Skip to content

chore(deps): bump the actions group across 1 directory with 11 updates#2

Closed
dependabot[bot] wants to merge 303 commits into
mainfrom
dependabot/github_actions/actions-d410433f38
Closed

chore(deps): bump the actions group across 1 directory with 11 updates#2
dependabot[bot] wants to merge 303 commits into
mainfrom
dependabot/github_actions/actions-d410433f38

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown

Bumps the actions group with 11 updates in the / directory:

Package From To
actions/checkout 5 7
actions/setup-node 5 6
actions/upload-artifact 6 7
azure/login 2.3.0 3.0.0
azure/trusted-signing-action 0.5.10 2.0.0
docker/setup-qemu-action 3.7.0 4.2.0
docker/setup-buildx-action 3.12.0 4.2.0
docker/login-action 3.7.0 4.4.0
docker/metadata-action 5.10.0 6.2.0
docker/build-push-action 6.19.2 7.3.0
softprops/action-gh-release 2.6.2 3.0.1

Updates actions/checkout from 5 to 7

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates actions/setup-node from 5 to 6

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

Commits

Updates actions/upload-artifact from 6 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • See full diff in compare view

Updates azure/login from 2.3.0 to 3.0.0

Release notes

Sourced from azure/login's releases.

Azure Login Action v3.0.0

What's Changed

Full Changelog: Azure/login@v2.3.0...v3.0.0

Commits

Updates azure/trusted-signing-action from 0.5.10 to 2.0.0

Release notes

Sourced from azure/trusted-signing-action's releases.

v2.0.0

What's Changed

Full Changelog: Azure/artifact-signing-action@v1.2.0...v2.0.0

v1.2.0

What's Changed

New Contributors

Full Changelog: Azure/artifact-signing-action@v1.1.0...v1.2.0

v1.1.0

What's Changed

Full Changelog: Azure/artifact-signing-action@v1...v1.1.0

Artifact Signing v1.0.0

Rebranding action from Trusted Signing into Artifact Signing. This will be our initial version for GA.

v0.5.11

What's Changed

Full Changelog: Azure/artifact-signing-action@v0...v0.5.11

Commits
  • c7ab2a8 refactor: upgrade packages to the latest versions (#135)
  • 7664cea docs: update README runtime version and action references (#139)
  • 64185d8 refactor: migrate to new artifactsigning module (#133)
  • b443cf8 Update internal actions/cache to v5.0.4 (#126)
  • 6c581eb refactor: disable az credential types by default except cli and env vars (#122)
  • dd27d98 docs: update examples to remove azps session (#123)
  • 87c2e83 feat: check runner prior to execution (#120)
  • d15bd92 chore: upgrade cache-action to version 4.3.0 (#116)
  • 2eddbb3 docs: update lack of support for win arm (#117)
  • f3a110b chore: update code owners to artifact signing team (#118)
  • Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3.7.0 to 4.2.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.2.0

Full Changelog: docker/setup-qemu-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/setup-qemu-action@v4.0.0...v4.1.0

v4.0.0

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

Commits
  • 96fe6ef Merge pull request #315 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 31f08d3 [dependabot skip] chore: update generated content
  • 4e7017a build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 0eca235 Merge pull request #314 from crazy-max/fix-yarn-preapprove-actions-toolkit
  • ea66a41 chore: allow actions-toolkit to bypass yarn age gate
  • 451542b Merge pull request #308 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 532ae00 [dependabot skip] chore: update generated content
  • b6f5af6 build(deps): bump undici from 6.26.0 to 6.27.0
  • cf96b86 Merge pull request #304 from docker/dependabot/npm_and_yarn/tmp-0.2.7
  • f0ba643 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.12.0 to 4.2.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.2.0

Full Changelog: docker/setup-buildx-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

v4.0.0

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

Commits
  • bb05f3f Merge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 321c814 [dependabot skip] chore: update generated content
  • b9a36ef build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • ebeab24 Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 5c7b8ae [dependabot skip] chore: update generated content
  • 037e618 build(deps): bump undici from 6.25.0 to 6.27.0
  • 66080e5 Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 409aef0 Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 49c6e42 build(deps): bump sigstore from 4.1.0 to 4.1.1
  • 2211273 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/login-action from 3.7.0 to 4.4.0

Release notes

Sourced from docker/login-action's releases.

v4.4.0

Full Changelog: docker/login-action@v4.3.0...v4.4.0

v4.3.0

Full Changelog: docker/login-action@v4.2.0...v4.3.0

v4.2.0

Full Changelog: docker/login-action@v4.1.0...v4.2.0

v4.1.0

... (truncated)

Commits
  • af1e73f Merge pull request #1034 from docker/dependabot/npm_and_yarn/aws-sdk-dependen...
  • da722bd [dependabot skip] chore: update generated content
  • 2916ad6 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • ca0a662 Merge pull request #1035 from crazy-max/fix-registry-auth-empty-mask
  • c455755 chore: update generated content
  • 4835190 skip empty registry-auth secret mask
  • 992421c Merge pull request #1033 from docker/dependabot/github_actions/docker/bake-ac...
  • b249b43 Merge pull request #1032 from docker/dependabot/github_actions/docker/bake-ac...
  • 1b67977 build(deps): bump docker/bake-action from 7.2.0 to 7.3.0
  • 9d49d6a build(deps): bump docker/bake-action/subaction/matrix
  • Additional commits viewable in compare view

Updates docker/metadata-action from 5.10.0 to 6.2.0

Release notes

Sourced from docker/metadata-action's releases.

v6.2.0

Full Changelog: docker/metadata-action@v6.1.0...v6.2.0

v6.1.0

Chris Muench and others added 30 commits June 13, 2026 09:00
…orts Ubuntu 24.04; Windows fwlink already 2025)

- Linux install.sh: mssql-server-2025 repo (Ubuntu 24.04 supported), key at /usr/share/keyrings to match
  the 2025 list's signed-by. Reverts the ubuntu-22.04 CI pin back to ubuntu-latest.
- Windows: the SSEI fwlink already resolves to SQL 2025 Express; noted in the bootstrap.
…MTP presets; fix Linux installer spool layout

Providers (spec §8): native Amazon SES (AWS SDK, raw MIME), Postmark/Resend/SMTP2GO (HTTP JSON), SparkPost
(raw MIME via email_rfc822). Enum + RelayProviderSchema + factory wiring + UI fields; SMTP-preset dropdown
in the relay editor fills host/port/TLS for ~10 common providers (SES/Brevo/Gmail/M365/Postmark/Resend/
SendGrid/SMTP2GO/SparkPost/Mailjet) so any of them works via the generic SMTP provider. Factory tests cover
all five new types.

Installer fixes (found via the full-install CI smoke):
- Resolve a relative spool dir against the content root, not the process CWD (Windows services run in
  system32; the systemd unit's CWD was a read-only /etc) — fixes 'Access to ./.dispatch-spool denied'.
- Linux: single data dir (/var/lib/dispatch) holds appsettings + spool (mirrors Windows ProgramData);
  systemd WorkingDirectory + ReadWritePaths updated.

150 tests green; UI builds.
…iness to the service manager

The Windows MSI install failed (1603): the service started but never signalled 'running' to the SCM, so
the MSI's ServiceControl start timed out and rolled back (app log showed 'Hosting environment: Production'
logged repeatedly as SCM retried). .NET hosts must call UseWindowsService() for SCM integration; added
UseSystemd() too and set the unit to Type=notify (also closes the §16.3 drift). Both are no-ops when run
interactively. Linux full-install already passed; this fixes the Windows end-to-end.
…s installer

Signs Dispatch.msi + the DispatchSetup.exe Burn bundle via SignPath Foundation
(free for OSS). Skipped until repo vars SIGNPATH_ORGANIZATION_ID/PROJECT_SLUG/
POLICY_SLUG + secret SIGNPATH_API_TOKEN are set, so the unsigned artifact stands
in the meantime.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add release.yml: on a v* tag, build the version-stamped Windows installer
(DispatchSetup.exe + Dispatch.msi) and a self-contained linux-x64 tarball, then
publish a GitHub Release with SHA256SUMS and auto-generated notes. Windows
artifacts are Authenticode-signed via Azure Artifact Signing when the repo is
provisioned (AZURE_SIGNING_* vars/secrets); the Burn bundle engine is detached,
signed, reattached, then the bundle is signed. Skipped (unsigned) until then.

- installer wxs: Version is now overridable via -d Version=<tag> (defaults 1.0.0)
- install.sh: --prebuilt <dir> installs the self-contained tarball without the
  .NET SDK/Node; systemd unit resolved next to the script for tarball layout
- installers.yml: drop the dormant SignPath step (CI installer builds stay
  unsigned; signing happens only at release time)
- build.yml: remove the partial tag release job (superseded by release.yml)
- docs/RELEASING.md: how to cut a release + provision Azure signing

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adds a linux-tarball job that publishes the self-contained linux-x64 build and
uploads it as a downloadable artifact on every push — no tag/release needed to
grab a tarball for testing install.sh --prebuilt.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…DR defaults

Add a multi-stage Dockerfile (multi-arch amd64/arm64) and a docker-compose.yml
that runs Dispatch + Azure SQL Edge together (arm64-native on Apple Silicon):
`docker compose up --build` → dashboard on :8420, API :8421, SMTP :2525.

Fix the seeded source-IP allow-list defaults, which were loopback-only and made
the dashboard unreachable on every real deployment shape (headless servers have
no local browser; containers NAT every request to the bridge gateway):
- webui.allowed_cidrs / api.allowed_cidrs -> empty (allow all); these are gated
  by the dashboard password and API keys, with CIDR as optional hardening
- listener.allowed_cidrs -> loopback + RFC1918 + IPv6 ULA, so same-host/LAN/
  Docker apps can submit mail without shipping an open internet relay

Verified end-to-end on Apple Silicon: /health 200, SQL connected, SMTP intake
250 OK + spooled. Core 55 + Web 53 tests green. Spec §1.1 deltas updated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…st coverage

The deeper cause of the unreachable-dashboard bug: ListenerOptions/ApiOptions
EffectiveAllowedCidrs silently rewrote an empty list back to loopback-only, so
the seeded allow-all defaults (and any operator who cleared the list) were
overridden — the ingestion API was loopback-only too. Both middlewares already
treat empty as allow-all, so make EffectiveAllowedCidrs a pass-through and
default the ConfigCache keys to empty; the safe baseline now lives solely in the
seeded ConfigDefaults (listener = loopback + private ranges).

Add the test coverage that would have caught this:
- CidrMailboxFilter: private/loopback allowed, public denied, empty = allow-all
- WebAuthMiddleware: outside-list 403, inside allowed, empty-list regression guard
- ConfigDefaults: seed-defaults guard (webui/api allow-all, listener private-only)

Also add a container HEALTHCHECK (curl /health) to the Dockerfile.

Verified in the running container: /health 200, ingestion API 401 (not 403),
HEALTHCHECK healthy. Core 65 + Web 57 tests green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…kstart

release.yml: add a docker job that builds + pushes a multi-arch (amd64+arm64)
image to ghcr.io/<owner>/dispatch-smtp-relay on a v* tag (semver + latest tags,
buildx + QEMU, GHA layer cache); skipped on dry-run dispatch. Grants packages:write.

README: add a Docker section (docker compose for local testing; docker run from
GHCR with env config) covering the multi-arch image and the container-aware
allow-list defaults.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- release.yml: version the Windows assets (DispatchSetup-<ver>-x64.exe,
  Dispatch-<ver>-x64.msi) so each release's downloads are distinguishable
- README install docs corrected to match reality:
  - Windows: real bundle behavior (DISPATCHSQL instance, skipped if present),
    DispatchLog DB (was "DispatchQueue"), silent install via /quiet, existing-SQL
    via the MSI + SQLCONN (dropped fabricated --silent/--server/--auth flags)
  - Linux: install from the self-contained tarball with --prebuilt (dropped the
    nonexistent `curl | bash install.sh` asset); note arm64 -> external SQL/Docker
  - Quick Start: default dashboard is http://localhost:8420 (https only with a
    cert), default SMTP port 2525 (not 25/587)
  - appsettings holds connection string + Web UI TLS cert (not "only the
    connection string")
- RELEASING.md: versioned asset names + GHCR image row

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Reconcile remaining drift found by auditing claims against the code:
- Providers: add Amazon SES, Postmark, Resend, SparkPost, SMTP2GO everywhere
  (features, relay table with real required fields, supported-providers, structure)
- Remove the "CSV export" claim (feature was dropped, spec §1.1)
- SMTP listener defaults: ports 2525 (not 25/587), allow-list = loopback+private
  ranges (not 127.0.0.1/32), max message size 0/no-limit (not 25 MB)
- Security: dashboard is HTTPS-when-cert-configured (not "HTTPS-only" with auto
  self-signed); API keys + admin password are bcrypt-hashed, provider/SMTP
  secrets AES-256-GCM (Linux/macOS) or DPAPI (Windows)
- Upgrading: in-place MSI MajorUpgrade + additive migrations + manual drain
  endpoint (the old auto version-detect/drain/rollback flow isn't implemented)
- Requirements: SQL Server 2025 Express bundled; arm64 -> Docker/external SQL
- Project structure: WiX MSI + Burn bundle (not "WiX v5"), Dockerfile added
- Hero line: SMTP default 2525 (25/587 for production)

Verified against code via audit: all referenced files/links exist; routing
rules + /api/routing/simulate and the drain endpoint do exist; provider field
names match RelaySettings schema.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Fix the settings location: the UI sections are "Retention" + "Storage
  maintenance" (not "Storage & Retention")
- Don't overstate configurability: the 6-hour purge schedule and the
  retrying/test-message retention are fixed defaults; the rest are editable
- Add the facts the section omitted: 6h schedule, captured (Local) 7-day
  retention, on-demand purge (POST /api/purge/run), size target 9.0 GB, and the
  separate disk-pressure protection (throttle -> 4xx refuse -> recover)

Audited licence-faq.md and CONTRIBUTING.md against the code — both accurate
(MailgunProviderTests / RelayProviderFactory / RelayProviderSchema all exist),
left unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Inline factual fixes:
- WiX Toolset v5 -> v6 (build pins 6.0.2)
- DispatchQueue -> DispatchLog everywhere except the rename note
- Linux install examples: SQL Server 2025 / Ubuntu 24.04 (were 2022/22.04)
- Solution structure: real test projects (no Dispatch.Integration.Tests)

New §1.1 deltas (authoritative) for structural drift found by auditing §3-18:
- Full provider set (adds Amazon SES, Postmark, Resend, SparkPost, SMTP2GO;
  Appendix A "future" ones are shipped; default relay provider is Unconfigured)
- Windows install is a WiX Burn bundle chain (InstallSqlExpress launcher + MSI),
  not a WinForms wizard; cert generation is Linux-only
- Ingestion API is HTTP-only (no api.tls_* keys); webui TLS keys live in
  appsettings not the config table; no webui.require_auth; config table also has
  listener.server_name + purge.captured_retention_days
- §10.7/§11.5 pseudocode signatures are illustrative (actual signatures differ)
- SMTP source-IP denial occurs at MAIL FROM, not the greeting banner
- Documents two not-yet-implemented items vs spec: SMTP AUTH brute-force lockout
  (§17.10) and instant API-key revocation (§17.4 — honored up to the 30s cache TTL)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ckout

Close the two gaps the spec audit surfaced (§17.4, §17.10):

- ApiKeyCache.Invalidate(keyId): the DELETE /api/keys/{id} revoke endpoint now
  evicts the key from the verification cache, so it stops working immediately
  instead of lingering for up to the 30s TTL.
- SmtpAuthThrottle: per-source-IP SMTP AUTH lockout (5 failures -> 60s), refusing
  AUTH without hitting the credential store while locked; mirrors LoginThrottle.
  Wired into ConfiguredUserAuthenticator (records success/failure by source IP).

Tests: ApiKeyCache invalidation (evicts only the matching id), SmtpAuthThrottle
(lockout after 5, success resets, per-IP), and ConfiguredUserAuthenticator (a
locked IP is refused without a store call). Core 70 + Web 59 green.

Updates the §1.1 deltas: both are now implemented (were documented as gaps).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- SECURITY.md: private disclosure via GitHub Security Advisories, what to
  include, scope (open-relay/allow-list bypass, credential/spool exposure, auth
  bypass, etc.), and a map of where security controls live for reviewers.
- RELEASING.md: a one-time "first release" step to flip the GHCR package to
  public (packages are private by default) so anonymous docker pull works.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…g key

Live end-to-end testing showed the single-message status endpoint resolved a
message by spool id for ANY valid key, leaking another key's status/provider/
timing if the (random) id was known. Only the list endpoint was key-scoped.

Now scoped per key (spec §7.4): the spool fast-path checks the .meta's ApiKeyId,
and GetBySpoolIdAsync filters relay_log by api_key_id. A non-owning key gets 404.
A null key id keeps the unscoped lookup for internal callers.

Test: GetBySpoolId_is_scoped_to_the_calling_key (Data, live SQL). Validated live
in the container: owner 200, other key 404. Data 25 + Web 59 green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Close the coverage gap surfaced by the audit — previously only "the factory
builds them" was tested. Add request-building + error-mapping tests (stubbed
HttpMessageHandler, no live calls):

- Postmark: endpoint + X-Postmark-Server-Token, default MessageStream, and the
  important non-zero-ErrorCode-on-HTTP-200 -> permanent failure path
- Resend: Bearer auth, id parse, 429 transient, 401 permanent
- SparkPost: raw-MIME (email_rfc822) to US/EU endpoints, api-key header, 5xx transient
- SMTP2GO: api_key in body, email_id parse, 5xx transient, missing key permanent
- Amazon SES: required-setting validation (can't wire the AWS SDK client in a unit test)

Shared StubHttpHandler + message helper in ProviderTestSupport. Providers 34 green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…fety

Edge-case coverage from the adversarial pass:
- Ingestion multipart with TWO attachments (csv + binary png): asserts both are
  preserved in the spooled .eml with filenames + exact bytes intact, alongside
  the text body.
- Malformed 'from' address -> 400 (not 500): pins the handler's parse-exception
  guard so bad envelope input can't 500.
- MessageLog_all_filter_fields_are_injection_safe: complements the existing
  FromDomain [Theory] by exercising ToDomain/RelayName/IngestSource and the
  LIKE-based Subject/Tag filters with DROP/DELETE payloads — literal, no match,
  table intact.

Note: spool crash-recovery (RecoverOrphans) and corrupt-.meta quarantine are
already covered in SpoolWorkerPoolTests, so not duplicated. Web 61 + Data 26 green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add an Actions-deployed Jekyll Pages site that renders README.md through the
Slate theme with a GitHub-dark CSS override:

- pages.yml: on push to main (or manual), generate index.md from README.md
  (front matter + theme layout) and rewrite repo-file links (LICENSE/CONTRIBUTING/
  SECURITY/SPEC/RELEASING/licence-faq/installer) to absolute github.com URLs so
  they don't 404; images under docs/ resolve as-is. Builds with jekyll-build-pages
  and deploys via deploy-pages. README stays the single source of truth.
- _config.yml: jekyll-theme-slate + site metadata; kramdown parse_block_html so
  the centered hero (title/badges/screenshot) renders; exclude source/docs noise.
- assets/css/style.scss: dark override (GitHub-dark palette) on top of Slate.

Enable once via Settings → Pages → Source = GitHub Actions; deploys on merge to main.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…he MS key

Minimal Ubuntu/Debian images (incl. Ubuntu 26.04) ship without gnupg, so the
--install-sql key import failed with "gpg: command not found". Install
curl/ca-certificates/gnupg/apt-transport-https up front. Also note the repo-list
fallback covers brand-new releases before MS publishes a matching SQL repo list.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…re merge)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the full-README render (a wall of text) with a short index.md: hero +
tagline, action buttons, one screenshot, six why-bullets, and a Docker quickstart.
Drop the README-generation step; style buttons/screenshot in the dark CSS.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Chris Muench and others added 14 commits July 1, 2026 21:29
Step 1 of in-product licensing. Add Dispatch.Core/Licensing: a
LicenseVerifier that authenticates license keys entirely offline (no
call-home), mirroring the FluxDeploy scheme - a 6-byte payload + 64-byte
ECDSA P-256 (SHA-256, IEEE-P1363) signature, Crockford-Base32 encoded as
a typeable XXXXX-XXXXX-... key, verified against an embedded SPKI public
key. Binary licensed/not (no editions); edu is just a free-issued valid
key. Payload: seqId | expiryMonth (0=perpetual) | reserved | flags.
LicenseStatus.Licensed = signature valid AND not expired; fails closed.

The embedded dispatch-license-public.pem is a DEV key; the production
keypair will be generated in the issuer tool and its public half embedded
here (private key never committed). 9 tests.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Verify() now checks the signature over payload||machineId, so a key issued
for one install fails on any other (reinstall gets a fresh GUID; a leaked key
won't verify elsewhere) - all still offline, no call-home. Adds an embedded
seqId revocation list (dispatch-revoked-licenses.txt) shipped with each
release, and a Revoked flag on LicenseStatus (Licensed = valid && !expired &&
!revoked). Embeds the real P-256 license public key (DEV key replaced).
13 tests green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- MachineIdentity: mints a stable per-install GUID (SQL config) that keys are
  node-locked to; surfaced for the dashboard.
- LicenseService: evaluates the stored key against this machine + a 30-day
  first-run grace into a LicenseSnapshot (Operational / EnforcementActive);
  validates + stores pasted keys.
- LicenseGate + LicenseWorker: worker re-evaluates on a timer (and on demand)
  and flips the gate; SMTP intake, HTTP ingestion, and the relay worker refuse/
  pause new mail when enforced. Spool + dashboard stay up so a key recovers it.
- Config keys license.{key,machine_id,first_run_utc}; DI in AddDispatchWeb.
- 6 new license-service tests + gate enforcement test; full suite green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- GET/POST /api/license: status (machineId, state, expiry, grace, revoked)
  and key entry; POST refreshes the enforcement gate immediately + audits.
- UI: System -> License page (shows Machine ID to send at purchase, license
  state + banner, paste-key box); nav + route wired.
- Messaging: retire the "SMTP relay" tagline for "self-hosted email relay",
  drop "open-source"/"no license check" framing, keep "no call home/offline".
  Homepage GitHub links removed. Docs product-name normalized to "Dispatch".

Note: binding LICENSE file, license.md/contributing/SPEC legal wording, and
the remaining docs GitHub links (downloads/issues/security) are left for a
deliberate licensing + distribution-channel decision - not fabricated here.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Remove the AGPL-3.0 + Commons Clause LICENSE file and licence-faq.md; the
product is proprietary, licensed per install via an offline node-locked key,
so no open-source license applies. Reconcile the references that claimed AGPL
or linked to the removed file: README badge + Licence section, the docs
License page, SPEC.md license lines, and the RELEASING signing note.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…nal PRs)

Delete CONTRIBUTING.md and the docs Contributing page; drop the contribution
rows from SPEC.md and the "more providers welcome" invite from the providers
overview. README's provider-adding steps are kept under a neutral "Adding a
provider" dev note.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the GitHub Releases download links (private repo - not public) with
https://dispatchrelay.app/download across the deployment docs, and route
security reports to security@dispatchrelay.app in the README to match the
docs. No github.com links remain in the docs site.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Remove website/ (Astro landing + Starlight docs) and the GitHub Pages workflow
from this private repo - the docs now live in the public-facing dispatch-docs
repo (docs.dispatchrelay.app) and the marketing landing in dispatch-website
(dispatchrelay.app), both on Cloudflare Pages. Keeping a public site's build
out of the private commercial repo is the point. README doc links repointed to
docs.dispatchrelay.app; repo URLs updated to CinderHillsDev/dispatch-relay.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The previous commit accidentally staged the Astro build cache (website/.gitignore
was removed with the split). Remove it - website/ is fully gone now.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The product repo (relay service + dashboard + appliance + installers) gets a
more descriptive name. GitHub repo + remote renamed; README clone/badge URLs
and clone dir updated. Assemblies/service names (Dispatch.*, dispatch.service)
are unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Node 22 is now in Maintenance LTS (critical fixes only); 24 is the current
Active LTS. Updates the UI-build Node in all workflows and the Dockerfile.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Dashboard: a global LicenseBanner (in the Layout, every page) - amber during
  the first-run grace with a day countdown, red once enforcement is active or
  the key is expired/revoked; hidden when licensed; polls so a pasted key clears
  it without a reload.
- Tests: LicenseWorker (gate open during grace, closes past grace, reopens after
  a valid key) + a CidrMailboxFilter enforcement test (MAIL FROM refused when the
  gate is active). Core 129 / Web 98 green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Dispatch is now free and open source under the Apache License 2.0. Removed
the entire offline license-key system:

- Delete src/Dispatch.Core/Licensing/ (verifier, service, worker, gate,
  machine-identity, embedded public key + revocation list), the /api/license
  endpoint, the dashboard License page/banner, and the 3 license test files.
- Remove the three runtime enforcement points that paused/refused mail when
  "unlicensed past grace": SMTP intake (CidrMailboxFilter), HTTP API intake
  (ApiMessageHandler), and the relay worker (SpoolWorkerPool).
- Drop DI registrations, the LicenseWorker hosted service, the license.*
  config keys, and the csproj embedded-resource entries.
- Add Apache-2.0 LICENSE; update README, docs/SPEC.md, docs/RELEASING.md.

Build clean, all 312 tests pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 9, 2026
Chris Muench and others added 6 commits July 9, 2026 18:33
Replace Microsoft.Data.SqlClient with Npgsql across Dispatch.Data:
- Connection factory, DatabaseInitializer (postgres maintenance DB, pg_database,
  CREATE TABLE IF NOT EXISTS, transactional DDL) and DatabaseHealth.
- Rewrite all 7 schema migrations to PostgreSQL DDL (identity columns, boolean,
  timestamptz, "key" quoting, partial indexes; collapse the dynamic-SQL FK drop).
- Port every repository query: MERGE→INSERT..ON CONFLICT, OUTPUT→RETURNING,
  TOP→LIMIT, DELETE TOP→ctid-subquery, ISNULL→COALESCE, SYSUTCDATETIME→now(),
  DATEADD→interval, IN @list→= ANY(@list), SUM(bigint)::bigint casts.
- Storage/maintenance use pg_database_size / pg_total_relation_size.
- Redesign size-pressure: opt-in configurable DB-size cap (default off) driven by
  pg_database_size, bounded overage purge + VACUUM FULL to reclaim.
- Port the integration-test fixture to Npgsql; case-sensitive log search (accepted).

All 312 tests pass against a real postgres:17 (32 DB integration tests included).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- docker-compose.yml: postgres:17 service with pg_isready healthcheck, Npgsql
  connection string; drop Azure SQL Edge.
- Dockerfile / appsettings.json: reword SQL -> PostgreSQL/config table.
- build.yml: postgres:17 service container, Npgsql DISPATCH_TEST_SQL, health-cmd.
- All CI workflows (build/docker/appliance/installers/release/scripts) now run on
  self-hosted runners: ubuntu-latest -> [self-hosted, linux, x64],
  windows-latest -> [self-hosted, windows, x64].

Smoke-tested the full compose stack (Dispatch + postgres:17): schema init + all 7
migrations, /health connected via pg_database_size, live audit_log + relay_counters
writes (ON CONFLICT upsert) through SMTP intake.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Windows installer: replace the SQL Express Burn bootstrap with a silent PostgreSQL
  install (installer/windows/postgres/InstallPostgres.ps1 + PostgresLauncher);
  WiX bundle chains it, MSI SQLCONN defaults to a loopback-trusted 'dispatch' role,
  functional-smoke size-pressure test reframed as the opt-in DB-size cap.
- Linux installer (install.sh): --install-postgres/--db-password (apt/dnf postgresql,
  create dispatch role + DispatchLog db); dispatch-update.sh backup via pg_dump.
- Appliance: bake in postgresql (build/provision/firstboot), per-VM role password,
  systemd postgresql; drop the Microsoft EULA/license-terms.
- Docs: README, SPEC.md (schema DDL, bootstrap sections, size-pressure), RELEASING,
  installer README all moved to PostgreSQL/Npgsql.
- CI workflow wording + docker.yml service (sql -> db); comment cleanups in
  WebEndpoints/PurgeWorker/IStorageReport/tests.

Full suite (312 tests) green in Release against postgres:17.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The installers.yml full-install smoke assembled a tarball with only install.sh +
dispatch.service, but install.sh installs dispatch-updater.service and
dispatch-update.path too, so `install.sh --prebuilt` aborted at the unit step.
Ship the same file set as the release tarball (units + updater script + public
key) so the full-install smoke actually completes. Pre-existing gap, surfaced
while running the Linux full-install smoke end-to-end.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Migrate database from SQL Server to PostgreSQL
Bumps the actions group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `5` | `7` |
| [actions/setup-node](https://github.com/actions/setup-node) | `5` | `6` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` |
| [azure/login](https://github.com/azure/login) | `2.3.0` | `3.0.0` |
| [azure/trusted-signing-action](https://github.com/azure/trusted-signing-action) | `0.5.10` | `2.0.0` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.2.0` |
| [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.4.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `5.10.0` | `6.2.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.3.0` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.2` | `3.0.1` |



Updates `actions/checkout` from 5 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v5...v7)

Updates `actions/setup-node` from 5 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v5...v6)

Updates `actions/upload-artifact` from 6 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v6...v7)

Updates `azure/login` from 2.3.0 to 3.0.0
- [Release notes](https://github.com/azure/login/releases)
- [Commits](Azure/login@a457da9...532459e)

Updates `azure/trusted-signing-action` from 0.5.10 to 2.0.0
- [Release notes](https://github.com/azure/trusted-signing-action/releases)
- [Commits](Azure/artifact-signing-action@fc390cf...c7ab2a8)

Updates `docker/setup-qemu-action` from 3.7.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@c7c5346...96fe6ef)

Updates `docker/setup-buildx-action` from 3.12.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@8d2750c...bb05f3f)

Updates `docker/login-action` from 3.7.0 to 4.4.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@c94ce9f...af1e73f)

Updates `docker/metadata-action` from 5.10.0 to 6.2.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@c299e40...dc80280)

Updates `docker/build-push-action` from 6.19.2 to 7.3.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@10e90e3...53b7df9)

Updates `softprops/action-gh-release` from 2.6.2 to 3.0.1
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@3bb1273...718ea10)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: azure/login
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: azure/trusted-signing-action
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/build-push-action
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/login-action
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/metadata-action
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/setup-qemu-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the actions group with 11 updates chore(deps): bump the actions group across 1 directory with 11 updates Jul 10, 2026
@dependabot
dependabot Bot force-pushed the dependabot/github_actions/actions-d410433f38 branch from 9ebdeea to d1666e7 Compare July 10, 2026 03:14
@dependabot @github

dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot
dependabot Bot deleted the dependabot/github_actions/actions-d410433f38 branch July 10, 2026 03:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant