chore(deps): bump the actions group across 1 directory with 11 updates#2
Closed
dependabot[bot] wants to merge 303 commits into
Closed
chore(deps): bump the actions group across 1 directory with 11 updates#2dependabot[bot] wants to merge 303 commits into
dependabot[bot] wants to merge 303 commits into
Conversation
…bundle payload resolves (WIX0103)
… (CI /dev/tty error)
…has no signed-by)
…nosing (retry /health, dump logs)
…2022 unsupported on 24.04)
…orts Ubuntu 24.04; Windows fwlink already 2025) - Linux install.sh: mssql-server-2025 repo (Ubuntu 24.04 supported), key at /usr/share/keyrings to match the 2025 list's signed-by. Reverts the ubuntu-22.04 CI pin back to ubuntu-latest. - Windows: the SSEI fwlink already resolves to SQL 2025 Express; noted in the bootstrap.
…MTP presets; fix Linux installer spool layout Providers (spec §8): native Amazon SES (AWS SDK, raw MIME), Postmark/Resend/SMTP2GO (HTTP JSON), SparkPost (raw MIME via email_rfc822). Enum + RelayProviderSchema + factory wiring + UI fields; SMTP-preset dropdown in the relay editor fills host/port/TLS for ~10 common providers (SES/Brevo/Gmail/M365/Postmark/Resend/ SendGrid/SMTP2GO/SparkPost/Mailjet) so any of them works via the generic SMTP provider. Factory tests cover all five new types. Installer fixes (found via the full-install CI smoke): - Resolve a relative spool dir against the content root, not the process CWD (Windows services run in system32; the systemd unit's CWD was a read-only /etc) — fixes 'Access to ./.dispatch-spool denied'. - Linux: single data dir (/var/lib/dispatch) holds appsettings + spool (mirrors Windows ProgramData); systemd WorkingDirectory + ReadWritePaths updated. 150 tests green; UI builds.
…install smoke failure
…iness to the service manager The Windows MSI install failed (1603): the service started but never signalled 'running' to the SCM, so the MSI's ServiceControl start timed out and rolled back (app log showed 'Hosting environment: Production' logged repeatedly as SCM retried). .NET hosts must call UseWindowsService() for SCM integration; added UseSystemd() too and set the unit to Type=notify (also closes the §16.3 drift). Both are no-ops when run interactively. Linux full-install already passed; this fixes the Windows end-to-end.
…s installer Signs Dispatch.msi + the DispatchSetup.exe Burn bundle via SignPath Foundation (free for OSS). Skipped until repo vars SIGNPATH_ORGANIZATION_ID/PROJECT_SLUG/ POLICY_SLUG + secret SIGNPATH_API_TOKEN are set, so the unsigned artifact stands in the meantime. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add release.yml: on a v* tag, build the version-stamped Windows installer (DispatchSetup.exe + Dispatch.msi) and a self-contained linux-x64 tarball, then publish a GitHub Release with SHA256SUMS and auto-generated notes. Windows artifacts are Authenticode-signed via Azure Artifact Signing when the repo is provisioned (AZURE_SIGNING_* vars/secrets); the Burn bundle engine is detached, signed, reattached, then the bundle is signed. Skipped (unsigned) until then. - installer wxs: Version is now overridable via -d Version=<tag> (defaults 1.0.0) - install.sh: --prebuilt <dir> installs the self-contained tarball without the .NET SDK/Node; systemd unit resolved next to the script for tarball layout - installers.yml: drop the dormant SignPath step (CI installer builds stay unsigned; signing happens only at release time) - build.yml: remove the partial tag release job (superseded by release.yml) - docs/RELEASING.md: how to cut a release + provision Azure signing Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adds a linux-tarball job that publishes the self-contained linux-x64 build and uploads it as a downloadable artifact on every push — no tag/release needed to grab a tarball for testing install.sh --prebuilt. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…DR defaults Add a multi-stage Dockerfile (multi-arch amd64/arm64) and a docker-compose.yml that runs Dispatch + Azure SQL Edge together (arm64-native on Apple Silicon): `docker compose up --build` → dashboard on :8420, API :8421, SMTP :2525. Fix the seeded source-IP allow-list defaults, which were loopback-only and made the dashboard unreachable on every real deployment shape (headless servers have no local browser; containers NAT every request to the bridge gateway): - webui.allowed_cidrs / api.allowed_cidrs -> empty (allow all); these are gated by the dashboard password and API keys, with CIDR as optional hardening - listener.allowed_cidrs -> loopback + RFC1918 + IPv6 ULA, so same-host/LAN/ Docker apps can submit mail without shipping an open internet relay Verified end-to-end on Apple Silicon: /health 200, SQL connected, SMTP intake 250 OK + spooled. Core 55 + Web 53 tests green. Spec §1.1 deltas updated. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…st coverage The deeper cause of the unreachable-dashboard bug: ListenerOptions/ApiOptions EffectiveAllowedCidrs silently rewrote an empty list back to loopback-only, so the seeded allow-all defaults (and any operator who cleared the list) were overridden — the ingestion API was loopback-only too. Both middlewares already treat empty as allow-all, so make EffectiveAllowedCidrs a pass-through and default the ConfigCache keys to empty; the safe baseline now lives solely in the seeded ConfigDefaults (listener = loopback + private ranges). Add the test coverage that would have caught this: - CidrMailboxFilter: private/loopback allowed, public denied, empty = allow-all - WebAuthMiddleware: outside-list 403, inside allowed, empty-list regression guard - ConfigDefaults: seed-defaults guard (webui/api allow-all, listener private-only) Also add a container HEALTHCHECK (curl /health) to the Dockerfile. Verified in the running container: /health 200, ingestion API 401 (not 403), HEALTHCHECK healthy. Core 65 + Web 57 tests green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…kstart release.yml: add a docker job that builds + pushes a multi-arch (amd64+arm64) image to ghcr.io/<owner>/dispatch-smtp-relay on a v* tag (semver + latest tags, buildx + QEMU, GHA layer cache); skipped on dry-run dispatch. Grants packages:write. README: add a Docker section (docker compose for local testing; docker run from GHCR with env config) covering the multi-arch image and the container-aware allow-list defaults. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- release.yml: version the Windows assets (DispatchSetup-<ver>-x64.exe,
Dispatch-<ver>-x64.msi) so each release's downloads are distinguishable
- README install docs corrected to match reality:
- Windows: real bundle behavior (DISPATCHSQL instance, skipped if present),
DispatchLog DB (was "DispatchQueue"), silent install via /quiet, existing-SQL
via the MSI + SQLCONN (dropped fabricated --silent/--server/--auth flags)
- Linux: install from the self-contained tarball with --prebuilt (dropped the
nonexistent `curl | bash install.sh` asset); note arm64 -> external SQL/Docker
- Quick Start: default dashboard is http://localhost:8420 (https only with a
cert), default SMTP port 2525 (not 25/587)
- appsettings holds connection string + Web UI TLS cert (not "only the
connection string")
- RELEASING.md: versioned asset names + GHCR image row
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Reconcile remaining drift found by auditing claims against the code: - Providers: add Amazon SES, Postmark, Resend, SparkPost, SMTP2GO everywhere (features, relay table with real required fields, supported-providers, structure) - Remove the "CSV export" claim (feature was dropped, spec §1.1) - SMTP listener defaults: ports 2525 (not 25/587), allow-list = loopback+private ranges (not 127.0.0.1/32), max message size 0/no-limit (not 25 MB) - Security: dashboard is HTTPS-when-cert-configured (not "HTTPS-only" with auto self-signed); API keys + admin password are bcrypt-hashed, provider/SMTP secrets AES-256-GCM (Linux/macOS) or DPAPI (Windows) - Upgrading: in-place MSI MajorUpgrade + additive migrations + manual drain endpoint (the old auto version-detect/drain/rollback flow isn't implemented) - Requirements: SQL Server 2025 Express bundled; arm64 -> Docker/external SQL - Project structure: WiX MSI + Burn bundle (not "WiX v5"), Dockerfile added - Hero line: SMTP default 2525 (25/587 for production) Verified against code via audit: all referenced files/links exist; routing rules + /api/routing/simulate and the drain endpoint do exist; provider field names match RelaySettings schema. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Fix the settings location: the UI sections are "Retention" + "Storage maintenance" (not "Storage & Retention") - Don't overstate configurability: the 6-hour purge schedule and the retrying/test-message retention are fixed defaults; the rest are editable - Add the facts the section omitted: 6h schedule, captured (Local) 7-day retention, on-demand purge (POST /api/purge/run), size target 9.0 GB, and the separate disk-pressure protection (throttle -> 4xx refuse -> recover) Audited licence-faq.md and CONTRIBUTING.md against the code — both accurate (MailgunProviderTests / RelayProviderFactory / RelayProviderSchema all exist), left unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Inline factual fixes: - WiX Toolset v5 -> v6 (build pins 6.0.2) - DispatchQueue -> DispatchLog everywhere except the rename note - Linux install examples: SQL Server 2025 / Ubuntu 24.04 (were 2022/22.04) - Solution structure: real test projects (no Dispatch.Integration.Tests) New §1.1 deltas (authoritative) for structural drift found by auditing §3-18: - Full provider set (adds Amazon SES, Postmark, Resend, SparkPost, SMTP2GO; Appendix A "future" ones are shipped; default relay provider is Unconfigured) - Windows install is a WiX Burn bundle chain (InstallSqlExpress launcher + MSI), not a WinForms wizard; cert generation is Linux-only - Ingestion API is HTTP-only (no api.tls_* keys); webui TLS keys live in appsettings not the config table; no webui.require_auth; config table also has listener.server_name + purge.captured_retention_days - §10.7/§11.5 pseudocode signatures are illustrative (actual signatures differ) - SMTP source-IP denial occurs at MAIL FROM, not the greeting banner - Documents two not-yet-implemented items vs spec: SMTP AUTH brute-force lockout (§17.10) and instant API-key revocation (§17.4 — honored up to the 30s cache TTL) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ckout
Close the two gaps the spec audit surfaced (§17.4, §17.10):
- ApiKeyCache.Invalidate(keyId): the DELETE /api/keys/{id} revoke endpoint now
evicts the key from the verification cache, so it stops working immediately
instead of lingering for up to the 30s TTL.
- SmtpAuthThrottle: per-source-IP SMTP AUTH lockout (5 failures -> 60s), refusing
AUTH without hitting the credential store while locked; mirrors LoginThrottle.
Wired into ConfiguredUserAuthenticator (records success/failure by source IP).
Tests: ApiKeyCache invalidation (evicts only the matching id), SmtpAuthThrottle
(lockout after 5, success resets, per-IP), and ConfiguredUserAuthenticator (a
locked IP is refused without a store call). Core 70 + Web 59 green.
Updates the §1.1 deltas: both are now implemented (were documented as gaps).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- SECURITY.md: private disclosure via GitHub Security Advisories, what to include, scope (open-relay/allow-list bypass, credential/spool exposure, auth bypass, etc.), and a map of where security controls live for reviewers. - RELEASING.md: a one-time "first release" step to flip the GHCR package to public (packages are private by default) so anonymous docker pull works. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…g key Live end-to-end testing showed the single-message status endpoint resolved a message by spool id for ANY valid key, leaking another key's status/provider/ timing if the (random) id was known. Only the list endpoint was key-scoped. Now scoped per key (spec §7.4): the spool fast-path checks the .meta's ApiKeyId, and GetBySpoolIdAsync filters relay_log by api_key_id. A non-owning key gets 404. A null key id keeps the unscoped lookup for internal callers. Test: GetBySpoolId_is_scoped_to_the_calling_key (Data, live SQL). Validated live in the container: owner 200, other key 404. Data 25 + Web 59 green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Close the coverage gap surfaced by the audit — previously only "the factory builds them" was tested. Add request-building + error-mapping tests (stubbed HttpMessageHandler, no live calls): - Postmark: endpoint + X-Postmark-Server-Token, default MessageStream, and the important non-zero-ErrorCode-on-HTTP-200 -> permanent failure path - Resend: Bearer auth, id parse, 429 transient, 401 permanent - SparkPost: raw-MIME (email_rfc822) to US/EU endpoints, api-key header, 5xx transient - SMTP2GO: api_key in body, email_id parse, 5xx transient, missing key permanent - Amazon SES: required-setting validation (can't wire the AWS SDK client in a unit test) Shared StubHttpHandler + message helper in ProviderTestSupport. Providers 34 green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…fety Edge-case coverage from the adversarial pass: - Ingestion multipart with TWO attachments (csv + binary png): asserts both are preserved in the spooled .eml with filenames + exact bytes intact, alongside the text body. - Malformed 'from' address -> 400 (not 500): pins the handler's parse-exception guard so bad envelope input can't 500. - MessageLog_all_filter_fields_are_injection_safe: complements the existing FromDomain [Theory] by exercising ToDomain/RelayName/IngestSource and the LIKE-based Subject/Tag filters with DROP/DELETE payloads — literal, no match, table intact. Note: spool crash-recovery (RecoverOrphans) and corrupt-.meta quarantine are already covered in SpoolWorkerPoolTests, so not duplicated. Web 61 + Data 26 green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add an Actions-deployed Jekyll Pages site that renders README.md through the Slate theme with a GitHub-dark CSS override: - pages.yml: on push to main (or manual), generate index.md from README.md (front matter + theme layout) and rewrite repo-file links (LICENSE/CONTRIBUTING/ SECURITY/SPEC/RELEASING/licence-faq/installer) to absolute github.com URLs so they don't 404; images under docs/ resolve as-is. Builds with jekyll-build-pages and deploys via deploy-pages. README stays the single source of truth. - _config.yml: jekyll-theme-slate + site metadata; kramdown parse_block_html so the centered hero (title/badges/screenshot) renders; exclude source/docs noise. - assets/css/style.scss: dark override (GitHub-dark palette) on top of Slate. Enable once via Settings → Pages → Source = GitHub Actions; deploys on merge to main. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…he MS key Minimal Ubuntu/Debian images (incl. Ubuntu 26.04) ship without gnupg, so the --install-sql key import failed with "gpg: command not found". Install curl/ca-certificates/gnupg/apt-transport-https up front. Also note the repo-list fallback covers brand-new releases before MS publishes a matching SQL repo list. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…re merge) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the full-README render (a wall of text) with a short index.md: hero + tagline, action buttons, one screenshot, six why-bullets, and a Docker quickstart. Drop the README-generation step; style buttons/screenshot in the dark CSS. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Step 1 of in-product licensing. Add Dispatch.Core/Licensing: a LicenseVerifier that authenticates license keys entirely offline (no call-home), mirroring the FluxDeploy scheme - a 6-byte payload + 64-byte ECDSA P-256 (SHA-256, IEEE-P1363) signature, Crockford-Base32 encoded as a typeable XXXXX-XXXXX-... key, verified against an embedded SPKI public key. Binary licensed/not (no editions); edu is just a free-issued valid key. Payload: seqId | expiryMonth (0=perpetual) | reserved | flags. LicenseStatus.Licensed = signature valid AND not expired; fails closed. The embedded dispatch-license-public.pem is a DEV key; the production keypair will be generated in the issuer tool and its public half embedded here (private key never committed). 9 tests. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Verify() now checks the signature over payload||machineId, so a key issued for one install fails on any other (reinstall gets a fresh GUID; a leaked key won't verify elsewhere) - all still offline, no call-home. Adds an embedded seqId revocation list (dispatch-revoked-licenses.txt) shipped with each release, and a Revoked flag on LicenseStatus (Licensed = valid && !expired && !revoked). Embeds the real P-256 license public key (DEV key replaced). 13 tests green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- MachineIdentity: mints a stable per-install GUID (SQL config) that keys are
node-locked to; surfaced for the dashboard.
- LicenseService: evaluates the stored key against this machine + a 30-day
first-run grace into a LicenseSnapshot (Operational / EnforcementActive);
validates + stores pasted keys.
- LicenseGate + LicenseWorker: worker re-evaluates on a timer (and on demand)
and flips the gate; SMTP intake, HTTP ingestion, and the relay worker refuse/
pause new mail when enforced. Spool + dashboard stay up so a key recovers it.
- Config keys license.{key,machine_id,first_run_utc}; DI in AddDispatchWeb.
- 6 new license-service tests + gate enforcement test; full suite green.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- GET/POST /api/license: status (machineId, state, expiry, grace, revoked) and key entry; POST refreshes the enforcement gate immediately + audits. - UI: System -> License page (shows Machine ID to send at purchase, license state + banner, paste-key box); nav + route wired. - Messaging: retire the "SMTP relay" tagline for "self-hosted email relay", drop "open-source"/"no license check" framing, keep "no call home/offline". Homepage GitHub links removed. Docs product-name normalized to "Dispatch". Note: binding LICENSE file, license.md/contributing/SPEC legal wording, and the remaining docs GitHub links (downloads/issues/security) are left for a deliberate licensing + distribution-channel decision - not fabricated here. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Remove the AGPL-3.0 + Commons Clause LICENSE file and licence-faq.md; the product is proprietary, licensed per install via an offline node-locked key, so no open-source license applies. Reconcile the references that claimed AGPL or linked to the removed file: README badge + Licence section, the docs License page, SPEC.md license lines, and the RELEASING signing note. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…nal PRs) Delete CONTRIBUTING.md and the docs Contributing page; drop the contribution rows from SPEC.md and the "more providers welcome" invite from the providers overview. README's provider-adding steps are kept under a neutral "Adding a provider" dev note. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the GitHub Releases download links (private repo - not public) with https://dispatchrelay.app/download across the deployment docs, and route security reports to security@dispatchrelay.app in the README to match the docs. No github.com links remain in the docs site. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Remove website/ (Astro landing + Starlight docs) and the GitHub Pages workflow from this private repo - the docs now live in the public-facing dispatch-docs repo (docs.dispatchrelay.app) and the marketing landing in dispatch-website (dispatchrelay.app), both on Cloudflare Pages. Keeping a public site's build out of the private commercial repo is the point. README doc links repointed to docs.dispatchrelay.app; repo URLs updated to CinderHillsDev/dispatch-relay. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The previous commit accidentally staged the Astro build cache (website/.gitignore was removed with the split). Remove it - website/ is fully gone now. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The product repo (relay service + dashboard + appliance + installers) gets a more descriptive name. GitHub repo + remote renamed; README clone/badge URLs and clone dir updated. Assemblies/service names (Dispatch.*, dispatch.service) are unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Node 22 is now in Maintenance LTS (critical fixes only); 24 is the current Active LTS. Updates the UI-build Node in all workflows and the Dockerfile. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Dashboard: a global LicenseBanner (in the Layout, every page) - amber during the first-run grace with a day countdown, red once enforcement is active or the key is expired/revoked; hidden when licensed; polls so a pasted key clears it without a reload. - Tests: LicenseWorker (gate open during grace, closes past grace, reopens after a valid key) + a CidrMailboxFilter enforcement test (MAIL FROM refused when the gate is active). Core 129 / Web 98 green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Dispatch is now free and open source under the Apache License 2.0. Removed the entire offline license-key system: - Delete src/Dispatch.Core/Licensing/ (verifier, service, worker, gate, machine-identity, embedded public key + revocation list), the /api/license endpoint, the dashboard License page/banner, and the 3 license test files. - Remove the three runtime enforcement points that paused/refused mail when "unlicensed past grace": SMTP intake (CidrMailboxFilter), HTTP API intake (ApiMessageHandler), and the relay worker (SpoolWorkerPool). - Drop DI registrations, the LicenseWorker hosted service, the license.* config keys, and the csproj embedded-resource entries. - Add Apache-2.0 LICENSE; update README, docs/SPEC.md, docs/RELEASING.md. Build clean, all 312 tests pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace Microsoft.Data.SqlClient with Npgsql across Dispatch.Data: - Connection factory, DatabaseInitializer (postgres maintenance DB, pg_database, CREATE TABLE IF NOT EXISTS, transactional DDL) and DatabaseHealth. - Rewrite all 7 schema migrations to PostgreSQL DDL (identity columns, boolean, timestamptz, "key" quoting, partial indexes; collapse the dynamic-SQL FK drop). - Port every repository query: MERGE→INSERT..ON CONFLICT, OUTPUT→RETURNING, TOP→LIMIT, DELETE TOP→ctid-subquery, ISNULL→COALESCE, SYSUTCDATETIME→now(), DATEADD→interval, IN @list→= ANY(@list), SUM(bigint)::bigint casts. - Storage/maintenance use pg_database_size / pg_total_relation_size. - Redesign size-pressure: opt-in configurable DB-size cap (default off) driven by pg_database_size, bounded overage purge + VACUUM FULL to reclaim. - Port the integration-test fixture to Npgsql; case-sensitive log search (accepted). All 312 tests pass against a real postgres:17 (32 DB integration tests included). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- docker-compose.yml: postgres:17 service with pg_isready healthcheck, Npgsql connection string; drop Azure SQL Edge. - Dockerfile / appsettings.json: reword SQL -> PostgreSQL/config table. - build.yml: postgres:17 service container, Npgsql DISPATCH_TEST_SQL, health-cmd. - All CI workflows (build/docker/appliance/installers/release/scripts) now run on self-hosted runners: ubuntu-latest -> [self-hosted, linux, x64], windows-latest -> [self-hosted, windows, x64]. Smoke-tested the full compose stack (Dispatch + postgres:17): schema init + all 7 migrations, /health connected via pg_database_size, live audit_log + relay_counters writes (ON CONFLICT upsert) through SMTP intake. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Windows installer: replace the SQL Express Burn bootstrap with a silent PostgreSQL install (installer/windows/postgres/InstallPostgres.ps1 + PostgresLauncher); WiX bundle chains it, MSI SQLCONN defaults to a loopback-trusted 'dispatch' role, functional-smoke size-pressure test reframed as the opt-in DB-size cap. - Linux installer (install.sh): --install-postgres/--db-password (apt/dnf postgresql, create dispatch role + DispatchLog db); dispatch-update.sh backup via pg_dump. - Appliance: bake in postgresql (build/provision/firstboot), per-VM role password, systemd postgresql; drop the Microsoft EULA/license-terms. - Docs: README, SPEC.md (schema DDL, bootstrap sections, size-pressure), RELEASING, installer README all moved to PostgreSQL/Npgsql. - CI workflow wording + docker.yml service (sql -> db); comment cleanups in WebEndpoints/PurgeWorker/IStorageReport/tests. Full suite (312 tests) green in Release against postgres:17. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The installers.yml full-install smoke assembled a tarball with only install.sh + dispatch.service, but install.sh installs dispatch-updater.service and dispatch-update.path too, so `install.sh --prebuilt` aborted at the unit step. Ship the same file set as the release tarball (units + updater script + public key) so the full-install smoke actually completes. Pre-existing gap, surfaced while running the Linux full-install smoke end-to-end. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Migrate database from SQL Server to PostgreSQL
Bumps the actions group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5` | `7` | | [actions/setup-node](https://github.com/actions/setup-node) | `5` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` | | [azure/login](https://github.com/azure/login) | `2.3.0` | `3.0.0` | | [azure/trusted-signing-action](https://github.com/azure/trusted-signing-action) | `0.5.10` | `2.0.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.2.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.2.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.4.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.10.0` | `6.2.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.3.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.2` | `3.0.1` | Updates `actions/checkout` from 5 to 7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v5...v7) Updates `actions/setup-node` from 5 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v5...v6) Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) Updates `azure/login` from 2.3.0 to 3.0.0 - [Release notes](https://github.com/azure/login/releases) - [Commits](Azure/login@a457da9...532459e) Updates `azure/trusted-signing-action` from 0.5.10 to 2.0.0 - [Release notes](https://github.com/azure/trusted-signing-action/releases) - [Commits](Azure/artifact-signing-action@fc390cf...c7ab2a8) Updates `docker/setup-qemu-action` from 3.7.0 to 4.2.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@c7c5346...96fe6ef) Updates `docker/setup-buildx-action` from 3.12.0 to 4.2.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@8d2750c...bb05f3f) Updates `docker/login-action` from 3.7.0 to 4.4.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c94ce9f...af1e73f) Updates `docker/metadata-action` from 5.10.0 to 6.2.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@c299e40...dc80280) Updates `docker/build-push-action` from 6.19.2 to 7.3.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@10e90e3...53b7df9) Updates `softprops/action-gh-release` from 2.6.2 to 3.0.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@3bb1273...718ea10) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: azure/login dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: azure/trusted-signing-action dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/build-push-action dependency-version: 7.3.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/login-action dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/metadata-action dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/setup-buildx-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/setup-qemu-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/github_actions/actions-d410433f38
branch
from
July 10, 2026 03:14
9ebdeea to
d1666e7
Compare
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the actions group with 11 updates in the / directory:
5756672.3.03.0.00.5.102.0.03.7.04.2.03.12.04.2.03.7.04.4.05.10.06.2.06.19.27.3.02.6.23.0.1Updates
actions/checkoutfrom 5 to 7Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
9c091bbupdate error wording (#2467)1044a6dgetting ready for checkout v7 release (#2464)f028218Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)d914b26upgrade module to esm and update dependencies (#2463)537c7efBump@actions/coreand@actions/tool-cacheand Remove uuid (#2459)130a169Bump js-yaml from 4.1.0 to 4.2.0 (#2461)7d09575Bump flatted from 3.3.1 to 3.4.2 (#2460)0f9f3aaBump actions/publish-immutable-action (#2458)f9e715ablock checking out fork pr for pull_request_target and workflow_run (#2454)df4cb1cUpdate changelog for v6.0.3 (#2446)Updates
actions/setup-nodefrom 5 to 6Release notes
Sourced from actions/setup-node's releases.
Commits
48b55a0Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)ab72c7eUpgrade@actionsdependencies (#1525)53b8394Bump minimatch from 3.1.2 to 3.1.5 (#1498)54045abScope test lockfiles by package manager and update cache tests (#1495)c882bffReplace uuid with crypto.randomUUID() (#1378)774c1d6feat(node-version-file): support parsingdevEnginesfield (#1283)efcb663fix: remove hardcoded bearer (#1467)d02c89dFix npm audit issues (#1491)6044e13Docs: bump actions/checkout from v5 to v6 (#1468)8e49463Fix README typo (#1226)Updates
actions/upload-artifactfrom 6 to 7Release notes
Sourced from actions/upload-artifact's releases.
Commits
043fb46Merge pull request #797 from actions/yacaovsnc/update-dependency634250cInclude changes in typespec/ts-http-runtime 0.3.5e454baaReadme: bump all the example versions to v7 (#796)74fad66Update the readme with direct upload details (#795)bbbca2dSupport direct file uploads (#764)589182cUpgrade the module to ESM and bump dependencies (#762)47309c9Merge pull request #754 from actions/Link-/add-proxy-integration-tests02a8460Add proxy integration testUpdates
azure/loginfrom 2.3.0 to 3.0.0Release notes
Sourced from azure/login's releases.
Commits
532459eprepare release v3.0.0893aa84upgrade Azure Login Action version in README (#579)ce6a9ffupgrade nodejs from 20 to 24 and update dependencies (#578)Updates
azure/trusted-signing-actionfrom 0.5.10 to 2.0.0Release notes
Sourced from azure/trusted-signing-action's releases.
Commits
c7ab2a8refactor: upgrade packages to the latest versions (#135)7664ceadocs: update README runtime version and action references (#139)64185d8refactor: migrate to new artifactsigning module (#133)b443cf8Update internal actions/cache to v5.0.4 (#126)6c581ebrefactor: disable az credential types by default except cli and env vars (#122)dd27d98docs: update examples to remove azps session (#123)87c2e83feat: check runner prior to execution (#120)d15bd92chore: upgrade cache-action to version 4.3.0 (#116)2eddbb3docs: update lack of support for win arm (#117)f3a110bchore: update code owners to artifact signing team (#118)Updates
docker/setup-qemu-actionfrom 3.7.0 to 4.2.0Release notes
Sourced from docker/setup-qemu-action's releases.
Commits
96fe6efMerge pull request #315 from docker/dependabot/npm_and_yarn/docker/actions-to...31f08d3[dependabot skip] chore: update generated content4e7017abuild(deps): bump@docker/actions-toolkitfrom 0.91.0 to 0.92.00eca235Merge pull request #314 from crazy-max/fix-yarn-preapprove-actions-toolkitea66a41chore: allow actions-toolkit to bypass yarn age gate451542bMerge pull request #308 from docker/dependabot/npm_and_yarn/undici-6.27.0532ae00[dependabot skip] chore: update generated contentb6f5af6build(deps): bump undici from 6.26.0 to 6.27.0cf96b86Merge pull request #304 from docker/dependabot/npm_and_yarn/tmp-0.2.7f0ba643[dependabot skip] chore: update generated contentUpdates
docker/setup-buildx-actionfrom 3.12.0 to 4.2.0Release notes
Sourced from docker/setup-buildx-action's releases.
Commits
bb05f3fMerge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...321c814[dependabot skip] chore: update generated contentb9a36efbuild(deps): bump@docker/actions-toolkitfrom 0.91.0 to 0.92.0ebeab24Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.05c7b8ae[dependabot skip] chore: update generated content037e618build(deps): bump undici from 6.25.0 to 6.27.066080e5Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1409aef0Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.049c6e42build(deps): bump sigstore from 4.1.0 to 4.1.12211273[dependabot skip] chore: update generated contentUpdates
docker/login-actionfrom 3.7.0 to 4.4.0Release notes
Sourced from docker/login-action's releases.
... (truncated)
Commits
af1e73fMerge pull request #1034 from docker/dependabot/npm_and_yarn/aws-sdk-dependen...da722bd[dependabot skip] chore: update generated content2916ad6build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...ca0a662Merge pull request #1035 from crazy-max/fix-registry-auth-empty-maskc455755chore: update generated content4835190skip empty registry-auth secret mask992421cMerge pull request #1033 from docker/dependabot/github_actions/docker/bake-ac...b249b43Merge pull request #1032 from docker/dependabot/github_actions/docker/bake-ac...1b67977build(deps): bump docker/bake-action from 7.2.0 to 7.3.09d49d6abuild(deps): bump docker/bake-action/subaction/matrixUpdates
docker/metadata-actionfrom 5.10.0 to 6.2.0Release notes
Sourced from docker/metadata-action's releases.