker_compose/compose.yaml.j2          | 4 ++--
 5 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/renovate.json b/renovate.json
index 9dc45bf..7e604c1 100644
--- a/renovate.json
+++ b/renovate.json
@@ -28,6 +28,12 @@
       "matchDatasources": ["docker"],
       "matchPackageNames": ["docker.io/pretix/standalone"],
       "versioning": "regex:^(?<major>\\d+\\.\\d+)(?:\\.(?<minor>\\d+))$"
+    },
+    // Since Forgejo seems to clean up older tag versions, so older digests, disable digest pinning for our images.
+    {
+      "matchDatasources": ["docker"],
+      "matchPackageNames": ["git.hamburg.ccc.de/*"],
+      "pinDigests": false
     }
   ],
   "customManagers": [
diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
index 92a6afb..d91a254 100644
--- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
@@ -22,7 +22,7 @@
 
 services:
   keycloak:
-    image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.4@sha256:06bfa760dfa40bd3d4305a67ce02e9dc70113151f09820a3bc6c75f5f7ece855
+    image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.4
     pull_policy: always
     restart: unless-stopped
     command: start --optimized
@@ -58,7 +58,7 @@ services:
       POSTGRES_DB: keycloak
 
   id-invite-web:
-    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a
+    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
     command: web
     restart: unless-stopped
     networks:
@@ -84,7 +84,7 @@ services:
       - "BOTTLE_HOST=0.0.0.0"
 
   id-invite-email:
-    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a
+    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
     command: email
     restart: unless-stopped
     networks:
@@ -99,7 +99,7 @@ services:
       - "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}"
 
   id-invite-keycloak:
-    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a
+    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
     command: keycloak
     restart: unless-stopped
     networks:
diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
index 5513381..70dc7e6 100644
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@@ -46,7 +46,7 @@ services:
       - database
 
   hedgedoc-expire:
-    image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest@sha256:9be261712a8ee57ff89068c3926a8c5d7c96ff80aa629f98eec239786c6158b1
+    image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest
     # command: "emailcheck"
     command: "cron"
     environment:
diff --git a/resources/z9/dooris/docker_compose/compose.yaml.j2 b/resources/z9/dooris/docker_compose/compose.yaml.j2
index b722aa7..38db85a 100644
--- a/resources/z9/dooris/docker_compose/compose.yaml.j2
+++ b/resources/z9/dooris/docker_compose/compose.yaml.j2
@@ -2,7 +2,7 @@
 
 services:
   dooris:
-    image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest@sha256:a895989b0955936cbe0641de0309bcb343a9da9c2c8d6184d906a66bf1151303
+    image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest
     environment:
       HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27"
       HMDOORIS_CCUJACK_CERTIFICATE_PATH: false
diff --git a/resources/z9/yate/docker_compose/compose.yaml.j2 b/resources/z9/yate/docker_compose/compose.yaml.j2
index c39afa4..562b318 100644
--- a/resources/z9/yate/docker_compose/compose.yaml.j2
+++ b/resources/z9/yate/docker_compose/compose.yaml.j2
@@ -2,7 +2,7 @@
 
 services:
   yate:
-    image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest@sha256:66f77d63dc52c9aeb09481e48b9d62f5f95439f86eab3766fce94daea7b2e26a
+    image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest
     # command:
     #   - sh
     #   - "-c"
@@ -17,4 +17,4 @@ services:
       - ./configs/accfile.conf:/opt/yate/etc/yate/accfile.conf
       - ./configs/regexroute.conf:/opt/yate/etc/yate/regexroute.conf
       - ./configs/regfile.conf:/opt/yate/etc/yate/regfile.conf
-      - ./lib-yate:/var/lib/yate
\ No newline at end of file
+      - ./lib-yate:/var/lib/yate

From d0a8f728586b3b3399b5a46a6d7188262604b8dc Mon Sep 17 00:00:00 2001
From: Renovate <no-reply@git.hamburg.ccc.de>
Date: Thu, 30 Oct 2025 05:02:13 +0000
Subject: [PATCH 3/3] Update docker.io/library/redis Docker tag to v8

---
 resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
index deb9f50..8564028 100644
--- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
@@ -13,7 +13,7 @@ services:
     restart: unless-stopped
 
   redis:
-    image: docker.io/library/redis:7.4.6@sha256:a9cc41d6d01da2aa26c219e4f99ecbeead955a7b656c1c499cce8922311b2514
+    image: docker.io/library/redis:8.2.2@sha256:4521b581dbddea6e7d81f8fe95ede93f5648aaa66a9dacd581611bf6fe7527bd
     ports:
       - "6379:6379"
     volumes: