Miniflux 2.2.19 + container.py migration + ty typechecker (#331)

## Summary - Upgrade miniflux from 2.2.17 to 2.2.19 (security hardening, performance improvements) - Migrate miniflux from Dockerfile to native Dagger container.py build - Refactor `alpine_runtime()` helper to support existing users (nobody/65534) - Add `ty` (Astral) Python typechecker to prek hooks ## Test plan - [ ] `dagger call build --src=. --container-name=miniflux` succeeds - [ ] `dagger call container-version --container-name=miniflux` returns 2.2.19 - [ ] `mise run container-version-check` passes - [ ] `ty check` passes cleanly - [ ] `prek run --all-files` passes - [ ] CI builds container successfully - [ ] Miniflux healthcheck passes after deploy from branch Reviewed-on: #331
2026-04-12 08:54:32 -07:00 · 2026-04-12 08:54:32 -07:00 · 138e23d525
commit 138e23d525
parent dc5bffdd97
12 changed files with 162 additions and 54 deletions
--- a/src/blumeops/containers.py
+++ b/src/blumeops/containers.py
@ -131,20 +131,26 @@ def alpine_runtime(
    uid: int = 65534,
    gid: int = 65534,
    username: str = "app",
+    create_user: bool = True,
 ) -> dagger.Container:
-    """Standard Alpine 3.22 runtime base with non-root user."""
+    """Standard Alpine 3.22 runtime base.
+
+    When create_user is True (default), creates a non-root user with the given
+    uid/gid/username. Set create_user=False to use an existing user (e.g.
+    Alpine's built-in nobody:65534).
+    """
    packages = extra_apk or []
    setup_cmds = []
    if packages:
        setup_cmds.append(f"apk add --no-cache {' '.join(packages)}")
-    setup_cmds.append(f"addgroup -g {gid} {username}")
-    setup_cmds.append(f"adduser -u {uid} -G {username} -D {username}")
+    if create_user:
+        setup_cmds.append(f"addgroup -g {gid} {username}")
+        setup_cmds.append(f"adduser -u {uid} -G {username} -D {username}")

-    return (
-        dag.container()
-        .from_("alpine:3.22")
-        .with_exec(["sh", "-c", " && ".join(setup_cmds)])
-    )
+    ctr = dag.container().from_("alpine:3.22")
+    if setup_cmds:
+        ctr = ctr.with_exec(["sh", "-c", " && ".join(setup_cmds)])
+    return ctr


 def oci_labels(