eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Miniflux 2.2.19 + container.py migration + ty typechecker (#331)
All checks were successful
Build Container / detect (push) Successful in 3s
Details
Build Container / build-dagger (miniflux) (push) Successful in 1m3s
Details

Browse source 
## Summary

- Upgrade miniflux from 2.2.17 to 2.2.19 (security hardening, performance improvements)
- Migrate miniflux from Dockerfile to native Dagger container.py build
- Refactor `alpine_runtime()` helper to support existing users (nobody/65534)
- Add `ty` (Astral) Python typechecker to prek hooks

## Test plan

- [ ] `dagger call build --src=. --container-name=miniflux` succeeds
- [ ] `dagger call container-version --container-name=miniflux` returns 2.2.19
- [ ] `mise run container-version-check` passes
- [ ] `ty check` passes cleanly
- [ ] `prek run --all-files` passes
- [ ] CI builds container successfully
- [ ] Miniflux healthcheck passes after deploy from branch

Reviewed-on: #331
This commit is contained in:
Erich Blume 2026-04-12 08:54:32 -07:00
commit 138e23d525
12 changed files with 162 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog.d/miniflux-upgrade-and-ty.feature.md Normal file
View file

@ -0,0 +1 @@
Add `ty` (Astral) Python typechecker to prek hooks, configured for Dagger SDK and container.py modules. Add `type: mise` to service-versions.yaml for tracking development tool versions (dagger, ansible-core, prek, pulumi, ty) through the standard service review process.

1
docs/changelog.d/miniflux-upgrade-and-ty.infra.md Normal file
View file

@ -0,0 +1 @@
Upgrade miniflux from 2.2.17 to 2.2.19 and migrate from Dockerfile to native Dagger container.py build (second container after navidrome). Refactor `alpine_runtime()` with `create_user` parameter to support Alpine's built-in nobody user. Pin all mise.toml tool versions to explicit versions instead of "latest".

14
docs/how-to/knowledgebase/review-services.md
View file

@ -1,7 +1,7 @@
---
title: Review Services
modified: 2026-03-24
last-reviewed: 2026-03-07
modified: 2026-04-12
last-reviewed: 2026-04-12
tags:
- how-to
- maintenance
@ -66,6 +66,16 @@ Versioned NixOS services (forgejo-runner, snowflake, k3s) are pinned via a `nixp
4. Deploy via `mise run provision-ringtail`
5. Update `service-versions.yaml` with the new version
### Mise Tools (`type: mise`)
Development tools managed via `mise.toml` with pinned versions. These are local CLI tools (dagger, pulumi, prek, ty, ansible-core) rather than deployed services.
1. Check the upstream releases page for new versions
2. Review the changelog for breaking changes
3. Update the pinned version in `mise.toml`
4. Run `mise install` to verify the new version installs correctly
5. Update `service-versions.yaml` with the new version
### Private Forge Repos (`upstream-source` under `forge.eblu.me/eblume/`)
Some services are built from private repos on the forge rather than tracking an external upstream project. When `upstream-source` points to a `forge.eblu.me/eblume/` repo: