github.ref_name returns '4/merge' for PR events, which is invalid in
a Docker tag. Sanitize using the head ref (branch name) with slashes
replaced by dashes.
Renovate will open PRs automatically when debian:bookworm-slim or
debian:sid-slim receive updates (e.g. security patches), keeping the
container current without relying solely on scheduled rebuilds.
Documents the upgrade path and breaking changes introduced in recent
releases: arm/v7 removal, tag format change (drop -build suffix), and
the auto-updater being permanently disabled.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
CGO compilation (especially mattn/go-sqlite3) is silent and very slow
under QEMU emulation. Switch arm64/v8 to GitHub's native ubuntu-24.04-arm
runner to eliminate QEMU overhead entirely. Keep riscv64 on ubuntu-latest
(no native runner available) but raise the job timeout to 90m to give
QEMU-emulated CGO compilation enough room to finish. Also add 30m timeout
to the test job.
apt-get has no default network timeout, so an unresponsive Debian mirror
can block a build stage indefinitely. Add Acquire::http::Timeout=30 to
both update and install calls in all apt-get invocations so mirror hangs
fail fast rather than running until GitHub's 6-hour job limit.
Also add timeout-minutes: 60 to the build job so a runaway step fails
within an hour rather than silently consuming the full 6-hour default.
debian:bookworm-slim has no riscv64 image. Parameterize the runtime
base via RUNTIME_IMAGE build-arg; the workflow passes sid-slim for
riscv64 and bookworm-slim for all other platforms.
Dockerfile:
- Keep build stage on debian:sid-slim (required for riscv64 Go support)
- Switch runtime stage to debian:bookworm-slim for stable, predictable
package names — eliminates the libcbor0 class of breakage for users
update-check.py:
- Create a branch and open a PR instead of pushing directly to master
- PR body links to upstream release notes and prompts review of new
dependencies before merge
- Remove dead deb/PACKAGE code
build.yaml:
- Drop linux/arm/v7 — upstream go-libfido2 is incompatible with 32-bit
ARM address space as of v3.22.0; not fixable without upstream changes
- Add VERSION to pull_request trigger paths so the test job builds
and validates every version bump PR before it can be merged
update-check.yaml:
- Pass GITHUB_TOKEN and GITHUB_REPOSITORY to script for PR creation
README.md:
- Document arm/v7 as unsupported with reason
- Rewrite README: update all refs from shenxn to dancwilliams, remove deb
build references, document what changed from upstream, simplify tags
section, update all docker run and compose commands, add architecture
table, add version update automation section, add credits
- Update SECURITY.md: replace shenxn contact with dancwilliams GitHub
issue reporting, clarify scope (container vs bridge itself)
- Update docker-compose.yml: point to dancwilliams/protonmail-bridge,
remove deprecated version key
The build calls to Protonmail's repo and builds from it. When that repo
changes (i.e. when deb/* changes), the image should be built again.
---------
Co-authored-by: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com>
tested locally, works fine.
debian has supported riscv64 in the sid image for some time.
this is the same thing the carlosedp/golang image did.
this also fixes the bug with the wrong glibc version, as the build
container now uses the same glibc version as the final container.
