All verification items pass: mismatch detection confirmed, ntfy nix
version resolved. All three prereqs (pin-container-versions,
add-dagger-nix-build, fix-ntfy-nix-version) are complete.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The nixpkgs ntfy-sh package is pinned at 2.15.0, creating a version
skew with the Dockerfile (v2.17.0). Replace the pkgs.ntfy-sh reference
with a custom derivation using fetchgit, buildNpmPackage, and
buildGoModule targeting the forge mirror. Update container-version-check
to extract versions from local nix files via regex before falling back
to the Dagger nix-version function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduces a typer-based mise task that validates version consistency
across Dockerfiles, nix derivations, and service-versions.yaml for all
tracked containers. Populates current-version for all hybrid services.
Discovered ntfy nix version skew (2.15.0 vs Dockerfile 2.17.0) — fixing
forward with ntfy excluded from nix checks and a new Mikado dependency
card (fix-ntfy-nix-version) to resolve it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every container Dockerfile now declares ARG CONTAINER_APP_VERSION=X.Y.Z
as the first ARG, enabling uniform version parsing for the sync check.
Containers that use the version in build commands chain it to a semantic
ARG (e.g., ARG NAVIDROME_VERSION=${CONTAINER_APP_VERSION}).
Version sources:
- cv: 1.0.3 (latest Forgejo generic package release)
- quartz: 1.28.2 (nginx stable, pinned FROM tag)
- devpi: 6.19.1 / 5.0.1 (devpi-server + devpi-web from PyPI)
- nettest: 0.1.0 (internal, no upstream)
- All others: existing versions carried forward
Mark pin-container-versions Mikado card as complete.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
build_nix: builds nix containers inside nixos/nix:2.33.3 via Dagger,
resolving nixpkgs from the flake registry. Returns docker-archive tarball.
nix_version: extracts package version from nixpkgs (e.g., authentik ->
2025.10.1). Used by the container version sync check.
Tested: nettest builds successfully, ntfy-sh and authentik versions resolve.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Analysis of adopt-commit-based-container-tags revealed three new prerequisites:
- pin-container-versions: add version ARGs to devpi, cv, quartz Dockerfiles
- add-dagger-nix-build: Dagger functions for nix container builds and version extraction
- add-container-version-sync-check: pre-commit hook enforcing version consistency
across Dockerfile ARGs, service-versions.yaml, and nix derivations
Eliminated the need for separate VERSION files — existing sources (Dockerfile
ARGs, nix derivations, service-versions.yaml) are the source of truth, with a
sync check enforcing consistency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
