v0.12.0

Security

• SBOM and provenance attestations now generated and attached to released images
• Job permissions tightened: build-docker-image reduced from contents: write to contents: read, scan-docker-image now explicitly grants contents: read

v0.11.0

Added

• Image now builds for linux/arm64 platform as well
• Dockerfile linting via Hadolint
• Validation of the CHANGELOG format
• Updates s6-overlay to v3.2.2.0

Changed

• Replaced ncipollo/release-action with native gh release create

Security

• GitHub Actions workflow audited with zizmor
• All GitHub Actions checkout steps now set persist-credentials: false
• Template expressions in run: steps moved to environment variables to prevent injection
• All GitHub Actions pinned to commit SHAs for supply chain security
• Dependabot now groups GitHub Actions updates and applies a 7-day cooldown

v0.10.0

Changed

• Base image updated to Alpine 3.23.0
• YAML is now formatted via yamlfmt

Added

• The image is now scanned with Trivy

v0.9.0

Changed

• Base image updated to Alpine 3.22.2

v0.8.0

Changed

• Base image updated to Alpine 3.22.1 #16

v0.7.0

Changed

• Base image updated to Alpine 3.21.3 #14

Added

• Added sponsor button #13

v0.6.0

Changed

• Base image updated to Alpine 3.21 #11
• Small documentation updates #12

v0.5.0

Changed

• s6-overlay updated to 3.2.0.2

v0.4.1

Fixed

• Resolved Docker build warning regarding cases of the FROM x AS y format

v0.4.0

Changed

• Base image updated to Alpine 3.20
• s6-overlay updated to v3.2.0.0

Added

• Github release with changelog for releases

Fixed

• dependabot was targeting the wrong branch for updates