Update dependency kimdre/doco-cd to v0.88.0

.doco-cd-version

@@ -1 +1 @@
-v0.82.1
+v0.88.0

doco-cd-src/.github/workflows/build-dev.yaml

@@ -74,7 +74,7 @@ jobs:
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
         with:
           sarif_file: 'trivy-results.sarif'
 

doco-cd-src/.github/workflows/build.yaml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   build:
-    uses: docker/github-builder/.github/workflows/build.yml@7d2a02426d4b989616ba5aaee4e879afd4134b0d # v1
+    uses: docker/github-builder/.github/workflows/build.yml@c2782c55efa56a01b9c30021db8f5ec3993228a3 # v1
     permissions:
       contents: read # to fetch the repository content
       id-token: write # for signing attestation(s) with GitHub OIDC Token
@@ -16,6 +16,12 @@ jobs:
       build-args: |
         APP_VERSION=${{ github.ref_name }}
       platforms: linux/amd64,linux/arm64,linux/arm/v7
+      #,linux/riscv64
+      runner: |
+        default=ubuntu-24.04
+        linux/arm=ubuntu-24.04-arm
+        linux/arm64=ubuntu-24.04-arm
+      #linux/riscv64=ubuntu-24.04-riscv
       cache: true
       cache-mode: max
       output: image

doco-cd-src/.github/workflows/docs.yaml

@@ -2,6 +2,11 @@ name: Publish Documentation
 
 on:
   workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to publish docs for (e.g., v1.2.3)'
+        required: false
+        type: string
   push:
     branches:
       - main
@@ -46,35 +51,37 @@ jobs:
         run: mike deploy --branch $DOCS_BRANCH --config-file ./wiki/zensical.toml --push next
 
       - name: Publish release docs
-        if: ${{ github.event_name == 'release' && !github.event.release.prerelease }}
+        if: ${{ (github.event_name == 'release' && !github.event.release.prerelease) || (github.event_name == 'workflow_dispatch' && github.event.inputs.version) }}
         env:
-          VERSION: ${{ github.event.release.tag_name }}
+          VERSION: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.version }}
         run: |
           MAJOR_MINOR="$(echo $VERSION | sed -E 's/^(v[0-9]+\.[0-9]+)\..*$/\1/')"
 
-          mike deploy --branch $DOCS_BRANCH --config-file ./wiki/zensical.toml --push --alias-type redirect --update-aliases "$MAJOR_MINOR" latest
-          mike set-default --branch $DOCS_BRANCH --config-file ./wiki/zensical.toml --push latest
-
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          ref: ${{ env.DOCS_BRANCH }}
+          mike deploy --branch $DOCS_BRANCH --config-file ./wiki/zensical.toml --alias-type symlink --update-aliases "$MAJOR_MINOR" latest
+          mike set-default --branch $DOCS_BRANCH --config-file ./wiki/zensical.toml latest
 
       # This is a bit hacky, but it ensures that the sitemap.xml always points to the latest version of the docs
       - name: Create symlinks to latest Sitemap.xml
         run: |
+          git fetch origin "$DOCS_BRANCH"
+          git checkout $DOCS_BRANCH
+
           # Add a symlink to the latest sitemap.xml in the root of the gh-pages branch, pointing to the latest version's sitemap.xml
           ln -fs latest/sitemap.xml sitemap.xml
           git add sitemap.xml
 
           # TODO: Remove this once the symlink alias bug is fixed in Zensical (https://github.com/zensical/ui/issues/126)
-          VERSION="$(jq -r '.[] | select(.aliases[] == "latest") | .version' versions.json)"
-          ln -sf "../$VERSION/sitemap.xml" latest/sitemap.xml
-          git add latest/sitemap.xml
+          # Resolve the real path of the sitemap through the 'latest' symlink and replace versioned URLs with /latest/
+          REAL_SITEMAP="$(git ls-files --full-name $(realpath latest/sitemap.xml))"
+          sed -E -i 's#/v[0-9]+\.[0-9]+/#/latest/#g' "$REAL_SITEMAP"
+
+          git add "$REAL_SITEMAP"
+
+          git status --short
 
           # Push the changes to the gh-pages branch
-          git commit -m "Update latest sitemap.xml symlink to $VERSION" || echo "No changes to commit"
-          git push origin $DOCS_BRANCH
+          git diff --cached --quiet && echo "No changes to commit" || git commit --amend --no-edit || git commit -m "docs: fix sitemap URLs to use /latest/"
+          git push --force-with-lease origin $DOCS_BRANCH
 #
 #  deploy:
 #    name: Deploy to GitHub Pages

doco-cd-src/.github/workflows/image-vulnerability-scanning.yml

@@ -66,7 +66,7 @@ jobs:
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
         with:
           sarif_file: 'trivy-results.sarif'
           ref: ${{ github.head_ref || github.ref }}

doco-cd-src/.github/workflows/test.yaml

@@ -39,7 +39,7 @@ jobs:
       - uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2
         with:
           check_filenames: true
-          skip: ./.git,go.mod,go.sum
+          skip: ./.git,go.mod,go.sum,./wiki/docs/index.md
           ignore_words_list: AtLeast,AtMost
 
   lint:

doco-cd-src/.gitignore

@@ -38,6 +38,7 @@ cover.out
 cover.html
 
 docker-config.json
+git-auth-domains.yaml
 
 # Agents/Copilot files
 issue.md

doco-cd-src/.golangci.yaml

@@ -54,6 +54,7 @@ linters:
             - fmt.Println
             - io.Closer.Close
             - io.Writer.Write
+            - strings.Builder.WriteString
         - name: unreachable-code
         - name: unused-parameter
         - name: var-declaration

doco-cd-src/CODEOWNERS

@@ -0,0 +1 @@
+* @kimdre

doco-cd-src/CONTRIBUTING.md

@@ -5,7 +5,7 @@ Thank you for your support. Help is always appreciated!
 ## Have an issue, idea or question?
 
 - Ask questions or discuss ideas on [GitHub Discussions](https://github.com/kimdre/doco-cd/discussions)
-- Report bugs or suggest features by [opening an issue](https://github.com/kimdre/doco-cd/issues/new)
+- Report bugs or suggest features by [opening an issue](https://github.com/kimdre/doco-cd/issues/new/choose)
 
 ## Want to contribute your code?
 

doco-cd-src/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1@sha256:2780b5c3bab67f1f76c781860de469442999ed1a0d7992a5efdf2cffc0e3d769
-FROM golang:1.26.2@sha256:1e598ea5752ae26c093b746fd73c5095af97d6f2d679c43e83e0eac484a33dc3 AS prerequisites
+FROM golang:1.26.3@sha256:2981696eed011d747340d7252620932677929cce7d2d539602f56a8d7e9b660b AS prerequisites
 
 ARG APP_VERSION=dev
 ARG DISABLE_BITWARDEN=false
@@ -9,14 +9,16 @@ ARG TARGETVARIANT
 # Set destination for COPY
 WORKDIR /app
 
-# Automatically disable Bitwarden for armv7
-# The Bitwarden Go SDK does not support 32-bit ARM architecture
-RUN if [ "$TARGETARCH" = "arm" ] && [ "$TARGETVARIANT" = "v7" ]; then \
-    echo "Detected armv7 architecture - Bitwarden support will be disabled"; \
+# Automatically disable Bitwarden for armv7 and riscv64
+# The Bitwarden Go SDK does not support 32-bit ARM architecture or RISC-V 64-bit architecture
+RUN if ([ "$TARGETARCH" = "arm" ] && [ "$TARGETVARIANT" = "v7" ]) || ([ "$TARGETARCH" = "riscv64" ]); then \
+    echo "Detected unsupported ${TARGETARCH} ${TARGETVARIANT} architecture - Bitwarden support will be disabled"; \
     fi
 
-# Install prerequisites for Bitwarden SDK (only if not disabled and not armv7)
-RUN if [ "$DISABLE_BITWARDEN" != "true" ] && ! ([ "$TARGETARCH" = "arm" ] && [ "$TARGETVARIANT" = "v7" ]); then \
+# Install prerequisites for Bitwarden SDK (only if not disabled and not armv7 or riscv64)
+RUN if [ "$DISABLE_BITWARDEN" != "true" ] && \
+    ! ([ "$TARGETARCH" = "arm" ] && [ "$TARGETVARIANT" = "v7" ]) && \
+    ! ([ "$TARGETARCH" = "riscv64" ]); then \
     apt-get update && apt-get install -y \
     musl-tools \
     && rm -rf /var/lib/apt/lists/*; \
@@ -45,18 +47,18 @@ ARG TARGETVARIANT
 COPY . .
 
 # Build with or without Bitwarden support
-# armv7 builds are automatically built without Bitwarden
+# armv7 and riscv64 builds are automatically built without Bitwarden
 # CGO_ENABLED=1 and CC=musl-gcc are required for Bitwarden SDK when enabled
 # For builds without Bitwarden, CGO is not needed
 RUN --mount=type=cache,target=/go/pkg/mod/ \
     --mount=type=cache,target="/root/.cache/go-build" \
     --mount=type=bind,target=. \
-    if [ "$DISABLE_BITWARDEN" = "true" ] || ([ "$TARGETARCH" = "arm" ] && [ "$TARGETVARIANT" = "v7" ]); then \
+    if [ "$DISABLE_BITWARDEN" = "true" ] || ([ "$TARGETARCH" = "arm" ] && [ "$TARGETVARIANT" = "v7" ]) || ([ "$TARGETARCH" = "riscv64" ]); then \
         echo "Building without Bitwarden support"; \
-        CGO_ENABLED=1 go build -tags nobitwarden -ldflags="-s -w -X github.com/kimdre/doco-cd/internal/config.AppVersion=${APP_VERSION}" -o / ./...; \
+        CGO_ENABLED=1 go build -tags nobitwarden -ldflags="-s -w -X github.com/kimdre/doco-cd/internal/config/app.Version=${APP_VERSION}" -o / ./...; \
     else \
         echo "Building with Bitwarden support"; \
-        CGO_ENABLED=1 CC=musl-gcc go build -ldflags="-s -w -X github.com/kimdre/doco-cd/internal/config.AppVersion=${APP_VERSION} ${BW_SDK_BUILD_FLAGS}" -o / ./...; \
+        CGO_ENABLED=1 CC=musl-gcc go build -ldflags="-s -w -X github.com/kimdre/doco-cd/internal/config/app.Version=${APP_VERSION} ${BW_SDK_BUILD_FLAGS}" -o / ./...; \
     fi
 
 FROM gcr.io/distroless/base-debian13@sha256:c83f022002fc917a92501a8c30c605efdad3010157ba2c8998a2cbf213299201 AS release

doco-cd-src/README.md

@@ -29,6 +29,7 @@ You can think of it as a simple Portainer or ArgoCD alternative for Docker.
 - Supports various [Git providers](https://doco.cd/latest/#supported-git-providers)
 - Supports both Docker Compose projects and Swarm stacks in [Swarm mode](https://doco.cd/latest/Advanced/Swarm-Mode/).
 - Provides [notifications](https://doco.cd/latest/Advanced/Notifications/) and [Prometheus metrics](https://doco.cd/latest/Endpoints/Metrics/) for monitoring.
+- Supports [Job Scheduling / Cron Jobs](https://doco.cd/latest/Advanced/Job-Scheduling/) for running periodic tasks.
 
 ## Documentation
 
@@ -37,11 +38,11 @@ You can find the documentation at [doco.cd](https://doco.cd/latest/).
 ## Community
 
 - Ask questions or discuss ideas on [GitHub Discussions](https://github.com/kimdre/doco-cd/discussions)
-- Report bugs or suggest features by [opening an issue](https://github.com/kimdre/doco-cd/issues/new)
+- Report bugs or suggest features by [opening an issue](https://github.com/kimdre/doco-cd/issues/new/choose)
 
 ## Contributing
 
-Contributions are welcome! Please see the [contributing guidelines](https://github.com/kimdre/doco-cd/blob/main/CONTRIBUTING.md) for more information.
+Contributions are welcome! Please see the [contributing guidelines](https://doco.cd/latest/Contributing/) for more information.
 
 ## Star History
 

doco-cd-src/cmd/doco-cd/apiserver.go

@@ -0,0 +1,32 @@
+package main
+
+import (
+	"fmt"
+	"log/slog"
+	"net/http"
+	"time"
+
+	"github.com/kimdre/doco-cd/internal/config/app"
+	"github.com/kimdre/doco-cd/internal/graceful"
+	"github.com/kimdre/doco-cd/internal/logger"
+)
+
+func registryApiServer(c *app.Config, h *handlerData, log *logger.Logger) {
+	// Register API endpoints
+	apiServerMux := http.NewServeMux()
+	enabledApiEndpoints := registerApiEndpoints(c, h, log, apiServerMux)
+
+	log.Info(
+		"listening for events",
+		slog.Int("http_port", int(c.HttpPort)),
+		slog.Any("enabled_endpoints", enabledApiEndpoints),
+	)
+
+	server := &http.Server{
+		Addr:              fmt.Sprintf(":%d", c.HttpPort),
+		ReadHeaderTimeout: 3 * time.Second,
+		Handler:           apiServerMux,
+	}
+
+	graceful.RegisterServer(graceful.NewHttpServer("api", server))
+}

doco-cd-src/cmd/doco-cd/handler.go

@@ -12,6 +12,10 @@ import (
 	"github.com/moby/moby/api/types/container"
 
 	"github.com/kimdre/doco-cd/internal/config"
+
+	"github.com/kimdre/doco-cd/internal/config/app"
+	"github.com/kimdre/doco-cd/internal/config/deploy"
+	"github.com/kimdre/doco-cd/internal/config/poll"
 	"github.com/kimdre/doco-cd/internal/docker/swarm"
 	"github.com/kimdre/doco-cd/internal/filesystem"
 	"github.com/kimdre/doco-cd/internal/git"
@@ -40,17 +44,29 @@ func (r handleError) Error() string {
 }
 
 func handle(ctx context.Context, jobLog *slog.Logger,
-	appConfig *config.AppConfig,
+	appConfig *app.Config,
 	dataMountPoint container.MountPoint,
 	secretProvider *secretprovider.SecretProvider,
 	dockerCli command.Cli,
 	jobTrigger stages.JobTrigger,
 	cloneURL string, ref string, private bool,
 	metadata notification.Metadata,
 	customTarget string, testName string,
-	pollConfig config.PollConfig,
+	pollConfig poll.Config,
 	payload webhook.ParsedPayload,
 ) error {
+	git.ConfigureAuthResolver(
+		appConfig.GitAuthDomains,
+		appConfig.SSHPrivateKey,
+		appConfig.SSHPrivateKeyPassphrase,
+		appConfig.GitAccessToken,
+		git.GitHubAppConfig{
+			ID:             appConfig.GitHubAppID,
+			PrivateKey:     appConfig.GitHubAppPrivateKey,
+			InstallationID: appConfig.GitHubAppInstallationID,
+		},
+	)
+
 	repoName := git.GetRepoName(cloneURL)
 
 	jobLog = jobLog.With(
@@ -118,12 +134,22 @@ func handle(ctx context.Context, jobLog *slog.Logger,
 
 	jobLog.Debug("retrieving deployment configuration")
 
-	var deployConfigs []*config.DeployConfig
+	var deployConfigs []*deploy.Config
+
+	gitOpts := &deploy.GitOptions{
+		SSHPrivateKey:           appConfig.SSHPrivateKey,
+		SSHPrivateKeyPassphrase: appConfig.SSHPrivateKeyPassphrase,
+		GitAccessToken:          appConfig.GitAccessToken,
+		SkipTLSVerification:     appConfig.SkipTLSVerification,
+		HttpProxy:               appConfig.HttpProxy,
+		GitCloneSubmodules:      appConfig.GitCloneSubmodules,
+		GitCloneDepth:           appConfig.GitCloneDepth,
+	}
 
 	switch jobTrigger {
 	case stages.JobTriggerWebhook:
 		// Get the deployment configs from the repository
-		deployConfigs, err = config.GetDeployConfigs(internalRepoPath, appConfig.DeployConfigBaseDir, payload.Name, customTarget, payload.Ref)
+		deployConfigs, err = deploy.GetConfigs(internalRepoPath, appConfig.DeployConfigBaseDir, payload.Name, customTarget, payload.Ref, gitOpts)
 		if err != nil {
 			return handleError{
 				err:            err,
@@ -136,7 +162,7 @@ func handle(ctx context.Context, jobLog *slog.Logger,
 		shortName := filepath.Base(repoName)
 
 		// Resolve deployment configs (prefer inline in poll config when present)
-		deployConfigs, err = config.ResolveDeployConfigs(pollConfig, internalRepoPath, appConfig.DeployConfigBaseDir, shortName)
+		deployConfigs, err = deploy.ResolveConfigs(pollConfig.Deployments, pollConfig.CustomTarget, pollConfig.Reference, internalRepoPath, appConfig.DeployConfigBaseDir, shortName, gitOpts)
 		if err != nil {
 			return handleError{
 				err:            err,