.woodpecker/build-container.yml

@@ -6,19 +6,15 @@ when:
       - ${CI_REPO_DEFAULT_BRANCH}
 
 steps:
-  - name: security-build
-    image: quay.io/thegeeklab/wp-docker-buildx:6
+  security-build:
+    image: quay.io/thegeeklab/wp-docker-buildx:2
     settings:
       containerfile: Containerfile
       output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
       repo: thegeeklab/${CI_REPO_NAME}
-      cache_to: type=local,dest=oci/cache/${CI_REPO_NAME},mode=max
-      registry_config:
-        from_secret: DOCKER_REGISTRY_CONFIG_PULL
 
-  - name: security-scan
-    image: docker.io/aquasec/trivy
-    depends_on: security-build
+  security-scan:
+    image: ghcr.io/aquasecurity/trivy
     commands:
       - trivy -v
       - trivy image --input oci/${CI_REPO_NAME}
@@ -28,11 +24,10 @@ steps:
       TRIVY_NO_PROGRESS: "true"
       TRIVY_SEVERITY: HIGH,CRITICAL
       TRIVY_TIMEOUT: 1m
-      TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2
 
-  - name: publish-dockerhub
-    image: quay.io/thegeeklab/wp-docker-buildx:6
-    depends_on: security-scan
+  publish-dockerhub:
+    group: container
+    image: quay.io/thegeeklab/wp-docker-buildx:2
     settings:
       auto_tag: true
       containerfile: Containerfile
@@ -42,17 +37,15 @@ steps:
       repo: thegeeklab/${CI_REPO_NAME}
       username:
         from_secret: docker_username
-      cache_from:
-        - 'type=local\\,src=oci/cache/${CI_REPO_NAME}'
     when:
       - event: [tag]
       - event: [push, manual]
         branch:
           - ${CI_REPO_DEFAULT_BRANCH}
 
-  - name: publish-quay
-    image: quay.io/thegeeklab/wp-docker-buildx:6
-    depends_on: security-scan
+  publish-quay:
+    group: container
+    image: quay.io/thegeeklab/wp-docker-buildx:2
     settings:
       auto_tag: true
       containerfile: Containerfile
@@ -63,8 +56,6 @@ steps:
       repo: quay.io/thegeeklab/${CI_REPO_NAME}
       username:
         from_secret: quay_username
-      cache_from:
-        - 'type=local\\,src=oci/cache/${CI_REPO_NAME}'
     when:
       - event: [tag]
       - event: [push, manual]

.woodpecker/build-package.yml

@@ -6,14 +6,14 @@ when:
       - ${CI_REPO_DEFAULT_BRANCH}
 
 steps:
-  - name: changelog
+  changelog:
     image: quay.io/thegeeklab/git-sv
     commands:
       - git sv current-version
       - git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md
       - cat CHANGELOG.md
 
-  - name: publish-gitea
+  publish-gitea:
     image: quay.io/thegeeklab/wp-gitea-release
     settings:
       api_key:

.woodpecker/docs.yml

@@ -6,31 +6,34 @@ when:
       - ${CI_REPO_DEFAULT_BRANCH}
 
 steps:
-  - name: markdownlint
+  markdownlint:
     image: quay.io/thegeeklab/markdownlint-cli
+    group: test
     commands:
       - markdownlint 'README.md'
 
-  - name: spellcheck
+  spellcheck:
     image: quay.io/thegeeklab/alpine-tools
+    group: test
     commands:
       - spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls
     environment:
       FORCE_COLOR: "true"
 
-  - name: link-validation
+  link-validation:
     image: docker.io/lycheeverse/lychee
+    group: test
     commands:
       - lychee --no-progress --format detailed README.md
 
-  - name: pushrm-dockerhub
+  pushrm-dockerhub:
     image: docker.io/chko/docker-pushrm:1
-    depends_on: [markdownlint, spellcheck, link-validation]
+    secrets:
+      - source: docker_password
+        target: DOCKER_PASS
+      - source: docker_username
+        target: DOCKER_USER
     environment:
-      DOCKER_PASS:
-        from_secret: docker_password
-      DOCKER_USER:
-        from_secret: docker_username
       PUSHRM_FILE: README.md
       PUSHRM_SHORT: Custom image for Vaultwarden password manager
       PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME}
@@ -40,12 +43,12 @@ steps:
           - ${CI_REPO_DEFAULT_BRANCH}
         status: [success]
 
-  - name: pushrm-quay
+  pushrm-quay:
     image: docker.io/chko/docker-pushrm:1
-    depends_on: [markdownlint, spellcheck, link-validation]
+    secrets:
+      - source: quay_token
+        target: APIKEY__QUAY_IO
     environment:
-      APIKEY__QUAY_IO:
-        from_secret: quay_token
       PUSHRM_FILE: README.md
       PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME}
     when:

.woodpecker/notify.yml

@@ -8,17 +8,17 @@ when:
 runs_on: [success, failure]
 
 steps:
-  - name: matrix
+  matrix:
     image: quay.io/thegeeklab/wp-matrix
     settings:
       homeserver:
         from_secret: matrix_homeserver
-      room_id:
-        from_secret: matrix_room_id
-      user_id:
-        from_secret: matrix_user_id
-      access_token:
-        from_secret: matrix_access_token
+      password:
+        from_secret: matrix_password
+      roomid:
+        from_secret: matrix_roomid
+      username:
+        from_secret: matrix_username
     when:
       - status: [success, failure]
 

Containerfile

@@ -1,4 +1,4 @@
-FROM docker.io/clux/muslrust:1.82.0-stable@sha256:9f88e922b2bfa7ff2252d61dc38be2ee5544d01bfa0acdc27b32c0a4a214c723 AS build
+FROM docker.io/clux/muslrust:1.75.0-stable@sha256:447e5d68b4fc47c024ff76a482d67c3d23d66cafa19db3b7e129efbdf8c9e10f as build
 
 ARG WEBVAULT_VERSION
 ARG VAULTWARDEN_VERSION
@@ -12,11 +12,9 @@ ARG DB=sqlite,postgresql
 ARG TARGETPLATFORM
 
 # renovate: datasource=github-releases depName=dani-garcia/bw_web_builds versioning=loose
-ENV WEBVAULT_VERSION="${WEBVAULT_VERSION:-v2024.6.2}"
+ENV WEBVAULT_VERSION="${WEBVAULT_VERSION:-v2023.10.0}"
 # renovate: datasource=github-releases depName=dani-garcia/vaultwarden
-ENV VAULTWARDEN_VERSION="${VAULTWARDEN_VERSION:-1.32.4}"
-
-ENV DATA_FOLDER=/tmp
+ENV VAULTWARDEN_VERSION="${VAULTWARDEN_VERSION:-1.30.1}"
 
 WORKDIR /src
 
@@ -40,13 +38,13 @@ esac
 
 RUN rustup set profile minimal && \
     rustup target add $(cat rust_target) && \
-    VW_VERSION="${VAULTWARDEN_VERSION##v}" cargo build -j 4 --features "$DB" --target $(cat rust_target) --release
+    VW_VERSION="${VAULTWARDEN_VERSION##v}" cargo build -j 8 --features "$DB" --target $(cat rust_target) --release
 
 RUN ldd target/$(cat rust_target)/release/vaultwarden && \
     target/$(cat rust_target)/release/vaultwarden --help && \
     target/$(cat rust_target)/release/vaultwarden --version
 
-FROM docker.io/alpine:3.20@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
+FROM docker.io/alpine:3.19@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48
 
 LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
 LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"