Replace alphabetical tag selection with version-aware filtering to properly
identify the latest nbxyz version tag instead of selecting SHA hashes.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add fetch-tags: true to ensure git tags are available during checkout
- Improve tag existence checking with proper git rev-parse verification
- Add pre-check to prevent attempting to create tags that already exist
- Fix tag creation logic to handle existing tags gracefully
Resolves both the 'git rev-list' exit code 129 error and the 'Reference
already exists' error in the release workflow.
- Add fetch-tags: true to ensure git tags are available during checkout
- Add error handling to git rev-list command to prevent script failure
when referenced tag doesn't exist in the repository
Resolves the 'git rev-list' exit code 129 error in the release workflow.
The nginx service was failing to start due to permission denied errors
when trying to access /var/lib/nginx/logs/error.log. This directory is
a symlink to /var/log/nginx which was owned by the nginx user instead
of the nbxyz user that runs the service.
Added proper ownership setup for /var/log/nginx directory to ensure
nginx can write logs when running as the nbxyz user.
* Implement rootless Docker container with preserved TFTP logging
- Convert all processes to run as non-root user (nbxyz) for enhanced security
- Add customizable PUID/PGID environment variables for volume permission management
- Implement privilege dropping using gosu for secure initialization
- Optimize Dockerfile with multi-stage build and better caching
- Create dnsmasq wrapper script to ensure TFTP logs appear in docker logs
- Configure supervisord to properly forward dnsmasq output to container stdout
- Maintain full TFTP/PXE boot debugging functionality for users
Security improvements:
- All application processes (nginx, webapp, dnsmasq) run as nbxyz user
- Only supervisord initialization runs as root, then drops privileges
- Proper permission management for all service directories
- Configurable user/group IDs via PUID/PGID environment variables
Performance optimizations:
- Multi-stage Docker build reduces final image size
- Better layer caching for faster rebuilds
- Optimized package installation and cleanup
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update Dockerfile
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update root/init.sh
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
