Stabilize runtime image, add PR-based version gating, drop arm/v7
Dockerfile: - Keep build stage on debian:sid-slim (required for riscv64 Go support) - Switch runtime stage to debian:bookworm-slim for stable, predictable package names — eliminates the libcbor0 class of breakage for users update-check.py: - Create a branch and open a PR instead of pushing directly to master - PR body links to upstream release notes and prompts review of new dependencies before merge - Remove dead deb/PACKAGE code build.yaml: - Drop linux/arm/v7 — upstream go-libfido2 is incompatible with 32-bit ARM address space as of v3.22.0; not fixable without upstream changes - Add VERSION to pull_request trigger paths so the test job builds and validates every version bump PR before it can be merged update-check.yaml: - Pass GITHUB_TOKEN and GITHUB_REPOSITORY to script for PR creation README.md: - Document arm/v7 as unsupported with reason
This commit is contained in:
Dan Williams
parent
152ddbc05b
commit
fcebd8a198
5 changed files with 79 additions and 28 deletions
|
|
@ -1,9 +1,10 @@
|
|||
# The build image could be golang, but it currently does not support riscv64. Only debian:sid does, at the time of writing.
|
||||
# debian:sid-slim is required for the build stage to support riscv64 (golang:bookworm does not).
|
||||
# For the runtime stage we use debian:bookworm-slim for stable, predictable package names.
|
||||
FROM debian:sid-slim AS build
|
||||
|
||||
ARG version
|
||||
|
||||
# Install dependencies
|
||||
# Install build dependencies
|
||||
RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev libfido2-dev libcbor-dev
|
||||
|
||||
# Build
|
||||
|
|
@ -11,7 +12,7 @@ ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/
|
|||
WORKDIR /build/
|
||||
RUN make build-nogui vault-editor
|
||||
|
||||
FROM debian:sid-slim
|
||||
FROM debian:bookworm-slim
|
||||
LABEL maintainer="Dan Williams <dancwilliams@github>"
|
||||
|
||||
EXPOSE 25/tcp
|
||||
|
|
@ -21,7 +22,7 @@ EXPOSE 143/tcp
|
|||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=60s \
|
||||
CMD bash -c "pgrep -f proton-bridge || exit 1"
|
||||
|
||||
# Install dependencies and protonmail bridge
|
||||
# Install runtime dependencies
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends socat pass libsecret-1-0 libfido2-1 ca-certificates \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue