The HEALTHCHECK uses pgrep to monitor the proton-bridge process, but
procps (which provides pgrep) was not installed in the runtime image.
This caused the container to remain permanently unhealthy.
Fixes#14
Replace platform-specific amd64 digests for debian:sid-slim and
debian:bookworm-slim with multi-arch manifest list digests so Buildx
can resolve the correct platform image when building for riscv64.
Renovate will open PRs automatically when debian:bookworm-slim or
debian:sid-slim receive updates (e.g. security patches), keeping the
container current without relying solely on scheduled rebuilds.
apt-get has no default network timeout, so an unresponsive Debian mirror
can block a build stage indefinitely. Add Acquire::http::Timeout=30 to
both update and install calls in all apt-get invocations so mirror hangs
fail fast rather than running until GitHub's 6-hour job limit.
Also add timeout-minutes: 60 to the build job so a runaway step fails
within an hour rather than silently consuming the full 6-hour default.
debian:bookworm-slim has no riscv64 image. Parameterize the runtime
base via RUNTIME_IMAGE build-arg; the workflow passes sid-slim for
riscv64 and bookworm-slim for all other platforms.
Dockerfile:
- Keep build stage on debian:sid-slim (required for riscv64 Go support)
- Switch runtime stage to debian:bookworm-slim for stable, predictable
package names — eliminates the libcbor0 class of breakage for users
update-check.py:
- Create a branch and open a PR instead of pushing directly to master
- PR body links to upstream release notes and prompts review of new
dependencies before merge
- Remove dead deb/PACKAGE code
build.yaml:
- Drop linux/arm/v7 — upstream go-libfido2 is incompatible with 32-bit
ARM address space as of v3.22.0; not fixable without upstream changes
- Add VERSION to pull_request trigger paths so the test job builds
and validates every version bump PR before it can be merged
update-check.yaml:
- Pass GITHUB_TOKEN and GITHUB_REPOSITORY to script for PR creation
README.md:
- Document arm/v7 as unsupported with reason
tested locally, works fine.
debian has supported riscv64 in the sid image for some time.
this is the same thing the carlosedp/golang image did.
this also fixes the bug with the wrong glibc version, as the build
container now uses the same glibc version as the final container.
