danieldaum.net / spindle-docker
configuration for self hosting a spindle in docker
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

spindle-docker / CHANGELOG.md
at main 1.5 kB view raw view code
daniel daum chore: release v0.1.0
640ad786

Changelog#

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased#

0.1.0 - 2026-04-02#

First working release. Tested on Ubuntu Linux.

Added#

  • Docker Compose stack with OpenBao (vault), OpenBao proxy (AppRole sidecar), and Spindle (CI runner)
  • One-time vault bootstrap script (init-openbao.sh) with interactive AppRole Secret ID TTL prompt
  • .env-based configuration with documented variables and defaults; Compose loads it automatically
  • All images pinned to versioned SHA256 digests (OpenBao 2.5.2, Go 1.25.8-alpine3.23, Alpine 3.23.3)
  • Spindle source pinned to v1.13.0-alpha (commit c3f60dc1) with SHA verification at build time
  • CGO enabled in builder with gcc/musl-dev for go-sqlite3 support
  • OpenBao port bound to 127.0.0.1 only — not reachable from the network
  • IPC_LOCK capability on both OpenBao and OpenBao proxy to prevent secrets from swapping to disk
  • AppRole credentials owned by OpenBao user (uid 100) with 640 permissions; volume mounted :ro
  • AppRole credential handling documented in README (:ro tradeoff and alternative setup)