Replace platform-specific amd64 digests for debian:sid-slim and
debian:bookworm-slim with multi-arch manifest list digests so Buildx
can resolve the correct platform image when building for riscv64.
github.ref_name returns '4/merge' for PR events, which is invalid in
a Docker tag. Sanitize using the head ref (branch name) with slashes
replaced by dashes.
Renovate will open PRs automatically when debian:bookworm-slim or
debian:sid-slim receive updates (e.g. security patches), keeping the
container current without relying solely on scheduled rebuilds.
CGO compilation (especially mattn/go-sqlite3) is silent and very slow
under QEMU emulation. Switch arm64/v8 to GitHub's native ubuntu-24.04-arm
runner to eliminate QEMU overhead entirely. Keep riscv64 on ubuntu-latest
(no native runner available) but raise the job timeout to 90m to give
QEMU-emulated CGO compilation enough room to finish. Also add 30m timeout
to the test job.
apt-get has no default network timeout, so an unresponsive Debian mirror
can block a build stage indefinitely. Add Acquire::http::Timeout=30 to
both update and install calls in all apt-get invocations so mirror hangs
fail fast rather than running until GitHub's 6-hour job limit.
Also add timeout-minutes: 60 to the build job so a runaway step fails
within an hour rather than silently consuming the full 6-hour default.
debian:bookworm-slim has no riscv64 image. Parameterize the runtime
base via RUNTIME_IMAGE build-arg; the workflow passes sid-slim for
riscv64 and bookworm-slim for all other platforms.
Dockerfile:
- Keep build stage on debian:sid-slim (required for riscv64 Go support)
- Switch runtime stage to debian:bookworm-slim for stable, predictable
package names — eliminates the libcbor0 class of breakage for users
update-check.py:
- Create a branch and open a PR instead of pushing directly to master
- PR body links to upstream release notes and prompts review of new
dependencies before merge
- Remove dead deb/PACKAGE code
build.yaml:
- Drop linux/arm/v7 — upstream go-libfido2 is incompatible with 32-bit
ARM address space as of v3.22.0; not fixable without upstream changes
- Add VERSION to pull_request trigger paths so the test job builds
and validates every version bump PR before it can be merged
update-check.yaml:
- Pass GITHUB_TOKEN and GITHUB_REPOSITORY to script for PR creation
README.md:
- Document arm/v7 as unsupported with reason
The build calls to Protonmail's repo and builds from it. When that repo
changes (i.e. when deb/* changes), the image should be built again.
---------
Co-authored-by: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com>
* Adjust GitHub CI to also build for riscv64
* Update base Ubuntu base for build from 18.04 LTS to 20.04 LTS as to support riscv64
* Minor: Exclude idea IDE files from git
