eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Miniflux 2.2.19 upgrade, container.py migration, ty typechecker, mise version tracking

Browse source 
- Upgrade miniflux from 2.2.17 to 2.2.19 (SSRF hardening, performance)
- Migrate miniflux from Dockerfile to native Dagger container.py build
- Refactor alpine_runtime() with create_user param for existing users
- Add ty Python typechecker to prek hooks with Dagger SDK config
- Pin all mise.toml tool versions (no more "latest")
- Add type: mise to service-versions.yaml for development tool tracking
- Add mise-specific review guidance to service-review script and docs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Erich Blume 2026-04-12 08:22:57 -07:00
commit 99480ce4f3
10 changed files with 160 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog.d/miniflux-upgrade-and-ty.infra.md Normal file
View file

@ -0,0 +1 @@
Upgrade miniflux to 2.2.19 with native Dagger container.py build (second container migrated from Dockerfile). Add `ty` Python typechecker to prek hooks. Pin all mise.toml tool versions and track them as `type: mise` in service-versions.yaml. Refactor `alpine_runtime()` to support existing users via `create_user=False`.

14
docs/how-to/knowledgebase/review-services.md
View file

@ -1,7 +1,7 @@
---
title: Review Services
modified: 2026-03-24
last-reviewed: 2026-03-07
modified: 2026-04-12
last-reviewed: 2026-04-12
tags:
- how-to
- maintenance
@ -66,6 +66,16 @@ Versioned NixOS services (forgejo-runner, snowflake, k3s) are pinned via a `nixp
4. Deploy via `mise run provision-ringtail`
5. Update `service-versions.yaml` with the new version
### Mise Tools (`type: mise`)
Development tools managed via `mise.toml` with pinned versions. These are local CLI tools (dagger, pulumi, prek, ty, ansible-core) rather than deployed services.
1. Check the upstream releases page for new versions
2. Review the changelog for breaking changes
3. Update the pinned version in `mise.toml`
4. Run `mise install` to verify the new version installs correctly
5. Update `service-versions.yaml` with the new version
### Private Forge Repos (`upstream-source` under `forge.eblu.me/eblume/`)
Some services are built from private repos on the forge rather than tracking an external upstream project. When `upstream-source` points to a `forge.eblu.me/eblume/` repo: