From 627caeb61f84c4803109132dbe484e12e2c4276d Mon Sep 17 00:00:00 2001
From: Forgejo Actions <actions@forge.ops.eblu.me>
Date: Sun, 22 Feb 2026 09:16:00 -0800
Subject: [PATCH] Update docs release to v1.11.0

- Built changelog from towncrier fragments

[skip ci]
---
 CHANGELOG.md                                  | 28 +++++++++++++++++++
 argocd/manifests/docs/deployment.yaml         |  2 +-
 .../add-container-versioning-prereq.infra.md  |  1 -
 .../feature-agent-change-process.feature.md   |  1 -
 .../feature-authentik-mikado-chain.infra.md   |  1 -
 .../feature-deploy-authentik.feature.md       |  1 -
 .../feature-forgejo-authentik-oidc.feature.md |  1 -
 .../feature-jellyfin-authentik-sso.feature.md |  1 -
 .../feature-ringtail-flake-update.infra.md    |  1 -
 .../fix-frigate-notify-config.bugfix.md       |  1 -
 .../harden-zot-registry.feature.md            |  1 -
 docs/changelog.d/plan-deploy-authentik.doc.md |  1 -
 .../register-zot-oidc-client.feature.md       |  1 -
 .../review-frigate-notify-v0.5.4.infra.md     |  1 -
 .../wire-ci-registry-auth.feature.md          |  1 -
 15 files changed, 29 insertions(+), 14 deletions(-)
 delete mode 100644 docs/changelog.d/add-container-versioning-prereq.infra.md
 delete mode 100644 docs/changelog.d/feature-agent-change-process.feature.md
 delete mode 100644 docs/changelog.d/feature-authentik-mikado-chain.infra.md
 delete mode 100644 docs/changelog.d/feature-deploy-authentik.feature.md
 delete mode 100644 docs/changelog.d/feature-forgejo-authentik-oidc.feature.md
 delete mode 100644 docs/changelog.d/feature-jellyfin-authentik-sso.feature.md
 delete mode 100644 docs/changelog.d/feature-ringtail-flake-update.infra.md
 delete mode 100644 docs/changelog.d/fix-frigate-notify-config.bugfix.md
 delete mode 100644 docs/changelog.d/harden-zot-registry.feature.md
 delete mode 100644 docs/changelog.d/plan-deploy-authentik.doc.md
 delete mode 100644 docs/changelog.d/register-zot-oidc-client.feature.md
 delete mode 100644 docs/changelog.d/review-frigate-notify-v0.5.4.infra.md
 delete mode 100644 docs/changelog.d/wire-ci-registry-auth.feature.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b95d67d..a5a18fa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,34 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 <!-- towncrier release notes start -->
 
+## [v1.11.0] - 2026-02-22
+
+### Features
+
+- Add agent change process (C0/C1/C2) documentation and `docs-mikado` tool for Mikado method dependency chain resolution. Rename `zk-docs` task to `ai-docs`.
+- Deploy Authentik identity provider on ringtail k3s cluster, replacing Dex as the SSO provider. Includes Nix-built container, CNPG database, Redis, and Caddy routing at `authentik.ops.eblu.me`.
+- Integrate Forgejo with Authentik OIDC for single sign-on with group-based admin propagation. Enforce TOTP MFA on Authentik authentication flow.
+- Add Authentik SSO to Jellyfin with admin group mapping
+- Container builds now trigger automatically on merge to main (path-based) and use commit-SHA-based image tags (`vX.Y.Z-<sha>`) for full traceability. The `container-tag-and-release` task is replaced by `container-build-and-release` which dispatches workflows via the Forgejo API. Added pre-commit hook to keep container versions in sync with `service-versions.yaml`.
+- Register Zot as an OIDC client in Authentik via blueprint, with artifact-workloads group, zot-ci service account, and OIDC credentials template for Ansible deployment.
+- Enable OIDC + API key authentication on zot registry with three-tier access control (anonymous read, CI create, admin full). Wire both CI push paths (Dagger and Nix/skopeo) with registry credentials via Forgejo Actions secrets. Allow anonymous Prometheus metrics scraping via `accessControl.metrics.users`.
+
+### Bug Fixes
+
+- Fix frigate-notify notification pipeline: switch to webapi polling, enable dedup, drop events without snapshots, use hi-res snapshots
+
+### Infrastructure
+
+- Add Mikado prereq for commit-based container tagging scheme to harden-zot-registry chain
+- Convert deploy-authentik plan to C2 Mikado chain entry point.
+- Add `flake-update` Dagger pipeline for updating ringtail NixOS flake inputs.
+- Upgrade frigate-notify from v0.3.5 to v0.5.4
+
+### Documentation
+
+- Add deployment plan for Authentik identity provider to replace Dex
+
+
 ## [v1.10.0] - 2026-02-19
 
 ### Features
diff --git a/argocd/manifests/docs/deployment.yaml b/argocd/manifests/docs/deployment.yaml
index 089ef78..8f9a056 100644
--- a/argocd/manifests/docs/deployment.yaml
+++ b/argocd/manifests/docs/deployment.yaml
@@ -22,7 +22,7 @@ spec:
               name: http
           env:
             - name: DOCS_RELEASE_URL
-              value: "https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.10.0/docs-v1.10.0.tar.gz"
+              value: "https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.11.0/docs-v1.11.0.tar.gz"
           resources:
             requests:
               memory: "64Mi"
diff --git a/docs/changelog.d/add-container-versioning-prereq.infra.md b/docs/changelog.d/add-container-versioning-prereq.infra.md
deleted file mode 100644
index 8646f29..0000000
--- a/docs/changelog.d/add-container-versioning-prereq.infra.md
+++ /dev/null
@@ -1 +0,0 @@
-Add Mikado prereq for commit-based container tagging scheme to harden-zot-registry chain
diff --git a/docs/changelog.d/feature-agent-change-process.feature.md b/docs/changelog.d/feature-agent-change-process.feature.md
deleted file mode 100644
index 98e50a3..0000000
--- a/docs/changelog.d/feature-agent-change-process.feature.md
+++ /dev/null
@@ -1 +0,0 @@
-Add agent change process (C0/C1/C2) documentation and `docs-mikado` tool for Mikado method dependency chain resolution. Rename `zk-docs` task to `ai-docs`.
diff --git a/docs/changelog.d/feature-authentik-mikado-chain.infra.md b/docs/changelog.d/feature-authentik-mikado-chain.infra.md
deleted file mode 100644
index bbcb895..0000000
--- a/docs/changelog.d/feature-authentik-mikado-chain.infra.md
+++ /dev/null
@@ -1 +0,0 @@
-Convert deploy-authentik plan to C2 Mikado chain entry point.
diff --git a/docs/changelog.d/feature-deploy-authentik.feature.md b/docs/changelog.d/feature-deploy-authentik.feature.md
deleted file mode 100644
index e2d2daf..0000000
--- a/docs/changelog.d/feature-deploy-authentik.feature.md
+++ /dev/null
@@ -1 +0,0 @@
-Deploy Authentik identity provider on ringtail k3s cluster, replacing Dex as the SSO provider. Includes Nix-built container, CNPG database, Redis, and Caddy routing at `authentik.ops.eblu.me`.
diff --git a/docs/changelog.d/feature-forgejo-authentik-oidc.feature.md b/docs/changelog.d/feature-forgejo-authentik-oidc.feature.md
deleted file mode 100644
index 0defcdd..0000000
--- a/docs/changelog.d/feature-forgejo-authentik-oidc.feature.md
+++ /dev/null
@@ -1 +0,0 @@
-Integrate Forgejo with Authentik OIDC for single sign-on with group-based admin propagation. Enforce TOTP MFA on Authentik authentication flow.
diff --git a/docs/changelog.d/feature-jellyfin-authentik-sso.feature.md b/docs/changelog.d/feature-jellyfin-authentik-sso.feature.md
deleted file mode 100644
index 67de207..0000000
--- a/docs/changelog.d/feature-jellyfin-authentik-sso.feature.md
+++ /dev/null
@@ -1 +0,0 @@
-Add Authentik SSO to Jellyfin with admin group mapping
diff --git a/docs/changelog.d/feature-ringtail-flake-update.infra.md b/docs/changelog.d/feature-ringtail-flake-update.infra.md
deleted file mode 100644
index 50ed01f..0000000
--- a/docs/changelog.d/feature-ringtail-flake-update.infra.md
+++ /dev/null
@@ -1 +0,0 @@
-Add `flake-update` Dagger pipeline for updating ringtail NixOS flake inputs.
diff --git a/docs/changelog.d/fix-frigate-notify-config.bugfix.md b/docs/changelog.d/fix-frigate-notify-config.bugfix.md
deleted file mode 100644
index 24d3c31..0000000
--- a/docs/changelog.d/fix-frigate-notify-config.bugfix.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix frigate-notify notification pipeline: switch to webapi polling, enable dedup, drop events without snapshots, use hi-res snapshots
diff --git a/docs/changelog.d/harden-zot-registry.feature.md b/docs/changelog.d/harden-zot-registry.feature.md
deleted file mode 100644
index bc0ed34..0000000
--- a/docs/changelog.d/harden-zot-registry.feature.md
+++ /dev/null
@@ -1 +0,0 @@
-Container builds now trigger automatically on merge to main (path-based) and use commit-SHA-based image tags (`vX.Y.Z-<sha>`) for full traceability. The `container-tag-and-release` task is replaced by `container-build-and-release` which dispatches workflows via the Forgejo API. Added pre-commit hook to keep container versions in sync with `service-versions.yaml`.
diff --git a/docs/changelog.d/plan-deploy-authentik.doc.md b/docs/changelog.d/plan-deploy-authentik.doc.md
deleted file mode 100644
index f59a9a0..0000000
--- a/docs/changelog.d/plan-deploy-authentik.doc.md
+++ /dev/null
@@ -1 +0,0 @@
-Add deployment plan for Authentik identity provider to replace Dex
diff --git a/docs/changelog.d/register-zot-oidc-client.feature.md b/docs/changelog.d/register-zot-oidc-client.feature.md
deleted file mode 100644
index 2332f38..0000000
--- a/docs/changelog.d/register-zot-oidc-client.feature.md
+++ /dev/null
@@ -1 +0,0 @@
-Register Zot as an OIDC client in Authentik via blueprint, with artifact-workloads group, zot-ci service account, and OIDC credentials template for Ansible deployment.
diff --git a/docs/changelog.d/review-frigate-notify-v0.5.4.infra.md b/docs/changelog.d/review-frigate-notify-v0.5.4.infra.md
deleted file mode 100644
index d70a18a..0000000
--- a/docs/changelog.d/review-frigate-notify-v0.5.4.infra.md
+++ /dev/null
@@ -1 +0,0 @@
-Upgrade frigate-notify from v0.3.5 to v0.5.4
diff --git a/docs/changelog.d/wire-ci-registry-auth.feature.md b/docs/changelog.d/wire-ci-registry-auth.feature.md
deleted file mode 100644
index 3dd5597..0000000
--- a/docs/changelog.d/wire-ci-registry-auth.feature.md
+++ /dev/null
@@ -1 +0,0 @@
-Enable OIDC + API key authentication on zot registry with three-tier access control (anonymous read, CI create, admin full). Wire both CI push paths (Dagger and Nix/skopeo) with registry credentials via Forgejo Actions secrets. Allow anonymous Prometheus metrics scraping via `accessControl.metrics.users`.