From 84b36880cba6067b1f480f75f15d737fc9df8be5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 28 Jul 2024 13:40:47 +0000 Subject: [PATCH 01/40] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: โ€ข Updated input 'flake-schemas': 'https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.3/0190b841-54d3-7b7a-8550-24942bc38caf/source.tar.gz?narHash=sha256-c2AZH9cOnSpPXV8Lwy19/I8EgW7G%2BE%2BZh6YQBZZwzxI%3D' (2024-07-15) โ†’ 'https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz?narHash=sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw%3D' (2024-07-26) โ€ข Updated input 'nixpkgs': 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.633334%2Brev-63d37ccd2d178d54e7fb691d7ec76000740ea24a/0190d847-0241-7628-8ab0-d49f442300f4/source.tar.gz?narHash=sha256-7cCC8%2BTdq1%2B3OPyc3%2BgVo9dzUNkNIQfwSDJ2HSi2u3o%3D' (2024-07-21) โ†’ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.633516%2Brev-8c50662509100d53229d4be607f1a3a31157fa12/0190f691-c019-7d99-b723-4b2dd6dfd38f/source.tar.gz?narHash=sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU%3D' (2024-07-27) --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 3480d0d..0783f3a 100644 --- a/flake.lock +++ b/flake.lock @@ -2,12 +2,12 @@ "nodes": { "flake-schemas": { "locked": { - "lastModified": 1721078157, - "narHash": "sha256-c2AZH9cOnSpPXV8Lwy19/I8EgW7G+E+Zh6YQBZZwzxI=", - "rev": "29e53dd33b1a38f235ef073e768c62821cb6146e", - "revCount": 66, + "lastModified": 1721999734, + "narHash": "sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw=", + "rev": "0a5c42297d870156d9c57d8f99e476b738dcd982", + "revCount": 75, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.3/0190b841-54d3-7b7a-8550-24942bc38caf/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz" }, "original": { "type": "tarball", @@ -16,12 +16,12 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721548954, - "narHash": "sha256-7cCC8+Tdq1+3OPyc3+gVo9dzUNkNIQfwSDJ2HSi2u3o=", - "rev": "63d37ccd2d178d54e7fb691d7ec76000740ea24a", - "revCount": 633334, + "lastModified": 1722087241, + "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", + "rev": "8c50662509100d53229d4be607f1a3a31157fa12", + "revCount": 633516, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.633334%2Brev-63d37ccd2d178d54e7fb691d7ec76000740ea24a/0190d847-0241-7628-8ab0-d49f442300f4/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.633516%2Brev-8c50662509100d53229d4be607f1a3a31157fa12/0190f691-c019-7d99-b723-4b2dd6dfd38f/source.tar.gz" }, "original": { "type": "tarball", From 9de404f4b2eb9b3831a203a26bb0ad7a13bdb5a7 Mon Sep 17 00:00:00 2001 From: Alan Pope Date: Tue, 30 Jul 2024 10:37:08 +0100 Subject: [PATCH 02/40] feat: Add SBOM generation and vulnerability scanning in workflows (#39) * feat: generate container sbom during release * No need to publish separately, it's automatic * feat: Add regular vulnerability scanning * syntax * specify container file * vital missing step * Display grype output in the log in table format --- .github/workflows/publish-release.yml | 6 +++++ .github/workflows/scan-container.yaml | 35 +++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 .github/workflows/scan-container.yaml diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index dd1890b..be7c83a 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -113,5 +113,11 @@ jobs: ghcr.io/${{ github.repository }}:${{ env.STREAM_SPROUT_VER }}-alpine ghcr.io/${{ github.repository }}:${{ github.sha }}-alpine platforms: linux/amd64, linux/arm64 + - name: "Generate SBOM" + uses: anchore/sbom-action@v0 + with: + image: ghcr.io/${{ github.repository }}:latest-alpine + registry-username: ${{ github.actor }} + registry-password: ${{ secrets.GITHUB_TOKEN }} - name: Logout from Container Registry run: docker logout ghcr.io diff --git a/.github/workflows/scan-container.yaml b/.github/workflows/scan-container.yaml new file mode 100644 index 0000000..799179b --- /dev/null +++ b/.github/workflows/scan-container.yaml @@ -0,0 +1,35 @@ +name: "Vulnerability ๐Ÿž scan ๐Ÿ” container" + +on: + schedule: + - cron: "0 10 * * 2" + workflow_dispatch: + +jobs: + vulnerability-scan: + name: "Build and scan" + runs-on: ubuntu-24.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: build local container + uses: docker/build-push-action@v4 + with: + context: . + file: ./Containerfile + tags: localbuild/testimage:latest + push: false + load: true + + - name: Scan image + uses: anchore/scan-action@v3 + with: + image: "localbuild/testimage:latest" + output-format: table + + - name: Inspect action report + run: cat ${{ steps.scan.outputs.table }} \ No newline at end of file From f1b552c2bde103006f2c0eb4f72c24e263b9fd64 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 10:37:31 +0100 Subject: [PATCH 03/40] chore(deps): bump actions/upload-artifact from 2 to 4 (#38) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v2...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test-build-stream-sprout.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index 265f7fd..e7936a0 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -117,7 +117,7 @@ jobs: snap: ${{ steps.snapcraft.outputs.snap }} isClassic: false - name: Upload artifacts โคด๏ธ - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: stream-sprout-snap path: ${{ steps.snapcraft.outputs.snap}} From 8e3b4dc089a4b5ad6676c072911a1ec520be3b5f Mon Sep 17 00:00:00 2001 From: Alan Pope Date: Tue, 30 Jul 2024 13:49:10 +0100 Subject: [PATCH 04/40] chore: remove armhf snap build The armhf snap hasn't been published, and I doubt anyone would use it if it were. It also blocks other architectures and revisions from being reviewed as it fails review in the store. Other architectures do not fail. ``` Found files with executable stack. This adds PROT_EXEC to mmap(2) during mediation which may cause security denials. Either adjust your program to not require an executable stack, strip it with 'execstack --clear-execstack ...' or remove the affected file from your snap. Affected files: usr/lib/arm-linux-gnueabihf/libx264.so.164 functional-snap-v2_execstack ``` --- snap/snapcraft.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3ad0b86..5183687 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -16,9 +16,6 @@ platforms: arm64: build-on: [ arm64 ] build-for: [arm64 ] - armhf: - build-on: [ armhf ] - build-for: [ armhf ] parts: stream-sprout: From 43d6b9ad885568482c67899da495a78ad6d3395d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 19:11:37 +0000 Subject: [PATCH 05/40] chore(deps): bump docker/setup-buildx-action from 2 to 3 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/scan-container.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scan-container.yaml b/.github/workflows/scan-container.yaml index 799179b..756a6cc 100644 --- a/.github/workflows/scan-container.yaml +++ b/.github/workflows/scan-container.yaml @@ -14,7 +14,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: build local container uses: docker/build-push-action@v4 From a9ed96eaea23848ae3a881acbdc6bee6a03afbd1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 19:11:40 +0000 Subject: [PATCH 06/40] chore(deps): bump docker/build-push-action from 4 to 6 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 6. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4...v6) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/scan-container.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scan-container.yaml b/.github/workflows/scan-container.yaml index 756a6cc..2a58bfb 100644 --- a/.github/workflows/scan-container.yaml +++ b/.github/workflows/scan-container.yaml @@ -17,7 +17,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: build local container - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: context: . file: ./Containerfile From 1cb4c8ced3459548cd99a33fbfe49447ed235e94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 19:11:43 +0000 Subject: [PATCH 07/40] chore(deps): bump anchore/scan-action from 3 to 4 Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 3 to 4. - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/anchore/scan-action/compare/v3...v4) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/scan-container.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scan-container.yaml b/.github/workflows/scan-container.yaml index 2a58bfb..c97c63d 100644 --- a/.github/workflows/scan-container.yaml +++ b/.github/workflows/scan-container.yaml @@ -26,7 +26,7 @@ jobs: load: true - name: Scan image - uses: anchore/scan-action@v3 + uses: anchore/scan-action@v4 with: image: "localbuild/testimage:latest" output-format: table From 6984d04f7a13d624da720fbbf6e003e825576d83 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 28 Aug 2024 13:41:00 +0000 Subject: [PATCH 08/40] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: โ€ข Updated input 'nixpkgs': 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.633516%2Brev-8c50662509100d53229d4be607f1a3a31157fa12/0190f691-c019-7d99-b723-4b2dd6dfd38f/source.tar.gz?narHash=sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU%3D' (2024-07-27) โ†’ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.634418%2Brev-2527da1ef492c495d5391f3bcf9c1dd9f4514e32/019193c7-3325-7c5c-9d46-f2d05135ea41/source.tar.gz?narHash=sha256-XROVLf9ti4rrNCFLr%2BDmXRZtPjCQTW4cYy59owTEmxk%3D' (2024-08-24) --- flake.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 0783f3a..4ac2238 100644 --- a/flake.lock +++ b/flake.lock @@ -16,12 +16,12 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722087241, - "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", - "rev": "8c50662509100d53229d4be607f1a3a31157fa12", - "revCount": 633516, + "lastModified": 1724531977, + "narHash": "sha256-XROVLf9ti4rrNCFLr+DmXRZtPjCQTW4cYy59owTEmxk=", + "rev": "2527da1ef492c495d5391f3bcf9c1dd9f4514e32", + "revCount": 634418, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.633516%2Brev-8c50662509100d53229d4be607f1a3a31157fa12/0190f691-c019-7d99-b723-4b2dd6dfd38f/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.634418%2Brev-2527da1ef492c495d5391f3bcf9c1dd9f4514e32/019193c7-3325-7c5c-9d46-f2d05135ea41/source.tar.gz" }, "original": { "type": "tarball", From 39c182ecf70e4fe4a37eb244228a56da33a09e81 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 21 Aug 2024 09:47:18 -0400 Subject: [PATCH 09/40] docs: Fix README link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 021ff63..8f8a19c 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Stream Sprout is developed on Linux ๐Ÿง and should work on macOS ๐Ÿ or any ot ## Get Started - [Install](#installation) Stream Sprout ๐Ÿง‘โ€๐Ÿ’ป -- [Configure](#configuration) Stream Sprout ๐Ÿง‘โ€๐Ÿ’ป +- [Configure](#configure-stream-sprout) Stream Sprout ๐Ÿง‘โ€๐Ÿ’ป - [Configure](#configure-obs-studio) OBS Studio ๐ŸŽ›๏ธ - Start `stream-sprout` โŒจ๏ธ - Click the *Start Streaming* button in OBS Studio ๐Ÿ–ฑ๏ธ From 5aa579111ea48d09c02accd00de41a5f9ea9a8a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 19:46:35 +0000 Subject: [PATCH 10/40] chore(deps): bump DeterminateSystems/nix-installer-action from 13 to 14 Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 13 to 14. - [Release notes](https://github.com/determinatesystems/nix-installer-action/releases) - [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v13...v14) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-checker.yml | 2 +- .github/workflows/flake-updater.yml | 2 +- .github/workflows/test-build-stream-sprout.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml index ee7dfb2..73dbfbc 100644 --- a/.github/workflows/flake-checker.yml +++ b/.github/workflows/flake-checker.yml @@ -16,6 +16,6 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: DeterminateSystems/nix-installer-action@v13 + - uses: DeterminateSystems/nix-installer-action@v14 - uses: DeterminateSystems/magic-nix-cache-action@v7 - uses: DeterminateSystems/flake-checker-action@v8 diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index 0a2c2bc..b8d4ec9 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: DeterminateSystems/nix-installer-action@v13 + - uses: DeterminateSystems/nix-installer-action@v14 - uses: DeterminateSystems/magic-nix-cache-action@v7 - uses: DeterminateSystems/update-flake-lock@v23 with: diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index e7936a0..083221a 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -57,7 +57,7 @@ jobs: - name: "Checkout ๐Ÿฅก" uses: "actions/checkout@v4" - name: "Install Nix โ„๏ธ" - uses: "DeterminateSystems/nix-installer-action@v13" + uses: "DeterminateSystems/nix-installer-action@v14" - name: "Enable Magic Nix Cache ๐Ÿช„" uses: "DeterminateSystems/magic-nix-cache-action@v7" - name: "Build & Test .nix โ„๏ธ" From ed5d5d136b85a99b315a2e43f35c72462f2fd943 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sat, 28 Sep 2024 13:40:54 +0000 Subject: [PATCH 11/40] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: โ€ข Updated input 'nixpkgs': 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.634418%2Brev-2527da1ef492c495d5391f3bcf9c1dd9f4514e32/019193c7-3325-7c5c-9d46-f2d05135ea41/source.tar.gz?narHash=sha256-XROVLf9ti4rrNCFLr%2BDmXRZtPjCQTW4cYy59owTEmxk%3D' (2024-08-24) โ†’ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.635490%2Brev-f65141456289e81ea0d5a05af8898333cab5c53d/019237db-783b-7330-a22e-7d60c20ce855/source.tar.gz?narHash=sha256-pojbL/qteElw/nIXlN8kmHn/w6PQbEHr7Iz%2BWOXs0EM%3D' (2024-09-27) --- flake.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 4ac2238..a6a2b4a 100644 --- a/flake.lock +++ b/flake.lock @@ -16,12 +16,12 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724531977, - "narHash": "sha256-XROVLf9ti4rrNCFLr+DmXRZtPjCQTW4cYy59owTEmxk=", - "rev": "2527da1ef492c495d5391f3bcf9c1dd9f4514e32", - "revCount": 634418, + "lastModified": 1727397532, + "narHash": "sha256-pojbL/qteElw/nIXlN8kmHn/w6PQbEHr7Iz+WOXs0EM=", + "rev": "f65141456289e81ea0d5a05af8898333cab5c53d", + "revCount": 635490, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.634418%2Brev-2527da1ef492c495d5391f3bcf9c1dd9f4514e32/019193c7-3325-7c5c-9d46-f2d05135ea41/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.635490%2Brev-f65141456289e81ea0d5a05af8898333cab5c53d/019237db-783b-7330-a22e-7d60c20ce855/source.tar.gz" }, "original": { "type": "tarball", From 901586e4bfcf14bdcb429c70d80b86fc4edcb155 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 19:46:41 +0000 Subject: [PATCH 12/40] chore(deps): bump DeterminateSystems/update-flake-lock from 23 to 24 Bumps [DeterminateSystems/update-flake-lock](https://github.com/determinatesystems/update-flake-lock) from 23 to 24. - [Release notes](https://github.com/determinatesystems/update-flake-lock/releases) - [Commits](https://github.com/determinatesystems/update-flake-lock/compare/v23...v24) --- updated-dependencies: - dependency-name: DeterminateSystems/update-flake-lock dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-updater.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index b8d4ec9..49573e4 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -15,6 +15,6 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v14 - uses: DeterminateSystems/magic-nix-cache-action@v7 - - uses: DeterminateSystems/update-flake-lock@v23 + - uses: DeterminateSystems/update-flake-lock@v24 with: pr-title: "chore: update flake.lock" From 0bb875c287f8bf0559c042ea24024e61918815c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 19:46:39 +0000 Subject: [PATCH 13/40] chore(deps): bump DeterminateSystems/flake-checker-action from 8 to 9 Bumps [DeterminateSystems/flake-checker-action](https://github.com/determinatesystems/flake-checker-action) from 8 to 9. - [Release notes](https://github.com/determinatesystems/flake-checker-action/releases) - [Commits](https://github.com/determinatesystems/flake-checker-action/compare/v8...v9) --- updated-dependencies: - dependency-name: DeterminateSystems/flake-checker-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-checker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml index 73dbfbc..d8e6bf1 100644 --- a/.github/workflows/flake-checker.yml +++ b/.github/workflows/flake-checker.yml @@ -18,4 +18,4 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v14 - uses: DeterminateSystems/magic-nix-cache-action@v7 - - uses: DeterminateSystems/flake-checker-action@v8 + - uses: DeterminateSystems/flake-checker-action@v9 From 6ec390f406000866d3d700ca906ec22d922d88f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 16:22:34 +0000 Subject: [PATCH 14/40] chore(deps): bump DeterminateSystems/magic-nix-cache-action from 7 to 8 Bumps [DeterminateSystems/magic-nix-cache-action](https://github.com/determinatesystems/magic-nix-cache-action) from 7 to 8. - [Release notes](https://github.com/determinatesystems/magic-nix-cache-action/releases) - [Commits](https://github.com/determinatesystems/magic-nix-cache-action/compare/v7...v8) --- updated-dependencies: - dependency-name: DeterminateSystems/magic-nix-cache-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-checker.yml | 2 +- .github/workflows/flake-updater.yml | 2 +- .github/workflows/test-build-stream-sprout.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml index d8e6bf1..5186ecc 100644 --- a/.github/workflows/flake-checker.yml +++ b/.github/workflows/flake-checker.yml @@ -17,5 +17,5 @@ jobs: with: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v14 - - uses: DeterminateSystems/magic-nix-cache-action@v7 + - uses: DeterminateSystems/magic-nix-cache-action@v8 - uses: DeterminateSystems/flake-checker-action@v9 diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index 49573e4..4756f9c 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -14,7 +14,7 @@ jobs: with: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v14 - - uses: DeterminateSystems/magic-nix-cache-action@v7 + - uses: DeterminateSystems/magic-nix-cache-action@v8 - uses: DeterminateSystems/update-flake-lock@v24 with: pr-title: "chore: update flake.lock" diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index 083221a..2373b05 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -59,7 +59,7 @@ jobs: - name: "Install Nix โ„๏ธ" uses: "DeterminateSystems/nix-installer-action@v14" - name: "Enable Magic Nix Cache ๐Ÿช„" - uses: "DeterminateSystems/magic-nix-cache-action@v7" + uses: "DeterminateSystems/magic-nix-cache-action@v8" - name: "Build & Test .nix โ„๏ธ" run: | nix build .#stream-sprout From e5a0db3a8ff42b7b232ba2df167c80722a92b37f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 28 Oct 2024 13:44:36 +0000 Subject: [PATCH 15/40] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: โ€ข Updated input 'nixpkgs': 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.635490%2Brev-f65141456289e81ea0d5a05af8898333cab5c53d/019237db-783b-7330-a22e-7d60c20ce855/source.tar.gz?narHash=sha256-pojbL/qteElw/nIXlN8kmHn/w6PQbEHr7Iz%2BWOXs0EM%3D' (2024-09-27) โ†’ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.636163%2Brev-cd3e8833d70618c4eea8df06f95b364b016d4950/0192cd43-85cd-7ff3-b9be-a3f7995e917d/source.tar.gz?narHash=sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk%3D' (2024-10-26) --- flake.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index a6a2b4a..7454b15 100644 --- a/flake.lock +++ b/flake.lock @@ -16,12 +16,12 @@ }, "nixpkgs": { "locked": { - "lastModified": 1727397532, - "narHash": "sha256-pojbL/qteElw/nIXlN8kmHn/w6PQbEHr7Iz+WOXs0EM=", - "rev": "f65141456289e81ea0d5a05af8898333cab5c53d", - "revCount": 635490, + "lastModified": 1729973466, + "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", + "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", + "revCount": 636163, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.635490%2Brev-f65141456289e81ea0d5a05af8898333cab5c53d/019237db-783b-7330-a22e-7d60c20ce855/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.636163%2Brev-cd3e8833d70618c4eea8df06f95b364b016d4950/0192cd43-85cd-7ff3-b9be-a3f7995e917d/source.tar.gz" }, "original": { "type": "tarball", From 3f91c0f57351f97ebba7206b3ec89335e45d1698 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 19:31:27 +0000 Subject: [PATCH 16/40] chore(deps): bump anchore/scan-action from 4 to 5 Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 4 to 5. - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/anchore/scan-action/compare/v4...v5) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/scan-container.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scan-container.yaml b/.github/workflows/scan-container.yaml index c97c63d..09c26fd 100644 --- a/.github/workflows/scan-container.yaml +++ b/.github/workflows/scan-container.yaml @@ -26,7 +26,7 @@ jobs: load: true - name: Scan image - uses: anchore/scan-action@v4 + uses: anchore/scan-action@v5 with: image: "localbuild/testimage:latest" output-format: table From 1a19e85d9451fc471f4b81d16a0f1fe1bfdae578 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 10:17:51 +0000 Subject: [PATCH 17/40] chore(deps): bump DeterminateSystems/nix-installer-action from 14 to 15 Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 14 to 15. - [Release notes](https://github.com/determinatesystems/nix-installer-action/releases) - [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v14...v15) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-checker.yml | 2 +- .github/workflows/flake-updater.yml | 2 +- .github/workflows/test-build-stream-sprout.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml index 5186ecc..3a600d0 100644 --- a/.github/workflows/flake-checker.yml +++ b/.github/workflows/flake-checker.yml @@ -16,6 +16,6 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: DeterminateSystems/nix-installer-action@v14 + - uses: DeterminateSystems/nix-installer-action@v15 - uses: DeterminateSystems/magic-nix-cache-action@v8 - uses: DeterminateSystems/flake-checker-action@v9 diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index 4756f9c..175dd56 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: DeterminateSystems/nix-installer-action@v14 + - uses: DeterminateSystems/nix-installer-action@v15 - uses: DeterminateSystems/magic-nix-cache-action@v8 - uses: DeterminateSystems/update-flake-lock@v24 with: diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index 2373b05..2adf190 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -57,7 +57,7 @@ jobs: - name: "Checkout ๐Ÿฅก" uses: "actions/checkout@v4" - name: "Install Nix โ„๏ธ" - uses: "DeterminateSystems/nix-installer-action@v14" + uses: "DeterminateSystems/nix-installer-action@v15" - name: "Enable Magic Nix Cache ๐Ÿช„" uses: "DeterminateSystems/magic-nix-cache-action@v8" - name: "Build & Test .nix โ„๏ธ" From 48c4943d72bbe5ec60632480d0842aa7ec55e856 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 14 Aug 2025 13:54:37 +0000 Subject: [PATCH 18/40] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: โ€ข Updated input 'nixpkgs': 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.636163%2Brev-cd3e8833d70618c4eea8df06f95b364b016d4950/0192cd43-85cd-7ff3-b9be-a3f7995e917d/source.tar.gz?narHash=sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk%3D' (2024-10-26) โ†’ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.808080%2Brev-ddae11e58c0c345bf66efbddbf2192ed0e58f896/01989f5e-b09d-7b09-9699-5d522e6f12ce/source.tar.gz?narHash=sha256-3sWA5WJybUE16kIMZ3%2BuxcxKZY/JRR4DFBqLdSLBo7w%3D' (2025-08-11) --- flake.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 7454b15..1aa9ec4 100644 --- a/flake.lock +++ b/flake.lock @@ -16,12 +16,12 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729973466, - "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", - "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", - "revCount": 636163, + "lastModified": 1754937576, + "narHash": "sha256-3sWA5WJybUE16kIMZ3+uxcxKZY/JRR4DFBqLdSLBo7w=", + "rev": "ddae11e58c0c345bf66efbddbf2192ed0e58f896", + "revCount": 808080, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.636163%2Brev-cd3e8833d70618c4eea8df06f95b364b016d4950/0192cd43-85cd-7ff3-b9be-a3f7995e917d/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.808080%2Brev-ddae11e58c0c345bf66efbddbf2192ed0e58f896/01989f5e-b09d-7b09-9699-5d522e6f12ce/source.tar.gz" }, "original": { "type": "tarball", From 84a1e431371ea2de7ddcba18aca1efdcac3ba971 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 19:45:23 +0000 Subject: [PATCH 19/40] chore(deps): bump DeterminateSystems/nix-installer-action from 15 to 16 Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 15 to 16. - [Release notes](https://github.com/determinatesystems/nix-installer-action/releases) - [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v15...v16) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-checker.yml | 2 +- .github/workflows/flake-updater.yml | 2 +- .github/workflows/test-build-stream-sprout.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml index 3a600d0..71387b5 100644 --- a/.github/workflows/flake-checker.yml +++ b/.github/workflows/flake-checker.yml @@ -16,6 +16,6 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: DeterminateSystems/nix-installer-action@v15 + - uses: DeterminateSystems/nix-installer-action@v16 - uses: DeterminateSystems/magic-nix-cache-action@v8 - uses: DeterminateSystems/flake-checker-action@v9 diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index 175dd56..4b356ef 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: DeterminateSystems/nix-installer-action@v15 + - uses: DeterminateSystems/nix-installer-action@v16 - uses: DeterminateSystems/magic-nix-cache-action@v8 - uses: DeterminateSystems/update-flake-lock@v24 with: diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index 2adf190..e522e07 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -57,7 +57,7 @@ jobs: - name: "Checkout ๐Ÿฅก" uses: "actions/checkout@v4" - name: "Install Nix โ„๏ธ" - uses: "DeterminateSystems/nix-installer-action@v15" + uses: "DeterminateSystems/nix-installer-action@v16" - name: "Enable Magic Nix Cache ๐Ÿช„" uses: "DeterminateSystems/magic-nix-cache-action@v8" - name: "Build & Test .nix โ„๏ธ" From 1d7e3e82476872f290470ddd9219c40a0b487b06 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:36:35 +0000 Subject: [PATCH 20/40] chore(deps): bump anchore/scan-action from 5 to 6 Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 5 to 6. - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/anchore/scan-action/compare/v5...v6) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/scan-container.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scan-container.yaml b/.github/workflows/scan-container.yaml index 09c26fd..b5e4de1 100644 --- a/.github/workflows/scan-container.yaml +++ b/.github/workflows/scan-container.yaml @@ -26,7 +26,7 @@ jobs: load: true - name: Scan image - uses: anchore/scan-action@v5 + uses: anchore/scan-action@v6 with: image: "localbuild/testimage:latest" output-format: table From 9fbbde4d6ce269a06fee5b25ba65fd484a57f038 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Aug 2025 07:18:39 +0000 Subject: [PATCH 21/40] chore(deps): bump DeterminateSystems/update-flake-lock from 24 to 27 Bumps [DeterminateSystems/update-flake-lock](https://github.com/determinatesystems/update-flake-lock) from 24 to 27. - [Release notes](https://github.com/determinatesystems/update-flake-lock/releases) - [Commits](https://github.com/determinatesystems/update-flake-lock/compare/v24...v27) --- updated-dependencies: - dependency-name: DeterminateSystems/update-flake-lock dependency-version: '27' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-updater.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index 4b356ef..24162b6 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -15,6 +15,6 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v16 - uses: DeterminateSystems/magic-nix-cache-action@v8 - - uses: DeterminateSystems/update-flake-lock@v24 + - uses: DeterminateSystems/update-flake-lock@v27 with: pr-title: "chore: update flake.lock" From 57a1f800d2e26996badd97176f77d881a3de470f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Aug 2025 07:27:32 +0000 Subject: [PATCH 22/40] chore(deps): bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-checker.yml | 2 +- .github/workflows/flake-updater.yml | 2 +- .github/workflows/lint-shellcheck.yml | 2 +- .github/workflows/publish-release.yml | 8 ++++---- .github/workflows/scan-container.yaml | 2 +- .github/workflows/test-build-stream-sprout.yml | 8 ++++---- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml index 71387b5..6cd7d5c 100644 --- a/.github/workflows/flake-checker.yml +++ b/.github/workflows/flake-checker.yml @@ -13,7 +13,7 @@ jobs: name: Flake Checker runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v16 diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index 24162b6..09b1dfe 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -10,7 +10,7 @@ jobs: name: Flake Lock Updater runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v16 diff --git a/.github/workflows/lint-shellcheck.yml b/.github/workflows/lint-shellcheck.yml index bd125ea..658e48b 100644 --- a/.github/workflows/lint-shellcheck.yml +++ b/.github/workflows/lint-shellcheck.yml @@ -10,7 +10,7 @@ jobs: name: Shellcheck runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Run ShellCheck uses: ludeeus/action-shellcheck@master with: diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index be7c83a..6c1a719 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -16,7 +16,7 @@ jobs: name: "Check versions โš–๏ธ" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - name: "Compare App and Git versions ๐ŸŸฐ" @@ -37,7 +37,7 @@ jobs: name: "Build Release ๐Ÿ‘จโ€๐Ÿ”ง" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: "Build .deb ๐Ÿฅ" env: DEBFULLNAME: "Martin Wimpress" @@ -69,7 +69,7 @@ jobs: id-token: "write" contents: "read" steps: - - uses: "actions/checkout@v4" + - uses: "actions/checkout@v5" with: ref: "${{ (inputs.tag != null) && format('refs/tags/{0}', inputs.tag) || '' }}" - uses: "DeterminateSystems/nix-installer-action@main" @@ -86,7 +86,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: "Checkout ๐Ÿฅก" - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Container Buildx diff --git a/.github/workflows/scan-container.yaml b/.github/workflows/scan-container.yaml index b5e4de1..652e160 100644 --- a/.github/workflows/scan-container.yaml +++ b/.github/workflows/scan-container.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index e522e07..a086a8f 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: "Checkout ๐Ÿฅก" - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: "Build & Test .deb ๐Ÿฅ" env: DEBFULLNAME: "Martin Wimpress" @@ -55,7 +55,7 @@ jobs: contents: "read" steps: - name: "Checkout ๐Ÿฅก" - uses: "actions/checkout@v4" + uses: "actions/checkout@v5" - name: "Install Nix โ„๏ธ" uses: "DeterminateSystems/nix-installer-action@v16" - name: "Enable Magic Nix Cache ๐Ÿช„" @@ -69,7 +69,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: "Checkout ๐Ÿฅก" - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Container Buildx @@ -103,7 +103,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout ๐Ÿฅก - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Build snap ๐ŸŠ uses: snapcore/action-build@v1 id: snapcraft From 7c57494674af638d8c2771d26329314ba461551f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Aug 2025 07:29:12 +0000 Subject: [PATCH 23/40] chore(deps): bump DeterminateSystems/nix-installer-action from 16 to 19 Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 16 to 19. - [Release notes](https://github.com/determinatesystems/nix-installer-action/releases) - [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v16...v19) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-version: '19' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-checker.yml | 2 +- .github/workflows/flake-updater.yml | 2 +- .github/workflows/test-build-stream-sprout.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml index 6cd7d5c..8e26cea 100644 --- a/.github/workflows/flake-checker.yml +++ b/.github/workflows/flake-checker.yml @@ -16,6 +16,6 @@ jobs: - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: DeterminateSystems/nix-installer-action@v16 + - uses: DeterminateSystems/nix-installer-action@v19 - uses: DeterminateSystems/magic-nix-cache-action@v8 - uses: DeterminateSystems/flake-checker-action@v9 diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index 09b1dfe..89396a7 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: DeterminateSystems/nix-installer-action@v16 + - uses: DeterminateSystems/nix-installer-action@v19 - uses: DeterminateSystems/magic-nix-cache-action@v8 - uses: DeterminateSystems/update-flake-lock@v27 with: diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index a086a8f..ec4586b 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -57,7 +57,7 @@ jobs: - name: "Checkout ๐Ÿฅก" uses: "actions/checkout@v5" - name: "Install Nix โ„๏ธ" - uses: "DeterminateSystems/nix-installer-action@v16" + uses: "DeterminateSystems/nix-installer-action@v19" - name: "Enable Magic Nix Cache ๐Ÿช„" uses: "DeterminateSystems/magic-nix-cache-action@v8" - name: "Build & Test .nix โ„๏ธ" From c156db1f6417d6c85e4feff2f5b31c5b742a24b3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Aug 2025 09:22:09 +0000 Subject: [PATCH 24/40] chore(deps): bump DeterminateSystems/flake-checker-action from 9 to 12 Bumps [DeterminateSystems/flake-checker-action](https://github.com/determinatesystems/flake-checker-action) from 9 to 12. - [Release notes](https://github.com/determinatesystems/flake-checker-action/releases) - [Commits](https://github.com/determinatesystems/flake-checker-action/compare/v9...v12) --- updated-dependencies: - dependency-name: DeterminateSystems/flake-checker-action dependency-version: '12' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-checker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml index 8e26cea..fee568f 100644 --- a/.github/workflows/flake-checker.yml +++ b/.github/workflows/flake-checker.yml @@ -18,4 +18,4 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v19 - uses: DeterminateSystems/magic-nix-cache-action@v8 - - uses: DeterminateSystems/flake-checker-action@v9 + - uses: DeterminateSystems/flake-checker-action@v12 From c470ca46e45bcf22646ce28d9554c4e2b8e2a7d9 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 26 Aug 2025 23:25:22 +0100 Subject: [PATCH 25/40] refactor(dockerfile): switch from custom ffmpeg to jellyfin-ffmpeg - Replace custom ffmpeg image with alpine base and jellyfin-ffmpeg package - Add symlinks for ffmpeg and ffprobe to standard locations - Set USER directive to run as nobody for improved security --- Containerfile | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/Containerfile b/Containerfile index 13d8c86..a2c2a94 100644 --- a/Containerfile +++ b/Containerfile @@ -1,5 +1,18 @@ -FROM ghcr.io/jrottenberg/ffmpeg:7-alpine -RUN apk add --no-cache --update bash coreutils gawk grep sed +FROM alpine:latest + +RUN apk add --no-cache --update \ + bash \ + coreutils \ + jellyfin-ffmpeg \ + gawk \ + grep \ + sed + +RUN ln -sf /usr/lib/jellyfin-ffmpeg/ffmpeg /usr/local/bin/ffmpeg && \ + ln -sf /usr/lib/jellyfin-ffmpeg/ffprobe /usr/local/bin/ffprobe + COPY --chown=nobody:nobody --chmod=755 stream-sprout /usr/bin/stream-sprout + EXPOSE 1935 +USER nobody ENTRYPOINT [ "stream-sprout" ] From a79d451d0c81814af5f6be07bf34c4aef64562fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Aug 2025 22:28:40 +0000 Subject: [PATCH 26/40] chore(deps): bump DeterminateSystems/magic-nix-cache-action from 8 to 13 Bumps [DeterminateSystems/magic-nix-cache-action](https://github.com/determinatesystems/magic-nix-cache-action) from 8 to 13. - [Release notes](https://github.com/determinatesystems/magic-nix-cache-action/releases) - [Commits](https://github.com/determinatesystems/magic-nix-cache-action/compare/v8...v13) --- updated-dependencies: - dependency-name: DeterminateSystems/magic-nix-cache-action dependency-version: '13' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-checker.yml | 2 +- .github/workflows/flake-updater.yml | 2 +- .github/workflows/test-build-stream-sprout.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml index fee568f..ebb5660 100644 --- a/.github/workflows/flake-checker.yml +++ b/.github/workflows/flake-checker.yml @@ -17,5 +17,5 @@ jobs: with: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v19 - - uses: DeterminateSystems/magic-nix-cache-action@v8 + - uses: DeterminateSystems/magic-nix-cache-action@v13 - uses: DeterminateSystems/flake-checker-action@v12 diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index 89396a7..c214391 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -14,7 +14,7 @@ jobs: with: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v19 - - uses: DeterminateSystems/magic-nix-cache-action@v8 + - uses: DeterminateSystems/magic-nix-cache-action@v13 - uses: DeterminateSystems/update-flake-lock@v27 with: pr-title: "chore: update flake.lock" diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index ec4586b..e7eacc0 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -59,7 +59,7 @@ jobs: - name: "Install Nix โ„๏ธ" uses: "DeterminateSystems/nix-installer-action@v19" - name: "Enable Magic Nix Cache ๐Ÿช„" - uses: "DeterminateSystems/magic-nix-cache-action@v8" + uses: "DeterminateSystems/magic-nix-cache-action@v13" - name: "Build & Test .nix โ„๏ธ" run: | nix build .#stream-sprout From bd1676efa6e51ba32e9701b12f508200216b0ca1 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 26 Aug 2025 23:35:43 +0100 Subject: [PATCH 27/40] chore: bump version from 0.1.5 to 0.1.6 Update version number in the stream-sprout script for a new release --- stream-sprout | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stream-sprout b/stream-sprout index eb911d8..9fa9a20 100755 --- a/stream-sprout +++ b/stream-sprout @@ -5,7 +5,7 @@ stty -echoctl readonly STREAM_SPROUT_YAML="stream-sprout.yaml" -readonly VERSION="0.1.5" +readonly VERSION="0.1.6" function cleanup() { echo -e " \e[31m\U26D4\e[0m Control-C" From 382dff7a48e73114e29dbcdd450f461452a640e2 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Tue, 26 Aug 2025 23:51:25 +0100 Subject: [PATCH 28/40] chore: remove coreutils from container dependencies Removes the coreutils package from the Alpine container dependencies. --- Containerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Containerfile b/Containerfile index a2c2a94..5e0b5dc 100644 --- a/Containerfile +++ b/Containerfile @@ -2,7 +2,6 @@ FROM alpine:latest RUN apk add --no-cache --update \ bash \ - coreutils \ jellyfin-ffmpeg \ gawk \ grep \ From 5d864aacb84de0e08ab0de5238526c68f479c964 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Sep 2025 13:54:51 +0000 Subject: [PATCH 29/40] chore(deps): bump amannn/action-semantic-pull-request from 5 to 6 Bumps [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) from 5 to 6. - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](https://github.com/amannn/action-semantic-pull-request/compare/v5...v6) --- updated-dependencies: - dependency-name: amannn/action-semantic-pull-request dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml index c70997b..b6dbcb5 100644 --- a/.github/workflows/lint-pr.yml +++ b/.github/workflows/lint-pr.yml @@ -15,7 +15,7 @@ jobs: name: Validate pull request title runs-on: ubuntu-22.04 steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@v6 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From f76da1c62b18a97488837292508864ef5cbe1a18 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Sep 2025 19:11:36 +0000 Subject: [PATCH 30/40] chore(deps): bump anchore/scan-action from 6 to 7 Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 6 to 7. - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/scan-action/compare/v6...v7) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/scan-container.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scan-container.yaml b/.github/workflows/scan-container.yaml index 652e160..b218e70 100644 --- a/.github/workflows/scan-container.yaml +++ b/.github/workflows/scan-container.yaml @@ -26,7 +26,7 @@ jobs: load: true - name: Scan image - uses: anchore/scan-action@v6 + uses: anchore/scan-action@v7 with: image: "localbuild/testimage:latest" output-format: table From 90eb31a5e561f30e5bc9076723c56be6ef584a4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 19:52:54 +0000 Subject: [PATCH 31/40] chore(deps): bump actions/upload-artifact from 4 to 5 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test-build-stream-sprout.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index e7eacc0..299d6d6 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -117,7 +117,7 @@ jobs: snap: ${{ steps.snapcraft.outputs.snap }} isClassic: false - name: Upload artifacts โคด๏ธ - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: stream-sprout-snap path: ${{ steps.snapcraft.outputs.snap}} From b3be5c43d918573916d772427e11334bf3d88590 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Nov 2025 19:24:34 +0000 Subject: [PATCH 32/40] chore(deps): bump DeterminateSystems/nix-installer-action from 19 to 21 Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 19 to 21. - [Release notes](https://github.com/determinatesystems/nix-installer-action/releases) - [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v19...v21) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-version: '21' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-checker.yml | 2 +- .github/workflows/flake-updater.yml | 2 +- .github/workflows/test-build-stream-sprout.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml index ebb5660..2870650 100644 --- a/.github/workflows/flake-checker.yml +++ b/.github/workflows/flake-checker.yml @@ -16,6 +16,6 @@ jobs: - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: DeterminateSystems/nix-installer-action@v19 + - uses: DeterminateSystems/nix-installer-action@v21 - uses: DeterminateSystems/magic-nix-cache-action@v13 - uses: DeterminateSystems/flake-checker-action@v12 diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index c214391..1d6b35e 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: DeterminateSystems/nix-installer-action@v19 + - uses: DeterminateSystems/nix-installer-action@v21 - uses: DeterminateSystems/magic-nix-cache-action@v13 - uses: DeterminateSystems/update-flake-lock@v27 with: diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index 299d6d6..d4b7d43 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -57,7 +57,7 @@ jobs: - name: "Checkout ๐Ÿฅก" uses: "actions/checkout@v5" - name: "Install Nix โ„๏ธ" - uses: "DeterminateSystems/nix-installer-action@v19" + uses: "DeterminateSystems/nix-installer-action@v21" - name: "Enable Magic Nix Cache ๐Ÿช„" uses: "DeterminateSystems/magic-nix-cache-action@v13" - name: "Build & Test .nix โ„๏ธ" From c417dc1b10b9d29da261c8f532b41e0706237bb0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 19:36:47 +0000 Subject: [PATCH 33/40] chore(deps): bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-checker.yml | 2 +- .github/workflows/flake-updater.yml | 2 +- .github/workflows/lint-shellcheck.yml | 2 +- .github/workflows/publish-release.yml | 8 ++++---- .github/workflows/scan-container.yaml | 2 +- .github/workflows/test-build-stream-sprout.yml | 8 ++++---- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml index 2870650..6f0b13f 100644 --- a/.github/workflows/flake-checker.yml +++ b/.github/workflows/flake-checker.yml @@ -13,7 +13,7 @@ jobs: name: Flake Checker runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v21 diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index 1d6b35e..738cadc 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -10,7 +10,7 @@ jobs: name: Flake Lock Updater runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v21 diff --git a/.github/workflows/lint-shellcheck.yml b/.github/workflows/lint-shellcheck.yml index 658e48b..81b8108 100644 --- a/.github/workflows/lint-shellcheck.yml +++ b/.github/workflows/lint-shellcheck.yml @@ -10,7 +10,7 @@ jobs: name: Shellcheck runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Run ShellCheck uses: ludeeus/action-shellcheck@master with: diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 6c1a719..63153dd 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -16,7 +16,7 @@ jobs: name: "Check versions โš–๏ธ" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: "Compare App and Git versions ๐ŸŸฐ" @@ -37,7 +37,7 @@ jobs: name: "Build Release ๐Ÿ‘จโ€๐Ÿ”ง" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: "Build .deb ๐Ÿฅ" env: DEBFULLNAME: "Martin Wimpress" @@ -69,7 +69,7 @@ jobs: id-token: "write" contents: "read" steps: - - uses: "actions/checkout@v5" + - uses: "actions/checkout@v6" with: ref: "${{ (inputs.tag != null) && format('refs/tags/{0}', inputs.tag) || '' }}" - uses: "DeterminateSystems/nix-installer-action@main" @@ -86,7 +86,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: "Checkout ๐Ÿฅก" - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Container Buildx diff --git a/.github/workflows/scan-container.yaml b/.github/workflows/scan-container.yaml index b218e70..b60b1a0 100644 --- a/.github/workflows/scan-container.yaml +++ b/.github/workflows/scan-container.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index d4b7d43..428e7ab 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: "Checkout ๐Ÿฅก" - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: "Build & Test .deb ๐Ÿฅ" env: DEBFULLNAME: "Martin Wimpress" @@ -55,7 +55,7 @@ jobs: contents: "read" steps: - name: "Checkout ๐Ÿฅก" - uses: "actions/checkout@v5" + uses: "actions/checkout@v6" - name: "Install Nix โ„๏ธ" uses: "DeterminateSystems/nix-installer-action@v21" - name: "Enable Magic Nix Cache ๐Ÿช„" @@ -69,7 +69,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: "Checkout ๐Ÿฅก" - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Container Buildx @@ -103,7 +103,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout ๐Ÿฅก - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Build snap ๐ŸŠ uses: snapcore/action-build@v1 id: snapcraft From a811fe527e67f16b8113b043b32b4233a72ffa22 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 14 Jan 2026 13:59:33 +0000 Subject: [PATCH 34/40] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: โ€ข Updated input 'flake-schemas': 'https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz' (2024-07-26) โ†’ 'https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.2.0/019a4a84-544d-7c59-b26d-e334e320c932/source.tar.gz' (2025-10-27) โ€ข Updated input 'nixpkgs': 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.808080%2Brev-ddae11e58c0c345bf66efbddbf2192ed0e58f896/01989f5e-b09d-7b09-9699-5d522e6f12ce/source.tar.gz' (2025-08-11) โ†’ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.905687%2Brev-1327e798cb055f96f92685df444e9a2c326ab5ed/019bb874-9b65-73ec-9dd5-8f14598e59e0/source.tar.gz' (2026-01-12) --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 1aa9ec4..3475f90 100644 --- a/flake.lock +++ b/flake.lock @@ -2,12 +2,12 @@ "nodes": { "flake-schemas": { "locked": { - "lastModified": 1721999734, - "narHash": "sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw=", - "rev": "0a5c42297d870156d9c57d8f99e476b738dcd982", - "revCount": 75, + "lastModified": 1761577921, + "narHash": "sha256-eK3/xbUOrxp9fFlei09XNjqcdiHXxndzrTXp7jFpOk8=", + "rev": "47849c7625e223d36766968cc6dc23ba0e135922", + "revCount": 107, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.2.0/019a4a84-544d-7c59-b26d-e334e320c932/source.tar.gz" }, "original": { "type": "tarball", @@ -16,12 +16,12 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754937576, - "narHash": "sha256-3sWA5WJybUE16kIMZ3+uxcxKZY/JRR4DFBqLdSLBo7w=", - "rev": "ddae11e58c0c345bf66efbddbf2192ed0e58f896", - "revCount": 808080, + "lastModified": 1768242861, + "narHash": "sha256-F4IIxa5xDHjtrmMcayM8lHctUq1oGltfBQu2+oqDWP4=", + "rev": "1327e798cb055f96f92685df444e9a2c326ab5ed", + "revCount": 905687, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.808080%2Brev-ddae11e58c0c345bf66efbddbf2192ed0e58f896/01989f5e-b09d-7b09-9699-5d522e6f12ce/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.905687%2Brev-1327e798cb055f96f92685df444e9a2c326ab5ed/019bb874-9b65-73ec-9dd5-8f14598e59e0/source.tar.gz" }, "original": { "type": "tarball", From 2bda8192f123ec7b48afebf9703dffb2e79cce66 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Thu, 22 Jan 2026 16:06:33 +0000 Subject: [PATCH 35/40] docs(agents): add AGENTS.md for AI agent context Provides comprehensive project documentation including: - Overview of Stream Sprout RTMP restreaming tool - Tech stack and build instructions - Code style and linting requirements - Project structure and configuration details - Commit guidelines and security considerations Signed-off-by: Martin Wimpress --- AGENTS.md | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 AGENTS.md diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..2a806d8 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,105 @@ +# AGENTS.md + +## Overview + +Stream Sprout is a bash-based RTMP restreaming tool that forwards a single video source (from OBS Studio or similar) to multiple destinations like Twitch, YouTube, Owncast, and Peertube simultaneously. It uses FFmpeg's tee muxer to copy streams without transcoding. + +## Tech Stack + +- **Language:** Bash 5.0+ (single script: `stream-sprout`) +- **Runtime dependency:** FFmpeg (RTMP server and restreaming) +- **Configuration:** YAML parsed via awk/sed +- **Packaging:** Nix flake, Debian .deb, Snap, Docker/Podman + +## Build and Run Commands + +```bash +# Run directly (requires ffmpeg, bash 5.0+, awk, grep, sed) +./stream-sprout --config stream-sprout.yaml + +# Show version and FFmpeg info +./stream-sprout --version + +# Show system info (useful for bug reports) +./stream-sprout --info + +# Nix build +nix build + +# Enter development shell with all dependencies +nix develop + +# Docker build and run +docker build -t stream-sprout . +docker run -p 1935:1935 -it -v $PWD:/data stream-sprout --config /data/stream-sprout.yaml +``` + +## Linting + +ShellCheck is enforced via CI on all pull requests. + +```bash +# Run locally before committing +shellcheck stream-sprout +``` + +The script includes `# shellcheck disable=SC2154` for variables set dynamically via `eval` from YAML parsing. + +## Code Style + +- Bash scripts use `#!/usr/bin/env bash` +- Functions use `function name() {}` syntax +- Use `local` for function-scoped variables +- Use `readonly` for constants +- Validation with informative error messages using Unicode icons and ANSI colours +- Version is tracked in the script: `readonly VERSION="x.y.z"` + +## Project Structure + +``` +stream-sprout # Main bash script (single file) +stream-sprout.yaml # Local config (gitignored) +stream-sprout.yaml.example # Example configuration +package.nix # Nix package definition +devshell.nix # Nix development shell +flake.nix # Nix flake +Dockerfile # Alpine-based container +``` + +## Configuration + +YAML config with two main sections: + +- `server:` - RTMP server settings (ip, port, app, key, archive options) +- `services:` - Destination services (each with enabled, rtmp_server, key) + +Config search order: `./stream-sprout.yaml`, `$XDG_CONFIG_HOME/stream-sprout.yaml`, `/etc/stream-sprout.yaml` + +## PR and Commit Guidelines + +- **Commit messages must follow [Conventional Commits](https://www.conventionalcommits.org/)** +- PR titles are validated against Conventional Commits format +- Single-commit PRs must have matching PR title and commit message +- ShellCheck must pass with no warnings + +Common prefixes: `feat:`, `fix:`, `chore:`, `refactor:`, `docs:` + +## Version Updates + +When changing version: + +1. Update `VERSION` in `stream-sprout` script +2. The Nix package extracts version automatically from the script + +## Constraints + +- Requires bash 5.0 or newer +- FFmpeg must be available on PATH +- RTMP only (no RTMPS support currently) +- FFmpeg does not enforce stream keys (documented security limitation) + +## Security Considerations + +- Stream keys are stored in plain text in YAML config +- FFmpeg accepts any RTMP stream on the configured port regardless of app/key path +- Do not expose the RTMP port to untrusted networks without additional protection (VPN, firewall, SSH tunnel) From da76e1c219b9b561e74189197c2531abd3a045ed Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Thu, 22 Jan 2026 16:09:33 +0000 Subject: [PATCH 36/40] chore: symlink Dockerfile to Containerfile Signed-off-by: Martin Wimpress --- Dockerfile | 1 + 1 file changed, 1 insertion(+) create mode 120000 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 120000 index 0000000..5240dc0 --- /dev/null +++ b/Dockerfile @@ -0,0 +1 @@ +Containerfile \ No newline at end of file From 7a63368963dd45e8672bd87588fca2bea1bf1494 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Thu, 22 Jan 2026 16:22:11 +0000 Subject: [PATCH 37/40] docs(readme): remove uncertain RTMPS support statement The statement about untested RTMPS support was speculative and potentially confusing to users. Removed as it has now been verified as working. Signed-off-by: Martin Wimpress --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 8f8a19c..c2c81e7 100644 --- a/README.md +++ b/README.md @@ -271,10 +271,6 @@ services: [rtmp @ 0x2ca9be80] Unexpected stream STREAMBOMB, expecting c5b559b2-589d-4925-a28e-20d1954fd6c5 Last message repeated 1 times ``` -- Stream Sprout does not support restreaming using secure RTMP (RTMPS). - - *At least I don't think it does, but I haven't fully tested it.* - - Kick only appears to support rtmps:// URLs and Stream Sprout restreams do not appear on Kick. - - https://superuser.com/questions/1438939/live-streaming-over-rtmps-using-ffmpeg - Each destination you add will increase your bandwidth requirements. ## References From 8393e053b956067c1142ffddddf37e93eb0d959b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jan 2026 21:10:51 +0000 Subject: [PATCH 38/40] chore(deps): bump actions/upload-artifact from 5 to 6 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test-build-stream-sprout.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-build-stream-sprout.yml b/.github/workflows/test-build-stream-sprout.yml index 428e7ab..e9a43b0 100644 --- a/.github/workflows/test-build-stream-sprout.yml +++ b/.github/workflows/test-build-stream-sprout.yml @@ -117,7 +117,7 @@ jobs: snap: ${{ steps.snapcraft.outputs.snap }} isClassic: false - name: Upload artifacts โคด๏ธ - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: stream-sprout-snap path: ${{ steps.snapcraft.outputs.snap}} From 5df0f028e28497d4dd3e4abef9aeee1ca21d0376 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jan 2026 21:10:55 +0000 Subject: [PATCH 39/40] chore(deps): bump DeterminateSystems/update-flake-lock from 27 to 28 Bumps [DeterminateSystems/update-flake-lock](https://github.com/determinatesystems/update-flake-lock) from 27 to 28. - [Release notes](https://github.com/determinatesystems/update-flake-lock/releases) - [Commits](https://github.com/determinatesystems/update-flake-lock/compare/v27...v28) --- updated-dependencies: - dependency-name: DeterminateSystems/update-flake-lock dependency-version: '28' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/flake-updater.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml index 738cadc..a0c019d 100644 --- a/.github/workflows/flake-updater.yml +++ b/.github/workflows/flake-updater.yml @@ -15,6 +15,6 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@v21 - uses: DeterminateSystems/magic-nix-cache-action@v13 - - uses: DeterminateSystems/update-flake-lock@v27 + - uses: DeterminateSystems/update-flake-lock@v28 with: pr-title: "chore: update flake.lock" From 697558934197ec3622aa4d7e48d6a062d5a99004 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 28 Jan 2026 14:03:51 +0000 Subject: [PATCH 40/40] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: โ€ข Updated input 'nixpkgs': 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.905687%2Brev-1327e798cb055f96f92685df444e9a2c326ab5ed/019bb874-9b65-73ec-9dd5-8f14598e59e0/source.tar.gz' (2026-01-12) โ†’ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.906484%2Brev-1cd347bf3355fce6c64ab37d3967b4a2cb4b878c/019bfb68-fb8e-7f55-bb2a-5bee98516c95/source.tar.gz' (2026-01-25) --- flake.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 3475f90..6186ae3 100644 --- a/flake.lock +++ b/flake.lock @@ -16,12 +16,12 @@ }, "nixpkgs": { "locked": { - "lastModified": 1768242861, - "narHash": "sha256-F4IIxa5xDHjtrmMcayM8lHctUq1oGltfBQu2+oqDWP4=", - "rev": "1327e798cb055f96f92685df444e9a2c326ab5ed", - "revCount": 905687, + "lastModified": 1769318308, + "narHash": "sha256-Mjx6p96Pkefks3+aA+72lu1xVehb6mv2yTUUqmSet6Q=", + "rev": "1cd347bf3355fce6c64ab37d3967b4a2cb4b878c", + "revCount": 906484, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.905687%2Brev-1327e798cb055f96f92685df444e9a2c326ab5ed/019bb874-9b65-73ec-9dd5-8f14598e59e0/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.906484%2Brev-1cd347bf3355fce6c64ab37d3967b4a2cb4b878c/019bfb68-fb8e-7f55-bb2a-5bee98516c95/source.tar.gz" }, "original": { "type": "tarball",