feat: update CI, etc

.github/dependabot.yml

@@ -10,3 +10,7 @@ updates:
       - '.github/**/*'
     schedule:
       interval: weekly
+    groups:
+      dependencies:
+        patterns:
+          - "*"

.github/workflows/create-docker-image.yml

@@ -13,7 +13,7 @@ env:
 
 jobs:
   upload-image:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     timeout-minutes: 30
     permissions:
       contents: read

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=$TARGETPLATFORM python:3.11.3-slim-bullseye
+FROM --platform=$TARGETPLATFORM python:3.11.14-slim-bookworm
 
 # NOTE: nodedir has used by cmake-js.
 RUN mkdir /var/.npm \
@@ -31,11 +31,11 @@
 RUN python -V && node -v && npm -v
 
 WORKDIR /tmp
 ENV GPG_KEY_SERVER hkps://keyserver.ubuntu.com
 # setup bitcoin
 ARG BITCOIN_VERSION=24.1
 ENV BITCOIN_URL_BASE https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}
 ENV BITCOIN_PGP_KEY  152812300785C96444D3334D17565732E08E5E41 0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 590B7292695AFFA5B672CBB2E13FC145CD3F4304 28F5900B1BB5D1A4B6B6D1A9ED357015286A333D 637DB1E23370F84AFF88CCE03152347D07DA627C CFB16E21C950F67FA95E558F2EEB9F5CC09526C1 F4FC70F07310028424EFC20A8E4256593F177720 D1DBF2C4B96F2DEBF4C16654410108112E7EA81F 287AE4CA1187C68C08B49CB2D11BD4F33F1DB499 F9A8737BF4FF5C89C903DF31DD78544CF91B1514 9DEAE0DC7063249FB05474681E4AED62986CD25D E463A93F5F3117EEDE6C7316BD02942421F4889F 9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C 4DAF18FE948E7A965B30F9457E296D555E7F63A7 28E72909F1717FE9607754F8A7BEB2621678D37D 74E2DEF5D77260B98BC19438099BAD163C70FBFA
 RUN ARCH=`uname -m` \
     && echo "ARCH=$ARCH" \
     && if test "$ARCH" = "aarch64" || test "$ARCH" = "arm64"; then \
@@ -53,23 +53,29 @@
     && gpg --verify SHA256SUMS.asc 2>&1 | grep "using ECDSA key" | tr -s ' ' | cut -d ' ' -f5 \
     && echo "dump key" \
     && gpg --verify SHA256SUMS.asc 2>&1 | grep "using " | tr -s ' ' | cut -d ' ' -f5 \
+    && echo "gpg keyserver 1" \
     && gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${BITCOIN_PGP_KEY} \
+    && echo "gpg keyserver 2" \
     && gpg -v --keyserver hkps://keys.openpgp.org --recv-keys 82921A4B88FD454B7EB8CE3C796C4109063D4EAF \
-    && gpg -v --keyserver hkps://keys.openpgp.org --recv-keys C388F6961FB972A95678E327F62711DBDCA8AE56 \
+    && echo "verify checksum" \
     && sha256sum --ignore-missing --check SHA256SUMS \
     && tar -xzvf ${BITCOIN_TARBALL} --directory=/opt/ \
     && ln -sfn /opt/bitcoin-${BITCOIN_VERSION}/bin/* /usr/bin \
     && rm -f ${BITCOIN_TARBALL} SHA256SUMS.asc
 
-#20220427: ignore gpg verify (for C388F6961FB972A95678E327F62711DBDCA8AE56)
+# 20220427: ignore gpg verify (for C388F6961FB972A95678E327F62711DBDCA8AE56)
 #    && gpg --verify -v SHA256SUMS.asc \
 #    && sha256sum --ignore-missing --check SHA256SUMS \
 
+# 20251126: ignore import key
+# && echo "gpg keyserver 3" \
+# && gpg -v --keyserver hkps://keys.openpgp.org --recv-keys C388F6961FB972A95678E327F62711DBDCA8AE56 \
+
 
 # setup elements
 ARG ELEMENTS_VERSION=22.1.1
 ENV ELEMENTS_URL_BASE https://github.com/ElementsProject/elements/releases/download/elements-${ELEMENTS_VERSION}
 ENV ELEMENTS_PGP_KEY DE10E82629A8CAD55B700B972F2A88D7F8D68E87 BD0F3062F87842410B06A0432F656B0610604482
 RUN ARCH=`uname -m` \
     && echo "ARCH=$ARCH" \
     && if test "$ARCH" = "aarch64" || test "$ARCH" = "arm64"; then \
@@ -81,7 +87,9 @@
     && wget -qO ${ELEMENTS_TARBALL} ${ELEMENTS_URL_BASE}/${ELEMENTS_TARBALL} \
     && gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${ELEMENTS_PGP_KEY} \
     && wget -qO SHA256SUMS.asc ${ELEMENTS_URL_BASE}/SHA256SUMS.asc \
+    && echo "verify gpg" \
     && gpg --verify SHA256SUMS.asc \
+    && echo "verify checksum" \
     && sha256sum --ignore-missing --check SHA256SUMS.asc \
     && tar -xzvf ${ELEMENTS_TARBALL} --directory=/opt/ \
     && ln -sfn /opt/elements-${ELEMENTS_VERSION}/bin/* /usr/bin \
@@ -93,8 +101,8 @@
 
 # setup cmake
 ENV CMAKE_VERSION 3.26.4
 ENV CMAKE_URL_BASE https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}
 ENV CMAKE_PGP_KEY 2D2CEF1034921684
 RUN ARCH=`uname -m` \
     && echo "ARCH=$ARCH" \
     && if test "$ARCH" = "aarch64" || test "$ARCH" = "arm64"; then \
@@ -109,7 +117,9 @@
     && gpg --keyserver ${GPG_KEY_SERVER} --recv-keys ${CMAKE_PGP_KEY} \
     && wget -qO cmake-SHA-256.txt ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt \
     && wget -qO cmake-SHA-256.txt.asc ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt.asc \
+    && echo "verify gpg" \
     && gpg --verify cmake-SHA-256.txt.asc \
+    && echo "verify checksum" \
     && sha256sum --ignore-missing --check cmake-SHA-256.txt \
     && tar -xzvf ${CMAKE_TARBALL} --directory=/opt/ \
     && mv /opt/${CMAKE_DIR_NAME} /opt/cmake-${CMAKE_VERSION}-linux \
@@ -121,7 +131,7 @@
 COPY ./script/check.sh  /usr/local/bin/check.sh
 RUN chmod +x /usr/local/bin/check.sh
 
 ENV USER_NAME testuser
 RUN useradd --user-group --create-home --shell /bin/false ${USER_NAME} \
   && mkdir /github \
   && mkdir /workspace \
@@ -142,7 +152,7 @@
 
 RUN cmake --version
 
 CMD bitcoin-cli --version && elements-cli --version \
   && python -V && echo "node version" && node -v && echo "npm version" && npm -v \
   && cmake --version && env
 

Taskfile.yml

@@ -6,11 +6,11 @@ tasks:
       - task: :hadolint
   gha-lint:
     vars:
-      PINACT_VERSION: v2.2.1
-      ACTIONLINT_VERSION: v1.7.7
-      GHALINT_VERSION: v1.3.0
+      PINACT_VERSION: v3.4.4
+      ACTIONLINT_VERSION: v1.7.8
+      GHALINT_VERSION: v1.5.3
     cmds:
-      - go run github.com/suzuki-shunsuke/pinact/v2/cmd/pinact@{{.PINACT_VERSION}} run
+      - go run github.com/suzuki-shunsuke/pinact/v3/cmd/pinact@{{.PINACT_VERSION}} run
       - go run github.com/rhysd/actionlint/cmd/actionlint@{{.ACTIONLINT_VERSION}}
       - go run github.com/suzuki-shunsuke/ghalint/cmd/ghalint@{{.GHALINT_VERSION}} run
   hadolint:
@@ -19,6 +19,6 @@ tasks:
       - docker run --rm -i -v {{.TASK_DIR}}/.hadolint.yml:/.config/hadolint.yaml ghcr.io/hadolint/hadolint < arm64.dockerfile
   format:
     vars:
-      YAMLFMT_VERSION: v0.15.0
+      YAMLFMT_VERSION: v0.20.0
     cmds:
       - go run github.com/google/yamlfmt/cmd/yamlfmt@{{.YAMLFMT_VERSION}}

amd64.dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.11.3-slim-bullseye
+FROM python:3.11.14-slim-bookworm
 
 # NOTE: nodedir has used by cmake-js.
 RUN mkdir /var/.npm \
@@ -48,9 +48,11 @@ RUN BITCOIN_TARBALL=bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz \
     && gpg --verify SHA256SUMS.asc 2>&1 | grep "using ECDSA key" | tr -s ' ' | cut -d ' ' -f5 \
     && echo "dump key" \
     && gpg --verify SHA256SUMS.asc 2>&1 | grep "using " | tr -s ' ' | cut -d ' ' -f5 \
+    && echo "gpg keyserver 1" \
     && gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${BITCOIN_PGP_KEY} \
+    && echo "gpg keyserver 2" \
     && gpg -v --keyserver hkps://keys.openpgp.org --recv-keys 82921A4B88FD454B7EB8CE3C796C4109063D4EAF \
-    && gpg -v --keyserver hkps://keys.openpgp.org --recv-keys C388F6961FB972A95678E327F62711DBDCA8AE56 \
+    && echo "verify checksum" \
     && sha256sum --ignore-missing --check SHA256SUMS \
     && tar -xzvf ${BITCOIN_TARBALL} --directory=/opt/ \
     && ln -sfn /opt/bitcoin-${BITCOIN_VERSION}/bin/* /usr/bin \
@@ -60,6 +62,10 @@ RUN BITCOIN_TARBALL=bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz \
 #    && gpg --verify -v SHA256SUMS.asc \
 #    && sha256sum --ignore-missing --check SHA256SUMS \
 
+# 20251126: ignore import key
+# && echo "gpg keyserver 3" \
+# && gpg -v --keyserver hkps://keys.openpgp.org --recv-keys C388F6961FB972A95678E327F62711DBDCA8AE56 \
+
 
 # setup elements
 ARG ELEMENTS_VERSION=22.1.1
@@ -70,7 +76,9 @@ RUN ELEMENTS_TARBALL=elements-${ELEMENTS_VERSION}-x86_64-linux-gnu.tar.gz \
     && wget -qO ${ELEMENTS_TARBALL} ${ELEMENTS_URL_BASE}/${ELEMENTS_TARBALL} \
     && gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${ELEMENTS_PGP_KEY} \
     && wget -qO SHA256SUMS.asc ${ELEMENTS_URL_BASE}/SHA256SUMS.asc \
+    && echo "verify gpg" \
     && gpg --verify SHA256SUMS.asc \
+    && echo "verify checksum" \
     && sha256sum --ignore-missing --check SHA256SUMS.asc \
     && tar -xzvf ${ELEMENTS_TARBALL} --directory=/opt/ \
     && ln -sfn /opt/elements-${ELEMENTS_VERSION}/bin/* /usr/bin \
@@ -90,7 +98,9 @@ RUN CMAKE_TARBALL=cmake-${CMAKE_VERSION}-linux-x86_64.tar.gz \
     && gpg --keyserver ${GPG_KEY_SERVER} --recv-keys ${CMAKE_PGP_KEY} \
     && wget -qO cmake-SHA-256.txt ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt \
     && wget -qO cmake-SHA-256.txt.asc ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt.asc \
+    && echo "verify gpg" \
     && gpg --verify cmake-SHA-256.txt.asc \
+    && echo "verify checksum" \
     && sha256sum --ignore-missing --check cmake-SHA-256.txt \
     && tar -xzvf ${CMAKE_TARBALL} --directory=/opt/ \
     && ln -sfn /opt/cmake-${CMAKE_VERSION}-linux-x86_64/bin/* /usr/bin \

arm64.dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.11.3-slim-bullseye
+FROM python:3.11.14-slim-bookworm
 
 # NOTE: nodedir has used by cmake-js.
 RUN mkdir /var/.npm \
@@ -48,9 +48,11 @@ RUN BITCOIN_TARBALL=bitcoin-${BITCOIN_VERSION}-aarch64-linux-gnu.tar.gz \
     && gpg --verify SHA256SUMS.asc 2>&1 | grep "using ECDSA key" | tr -s ' ' | cut -d ' ' -f5 \
     && echo "dump key" \
     && gpg --verify SHA256SUMS.asc 2>&1 | grep "using " | tr -s ' ' | cut -d ' ' -f5 \
+    && echo "gpg keyserver 1" \
     && gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${BITCOIN_PGP_KEY} \
+    && echo "gpg keyserver 2" \
     && gpg -v --keyserver hkps://keys.openpgp.org --recv-keys 82921A4B88FD454B7EB8CE3C796C4109063D4EAF \
-    && gpg -v --keyserver hkps://keys.openpgp.org --recv-keys C388F6961FB972A95678E327F62711DBDCA8AE56 \
+    && echo "verify checksum" \
     && sha256sum --ignore-missing --check SHA256SUMS \
     && tar -xzvf ${BITCOIN_TARBALL} --directory=/opt/ \
     && ln -sfn /opt/bitcoin-${BITCOIN_VERSION}/bin/* /usr/bin \
@@ -60,6 +62,10 @@ RUN BITCOIN_TARBALL=bitcoin-${BITCOIN_VERSION}-aarch64-linux-gnu.tar.gz \
 #    && gpg --verify -v SHA256SUMS.asc \
 #    && sha256sum --ignore-missing --check SHA256SUMS \
 
+# 20251126: ignore import key
+# && echo "gpg keyserver 3" \
+# && gpg -v --keyserver hkps://keys.openpgp.org --recv-keys C388F6961FB972A95678E327F62711DBDCA8AE56 \
+
 
 # setup elements
 ARG ELEMENTS_VERSION=22.1.1
@@ -70,7 +76,9 @@ RUN ELEMENTS_TARBALL=elements-${ELEMENTS_VERSION}-aarch64-linux-gnu.tar.gz \
     && wget -qO ${ELEMENTS_TARBALL} ${ELEMENTS_URL_BASE}/${ELEMENTS_TARBALL} \
     && gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${ELEMENTS_PGP_KEY} \
     && wget -qO SHA256SUMS.asc ${ELEMENTS_URL_BASE}/SHA256SUMS.asc \
+    && echo "verify gpg" \
     && gpg --verify SHA256SUMS.asc \
+    && echo "verify checksum" \
     && sha256sum --ignore-missing --check SHA256SUMS.asc \
     && tar -xzvf ${ELEMENTS_TARBALL} --directory=/opt/ \
     && ln -sfn /opt/elements-${ELEMENTS_VERSION}/bin/* /usr/bin \
@@ -90,7 +98,9 @@ RUN CMAKE_TARBALL=cmake-${CMAKE_VERSION}-linux-aarch64.tar.gz \
     && gpg --keyserver ${GPG_KEY_SERVER} --recv-keys ${CMAKE_PGP_KEY} \
     && wget -qO cmake-SHA-256.txt ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt \
     && wget -qO cmake-SHA-256.txt.asc ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt.asc \
+    && echo "verify gpg" \
     && gpg --verify cmake-SHA-256.txt.asc \
+    && echo "verify checksum" \
     && sha256sum --ignore-missing --check cmake-SHA-256.txt \
     && tar -xzvf ${CMAKE_TARBALL} --directory=/opt/ \
     && ln -sfn /opt/cmake-${CMAKE_VERSION}-linux-aarch64/bin/* /usr/bin \