Bot Updating Package Versions

Delete root/defaults/nginx/site-confs/default.conf.sample [development]

.github/CONTRIBUTING.md

@@ -6,7 +6,7 @@
 * Read, and fill the Pull Request template
   * If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR
   * If the PR is addressing an existing issue include, closes #\<issue number>, in the body of the PR commit message
-* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://discord.gg/YWrKVTn)
+* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://linuxserver.io/discord)
 
 ## Common files
 
@@ -105,10 +105,10 @@ docker build \
   -t linuxserver/heimdall:latest .
 ```
 
-The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static`
+The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static`
 
 ```bash
-docker run --rm --privileged multiarch/qemu-user-static:register --reset
+docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset
 ```
 
 Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`.

.github/ISSUE_TEMPLATE/config.yml

@@ -1,7 +1,7 @@
 blank_issues_enabled: false
 contact_links:
   - name: Discord chat support
-    url: https://discord.gg/YWrKVTn
+    url: https://linuxserver.io/discord
     about: Realtime support / chat with the community and the team.
 
   - name: Discourse discussion forum

.github/ISSUE_TEMPLATE/issue.bug.yml

@@ -67,10 +67,10 @@ body:
   - type: textarea
     attributes:
       description: |
-        Provide a full docker log, output of "docker logs linuxserver.io"
+        Provide a full docker log, output of "docker logs heimdall"
       label: Container logs
       placeholder: |
-        Output of `docker logs linuxserver.io`
+        Output of `docker logs heimdall`
       render: bash
     validations:
       required: true

.github/workflows/call_issue_pr_tracker.yml

@@ -8,6 +8,9 @@ on:
   pull_request_review:
     types: [submitted,edited,dismissed]
 
+permissions:
+  contents: read
+
 jobs:
   manage-project:
     permissions:

.github/workflows/call_issues_cron.yml

@@ -4,6 +4,9 @@ on:
     - cron:  '14 15 * * *'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   stale:
     permissions:

.github/workflows/external_trigger.yml

@@ -3,26 +3,42 @@ name: External Trigger Main
 on:
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   external-trigger-development:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.1.0
+      - uses: actions/checkout@v4.1.1
 
       - name: External Trigger
         if: github.ref == 'refs/heads/development'
+        env:
+          SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }}
         run: |
-          if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_HEIMDALL_DEVELOPMENT }}" ]; then
+          printf "# External trigger for docker-heimdall\n\n" >> $GITHUB_STEP_SUMMARY
-            echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_HEIMDALL_DEVELOPMENT is set; skipping trigger. ****"
+          if grep -q "^heimdall_development_" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
-            echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_HEIMDALL_DEVELOPMENT\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
+            echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
+            echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`heimdall_development_\`; will skip trigger if version matches." >> $GITHUB_STEP_SUMMARY
+          elif grep -q "^heimdall_development" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`heimdall_development\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
             exit 0
           fi
-          echo "**** External trigger running off of development branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_HEIMDALL_DEVELOPMENT\". ****"
+          echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
-          echo "External trigger running off of development branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_HEIMDALL_DEVELOPMENT\`" >> $GITHUB_STEP_SUMMARY
+          echo "> External trigger running off of development branch. To disable this trigger, add \`heimdall_development\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY
-          echo "**** Retrieving external version ****"
+          printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY
           EXT_RELEASE=$(curl -u "${{ secrets.CR_USER }}:${{ secrets.CR_PAT }}" -sX GET "https://api.github.com/repos/linuxserver/Heimdall/commits/2.x" | jq -r '. | .sha' | cut -c1-8)
+          echo "Type is \`github_commit\`" >> $GITHUB_STEP_SUMMARY
+          if grep -q "^heimdall_development_${EXT_RELEASE}" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` matches current external release; skipping trigger." >> $GITHUB_STEP_SUMMARY
+            exit 0
+          fi
           if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
-            echo "**** Can't retrieve external version, exiting ****"
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY
             FAILURE_REASON="Can't retrieve external version for heimdall branch development"
             GHA_TRIGGER_URL="https://github.com/linuxserver/docker-heimdall/actions/runs/${{ github.run_id }}"
             curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
@@ -30,10 +46,9 @@ jobs:
               "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
             exit 1
           fi
-          EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
+          EXT_RELEASE_SANITIZED=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
-          echo "**** External version: ${EXT_RELEASE} ****"
+          echo "Sanitized external version: \`${EXT_RELEASE_SANITIZED}\`" >> $GITHUB_STEP_SUMMARY
-          echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY
+          echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY
-          echo "**** Retrieving last pushed version ****"
           image="linuxserver/heimdall"
           tag="development"
           token=$(curl -sX GET \
@@ -41,14 +56,33 @@ jobs:
             | jq -r '.token')
           multidigest=$(curl -s \
             --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+            --header "Accept: application/vnd.oci.image.index.v1+json" \
             --header "Authorization: Bearer ${token}" \
-              "https://ghcr.io/v2/${image}/manifests/${tag}" \
+            "https://ghcr.io/v2/${image}/manifests/${tag}")
-              | jq -r 'first(.manifests[].digest)')
+          if jq -e '.layers // empty' <<< "${multidigest}" >/dev/null 2>&1; then
-            digest=$(curl -s \
+            # If there's a layer element it's a single-arch manifest so just get that digest
+            digest=$(jq -r '.config.digest' <<< "${multidigest}")
+          else
+            # Otherwise it's multi-arch or has manifest annotations
+            if jq -e '.manifests[]?.annotations // empty' <<< "${multidigest}" >/dev/null 2>&1; then
+              # Check for manifest annotations and delete if found
+              multidigest=$(jq 'del(.manifests[] | select(.annotations))' <<< "${multidigest}")
+            fi
+            if [[ $(jq '.manifests | length' <<< "${multidigest}") -gt 1 ]]; then
+              # If there's still more than one digest, it's multi-arch
+              multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}")
+            else
+              # Otherwise it's single arch
+              multidigest=$(jq -r ".manifests[].digest?" <<< "${multidigest}")
+            fi
+            if digest=$(curl -s \
               --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+              --header "Accept: application/vnd.oci.image.manifest.v1+json" \
               --header "Authorization: Bearer ${token}" \
-              "https://ghcr.io/v2/${image}/manifests/${multidigest}" \
+              "https://ghcr.io/v2/${image}/manifests/${multidigest}"); then
-              | jq -r '.config.digest')
+              digest=$(jq -r '.config.digest' <<< "${digest}");
+            fi
+          fi
           image_info=$(curl -sL \
             --header "Authorization: Bearer ${token}" \
             "https://ghcr.io/v2/${image}/blobs/${digest}")
@@ -60,45 +94,54 @@ jobs:
           IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
           IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
           if [ -z "${IMAGE_VERSION}" ]; then
-            echo "**** Can't retrieve last pushed version, exiting ****"
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "Can't retrieve last pushed version, exiting" >> $GITHUB_STEP_SUMMARY
             FAILURE_REASON="Can't retrieve last pushed version for heimdall tag development"
             curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
               "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
               "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
             exit 1
           fi
-          echo "**** Last pushed version: ${IMAGE_VERSION} ****"
+          echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY
-          echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY
+          if [ "${EXT_RELEASE_SANITIZED}" == "${IMAGE_VERSION}" ]; then
-          if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
+            echo "Sanitized version \`${EXT_RELEASE_SANITIZED}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY
-            echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
-            echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY
             exit 0
           elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/development/lastBuild/api/json | jq -r '.building') == "true" ]; then
-            echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
+            echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
-            echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
             exit 0
           else
-            echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
+            if [[ "${artifacts_found}" == "false" ]]; then
-            echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY
+              echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+              echo "> New version detected, but not all artifacts are published yet; skipping trigger" >> $GITHUB_STEP_SUMMARY
+              FAILURE_REASON="New version ${EXT_RELEASE} for heimdall tag development is detected, however not all artifacts are uploaded to upstream release yet. Will try again later."
+              curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
+                "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
+                "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            else
+              printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY
+              echo "New sanitized version \`${EXT_RELEASE_SANITIZED}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY
+              if [[ "${artifacts_found}" == "true" ]]; then
+                echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY
+              fi
               response=$(curl -iX POST \
                 https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/development/buildWithParameters?PACKAGE_CHECK=false \
                 --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
-            echo "**** Jenkins job queue url: ${response%$'\r'} ****"
+              echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
-            echo "**** Sleeping 10 seconds until job starts ****"
+              echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
               sleep 10
               buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
               buildurl="${buildurl%$'\r'}"
-            echo "**** Jenkins job build url: ${buildurl} ****"
+              echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
-            echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
+              echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
-            echo "**** Attempting to change the Jenkins job description ****"
               curl -iX POST \
                 "${buildurl}submitDescription" \
                 --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
                 --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
                 --data-urlencode "Submit=Submit"
               echo "**** Notifying Discord ****"
-            TRIGGER_REASON="A version change was detected for heimdall tag development. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}"
+              TRIGGER_REASON="A version change was detected for heimdall tag development. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE_SANITIZED}"
               curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
                 "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
                 "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
             fi
+          fi

.github/workflows/external_trigger_scheduler.yml

@@ -5,41 +5,44 @@ on:
     - cron:  '39 * * * *'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   external-trigger-scheduler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.1.0
+      - uses: actions/checkout@v4.1.1
         with:
           fetch-depth: '0'
 
       - name: External Trigger Scheduler
         run: |
-          echo "**** Branches found: ****"
+          printf "# External trigger scheduler for docker-heimdall\n\n" >> $GITHUB_STEP_SUMMARY
-          git for-each-ref --format='%(refname:short)' refs/remotes
+          printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
-          for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
+          for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
           do
-            br=$(echo "$br" | sed 's|origin/||g')
+            if [[ "${br}" == "HEAD" ]]; then
-            echo "**** Evaluating branch ${br} ****"
+              printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
+              continue
+            fi
+            printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
             ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/jenkins-vars.yml)
             ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch')
             ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type')
             if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then
-              echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****"
+              echo "Branch appears to be live and trigger is not os; checking workflow." >> $GITHUB_STEP_SUMMARY
               if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
-                echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
+                echo "Triggering external trigger workflow for branch." >> $GITHUB_STEP_SUMMARY
-                echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
                 curl -iX POST \
                   -H "Authorization: token ${{ secrets.CR_PAT }}" \
                   -H "Accept: application/vnd.github.v3+json" \
                   -d "{\"ref\":\"refs/heads/${br}\"}" \
                   https://api.github.com/repos/linuxserver/docker-heimdall/actions/workflows/external_trigger.yml/dispatches
               else
-                echo "**** Workflow doesn't exist; skipping trigger. ****"
+                echo "Skipping branch due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
-                echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
               fi
             else
-              echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****"
+              echo "Skipping branch due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
-              echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
             fi
           done

.github/workflows/greetings.yml

@@ -2,8 +2,14 @@ name: Greetings
 
 on: [pull_request_target, issues]
 
+permissions:
+  contents: read
+
 jobs:
   greeting:
+    permissions:
+      issues: write
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
     - uses: actions/first-interaction@v1

.github/workflows/package_trigger.yml

@@ -1,42 +0,0 @@
-name: Package Trigger Main
-
-on:
-  workflow_dispatch:
-
-jobs:
-  package-trigger-development:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3.1.0
-
-      - name: Package Trigger
-        if: github.ref == 'refs/heads/development'
-        run: |
-          if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_HEIMDALL_DEVELOPMENT }}" ]; then
-            echo "**** Github secret PAUSE_PACKAGE_TRIGGER_HEIMDALL_DEVELOPMENT is set; skipping trigger. ****"
-            echo "Github secret \`PAUSE_PACKAGE_TRIGGER_HEIMDALL_DEVELOPMENT\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
-            exit 0
-          fi
-          if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/development/lastBuild/api/json | jq -r '.building') == "true" ]; then
-            echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
-            echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY
-            exit 0
-          fi
-          echo "**** Package trigger running off of development branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_HEIMDALL_DEVELOPMENT\". ****"
-          echo "Package trigger running off of development branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_HEIMDALL_DEVELOPMENT\`" >> $GITHUB_STEP_SUMMARY
-          response=$(curl -iX POST \
-            https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/development/buildWithParameters?PACKAGE_CHECK=true \
-            --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
-          echo "**** Jenkins job queue url: ${response%$'\r'} ****"
-          echo "**** Sleeping 10 seconds until job starts ****"
-          sleep 10
-          buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
-          buildurl="${buildurl%$'\r'}"
-          echo "**** Jenkins job build url: ${buildurl} ****"
-          echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
-          echo "**** Attempting to change the Jenkins job description ****"
-          curl -iX POST \
-            "${buildurl}submitDescription" \
-            --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
-            --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
-            --data-urlencode "Submit=Submit"

.github/workflows/package_trigger_scheduler.yml

@@ -5,46 +5,99 @@ on:
     - cron:  '14 18 * * 5'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   package-trigger-scheduler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.1.0
+      - uses: actions/checkout@v4.1.1
         with:
           fetch-depth: '0'
 
       - name: Package Trigger Scheduler
+        env:
+          SKIP_PACKAGE_TRIGGER: ${{ vars.SKIP_PACKAGE_TRIGGER }}
         run: |
-          echo "**** Branches found: ****"
+          printf "# Package trigger scheduler for docker-heimdall\n\n" >> $GITHUB_STEP_SUMMARY
-          git for-each-ref --format='%(refname:short)' refs/remotes
+          printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
-          for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
+          for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
           do
-            br=$(echo "$br" | sed 's|origin/||g')
+            if [[ "${br}" == "HEAD" ]]; then
-            echo "**** Evaluating branch ${br} ****"
+              printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
-            ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/jenkins-vars.yml | yq -r '.ls_branch')
+              continue
-            if [ "${br}" == "${ls_branch}" ]; then
+            fi
-              echo "**** Branch ${br} appears to be live; checking workflow. ****"
+            printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
-              if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
+            JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/jenkins-vars.yml)
-                echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
+            if ! curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/Jenkinsfile >/dev/null 2>&1; then
-                echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
+              echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-                triggered_branches="${triggered_branches}${br} "
+              echo "> No Jenkinsfile found. Branch is either deprecated or is an early dev branch." >> $GITHUB_STEP_SUMMARY
-                curl -iX POST \
+              skipped_branches="${skipped_branches}${br} "
-                  -H "Authorization: token ${{ secrets.CR_PAT }}" \
+            elif [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then
-                  -H "Accept: application/vnd.github.v3+json" \
+              echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY
-                  -d "{\"ref\":\"refs/heads/${br}\"}" \
+              README_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/readme-vars.yml)
-                  https://api.github.com/repos/linuxserver/docker-heimdall/actions/workflows/package_trigger.yml/dispatches
+              if [[ $(yq -r '.project_deprecation_status' <<< "${README_VARS}") == "true" ]]; then
-                sleep 30
+                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                echo "> Branch appears to be deprecated; skipping trigger." >> $GITHUB_STEP_SUMMARY
+                skipped_branches="${skipped_branches}${br} "
+              elif [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then
+                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY
+                skipped_branches="${skipped_branches}${br} "
+              elif grep -q "^heimdall_${br}" <<< "${SKIP_PACKAGE_TRIGGER}"; then
+                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`heimdall_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
+                skipped_branches="${skipped_branches}${br} "
+              elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/${br}/lastBuild/api/json | jq -r '.building' 2>/dev/null) == "true" ]; then
+                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY
+                skipped_branches="${skipped_branches}${br} "
               else
-                echo "**** Workflow doesn't exist; skipping trigger. ****"
+                echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
-                echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY
+                echo "> Triggering package trigger for branch ${br}" >> $GITHUB_STEP_SUMMARY
+                printf "> To disable, add \`heimdall_%s\` into the Github organizational variable \`SKIP_PACKAGE_TRIGGER\`.\n\n" "${br}" >> $GITHUB_STEP_SUMMARY
+                triggered_branches="${triggered_branches}${br} "
+                response=$(curl -iX POST \
+                  https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/${br}/buildWithParameters?PACKAGE_CHECK=true \
+                  --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
+                if [[ -z "${response}" ]]; then
+                  echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                  echo "> Jenkins build could not be triggered. Skipping branch."
+                  continue
+                fi
+                echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
+                echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
+                sleep 10
+                buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
+                buildurl="${buildurl%$'\r'}"
+                echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
+                echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
+                if ! curl -ifX POST \
+                  "${buildurl}submitDescription" \
+                  --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
+                  --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+                  --data-urlencode "Submit=Submit"; then
+                  echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                  echo "> Unable to change the Jenkins job description."
+                fi
+                sleep 20
               fi
             else
-              echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
               echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY
             fi
           done
+          if [[ -n "${triggered_branches}" ]] || [[ -n "${skipped_branches}" ]]; then
+            if [[ -n "${triggered_branches}" ]]; then
+              NOTIFY_BRANCHES="**Triggered:** ${triggered_branches} \n"
+              NOTIFY_BUILD_URL="**Build URL:** https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-heimdall/activity/ \n"
               echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"
+            fi
+            if [[ -n "${skipped_branches}" ]]; then
+              NOTIFY_BRANCHES="${NOTIFY_BRANCHES}**Skipped:** ${skipped_branches} \n"
+            fi
             echo "**** Notifying Discord ****"
             curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
-            "description": "**Package Check Build(s) Triggered for heimdall** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-heimdall/activity/"' \n"}],
+              "description": "**Package Check Build(s) for heimdall** \n'"${NOTIFY_BRANCHES}"''"${NOTIFY_BUILD_URL}"'"}],
               "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+          fi

.github/workflows/permissions.yml

@@ -5,6 +5,8 @@ on:
       - '**/run'
       - '**/finish'
       - '**/check'
+      - 'root/migrations/*'
+
 jobs:
   permission_check:
     uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1

Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.18
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.22
 
 # set version label
 ARG BUILD_DATE
@@ -9,22 +9,28 @@ ARG HEIMDALL_RELEASE
 LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
 LABEL maintainer="aptalca"
 
-# environment settings
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
-
 RUN \
   echo "**** install runtime packages ****" && \
   apk add --no-cache \
-    php82-intl \
+    php84-dom \
-    php82-pdo_pgsql \
+    php84-intl \
-    php82-pdo_sqlite \
+    php84-opcache \
-    php82-pdo_mysql \
+    php84-pdo_mysql \
-    php82-tokenizer && \
+    php84-pdo_pgsql \
+    php84-pdo_sqlite \
+    php84-tokenizer && \
   echo "**** configure nginx ****" && \
   echo 'fastcgi_param  PHP_AUTH_USER      $remote_user; # Heimdall user authorization' >> \
     /etc/nginx/fastcgi_params && \
   echo 'fastcgi_param  PHP_AUTH_PW        $http_authorization; # Heimdall user authorization' >> \
     /etc/nginx/fastcgi_params && \
+  echo "**** configure php opcache ****" && \
+  echo 'opcache.validate_timestamps=0' >> \
+    /etc/php84/conf.d/00_opcache.ini && \
+  echo "**** configure php-fpm to pass env vars ****" && \
+  sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php84/php-fpm.d/www.conf && \
+  if ! grep -qxF 'clear_env = no' /etc/php84/php-fpm.d/www.conf; then echo 'clear_env = no' >> /etc/php84/php-fpm.d/www.conf; fi && \
+  echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php84/php-fpm.conf && \
   echo "**** install heimdall ****" && \
   mkdir -p \
     /heimdall && \
@@ -40,6 +46,7 @@ RUN \
   tar xf \
     /tmp/heimdall.tar.gz -C \
     /app/www-tmp --strip-components=1 && \
+  printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
   echo "**** cleanup ****" && \
   rm -rf \
     /tmp/*

Dockerfile.aarch64

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.18
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.22
 
 # set version label
 ARG BUILD_DATE
@@ -9,22 +9,28 @@ ARG HEIMDALL_RELEASE
 LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
 LABEL maintainer="aptalca"
 
-# environment settings
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
-
 RUN \
   echo "**** install runtime packages ****" && \
   apk add --no-cache \
-    php82-intl \
+    php84-dom \
-    php82-pdo_pgsql \
+    php84-intl \
-    php82-pdo_sqlite \
+    php84-opcache \
-    php82-pdo_mysql \
+    php84-pdo_mysql \
-    php82-tokenizer && \
+    php84-pdo_pgsql \
+    php84-pdo_sqlite \
+    php84-tokenizer && \
   echo "**** configure nginx ****" && \
   echo 'fastcgi_param  PHP_AUTH_USER      $remote_user; # Heimdall user authorization' >> \
     /etc/nginx/fastcgi_params && \
   echo 'fastcgi_param  PHP_AUTH_PW        $http_authorization; # Heimdall user authorization' >> \
     /etc/nginx/fastcgi_params && \
+  echo "**** configure php opcache ****" && \
+  echo 'opcache.validate_timestamps=0' >> \
+    /etc/php84/conf.d/00_opcache.ini && \
+  echo "**** configure php-fpm to pass env vars ****" && \
+  sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php84/php-fpm.d/www.conf && \
+  if ! grep -qxF 'clear_env = no' /etc/php84/php-fpm.d/www.conf; then echo 'clear_env = no' >> /etc/php84/php-fpm.d/www.conf; fi && \
+  echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php84/php-fpm.conf && \
   echo "**** install heimdall ****" && \
   mkdir -p \
     /heimdall && \
@@ -40,6 +46,7 @@ RUN \
   tar xf \
     /tmp/heimdall.tar.gz -C \
     /app/www-tmp --strip-components=1 && \
+  printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
   echo "**** cleanup ****" && \
   rm -rf \
     /tmp/*

Jenkinsfile

@@ -16,7 +16,9 @@ pipeline {
     GITHUB_TOKEN=credentials('498b4638-2d02-4ce5-832d-8a57d01d97ab')
     GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0')
     GITLAB_NAMESPACE=credentials('gitlab-namespace-id')
-    SCARF_TOKEN=credentials('scarf_api_key')
+    DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat')
+    QUAYIO_API_TOKEN=credentials('quayio-repo-api-token')
+    GIT_SIGNING_KEY=credentials('484fbca6-9a4f-455e-b9e3-97ac98785f5f')
     EXT_GIT_BRANCH = '2.x'
     EXT_USER = 'linuxserver'
     EXT_REPO = 'Heimdall'
@@ -34,20 +36,46 @@ pipeline {
     CI_PORT='80'
     CI_SSL='false'
     CI_DELAY='120'
-    CI_DOCKERENV='TZ=US/Pacific'
+    CI_DOCKERENV=''
-    CI_AUTH='user:password'
+    CI_AUTH=''
     CI_WEBPATH=''
   }
   stages {
+    stage("Set git config"){
+      steps{
+        sh '''#!/bin/bash
+              cat ${GIT_SIGNING_KEY} > /config/.ssh/id_sign
+              chmod 600 /config/.ssh/id_sign
+              ssh-keygen -y -f /config/.ssh/id_sign > /config/.ssh/id_sign.pub
+              echo "Using $(ssh-keygen -lf /config/.ssh/id_sign) to sign commits"
+              git config --global gpg.format ssh
+              git config --global user.signingkey /config/.ssh/id_sign
+              git config --global commit.gpgsign true
+        '''
+      }
+    }
     // Setup all the basic environment variables needed for the build
     stage("Set ENV Variables base"){
       steps{
+        echo "Running on node: ${NODE_NAME}"
         sh '''#! /bin/bash
-              containers=$(docker ps -aq)
+              echo "Pruning builder"
+              docker builder prune -f --builder container || :
+              containers=$(docker ps -q)
               if [[ -n "${containers}" ]]; then
-                docker stop ${containers}
+                BUILDX_CONTAINER_ID=$(docker ps -qf 'name=buildx_buildkit')
+                for container in ${containers}; do
+                  if [[ "${container}" == "${BUILDX_CONTAINER_ID}" ]]; then
+                    echo "skipping buildx container in docker stop"
+                  else
+                    echo "Stopping container ${container}"
+                    docker stop ${container}
                   fi
-              docker system prune -af --volumes || : '''
+                done
+              fi
+              docker system prune -f --volumes || :
+              docker image prune -af || :
+           '''
         script{
           env.EXIT_STATUS = ''
           env.LS_RELEASE = sh(
@@ -62,11 +90,20 @@ pipeline {
           env.COMMIT_SHA = sh(
             script: '''git rev-parse HEAD''',
             returnStdout: true).trim()
+          env.GH_DEFAULT_BRANCH = sh(
+            script: '''git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||' ''',
+            returnStdout: true).trim()
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
           env.PULL_REQUEST = env.CHANGE_ID
-          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml'
+          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml'
+          if ( env.SYFT_IMAGE_TAG == null ) {
+            env.SYFT_IMAGE_TAG = 'latest'
           }
+        }
+        echo "Using syft image tag ${SYFT_IMAGE_TAG}"
+        sh '''#! /bin/bash
+              echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" '''
         script{
           env.LS_RELEASE_NUMBER = sh(
             script: '''echo ${LS_RELEASE} |sed 's/^.*-ls//g' ''',
@@ -149,7 +186,7 @@ pipeline {
           }
 
           if (env.SEMVER != null) {
-            if (BRANCH_NAME != "master" && BRANCH_NAME != "main") {
+            if (BRANCH_NAME != "${env.GH_DEFAULT_BRANCH}") {
               env.SEMVER = "${env.SEMVER}-${BRANCH_NAME}"
             }
             println("SEMVER: ${env.SEMVER}")
@@ -180,6 +217,8 @@ pipeline {
           env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
           env.META_TAG = 'development-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
           env.EXT_RELEASE_TAG = 'development-version-' + env.EXT_RELEASE_CLEAN
+          env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
+          env.CITEST_IMAGETAG = 'latest'
         }
       }
     }
@@ -204,6 +243,8 @@ pipeline {
           env.META_TAG = 'development-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA
           env.EXT_RELEASE_TAG = 'development-version-' + env.EXT_RELEASE_CLEAN
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DEV_DOCKERHUB_IMAGE + '/tags/'
+          env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
+          env.CITEST_IMAGETAG = 'develop'
         }
       }
     }
@@ -228,6 +269,8 @@ pipeline {
           env.EXT_RELEASE_TAG = 'development-version-' + env.EXT_RELEASE_CLEAN
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/'
+          env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
+          env.CITEST_IMAGETAG = 'develop'
         }
       }
     }
@@ -250,9 +293,11 @@ pipeline {
                   -v ${WORKSPACE}:/mnt \
                   -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
                   -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
-                  ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
+                  ghcr.io/linuxserver/baseimage-alpine:3.23 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
-                    apk add --no-cache py3-pip && \
+                    apk add --no-cache python3 && \
-                    pip install s3cmd && \
+                    python3 -m venv /lsiopy && \
+                    pip install --no-cache-dir -U pip && \
+                    pip install --no-cache-dir s3cmd && \
                     s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :'''
         }
       }
@@ -271,8 +316,15 @@ pipeline {
               set -e
               TEMPDIR=$(mktemp -d)
               docker pull ghcr.io/linuxserver/jenkins-builder:latest
-              docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=development -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest 
+              # Cloned repo paths for templating:
-              # Stage 1 - Jenkinsfile update
+              # ${TEMPDIR}/docker-${CONTAINER_NAME}: Cloned branch development of ${LS_USER}/${LS_REPO} for running the jenkins builder on
+              # ${TEMPDIR}/repo/${LS_REPO}: Cloned branch development of ${LS_USER}/${LS_REPO} for commiting various templated file changes and pushing back to Github
+              # ${TEMPDIR}/docs/docker-documentation: Cloned docs repo for pushing docs updates to Github
+              # ${TEMPDIR}/unraid/docker-templates: Cloned docker-templates repo to check for logos
+              # ${TEMPDIR}/unraid/templates: Cloned templates repo for commiting unraid template changes and pushing back to Github
+              git clone --branch development --depth 1 https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/docker-${CONTAINER_NAME}
+              docker run --rm -v ${TEMPDIR}/docker-${CONTAINER_NAME}:/tmp -e LOCAL=true -e PUID=$(id -u) -e PGID=$(id -g) ghcr.io/linuxserver/jenkins-builder:latest 
+              echo "Starting Stage 1 - Jenkinsfile update"
               if [[ "$(md5sum Jenkinsfile | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile | awk '{ print $1 }')" ]]; then
                 mkdir -p ${TEMPDIR}/repo
                 git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
@@ -281,16 +333,17 @@ pipeline {
                 cp ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile ${TEMPDIR}/repo/${LS_REPO}/
                 git add Jenkinsfile
                 git commit -m 'Bot Updating Templated Files'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git development
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git development
                 echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
-                echo "Updating Jenkinsfile"
+                echo "Updating Jenkinsfile and exiting build, new one will trigger based on commit"
                 rm -Rf ${TEMPDIR}
                 exit 0
               else
                 echo "Jenkinsfile is up to date."
               fi
-              # Stage 2 - Delete old templates
+              echo "Starting Stage 2 - Delete old templates"
-              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml Dockerfile.armhf"
+              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml .github/workflows/package_trigger.yml"
               for i in ${OLD_TEMPLATES}; do
                 if [[ -f "${i}" ]]; then
                   TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
@@ -305,15 +358,45 @@ pipeline {
                   git rm "${i}"
                 done
                 git commit -m 'Bot Updating Templated Files'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git development
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git development
                 echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
-                echo "Deleting old and deprecated templates"
+                echo "Deleting old/deprecated templates and exiting build, new one will trigger based on commit"
                 rm -Rf ${TEMPDIR}
                 exit 0
               else
                 echo "No templates to delete"
               fi
-              # Stage 3 - Update templates
+              echo "Starting Stage 2.5 - Update init diagram"
+              if ! grep -q 'init_diagram:' readme-vars.yml; then
+                echo "Adding the key 'init_diagram' to readme-vars.yml"
+                sed -i '\\|^#.*changelog.*$|d' readme-vars.yml
+                sed -i 's|^changelogs:|# init diagram\\ninit_diagram:\\n\\n# changelog\\nchangelogs:|' readme-vars.yml
+              fi
+              mkdir -p ${TEMPDIR}/d2
+              docker run --rm -v ${TEMPDIR}/d2:/output -e PUID=$(id -u) -e PGID=$(id -g) -e RAW="true" ghcr.io/linuxserver/d2-builder:latest ${CONTAINER_NAME}:development
+              ls -al ${TEMPDIR}/d2
+              yq -ei ".init_diagram |= load_str(\\"${TEMPDIR}/d2/${CONTAINER_NAME}-development.d2\\")" readme-vars.yml
+              if [[ $(md5sum readme-vars.yml | cut -c1-8) != $(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/readme-vars.yml | cut -c1-8) ]]; then
+                echo "'init_diagram' has been updated. Updating repo and exiting build, new one will trigger based on commit."
+                mkdir -p ${TEMPDIR}/repo
+                git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
+                cd ${TEMPDIR}/repo/${LS_REPO}
+                git checkout -f development
+                cp ${WORKSPACE}/readme-vars.yml ${TEMPDIR}/repo/${LS_REPO}/readme-vars.yml
+                git add readme-vars.yml
+                git commit -m 'Bot Updating Templated Files'
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git development
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git development
+                echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                echo "Updating templates and exiting build, new one will trigger based on commit"
+                rm -Rf ${TEMPDIR}
+                exit 0
+              else
+                echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                echo "Init diagram is unchanged"
+              fi
+              echo "Starting Stage 3 - Update templates"
               CURRENTHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
               cd ${TEMPDIR}/docker-${CONTAINER_NAME}
               NEWHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
@@ -334,31 +417,50 @@ pipeline {
                 fi
                 git add readme-vars.yml ${TEMPLATED_FILES}
                 git commit -m 'Bot Updating Templated Files'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git development
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git development
                 echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                echo "Updating templates and exiting build, new one will trigger based on commit"
+                rm -Rf ${TEMPDIR}
+                exit 0
               else
                 echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                echo "No templates to update"
               fi
-              mkdir -p ${TEMPDIR}/gitbook
+              echo "Starting Stage 4 - External repo updates: Docs, Unraid Template and Readme Sync to Docker Hub"
-              git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/gitbook/docker-documentation
+              mkdir -p ${TEMPDIR}/docs
-              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
+              git clone --depth=1 https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation
-                cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/gitbook/docker-documentation/images/
+              if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}"  ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
-                cd ${TEMPDIR}/gitbook/docker-documentation/
+                cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/
-                git add images/docker-${CONTAINER_NAME}.md
+                cd ${TEMPDIR}/docs/docker-documentation
+                GH_DOCS_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||')
+                git add docs/images/docker-${CONTAINER_NAME}.md
+                echo "Updating docs repo"
                 git commit -m 'Bot Updating Documentation'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} --rebase
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} || \
+                  (MAXWAIT="10" && echo "Push to docs failed, trying again in ${MAXWAIT} seconds" && \
+                  sleep $((RANDOM % MAXWAIT)) && \
+                  git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} --rebase && \
+                  git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH})
+              else
+                echo "Docs update not needed, skipping"
               fi
               mkdir -p ${TEMPDIR}/unraid
-              git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
+              git clone --depth=1 https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
-              git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
+              git clone --depth=1 https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
               if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then
                 sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
               elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then
                 sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
               fi
-              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
+              if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
+                echo "Updating Unraid template"
                 cd ${TEMPDIR}/unraid/templates/
-                if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
+                GH_TEMPLATES_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||')
+                if grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then
+                  echo "Image is on the ignore list, and already in the deprecation folder."
+                elif grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
                   echo "Image is on the ignore list, marking Unraid template as deprecated"
                   cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
                   git add -u unraid/${CONTAINER_NAME}.xml
@@ -369,7 +471,42 @@ pipeline {
                   git add unraid/${CONTAINER_NAME}.xml
                   git commit -m 'Bot Updating Unraid Template'
                 fi
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} --rebase
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} || \
+                  (MAXWAIT="10" && echo "Push to unraid templates failed, trying again in ${MAXWAIT} seconds" && \
+                  sleep $((RANDOM % MAXWAIT)) && \
+                  git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} --rebase && \
+                  git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH})
+              else
+                echo "No updates to Unraid template needed, skipping"
+              fi
+              if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]]; then
+                if [[ $(cat ${TEMPDIR}/docker-${CONTAINER_NAME}/README.md | wc -m) -gt 25000 ]]; then
+                  echo "Readme is longer than 25,000 characters. Syncing the lite version to Docker Hub"
+                  DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/README.lite"
+                else
+                  echo "Syncing readme to Docker Hub"
+                  DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/README.md"
+                fi
+                if curl -s https://hub.docker.com/v2/namespaces/${DOCKERHUB_IMAGE%%/*}/repositories/${DOCKERHUB_IMAGE##*/}/tags | jq -r '.message' | grep -q 404; then
+                  echo "Docker Hub endpoint doesn't exist. Creating endpoint first."
+                  DH_TOKEN=$(curl -d '{"username":"linuxserverci", "password":"'${DOCKERHUB_TOKEN}'"}' -H "Content-Type: application/json" -X POST https://hub.docker.com/v2/users/login | jq -r '.token')
+                  curl -s \
+                    -H "Authorization: JWT ${DH_TOKEN}" \
+                    -H "Content-Type: application/json" \
+                    -X POST \
+                    -d '{"name":"'${DOCKERHUB_IMAGE##*/}'", "namespace":"'${DOCKERHUB_IMAGE%%/*}'"}' \
+                    https://hub.docker.com/v2/repositories/ || :
+                fi
+                DH_TOKEN=$(curl -d '{"username":"linuxserverci", "password":"'${DOCKERHUB_TOKEN}'"}' -H "Content-Type: application/json" -X POST https://hub.docker.com/v2/users/login | jq -r '.token')
+                curl -s \
+                  -H "Authorization: JWT ${DH_TOKEN}" \
+                  -H "Content-Type: application/json" \
+                  -X PATCH \
+                  -d "{\\"full_description\\":$(jq -Rsa . ${DH_README_SYNC_PATH})}" \
+                  https://hub.docker.com/v2/repositories/${DOCKERHUB_IMAGE} || :
+              else
+                echo "Not the default Github branch. Skipping readme sync to Docker Hub."
               fi
               rm -Rf ${TEMPDIR}'''
         script{
@@ -416,10 +553,10 @@ pipeline {
       }
     }
     /* #######################
-           GitLab Mirroring
+       GitLab Mirroring and Quay.io Repo Visibility
        ####################### */
-    // Ping into Gitlab to mirror this repo and have a registry endpoint
+    // Ping into Gitlab to mirror this repo and have a registry endpoint & mark this repo on Quay.io as public
-    stage("GitLab Mirror"){
+    stage("GitLab Mirror and Quay.io Visibility"){
       when {
         environment name: 'EXIT_STATUS', value: ''
       }
@@ -433,35 +570,10 @@ pipeline {
             "merge_requests_access_level":"disabled",\
             "repository_access_level":"enabled",\
             "visibility":"public"}' '''
-      } 
+        sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \
-    }
+          -d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" '''
-    /* #######################
+        sh '''curl -H "Content-Type: application/json" -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" -X POST "https://quay.io/api/v1/repository${QUAYIMAGE/quay.io/}/changevisibility" \
-           Scarf.sh package registry
+          -d '{"visibility":"public"}' ||: '''
-       ####################### */
-    // Add package to Scarf.sh and set permissions
-    stage("Scarf.sh package registry"){
-      when {
-        branch "development"
-        environment name: 'EXIT_STATUS', value: ''
-      }
-      steps{
-        sh '''#! /bin/bash
-              PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/organizations/linuxserver-ci/packages | jq -r '.[] | select(.name=="linuxserver/heimdall") | .uuid' || :)
-              if [ -z "${PACKAGE_UUID}" ]; then
-                echo "Adding package to Scarf.sh"
-                curl -sX POST https://scarf.sh/api/v1/organizations/linuxserver-ci/packages \
-                  -H "Authorization: Bearer ${SCARF_TOKEN}" \
-                  -H "Content-Type: application/json" \
-                  -d '{"name":"linuxserver/heimdall",\
-                       "shortDescription":"example description",\
-                       "libraryType":"docker",\
-                       "website":"https://github.com/linuxserver/docker-heimdall",\
-                       "backendUrl":"https://ghcr.io/linuxserver/heimdall",\
-                       "publicUrl":"https://lscr.io/linuxserver/heimdall"}' || :
-              else
-                echo "Package already exists on Scarf.sh"
-              fi
-           '''
       } 
     }
     /* ###############
@@ -492,7 +604,45 @@ pipeline {
           --label \"org.opencontainers.image.title=Heimdall\" \
           --label \"org.opencontainers.image.description=[Heimdall](https://heimdall.site) is a way to organise all those links to your most used web sites and web applications in a simple way.    Simplicity is the key to Heimdall.    Why not use it as your browser start page? It even has the ability to include a search bar using either Google, Bing or DuckDuckGo.  \" \
           --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
+          --provenance=true --sbom=true --builder=container --load \
           --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
+        sh '''#! /bin/bash
+              set -e
+              IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+              for i in "${CACHE[@]}"; do
+                docker tag ${IMAGE}:${META_TAG} ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER}
+              done
+           '''
+        withCredentials([
+          [
+            $class: 'UsernamePasswordMultiBinding',
+            credentialsId: 'Quay.io-Robot',
+            usernameVariable: 'QUAYUSER',
+            passwordVariable: 'QUAYPASS'
+          ]
+        ]) {
+          retry_backoff(5,5) {
+              sh '''#! /bin/bash
+                    set -e
+                    echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
+                    echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
+                    echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
+                    echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
+
+                    if [[ "${PACKAGE_CHECK}" != "true" ]]; then
+                      declare -A pids
+                      IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                      for i in "${CACHE[@]}"; do
+                        docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} &
+                        pids[$!]="$i"
+                      done
+                      for p in "${!pids[@]}"; do
+                        wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
+                      done
+                    fi
+                '''
+          }
+        }
       }
     }
     // Build MultiArch Docker containers for push to LS Repo
@@ -523,7 +673,45 @@ pipeline {
               --label \"org.opencontainers.image.title=Heimdall\" \
               --label \"org.opencontainers.image.description=[Heimdall](https://heimdall.site) is a way to organise all those links to your most used web sites and web applications in a simple way.    Simplicity is the key to Heimdall.    Why not use it as your browser start page? It even has the ability to include a search bar using either Google, Bing or DuckDuckGo.  \" \
               --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
+              --provenance=true --sbom=true --builder=container --load \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
+            sh '''#! /bin/bash
+                  set -e
+                  IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                  for i in "${CACHE[@]}"; do
+                    docker tag ${IMAGE}:amd64-${META_TAG} ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER}
+                  done
+               '''
+            withCredentials([
+              [
+                $class: 'UsernamePasswordMultiBinding',
+                credentialsId: 'Quay.io-Robot',
+                usernameVariable: 'QUAYUSER',
+                passwordVariable: 'QUAYPASS'
+              ]
+            ]) {
+              retry_backoff(5,5) {
+                  sh '''#! /bin/bash
+                        set -e
+                        echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
+                        echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
+                        echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
+                        echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
+
+                        if [[ "${PACKAGE_CHECK}" != "true" ]]; then
+                          declare -A pids
+                          IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                          for i in "${CACHE[@]}"; do
+                            docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} &
+                            pids[$!]="$i"
+                          done
+                          for p in "${!pids[@]}"; do
+                            wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
+                          done
+                        fi
+                    '''
+              }
+            }
           }
         }
         stage('Build ARM64') {
@@ -532,10 +720,6 @@ pipeline {
           }
           steps {
             echo "Running on node: ${NODE_NAME}"
-            echo 'Logging into Github'
-            sh '''#! /bin/bash
-                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
-               '''
             sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.aarch64"
             sh "docker buildx build \
               --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
@@ -551,17 +735,52 @@ pipeline {
               --label \"org.opencontainers.image.title=Heimdall\" \
               --label \"org.opencontainers.image.description=[Heimdall](https://heimdall.site) is a way to organise all those links to your most used web sites and web applications in a simple way.    Simplicity is the key to Heimdall.    Why not use it as your browser start page? It even has the ability to include a search bar using either Google, Bing or DuckDuckGo.  \" \
               --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
+              --provenance=true --sbom=true --builder=container --load \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
-            sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
+            sh '''#! /bin/bash
-            retry(5) {
+                  set -e
-              sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
+                  IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                  for i in "${CACHE[@]}"; do
+                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
+                  done
+               '''
+            withCredentials([
+              [
+                $class: 'UsernamePasswordMultiBinding',
+                credentialsId: 'Quay.io-Robot',
+                usernameVariable: 'QUAYUSER',
+                passwordVariable: 'QUAYPASS'
+              ]
+            ]) {
+              retry_backoff(5,5) {
+                  sh '''#! /bin/bash
+                        set -e
+                        echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
+                        echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
+                        echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
+                        echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
+                        if [[ "${PACKAGE_CHECK}" != "true" ]]; then
+                          declare -A pids
+                          IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                          for i in "${CACHE[@]}"; do
+                            docker push ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} &
+                            pids[$!]="$i"
+                          done
+                          for p in "${!pids[@]}"; do
+                            wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
+                          done
+                        fi
+                    '''
+              }
             }
             sh '''#! /bin/bash
                   containers=$(docker ps -aq)
                   if [[ -n "${containers}" ]]; then
                     docker stop ${containers}
                   fi
-                  docker system prune -af --volumes || : '''
+                  docker system prune -f --volumes || :
+                  docker image prune -af || :
+               '''
           }
         }
       }
@@ -577,7 +796,7 @@ pipeline {
         sh '''#! /bin/bash
               set -e
               TEMPDIR=$(mktemp -d)
-              if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then
+              if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" != "true" ]; then
                 LOCAL_CONTAINER=${IMAGE}:amd64-${META_TAG}
               else
                 LOCAL_CONTAINER=${IMAGE}:${META_TAG}
@@ -586,7 +805,7 @@ pipeline {
               docker run --rm \
                 -v /var/run/docker.sock:/var/run/docker.sock:ro \
                 -v ${TEMPDIR}:/tmp \
-                ghcr.io/anchore/syft:latest \
+                ghcr.io/anchore/syft:${SYFT_IMAGE_TAG} \
                 ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt
               NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 )
               echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github"
@@ -598,7 +817,8 @@ pipeline {
                 wait
                 git add package_versions.txt
                 git commit -m 'Bot Updating Package Versions'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git development
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git development
                 echo "true" > /tmp/packages-${COMMIT_SHA}-${BUILD_NUMBER}
                 echo "Package tag updated, stopping build process"
               else
@@ -664,18 +884,27 @@ pipeline {
           }
           sh '''#! /bin/bash
                 set -e
-                docker pull ghcr.io/linuxserver/ci:latest
+                if grep -q 'docker-baseimage' <<< "${LS_REPO}"; then
+                  echo "Detected baseimage, setting LSIO_FIRST_PARTY=true"
+                  if [ -n "${CI_DOCKERENV}" ]; then
+                    CI_DOCKERENV="LSIO_FIRST_PARTY=true|${CI_DOCKERENV}"
+                  else
+                    CI_DOCKERENV="LSIO_FIRST_PARTY=true"
+                  fi
+                fi
+                docker pull ghcr.io/linuxserver/ci:${CITEST_IMAGETAG}
                 if [ "${MULTIARCH}" == "true" ]; then
-                  docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
+                  docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64
                   docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
                 fi
                 docker run --rm \
                 --shm-size=1gb \
                 -v /var/run/docker.sock:/var/run/docker.sock \
                 -e IMAGE=\"${IMAGE}\" \
-                -e DELAY_START=\"${CI_DELAY}\" \
+                -e DOCKER_LOGS_TIMEOUT=\"${CI_DELAY}\" \
                 -e TAGS=\"${CI_TAGS}\" \
                 -e META_TAG=\"${META_TAG}\" \
+                -e RELEASE_TAG=\"development\" \
                 -e PORT=\"${CI_PORT}\" \
                 -e SSL=\"${CI_SSL}\" \
                 -e BASE=\"${DIST_IMAGE}\" \
@@ -685,7 +914,11 @@ pipeline {
                 -e WEB_SCREENSHOT=\"${CI_WEB}\" \
                 -e WEB_AUTH=\"${CI_AUTH}\" \
                 -e WEB_PATH=\"${CI_WEBPATH}\" \
-                -t ghcr.io/linuxserver/ci:latest \
+                -e NODE_NAME=\"${NODE_NAME}\" \
+                -e SYFT_IMAGE_TAG=\"${CI_SYFT_IMAGE_TAG:-${SYFT_IMAGE_TAG}}\" \
+                -e COMMIT_SHA=\"${COMMIT_SHA}\" \
+                -e BUILD_NUMBER=\"${BUILD_NUMBER}\" \
+                -t ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} \
                 python3 test_build.py'''
         }
       }
@@ -700,46 +933,28 @@ pipeline {
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
-        withCredentials([
+        retry_backoff(5,5) {
-          [
-            $class: 'UsernamePasswordMultiBinding',
-            credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
-            usernameVariable: 'DOCKERUSER',
-            passwordVariable: 'DOCKERPASS'
-          ],
-          [
-            $class: 'UsernamePasswordMultiBinding',
-            credentialsId: 'Quay.io-Robot',
-            usernameVariable: 'QUAYUSER',
-            passwordVariable: 'QUAYPASS'
-          ]
-        ]) {
-          retry(5) {
           sh '''#! /bin/bash
                 set -e
-                  echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
+                for PUSHIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
-                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
+                  [[ ${PUSHIMAGE%%/*} =~ \\. ]] && PUSHIMAGEPLUS="${PUSHIMAGE}" || PUSHIMAGEPLUS="docker.io/${PUSHIMAGE}"
-                  echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
+                  IFS=',' read -ra CACHE <<< "$BUILDCACHE"
-                  echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
+                  for i in "${CACHE[@]}"; do
-                  for PUSHIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do
+                      if [[ "${PUSHIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then
-                    docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG}
+                          CACHEIMAGE=${i}
-                    docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:development
-                    docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${EXT_RELEASE_TAG}
-                    if [ -n "${SEMVER}" ]; then
-                      docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${SEMVER}
                       fi
-                    docker push ${PUSHIMAGE}:development
+                  done
-                    docker push ${PUSHIMAGE}:${META_TAG}
+                  docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${META_TAG} -t ${PUSHIMAGE}:development -t ${PUSHIMAGE}:${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
-                    docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG}
+                    { if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
                   if [ -n "${SEMVER}" ]; then
-                     docker push ${PUSHIMAGE}:${SEMVER}
+                    docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
+                      { if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
                   fi
                 done
               '''
         }
       }
     }
-    }
     // If this is a multi arch release push all images and define the manifest
     stage('Docker-Push-Multi') {
       when {
@@ -747,88 +962,44 @@ pipeline {
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
-        withCredentials([
+        retry_backoff(5,5) {
-          [
-            $class: 'UsernamePasswordMultiBinding',
-            credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
-            usernameVariable: 'DOCKERUSER',
-            passwordVariable: 'DOCKERPASS'
-          ],
-          [
-            $class: 'UsernamePasswordMultiBinding',
-            credentialsId: 'Quay.io-Robot',
-            usernameVariable: 'QUAYUSER',
-            passwordVariable: 'QUAYPASS'
-          ]
-        ]) {
-          retry(5) {
           sh '''#! /bin/bash
                 set -e
-                  echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
-                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
-                  echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
-                  echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
-                  if [ "${CI}" == "false" ]; then
-                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
-                    docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
-                  fi
                 for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
-                    docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
+                  [[ ${MANIFESTIMAGE%%/*} =~ \\. ]] && MANIFESTIMAGEPLUS="${MANIFESTIMAGE}" || MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}"
-                    docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-development
+                  IFS=',' read -ra CACHE <<< "$BUILDCACHE"
-                    docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
+                  for i in "${CACHE[@]}"; do
-                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
+                      if [[ "${MANIFESTIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then
-                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-development
+                          CACHEIMAGE=${i}
-                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
-                    if [ -n "${SEMVER}" ]; then
-                      docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
-                      docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
                       fi
-                    docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
+                  done
-                    docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
+                  docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${META_TAG} -t ${MANIFESTIMAGE}:amd64-development -t ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
-                    docker push ${MANIFESTIMAGE}:amd64-development
+                    { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
-                    docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
+                  docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${META_TAG} -t ${MANIFESTIMAGE}:arm64v8-development -t ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \
-                    docker push ${MANIFESTIMAGE}:arm64v8-development
+                    { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
-                    docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                   if [ -n "${SEMVER}" ]; then
-                      docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
+                    docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
-                      docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER}
+                      { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
+                    docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${SEMVER} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \
+                      { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
                   fi
-                    docker manifest push --purge ${MANIFESTIMAGE}:development || :
+                done
-                    docker manifest create ${MANIFESTIMAGE}:development ${MANIFESTIMAGE}:amd64-development ${MANIFESTIMAGE}:arm64v8-development
+                for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
-                    docker manifest annotate ${MANIFESTIMAGE}:development ${MANIFESTIMAGE}:arm64v8-development --os linux --arch arm64 --variant v8
+                  docker buildx imagetools create -t ${MANIFESTIMAGE}:development ${MANIFESTIMAGE}:amd64-development ${MANIFESTIMAGE}:arm64v8-development || \
-                    docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || :
+                    { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
-                    docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
+                  docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} || \
-                    docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8
+                    { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
-                    docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} || :
+                  docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} || \
-                    docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
+                    { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
-                    docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8
                   if [ -n "${SEMVER}" ]; then
-                      docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || :
+                    docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} || \
-                      docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
+                      { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
-                      docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8
-                    fi
-                    token=$(curl -sX GET "https://ghcr.io/token?scope=repository%3Alinuxserver%2F${CONTAINER_NAME}%3Apull" | jq -r '.token')
-                    digest=$(curl -s \
-                      --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-                      --header "Authorization: Bearer ${token}" \
-                      "https://ghcr.io/v2/linuxserver/${CONTAINER_NAME}/manifests/arm32v7-development")
-                    if [[ $(echo "$digest" | jq -r '.layers') != "null" ]]; then
-                      docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-development || :
-                      docker manifest create ${MANIFESTIMAGE}:arm32v7-development ${MANIFESTIMAGE}:amd64-development
-                      docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-development
-                    fi
-                    docker manifest push --purge ${MANIFESTIMAGE}:development
-                    docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} 
-                    docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} 
-                    if [ -n "${SEMVER}" ]; then
-                      docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} 
                   fi
                 done
               '''
         }
       }
     }
-    }
     // If this is a public release tag it in the LS Github
     stage('Github-Tag-Push-Release') {
       when {
@@ -840,56 +1011,76 @@ pipeline {
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
+        sh '''#! /bin/bash
+              echo "Auto-generating release notes"
+              if [ "$(git tag --points-at HEAD)" != "" ]; then
+                echo "Existing tag points to current commit, suggesting no new LS changes"
+                AUTO_RELEASE_NOTES="No changes"
+              else
+                AUTO_RELEASE_NOTES=$(curl -fsL -H "Authorization: token ${GITHUB_TOKEN}" -H "Accept: application/vnd.github+json" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases/generate-notes  \
+                  -d '{"tag_name":"'${META_TAG}'",\
+                      "target_commitish": "development"}' \
+                  | jq -r '.body' | sed 's|## What.s Changed||')
+              fi
               echo "Pushing New tag for current commit ${META_TAG}"
-        sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \
+              curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \
                 -d '{"tag":"'${META_TAG}'",\
                   "object": "'${COMMIT_SHA}'",\
                   "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to development",\
                   "type": "commit",\
-             "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
+                  "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}'
               echo "Pushing New release for Tag"
-        sh '''#! /bin/bash
+              curl -H "Authorization: token ${GITHUB_TOKEN}" -s https://api.github.com/repos/${EXT_USER}/${EXT_REPO}/commits/${EXT_RELEASE_CLEAN} | jq -r '.commit.message' > releasebody.json
-              curl -H "Authorization: token ${GITHUB_TOKEN}" -s https://api.github.com/repos/${EXT_USER}/${EXT_REPO}/commits/${EXT_RELEASE_CLEAN} | jq '.commit.message' | sed 's:^.\\(.*\\).$:\\1:' > releasebody.json
+              jq -n \
-              echo '{"tag_name":"'${META_TAG}'",\
+                --arg tag_name "$META_TAG" \
-                     "target_commitish": "development",\
+                --arg target_commitish "development" \
-                     "name": "'${META_TAG}'",\
+                --arg ci_url "${CI_URL:-N/A}" \
-                     "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**'${EXT_REPO}' Changes:**\\n\\n' > start
+                --arg ls_notes "$AUTO_RELEASE_NOTES" \
-              printf '","draft": false,"prerelease": true}' >> releasebody.json
+                --arg remote_notes "$(cat releasebody.json)" \
-              paste -d'\\0' start releasebody.json > releasebody.json.done
+                '{
-              curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''
+                  "tag_name": $tag_name,
+                  "target_commitish": $target_commitish,
+                  "name": $tag_name,
+                  "body": ("**CI Report:**\\n\\n" + $ci_url + "\\n\\n**LinuxServer Changes:**\\n\\n" + $ls_notes + "\\n\\n**Remote Changes:**\\n\\n" + $remote_notes),
+                  "draft": false,
+                  "prerelease": true                }' > releasebody.json.done
+              curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done
+        '''
       }
     }
-    // Use helper container to sync the current README on master to the dockerhub endpoint
+    // Add protection to the release branch
-    stage('Sync-README') {
+    stage('Github-Release-Branch-Protection') {
       when {
+        branch "development"
         environment name: 'CHANGE_ID', value: ''
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
-        withCredentials([
+        echo "Setting up protection for release branch development"
-          [
-            $class: 'UsernamePasswordMultiBinding',
-            credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
-            usernameVariable: 'DOCKERUSER',
-            passwordVariable: 'DOCKERPASS'
-          ]
-        ]) {
         sh '''#! /bin/bash
-                set -e
+          curl -H "Authorization: token ${GITHUB_TOKEN}" -X PUT https://api.github.com/repos/${LS_USER}/${LS_REPO}/branches/development/protection \
-                TEMPDIR=$(mktemp -d)
+          -d $(jq -c .  << EOF
-                docker pull ghcr.io/linuxserver/jenkins-builder:latest
+            {
-                docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest
+              "required_status_checks": null,
-                docker pull ghcr.io/linuxserver/readme-sync
+              "enforce_admins": false,
-                docker run --rm=true \
+              "required_pull_request_reviews": {
-                  -e DOCKERHUB_USERNAME=$DOCKERUSER \
+                "dismiss_stale_reviews": false,
-                  -e DOCKERHUB_PASSWORD=$DOCKERPASS \
+                "require_code_owner_reviews": false,
-                  -e GIT_REPOSITORY=${LS_USER}/${LS_REPO} \
+                "require_last_push_approval": false,
-                  -e DOCKER_REPOSITORY=${IMAGE} \
+                "required_approving_review_count": 1
-                  -e GIT_BRANCH=master \
+              },
-                  -v ${TEMPDIR}/docker-${CONTAINER_NAME}:/mnt \
+              "restrictions": null,
-                  ghcr.io/linuxserver/readme-sync bash -c 'node sync'
+              "required_linear_history": false,
-                rm -Rf ${TEMPDIR} '''
+              "allow_force_pushes": false,
+              "allow_deletions": false,
+              "block_creations": false,
+              "required_conversation_resolution": true,
+              "lock_branch": false,
+              "allow_fork_syncing": false,
+              "required_signatures": false
             }
+EOF
+          ) '''
       }
     }
     // If this is a Pull request send the CI link as a comment on it
@@ -976,32 +1167,94 @@ pipeline {
      ###################### */
   post {
     always {
+      sh '''#!/bin/bash
+            rm -rf /config/.ssh/id_sign
+            rm -rf /config/.ssh/id_sign.pub
+            git config --global --unset gpg.format
+            git config --global --unset user.signingkey
+            git config --global --unset commit.gpgsign
+        '''
       script{
+        env.JOB_DATE = sh(
+            script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''',
+            returnStdout: true).trim()
         if (env.EXIT_STATUS == "ABORTED"){
           sh 'echo "build aborted"'
+        }else{
+          if (currentBuild.currentResult == "SUCCESS"){
+            if (env.GITHUBIMAGE =~ /lspipepr/){
+              env.JOB_WEBHOOK_STATUS='Success'
+              env.JOB_WEBHOOK_COLOUR=3957028
+              env.JOB_WEBHOOK_FOOTER='PR Build'
+            }else if (env.GITHUBIMAGE =~ /lsiodev/){
+              env.JOB_WEBHOOK_STATUS='Success'
+              env.JOB_WEBHOOK_COLOUR=3957028
+              env.JOB_WEBHOOK_FOOTER='Dev Build'
+            }else{
+              env.JOB_WEBHOOK_STATUS='Success'
+              env.JOB_WEBHOOK_COLOUR=1681177
+              env.JOB_WEBHOOK_FOOTER='Live Build'
             }
-        else if (currentBuild.currentResult == "SUCCESS"){
+          }else{
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\
+            if (env.GITHUBIMAGE =~ /lspipepr/){
-                 "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
+              env.JOB_WEBHOOK_STATUS='Failure'
-                 "username": "Jenkins"}' ${BUILDS_DISCORD} '''
+              env.JOB_WEBHOOK_COLOUR=12669523
+              env.JOB_WEBHOOK_FOOTER='PR Build'
+            }else if (env.GITHUBIMAGE =~ /lsiodev/){
+              env.JOB_WEBHOOK_STATUS='Failure'
+              env.JOB_WEBHOOK_COLOUR=12669523
+              env.JOB_WEBHOOK_FOOTER='Dev Build'
+            }else{
+              env.JOB_WEBHOOK_STATUS='Failure'
+              env.JOB_WEBHOOK_COLOUR=16711680
+              env.JOB_WEBHOOK_FOOTER='Live Build'
             }
-        else {
+          }
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"'color'": '${JOB_WEBHOOK_COLOUR}',\
-                 "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
+                 "footer": {"text" : "'"${JOB_WEBHOOK_FOOTER}"'"},\
+                 "timestamp": "'${JOB_DATE}'",\
+                 "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  '${JOB_WEBHOOK_STATUS}'\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                  "username": "Jenkins"}' ${BUILDS_DISCORD} '''
         }
       }
     }
     cleanup {
       sh '''#! /bin/bash
-            echo "Performing docker system prune!!"
+            echo "Pruning builder!!"
-            containers=$(docker ps -aq)
+            docker builder prune -f --builder container || :
+            containers=$(docker ps -q)
             if [[ -n "${containers}" ]]; then
-              docker stop ${containers}
+              BUILDX_CONTAINER_ID=$(docker ps -qf 'name=buildx_buildkit')
+              for container in ${containers}; do
+                if [[ "${container}" == "${BUILDX_CONTAINER_ID}" ]]; then
+                  echo "skipping buildx container in docker stop"
+                else
+                  echo "Stopping container ${container}"
+                  docker stop ${container}
                 fi
-            docker system prune -af --volumes || :
+              done
+            fi
+            docker system prune -f --volumes || :
+            docker image prune -af || :
          '''
       cleanWs()
     }
   }
 }
+
+def retry_backoff(int max_attempts, int power_base, Closure c) {
+  int n = 0
+  while (n < max_attempts) {
+    try {
+      c()
+      return
+    } catch (err) {
+      if ((n + 1) >= max_attempts) {
+        throw err
+      }
+      sleep(power_base ** n)
+      n++
+    }
+  }
+  return
+}

README.md

@@ -1,12 +1,10 @@
 <!-- DO NOT EDIT THIS FILE MANUALLY -->
-<!-- Please read the https://github.com/linuxserver/docker-heimdall/blob/development/.github/CONTRIBUTING.md -->
+<!-- Please read https://github.com/linuxserver/docker-heimdall/blob/development/.github/CONTRIBUTING.md -->
-
 [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io)
 
 [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!")
-[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://discord.gg/YWrKVTn "realtime support / chat with the community and the team.")
+[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://linuxserver.io/discord "realtime support / chat with the community and the team.")
 [![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.")
-[![Fleet](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Fleet)](https://fleet.linuxserver.io "an online web interface which displays all of our maintained images.")
 [![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.")
 [![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget")
 
@@ -21,15 +19,14 @@ The [LinuxServer.io](https://linuxserver.io) team brings you another container r
 Find us at:
 
 * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more!
-* [Discord](https://discord.gg/YWrKVTn) - realtime support / chat with the community and the team.
+* [Discord](https://linuxserver.io/discord) - realtime support / chat with the community and the team.
 * [Discourse](https://discourse.linuxserver.io) - post on our community forum.
-* [Fleet](https://fleet.linuxserver.io) - an online web interface which displays all of our maintained images.
 * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories.
 * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget
 
 # [linuxserver/heimdall](https://github.com/linuxserver/docker-heimdall)
 
-[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fheimdall?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh/gateway/linuxserver-ci/docker/linuxserver%2Fheimdall)
+[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fheimdall?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh)
 [![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-heimdall.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-heimdall)
 [![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-heimdall.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-heimdall/releases)
 [![GitHub Package Repository](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub%20Package&logo=github)](https://github.com/linuxserver/docker-heimdall/packages)
@@ -38,7 +35,7 @@ Find us at:
 [![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/heimdall.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=pulls&logo=docker)](https://hub.docker.com/r/linuxserver/heimdall)
 [![Docker Stars](https://img.shields.io/docker/stars/linuxserver/heimdall.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=stars&logo=docker)](https://hub.docker.com/r/linuxserver/heimdall)
 [![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-heimdall%2Fjob%2Fdevelopment%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/development/)
-[![LSIO CI](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=CI&query=CI&url=https%3A%2F%2Fci-tests.linuxserver.io%2Flinuxserver%2Fheimdall%2Flatest%2Fci-status.yml)](https://ci-tests.linuxserver.io/linuxserver/heimdall/latest/index.html)
+[![LSIO CI](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=CI&query=CI&url=https%3A%2F%2Fci-tests.linuxserver.io%2Flinuxserver%2Fheimdall%2Fdevelopment%2Fci-status.yml)](https://ci-tests.linuxserver.io/linuxserver/heimdall/development/index.html)
 
 [Heimdall](https://heimdall.site) is a way to organise all those links to your most used web sites and web applications in a simple way.
 
@@ -50,7 +47,7 @@ Why not use it as your browser start page? It even has the ability to include a
 
 ## Supported Architectures
 
-We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
+We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://distribution.github.io/distribution/spec/manifest-v2-2/#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
 
 Simply pulling `lscr.io/linuxserver/heimdall:development` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
 
@@ -60,7 +57,6 @@ The architectures supported by this image are:
 | :----: | :----: | ---- |
 | x86-64 | ✅ | amd64-\<version tag\> |
 | arm64 | ✅ | arm64v8-\<version tag\> |
-| armhf | ❌ | |
 
 ## Version Tags
 
@@ -70,24 +66,26 @@ This image provides various versions that are available via tags. Please read th
 | :----: | :----: |--- |
 | latest | ✅ | Stable Heimdall releases. |
 | development | ✅ | Latest commit from the github 2.x branch. |
+
 ## Application Setup
 
 Access the web gui at http://SERVERIP:PORT
 
-
 ### Adding password protection
 
 This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd <username>`. Replace <username> with a username of your choice and you will be asked to enter a password. Uncomment the `basic auth` lines in `/config/nginx/site-confs/default.conf` and restart the container.
 
 ## Usage
 
-Here are some example snippets to help you get started creating a container.
+To help you get started creating a container from this image you can either use docker-compose or the docker cli.
+
+>[!NOTE]
+>Unless a parameter is flagged as 'optional', it is *mandatory* and a value must be provided.
 
 ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
 
 ```yaml
 ---
-version: "2.1"
 services:
   heimdall:
     image: lscr.io/linuxserver/heimdall:development
@@ -96,8 +94,9 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=Etc/UTC
+      - ALLOW_INTERNAL_REQUESTS=false #optional
     volumes:
-      - /path/to/appdata/config:/config
+      - /path/to/heimdall/config:/config
     ports:
       - 80:80
       - 443:443
@@ -112,26 +111,27 @@ docker run -d \
   -e PUID=1000 \
   -e PGID=1000 \
   -e TZ=Etc/UTC \
+  -e ALLOW_INTERNAL_REQUESTS=false `#optional` \
   -p 80:80 \
   -p 443:443 \
-  -v /path/to/appdata/config:/config \
+  -v /path/to/heimdall/config:/config \
   --restart unless-stopped \
   lscr.io/linuxserver/heimdall:development
-
 ```
 
 ## Parameters
 
-Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
+Containers are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
 
 | Parameter | Function |
 | :----: | --- |
-| `-p 80` | http gui |
+| `-p 80:80` | http gui |
-| `-p 443` | https gui |
+| `-p 443:443` | https gui |
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
 | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
-| `-v /config` | Contains all relevant configuration files. |
+| `-e ALLOW_INTERNAL_REQUESTS=false` | By default, Heimdall blocks lookup requests to private or reserved IP addresses, if your instance is not exposed to the internet, or is behind some level of authentication, you can set this to `true` to allow requests to private IP addresses. |
+| `-v /config` | Persistent config files |
 
 ## Environment variables from files (Docker secrets)
 
@@ -140,10 +140,10 @@ You can set any environment variable from a file by using a special prepend `FIL
 As an example:
 
 ```bash
--e FILE__PASSWORD=/run/secrets/mysecretpassword
+-e FILE__MYVAR=/run/secrets/mysecretvariable
 ```
 
-Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file.
+Will set the environment variable `MYVAR` based on the contents of the `/run/secrets/mysecretvariable` file.
 
 ## Umask for running applications
 
@@ -152,15 +152,20 @@ Keep in mind umask is not chmod it subtracts from permissions based on it's valu
 
 ## User / Group Identifiers
 
-When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
+When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
 
 Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
 
-In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below:
+In this instance `PUID=1000` and `PGID=1000`, to find yours use `id your_user` as below:
 
 ```bash
-  $ id username
+id your_user
-    uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
+```
+
+Example output:
+
+```text
+uid=1000(your_user) gid=1000(your_user) groups=1000(your_user)
 ```
 
 ## Docker Mods
@@ -171,53 +176,101 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to
 
 ## Support Info
 
-* Shell access whilst the container is running: `docker exec -it heimdall /bin/bash`
+* Shell access whilst the container is running:
-* To monitor the logs of the container in realtime: `docker logs -f heimdall`
+
-* container version number
+    ```bash
-  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' heimdall`
+    docker exec -it heimdall /bin/bash
-* image version number
+    ```
-  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/heimdall:development`
+
+* To monitor the logs of the container in realtime:
+
+    ```bash
+    docker logs -f heimdall
+    ```
+
+* Container version number:
+
+    ```bash
+    docker inspect -f '{{ index .Config.Labels "build_version" }}' heimdall
+    ```
+
+* Image version number:
+
+    ```bash
+    docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/heimdall:development
+    ```
 
 ## Updating Info
 
-Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (ie. nextcloud, plex), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image.
+Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (noted in the relevant readme.md), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image.
 
 Below are the instructions for updating containers:
 
 ### Via Docker Compose
 
-* Update all images: `docker-compose pull`
+* Update images:
-  * or update a single image: `docker-compose pull heimdall`
+    * All images:
-* Let compose update all containers as necessary: `docker-compose up -d`
+
-  * or update a single container: `docker-compose up -d heimdall`
+        ```bash
-* You can also remove the old dangling images: `docker image prune`
+        docker-compose pull
+        ```
+
+    * Single image:
+
+        ```bash
+        docker-compose pull heimdall
+        ```
+
+* Update containers:
+    * All containers:
+
+        ```bash
+        docker-compose up -d
+        ```
+
+    * Single container:
+
+        ```bash
+        docker-compose up -d heimdall
+        ```
+
+* You can also remove the old dangling images:
+
+    ```bash
+    docker image prune
+    ```
 
 ### Via Docker Run
 
-* Update the image: `docker pull lscr.io/linuxserver/heimdall:development`
+* Update the image:
-* Stop the running container: `docker stop heimdall`
-* Delete the container: `docker rm heimdall`
-* Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved)
-* You can also remove the old dangling images: `docker image prune`
-
-### Via Watchtower auto-updater (only use if you don't remember the original parameters)
-
-* Pull the latest image at its tag and replace it with the same env variables in one run:
 
     ```bash
-  docker run --rm \
+    docker pull lscr.io/linuxserver/heimdall:development
-  -v /var/run/docker.sock:/var/run/docker.sock \
-  containrrr/watchtower \
-  --run-once heimdall
     ```
 
-* You can also remove the old dangling images: `docker image prune`
+* Stop the running container:
 
-**Note:** We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose).
+    ```bash
+    docker stop heimdall
+    ```
+
+* Delete the container:
+
+    ```bash
+    docker rm heimdall
+    ```
+
+* Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved)
+* You can also remove the old dangling images:
+
+    ```bash
+    docker image prune
+    ```
 
 ### Image Update Notifications - Diun (Docker Image Update Notifier)
 
-* We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
+>[!TIP]
+>We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
 
 ## Building locally
 
@@ -232,16 +285,21 @@ docker build \
   -t lscr.io/linuxserver/heimdall:development .
 ```
 
-The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static`
+The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static`
 
 ```bash
-docker run --rm --privileged multiarch/qemu-user-static:register --reset
+docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset
 ```
 
 Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`.
 
 ## Versions
 
+* **17.07.25:** - Rebase to Alpine 3.22, enable PHP environment passthrough.
+* **27.06.24:** - Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.
+* **07.03.24:** - Enable the opcache and disable file revalidation.
+* **06.03.24:** - Existing users should update: site-confs/default.conf - Cleanup default site conf.
+* **23.12.23:** - Rebase to Alpine 3.19 with php 8.3.
 * **25.05.23:** - Rebase to Alpine 3.18, deprecate armhf.
 * **13.04.23:** - Move ssl.conf include to default.conf.
 * **20.01.23:** - Rebase to alpine 3.17 with php8.1.

jenkins-vars.yml

@@ -6,7 +6,6 @@ external_type: github_commit
 release_type: prerelease
 release_tag: development
 ls_branch: development
-build_armhf: false
 repo_vars:
   - EXT_GIT_BRANCH = '2.x'
   - EXT_USER = 'linuxserver'
@@ -25,6 +24,6 @@ repo_vars:
   - CI_PORT='80'
   - CI_SSL='false'
   - CI_DELAY='120'
-  - CI_DOCKERENV='TZ=US/Pacific'
+  - CI_DOCKERENV=''
-  - CI_AUTH='user:password'
+  - CI_AUTH=''
   - CI_WEBPATH=''

package_versions.txt

@@ -1,228 +1,245 @@
 NAME                                VERSION           TYPE           
-Reads from stdin without leaking info to the terminal and outputs back to stdout  1, 0, 0, 0              dotnet        
+Hidden Input                        1, 0, 0, 0        binary          
-alpine-baselayout                                                                 3.4.3-r1                apk           
+acl-libs                            2.3.2-r1          apk             
-alpine-baselayout-data                                                            3.4.3-r1                apk           
+alpine-baselayout                   3.7.0-r0          apk             
-alpine-keys                                                                       2.4-r1                  apk           
+alpine-baselayout-data              3.7.0-r0          apk             
-alpine-release                                                                    3.18.3-r0               apk           
+alpine-keys                         2.5-r0            apk             
-apache2-utils                                                                     2.4.57-r3               apk           
+alpine-release                      3.22.3-r0         apk             
-apk-tools                                                                         2.14.0-r2               apk           
+apache2-utils                       2.4.66-r0         apk             
-apr                                                                               1.7.4-r0                apk           
+apk-tools                           2.14.9-r3         apk             
+apr                                 1.7.5-r0          apk             
 apr-util                            1.6.3-r1          apk             
-argon2-libs                                                                       20190702-r4             apk           
+argon2-libs                         20190702-r5       apk             
-barryvdh/laravel-ide-helper                                                       v2.12.3                 php-composer  
+aws/aws-crt-php                     v1.2.7            php-composer    
-barryvdh/reflection-docblock                                                      v2.1.0                  php-composer  
+aws/aws-sdk-php                     3.349.3           php-composer    
-bash                                                                              5.2.15-r5               apk           
+barryvdh/laravel-ide-helper         v3.5.5            php-composer    
-brick/math                                                                        0.9.3                   php-composer  
+barryvdh/reflection-docblock        v2.3.1            php-composer    
-brotli-libs                                                                       1.0.9-r14               apk           
+bash                                5.2.37-r0         apk             
-busybox                                                                           1.36.1-r2               apk           
+brick/math                          0.12.3            php-composer    
-busybox-binsh                                                                     1.36.1-r2               apk           
+brotli-libs                         1.1.0-r2          apk             
-ca-certificates                                                                   20230506-r0             apk           
+busybox                             1.37.0-r20        apk             
-ca-certificates-bundle                                                            20230506-r0             apk           
+busybox-binsh                       1.37.0-r20        apk             
-clue/stream-filter                                                                v1.6.0                  php-composer  
+c-ares                              1.34.6-r0         apk             
-composer/pcre                                                                     3.1.0                   php-composer  
+ca-certificates                     20250911-r0       apk             
-coreutils                                                                         9.3-r1                  apk           
+ca-certificates-bundle              20250911-r0       apk             
-curl                                                                              8.2.1-r0                apk           
+carbonphp/carbon-doctrine-types     3.2.0             php-composer    
-dflydev/dot-access-data                                                           v3.0.2                  php-composer  
+catatonit                           0.2.1-r0          apk             
-doctrine/cache                                                                    2.2.0                   php-composer  
+clue/stream-filter                  v1.7.0            php-composer    
-doctrine/dbal                                                                     3.5.1                   php-composer  
+composer                            2.9.5             binary          
-doctrine/deprecations                                                             v1.0.0                  php-composer  
+composer/class-map-generator        1.6.1             php-composer    
-doctrine/event-manager                                                            1.2.0                   php-composer  
+composer/pcre                       3.3.2             php-composer    
-doctrine/inflector                                                                2.0.6                   php-composer  
+coreutils                           9.7-r1            apk             
-doctrine/instantiator                                                             1.4.1                   php-composer  
+coreutils-env                       9.7-r1            apk             
-doctrine/lexer                                                                    1.2.3                   php-composer  
+coreutils-fmt                       9.7-r1            apk             
-dragonmantank/cron-expression                                                     v3.3.2                  php-composer  
+coreutils-sha512sum                 9.7-r1            apk             
-egulias/email-validator                                                           2.1.25                  php-composer  
+curl                                8.14.1-r2         apk             
-facade/flare-client-php                                                           1.10.0                  php-composer  
+dflydev/dot-access-data             v3.0.3            php-composer    
-facade/ignition                                                                   2.17.6                  php-composer  
+doctrine/inflector                  2.0.10            php-composer    
-facade/ignition-contracts                                                         1.0.2                   php-composer  
+doctrine/lexer                      3.0.1             php-composer    
-fideloper/proxy                                                                   4.4.2                   php-composer  
+dragonmantank/cron-expression       v3.4.0            php-composer    
-filp/whoops                                                                       2.14.6                  php-composer  
+egulias/email-validator             4.0.4             php-composer    
-fzaninotto/faker                                                                  v1.9.2                  php-composer  
+enshrined/svg-sanitize              0.21.0            php-composer    
-git                                                                               2.40.1-r0               apk           
+fakerphp/faker                      v1.24.1           php-composer    
-graham-campbell/bounded-cache                                                     v1.3.0                  php-composer  
+filp/whoops                         2.18.3            php-composer    
-graham-campbell/github                                                            v10.6.0                 php-composer  
+findutils                           4.10.0-r0         apk             
-graham-campbell/manager                                                           v4.7.0                  php-composer  
+fruitcake/php-cors                  v1.3.0            php-composer    
-graham-campbell/result-type                                                       v1.1.0                  php-composer  
+git                                 2.49.1-r0         apk             
-guzzlehttp/guzzle                                                                 7.5.0                   php-composer  
+git-init-template                   2.49.1-r0         apk             
-guzzlehttp/promises                                                               1.5.2                   php-composer  
+graham-campbell/bounded-cache       v3.0.0            php-composer    
-guzzlehttp/psr7                                                                   2.4.3                   php-composer  
+graham-campbell/github              v12.8.0           php-composer    
-hamcrest/hamcrest-php                                                             v2.0.1                  php-composer  
+graham-campbell/manager             v5.2.0            php-composer    
-icu-data-en                                                                       73.2-r2                 apk           
+graham-campbell/result-type         v1.1.3            php-composer    
-icu-libs                                                                          73.2-r2                 apk           
+guzzlehttp/guzzle                   7.9.3             php-composer    
-jq                                                                                1.6-r3                  apk           
+guzzlehttp/promises                 2.2.0             php-composer    
-knplabs/github-api                                                                v3.6.0                  php-composer  
+guzzlehttp/psr7                     2.7.1             php-composer    
-laravel/framework                                                                 v8.83.26                php-composer  
+guzzlehttp/uri-template             v1.0.4            php-composer    
-laravel/serializable-closure                                                      v1.2.2                  php-composer  
+hamcrest/hamcrest-php               v2.1.1            php-composer    
-laravel/tinker                                                                    v2.7.3                  php-composer  
+icu-data-en                         76.1-r1           apk             
-laravel/ui                                                                        v3.4.6                  php-composer  
+icu-libs                            76.1-r1           apk             
-laravelcollective/html                                                            v6.3.0                  php-composer  
+jq                                  1.8.1-r0          apk             
-league/commonmark                                                                 2.3.7                   php-composer  
+knplabs/github-api                  v3.16.0           php-composer    
-league/config                                                                     v1.1.1                  php-composer  
+laravel/framework                   v11.45.1          php-composer    
-league/flysystem                                                                  1.1.10                  php-composer  
+laravel/prompts                     v0.3.6            php-composer    
-league/mime-type-detection                                                        1.11.0                  php-composer  
+laravel/serializable-closure        v2.0.4            php-composer    
-libacl                                                                            2.3.1-r3                apk           
+laravel/tinker                      v2.10.1           php-composer    
-libattr                                                                           2.5.1-r4                apk           
+laravel/ui                          v4.6.1            php-composer    
-libbsd                                                                            0.11.7-r1               apk           
+lcobucci/jwt                        5.5.0             php-composer    
-libbz2                                                                            1.0.8-r5                apk           
+league/commonmark                   2.7.0             php-composer    
-libc-utils                                                                        0.7.2-r5                apk           
+league/config                       v1.2.0            php-composer    
-libcrypto3                                                                        3.1.2-r0                apk           
+league/flysystem                    3.30.0            php-composer    
-libcurl                                                                           8.2.1-r0                apk           
+league/flysystem-aws-s3-v3          3.29.0            php-composer    
-libedit                                                                           20221030.3.1-r1         apk           
+league/flysystem-local              3.30.0            php-composer    
-libexpat                                                                          2.5.0-r1                apk           
+league/mime-type-detection          1.16.0            php-composer    
-libgcc                                                                            12.2.1_git20220924-r10  apk           
+league/uri                          7.5.1             php-composer    
-libidn2                                                                           2.3.4-r1                apk           
+league/uri-interfaces               7.5.0             php-composer    
-libintl                                                                           0.21.1-r7               apk           
+libapk2                             2.14.9-r3         apk             
-libmd                                                                             1.0.4-r2                apk           
+libattr                             2.5.2-r2          apk             
-libncursesw                                                                       6.4_p20230506-r0        apk           
+libbsd                              0.12.2-r0         apk             
-libpq                                                                             15.4-r0                 apk           
+libbz2                              1.0.8-r6          apk             
-libproc2                                                                          4.0.3-r1                apk           
+libcrypto3                          3.5.5-r0          apk             
-libssl3                                                                           3.1.2-r0                apk           
+libcurl                             8.14.1-r2         apk             
-libstdc++                                                                         12.2.1_git20220924-r10  apk           
+libedit                             20250104.3.1-r1   apk             
-libunistring                                                                      1.1-r1                  apk           
+libexpat                            2.7.5-r0          apk             
-libuuid                                                                           2.38.1-r8               apk           
+libgcc                              14.2.0-r6         apk             
-libxml2                                                                           2.11.4-r0               apk           
+libidn2                             2.3.7-r0          apk             
-libzip                                                                            1.9.2-r2                apk           
+libintl                             0.24.1-r0         apk             
-linux-pam                                                                         1.5.2-r10               apk           
+libmd                               1.1.0-r0          apk             
+libncursesw                         6.5_p20250503-r0  apk             
+libpq                               17.9-r0           apk             
+libproc2                            4.0.4-r3          apk             
+libpsl                              0.21.5-r3         apk             
+libssl3                             3.5.5-r0          apk             
+libstdc++                           14.2.0-r6         apk             
+libunistring                        1.3-r0            apk             
+libuuid                             2.41-r9           apk             
+libxml2                             2.13.9-r0         apk             
+libzip                              1.11.4-r0         apk             
+linux-pam                           1.7.0-r4          apk             
 logrotate                           3.21.0-r1         apk             
-mockery/mockery                                                                   1.5.1                   php-composer  
+mockery/mockery                     1.6.12            php-composer    
-monolog/monolog                                                                   2.8.0                   php-composer  
+monolog/monolog                     3.9.0             php-composer    
-musl                                                                              1.2.4-r1                apk           
+mtdowling/jmespath.php              2.8.0             php-composer    
-musl-utils                                                                        1.2.4-r1                apk           
+musl                                1.2.5-r10         apk             
-myclabs/deep-copy                                                                 1.11.0                  php-composer  
+musl-utils                          1.2.5-r10         apk             
-nano                                                                              7.2-r1                  apk           
+myclabs/deep-copy                   1.13.3            php-composer    
-ncurses-terminfo-base                                                             6.4_p20230506-r0        apk           
+nano                                8.4-r0            apk             
-nesbot/carbon                                                                     2.63.0                  php-composer  
+ncurses-terminfo-base               6.5_p20250503-r0  apk             
-netcat-openbsd                                                                    1.219-r1                apk           
+nesbot/carbon                       3.10.1            php-composer    
-nette/schema                                                                      v1.2.3                  php-composer  
+netcat-openbsd                      1.229.1-r0        apk             
-nette/utils                                                                       v3.2.8                  php-composer  
+nette/schema                        v1.3.2            php-composer    
-nghttp2-libs                                                                      1.55.1-r0               apk           
+nette/utils                         v4.0.7            php-composer    
-nginx                                                                             1.24.0-r6               apk           
+nghttp2-libs                        1.65.0-r0         apk             
-nikic/php-parser                                                                  v4.15.2                 php-composer  
+nginx                               1.28.3-r0         apk             
-nunomaduro/collision                                                              v5.11.0                 php-composer  
+nikic/php-parser                    v5.5.0            php-composer    
-oniguruma                                                                         6.9.8-r1                apk           
+nunomaduro/collision                v8.5.0            php-composer    
-openssl                                                                           3.1.2-r0                apk           
+nunomaduro/termwind                 v2.3.1            php-composer    
-opis/closure                                                                      3.6.3                   php-composer  
+oniguruma                           6.9.10-r0         apk             
-pcre                                                                              8.45-r3                 apk           
+openssl                             3.5.5-r0          apk             
-pcre2                                                                             10.42-r1                apk           
+pcre2                               10.46-r0          apk             
-phar-io/manifest                                                                  2.0.3                   php-composer  
+phar-io/manifest                    2.0.4             php-composer    
 phar-io/version                     3.2.1             php-composer    
-php-http/cache-plugin                                                             1.7.5                   php-composer  
+php-http/cache-plugin               2.0.1             php-composer    
-php-http/client-common                                                            2.6.0                   php-composer  
+php-http/client-common              2.7.2             php-composer    
-php-http/discovery                                                                1.14.3                  php-composer  
+php-http/discovery                  1.20.0            php-composer    
-php-http/httplug                                                                  2.3.0                   php-composer  
+php-http/httplug                    2.4.1             php-composer    
-php-http/message                                                                  1.13.0                  php-composer  
+php-http/message                    1.16.2            php-composer    
-php-http/message-factory                                                          v1.0.2                  php-composer  
+php-http/multipart-stream-builder   1.4.2             php-composer    
-php-http/multipart-stream-builder                                                 1.2.0                   php-composer  
+php-http/promise                    1.3.1             php-composer    
-php-http/promise                                                                  1.1.0                   php-composer  
+php84                               8.4.16-r0         apk             
-php82                                                                             8.2.9-r0                apk           
+php84-common                        8.4.16-r0         apk             
-php82-common                                                                      8.2.9-r0                apk           
+php84-ctype                         8.4.16-r0         apk             
-php82-ctype                                                                       8.2.9-r0                apk           
+php84-curl                          8.4.16-r0         apk             
-php82-curl                                                                        8.2.9-r0                apk           
+php84-dom                           8.4.16-r0         apk             
-php82-fileinfo                                                                    8.2.9-r0                apk           
+php84-fileinfo                      8.4.16-r0         apk             
-php82-fpm                                                                         8.2.9-r0                apk           
+php84-fpm                           8.4.16-r0         apk             
-php82-iconv                                                                       8.2.9-r0                apk           
+php84-iconv                         8.4.16-r0         apk             
-php82-intl                                                                        8.2.10-r0               apk           
+php84-intl                          8.4.16-r0         apk             
-php82-mbstring                                                                    8.2.9-r0                apk           
+php84-mbstring                      8.4.16-r0         apk             
-php82-mysqlnd                                                                     8.2.10-r0               apk           
+php84-mysqlnd                       8.4.16-r0         apk             
-php82-openssl                                                                     8.2.9-r0                apk           
+php84-opcache                       8.4.16-r0         apk             
-php82-pdo                                                                         8.2.10-r0               apk           
+php84-openssl                       8.4.16-r0         apk             
-php82-pdo_mysql                                                                   8.2.10-r0               apk           
+php84-pdo                           8.4.16-r0         apk             
-php82-pdo_pgsql                                                                   8.2.10-r0               apk           
+php84-pdo_mysql                     8.4.16-r0         apk             
-php82-pdo_sqlite                                                                  8.2.10-r0               apk           
+php84-pdo_pgsql                     8.4.16-r0         apk             
-php82-phar                                                                        8.2.9-r0                apk           
+php84-pdo_sqlite                    8.4.16-r0         apk             
-php82-session                                                                     8.2.9-r0                apk           
+php84-phar                          8.4.16-r0         apk             
-php82-simplexml                                                                   8.2.9-r0                apk           
+php84-session                       8.4.16-r0         apk             
-php82-tokenizer                                                                   8.2.10-r0               apk           
+php84-simplexml                     8.4.16-r0         apk             
-php82-xml                                                                         8.2.9-r0                apk           
+php84-tokenizer                     8.4.16-r0         apk             
-php82-xmlwriter                                                                   8.2.9-r0                apk           
+php84-xml                           8.4.16-r0         apk             
-php82-zip                                                                         8.2.9-r0                apk           
+php84-xmlwriter                     8.4.16-r0         apk             
-phpdocumentor/reflection-common                                                   2.2.0                   php-composer  
+php84-zip                           8.4.16-r0         apk             
-phpdocumentor/type-resolver                                                       1.6.2                   php-composer  
+phpoption/phpoption                 1.9.3             php-composer    
-phpoption/phpoption                                                               1.9.0                   php-composer  
+phpunit/php-code-coverage           10.1.16           php-composer    
-phpunit/php-code-coverage                                                         9.2.19                  php-composer  
+phpunit/php-file-iterator           4.1.0             php-composer    
-phpunit/php-file-iterator                                                         3.0.6                   php-composer  
+phpunit/php-invoker                 4.0.0             php-composer    
-phpunit/php-invoker                                                               3.1.1                   php-composer  
+phpunit/php-text-template           3.0.1             php-composer    
-phpunit/php-text-template                                                         2.0.4                   php-composer  
+phpunit/php-timer                   6.0.0             php-composer    
-phpunit/php-timer                                                                 5.0.3                   php-composer  
+phpunit/phpunit                     10.5.47           php-composer    
-phpunit/phpunit                                                                   9.5.26                  php-composer  
+popt                                1.19-r4           apk             
-popt                                                                              1.19-r2                 apk           
+procps-ng                           4.0.4-r3          apk             
-procps-ng                                                                         4.0.3-r1                apk           
+psr/cache                           3.0.0             php-composer    
-psr/cache                                                                         1.0.1                   php-composer  
+psr/clock                           1.0.0             php-composer    
-psr/container                                                                     1.1.2                   php-composer  
+psr/container                       2.0.2             php-composer    
 psr/event-dispatcher                1.0.0             php-composer    
-psr/http-client                                                                   1.0.1                   php-composer  
+psr/http-client                     1.0.3             php-composer    
-psr/http-factory                                                                  1.0.1                   php-composer  
+psr/http-factory                    1.1.0             php-composer    
-psr/http-message                                                                  1.0.1                   php-composer  
+psr/http-message                    2.0               php-composer    
-psr/log                                                                           1.1.4                   php-composer  
+psr/log                             3.0.2             php-composer    
-psr/simple-cache                                                                  1.0.1                   php-composer  
+psr/simple-cache                    3.0.0             php-composer    
-psy/psysh                                                                         v0.11.9                 php-composer  
+psy/psysh                           v0.12.9           php-composer    
 ralouphie/getallheaders             3.0.3             php-composer    
-ramsey/collection                                                                 1.2.2                   php-composer  
+ramsey/collection                   2.1.1             php-composer    
-ramsey/uuid                                                                       4.2.3                   php-composer  
+ramsey/uuid                         4.9.0             php-composer    
-readline                                                                          8.2.1-r1                apk           
+readline                            8.2.13-r1         apk             
-scanelf                                                                           1.3.7-r1                apk           
+scanelf                             1.3.8-r1          apk             
-sebastian/cli-parser                                                              1.0.1                   php-composer  
+sebastian/cli-parser                2.0.1             php-composer    
-sebastian/code-unit                                                               1.0.8                   php-composer  
+sebastian/code-unit                 2.0.0             php-composer    
-sebastian/code-unit-reverse-lookup                                                2.0.3                   php-composer  
+sebastian/code-unit-reverse-lookup  3.0.0             php-composer    
-sebastian/comparator                                                              4.0.8                   php-composer  
+sebastian/comparator                5.0.3             php-composer    
-sebastian/complexity                                                              2.0.2                   php-composer  
+sebastian/complexity                3.2.0             php-composer    
-sebastian/diff                                                                    4.0.4                   php-composer  
+sebastian/diff                      5.1.1             php-composer    
-sebastian/environment                                                             5.1.4                   php-composer  
+sebastian/environment               6.1.0             php-composer    
-sebastian/exporter                                                                4.0.5                   php-composer  
+sebastian/exporter                  5.1.2             php-composer    
-sebastian/global-state                                                            5.0.5                   php-composer  
+sebastian/global-state              6.0.2             php-composer    
-sebastian/lines-of-code                                                           1.0.3                   php-composer  
+sebastian/lines-of-code             2.0.2             php-composer    
-sebastian/object-enumerator                                                       4.0.4                   php-composer  
+sebastian/object-enumerator         5.0.0             php-composer    
-sebastian/object-reflector                                                        2.0.4                   php-composer  
+sebastian/object-reflector          3.0.0             php-composer    
-sebastian/recursion-context                                                       4.0.4                   php-composer  
+sebastian/recursion-context         5.0.0             php-composer    
-sebastian/resource-operations                                                     3.0.3                   php-composer  
+sebastian/type                      4.0.0             php-composer    
-sebastian/type                                                                    3.2.0                   php-composer  
+sebastian/version                   4.0.1             php-composer    
-sebastian/version                                                                 3.0.2                   php-composer  
+shadow                              4.17.3-r0         apk             
-shadow                                                                            4.13-r4                 apk           
+skalibs-libs                        2.14.4.0-r0       apk             
-skalibs                                                                           2.13.1.1-r1             apk           
+spatie/backtrace                    1.7.4             php-composer    
-sqlite-libs                                                                       3.41.2-r2               apk           
+spatie/error-solutions              1.1.3             php-composer    
-squizlabs/php_codesniffer                                                         3.7.1                   php-composer  
+spatie/flare-client-php             1.10.1            php-composer    
-ssl_client                                                                        1.36.1-r2               apk           
+spatie/ignition                     1.15.1            php-composer    
-swiftmailer/swiftmailer                                                           v6.3.0                  php-composer  
+spatie/laravel-html                 3.12.0            php-composer    
-symfony/cache                                                                     v5.4.15                 php-composer  
+spatie/laravel-ignition             2.9.1             php-composer    
-symfony/cache-contracts                                                           v2.5.2                  php-composer  
+sqlite-libs                         3.49.2-r1         apk             
-symfony/console                                                                   v5.4.15                 php-composer  
+squizlabs/php_codesniffer           3.13.2            php-composer    
-symfony/css-selector                                                              v5.4.11                 php-composer  
+ssl_client                          1.37.0-r20        apk             
-symfony/deprecation-contracts                                                     v2.5.2                  php-composer  
+symfony/cache                       v7.3.1            php-composer    
-symfony/error-handler                                                             v5.4.15                 php-composer  
+symfony/cache-contracts             v3.6.0            php-composer    
-symfony/event-dispatcher                                                          v5.4.9                  php-composer  
+symfony/clock                       v7.3.0            php-composer    
-symfony/event-dispatcher-contracts                                                v2.5.2                  php-composer  
+symfony/console                     v7.3.1            php-composer    
-symfony/finder                                                                    v5.4.11                 php-composer  
+symfony/css-selector                v7.3.0            php-composer    
-symfony/http-foundation                                                           v5.4.15                 php-composer  
+symfony/deprecation-contracts       v3.6.0            php-composer    
-symfony/http-kernel                                                               v5.4.15                 php-composer  
+symfony/error-handler               v7.3.1            php-composer    
-symfony/mime                                                                      v5.4.14                 php-composer  
+symfony/event-dispatcher            v7.3.0            php-composer    
-symfony/options-resolver                                                          v5.4.11                 php-composer  
+symfony/event-dispatcher-contracts  v3.6.0            php-composer    
-symfony/polyfill-ctype                                                            v1.27.0                 php-composer  
+symfony/finder                      v7.3.0            php-composer    
-symfony/polyfill-iconv                                                            v1.27.0                 php-composer  
+symfony/http-foundation             v7.3.1            php-composer    
-symfony/polyfill-intl-grapheme                                                    v1.27.0                 php-composer  
+symfony/http-kernel                 v7.3.1            php-composer    
-symfony/polyfill-intl-idn                                                         v1.27.0                 php-composer  
+symfony/mailer                      v7.3.1            php-composer    
-symfony/polyfill-intl-normalizer                                                  v1.27.0                 php-composer  
+symfony/mime                        v7.3.0            php-composer    
-symfony/polyfill-mbstring                                                         v1.27.0                 php-composer  
+symfony/options-resolver            v7.3.0            php-composer    
-symfony/polyfill-php72                                                            v1.27.0                 php-composer  
+symfony/polyfill-ctype              v1.32.0           php-composer    
-symfony/polyfill-php73                                                            v1.27.0                 php-composer  
+symfony/polyfill-intl-grapheme      v1.32.0           php-composer    
-symfony/polyfill-php80                                                            v1.27.0                 php-composer  
+symfony/polyfill-intl-idn           v1.32.0           php-composer    
-symfony/polyfill-php81                                                            v1.27.0                 php-composer  
+symfony/polyfill-intl-normalizer    v1.32.0           php-composer    
-symfony/process                                                                   v5.4.11                 php-composer  
+symfony/polyfill-mbstring           v1.32.0           php-composer    
-symfony/routing                                                                   v5.4.15                 php-composer  
+symfony/polyfill-php80              v1.32.0           php-composer    
-symfony/service-contracts                                                         v2.5.2                  php-composer  
+symfony/polyfill-php83              v1.32.0           php-composer    
-symfony/string                                                                    v5.4.15                 php-composer  
+symfony/polyfill-uuid               v1.32.0           php-composer    
-symfony/thanks                                                                    v1.2.10                 php-composer  
+symfony/process                     v7.3.0            php-composer    
-symfony/translation                                                               v5.4.14                 php-composer  
+symfony/routing                     v7.3.0            php-composer    
-symfony/translation-contracts                                                     v2.5.2                  php-composer  
+symfony/service-contracts           v3.6.0            php-composer    
-symfony/var-dumper                                                                v5.4.14                 php-composer  
+symfony/string                      v7.3.0            php-composer    
-symfony/var-exporter                                                              v5.4.10                 php-composer  
+symfony/thanks                      v1.4.0            php-composer    
-symfony/yaml                                                                      v5.4.14                 php-composer  
+symfony/translation                 v7.3.1            php-composer    
-theseer/tokenizer                                                                 1.2.1                   php-composer  
+symfony/translation-contracts       v3.6.0            php-composer    
-tijsverkoyen/css-to-inline-styles                                                 2.2.5                   php-composer  
+symfony/uid                         v7.3.1            php-composer    
-tzdata                                                                            2023c-r1                apk           
+symfony/var-dumper                  v7.3.1            php-composer    
-utmps-libs                                                                        0.1.2.1-r1              apk           
+symfony/var-exporter                v7.3.0            php-composer    
-vlucas/phpdotenv                                                                  v5.5.0                  php-composer  
+symfony/yaml                        v7.3.1            php-composer    
-voku/portable-ascii                                                               1.6.1                   php-composer  
+theseer/tokenizer                   1.2.3             php-composer    
+tijsverkoyen/css-to-inline-styles   v2.3.0            php-composer    
+tzdata                              2026a-r0          apk             
+utmps-libs                          0.1.3.1-r0        apk             
+vlucas/phpdotenv                    v5.6.2            php-composer    
+voku/portable-ascii                 2.0.3             php-composer    
 webmozart/assert                    1.11.0            php-composer    
-xz-libs                                                                           5.4.3-r0                apk           
+xz-libs                             5.8.1-r0          apk             
-zlib                                                                              1.2.13-r1               apk           
+zlib                                1.3.1-r2          apk             
-zstd-libs                                                                         1.5.5-r4                apk           
+zstd-libs                           1.5.7-r0          apk             

readme-vars.yml

@@ -11,53 +11,97 @@ project_blurb: |
 
   Why not use it as your browser start page? It even has the ability to include a search bar using either Google, Bing or DuckDuckGo.
 project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}"
-
 # supported architectures
 available_architectures:
   - {arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
   - {arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
-
 # development version
 development_versions: true
 development_versions_items:
   - {tag: "latest", desc: "Stable Heimdall releases."}
   - {tag: "development", desc: "Latest commit from the github 2.x branch."}
-
 # container parameters
 common_param_env_vars_enabled: true
 param_container_name: "{{ project_name }}"
 param_usage_include_vols: true
 param_volumes:
-  - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Contains all relevant configuration files." }
+  - {vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files"}
 param_usage_include_ports: true
 param_ports:
   - {external_port: "80", internal_port: "80", port_desc: "http gui"}
   - {external_port: "443", internal_port: "443", port_desc: "https gui"}
-param_usage_include_env: true
+opt_param_usage_include_env: true
-param_env_vars:
+opt_param_env_vars:
-  - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London"}
+  - {env_var: "ALLOW_INTERNAL_REQUESTS", env_value: "false", desc: "By default, Heimdall blocks lookup requests to private or reserved IP addresses, if your instance is not exposed to the internet, or is behind some level of authentication, you can set this to `true` to allow requests to private IP addresses."}
-
-# optional parameters
-optional_block_1: false
-optional_block_1_items:
-  - |
-    Using tags, you can switch between the stable releases of Heimdall and the master branch. No tag is required for the latest stable release.
-    Add the development tag,  if required,  to the linuxserver/heimdall line of the run/create command in the following format, linuxserver/heimdall:development
-    The development tag will be the latest commit in the master branch of Heimdall.
-    HOWEVER , USE THE DEVELOPMENT TAG AT YOUR OWN PERIL !!!!!!!!!
-
 # application setup block
 app_setup_block_enabled: true
 app_setup_block: |
   Access the web gui at http://SERVERIP:PORT
 
-
   ### Adding password protection
 
   This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd <username>`. Replace <username> with a username of your choice and you will be asked to enter a password. Uncomment the `basic auth` lines in `/config/nginx/site-confs/default.conf` and restart the container.
-
+# init diagram
+init_diagram: |
+  "heimdall:development": {
+    docker-mods
+    base {
+      fix-attr +\nlegacy cont-init
+    }
+    docker-mods -> base
+    legacy-services
+    custom services
+    init-services -> legacy-services
+    init-services -> custom services
+    custom services -> legacy-services
+    legacy-services -> ci-service-check
+    init-migrations -> init-adduser
+    init-nginx-end -> init-config
+    init-os-end -> init-config
+    init-config -> init-config-end
+    init-crontab-config -> init-config-end
+    init-heimdall-config -> init-config-end
+    init-config -> init-crontab-config
+    init-mods-end -> init-custom-files
+    init-adduser -> init-device-perms
+    base -> init-envfile
+    init-os-end -> init-folders
+    init-nginx-end -> init-heimdall-config
+    init-php -> init-keygen
+    base -> init-migrations
+    init-config-end -> init-mods
+    init-mods-package-install -> init-mods-end
+    init-mods -> init-mods-package-install
+    init-samples -> init-nginx
+    init-version-checks -> init-nginx-end
+    init-adduser -> init-os-end
+    init-device-perms -> init-os-end
+    init-envfile -> init-os-end
+    init-keygen -> init-permissions
+    init-nginx -> init-php
+    init-folders -> init-samples
+    init-custom-files -> init-services
+    init-permissions -> init-version-checks
+    init-services -> svc-cron
+    svc-cron -> legacy-services
+    init-services -> svc-nginx
+    svc-nginx -> legacy-services
+    init-services -> svc-php-fpm
+    svc-php-fpm -> legacy-services
+    init-services -> svc-queue
+    svc-queue -> legacy-services
+  }
+  Base Images: {
+    "baseimage-alpine-nginx:3.22" <- "baseimage-alpine:3.22"
+  }
+  "heimdall:development" <- Base Images
 # changelog
 changelogs:
+  - {date: "17.07.25:", desc: "Rebase to Alpine 3.22, enable PHP environment passthrough."}
+  - {date: "27.06.24:", desc: "Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings."}
+  - {date: "07.03.24:", desc: "Enable the opcache and disable file revalidation."}
+  - {date: "06.03.24:", desc: "Existing users should update: site-confs/default.conf - Cleanup default site conf."}
+  - {date: "23.12.23:", desc: "Rebase to Alpine 3.19 with php 8.3."}
   - {date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf."}
   - {date: "13.04.23:", desc: "Move ssl.conf include to default.conf."}
   - {date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1."}

root/defaults/nginx/site-confs/default.conf.sample

@@ -1,36 +0,0 @@
-## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-heimdall/commits/master/root/defaults/nginx/site-confs/default.conf.sample
-
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-
-    listen 443 ssl http2 default_server;
-    listen [::]:443 ssl http2 default_server;
-
-    server_name _;
-
-    include /config/nginx/ssl.conf;
-
-    root /app/www/public;
-    index index.html index.htm index.php;
-
-    location / {
-        # enable for basic auth
-        #auth_basic "Restricted";
-        #auth_basic_user_file /config/nginx/.htpasswd;
-
-        try_files $uri $uri/ /index.html /index.php$is_args$args;
-    }
-
-    location ~ ^(.+\.php)(.*)$ {
-        fastcgi_split_path_info ^(.+\.php)(.*)$;
-        fastcgi_pass 127.0.0.1:9000;
-        fastcgi_index index.php;
-        include /etc/nginx/fastcgi_params;
-    }
-
-    # deny access to .htaccess/.htpasswd files
-    location ~ /\.ht {
-        deny all;
-    }
-}

root/etc/s6-overlay/s6-rc.d/svc-queue/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 exec \
     s6-setuidgid abc php /app/www/artisan queue:work database --sleep=3 --tries=3

root/migrations/02-default-location

@@ -1,10 +1,11 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 DEFAULT_CONF="/config/nginx/site-confs/default.conf"
 OLD_ROOT="root /var/www/localhost/heimdall/public;"
 NEW_ROOT="root /app/www/public;"
 
-if grep -q "${OLD_ROOT}" "${DEFAULT_CONF}" 2>/dev/null; then
+if [[ -f "${DEFAULT_CONF}" ]] && grep -q "${OLD_ROOT}" "${DEFAULT_CONF}" 2>/dev/null; then
     echo "updating root in ${DEFAULT_CONF}"
     sed -i "s|${OLD_ROOT}|${NEW_ROOT}|" "${DEFAULT_CONF}"
 fi