ci: sync README to Docker Hub on release

Use peter-evans/dockerhub-description to push README.md as the
Docker Hub repository overview after each image build.

.gitea/workflows/release.yml

@@ -66,8 +66,6 @@ jobs:
           context: .
           push: true
           platforms: linux/amd64,linux/arm64
-          sbom: true
-          provenance: mode=max
           tags: |
             lerkolabs/uptop:${{ github.ref_name }}
             lerkolabs/uptop:latest
@@ -82,9 +80,3 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
           repository: lerkolabs/uptop
-
-      - name: Cleanup Docker artifacts
-        if: always()
-        run: |
-          docker image prune -f
-          docker builder prune -f --keep-storage=2GB

Dockerfile

@@ -17,21 +17,18 @@ RUN --mount=type=cache,target=/go/pkg/mod \
 # --- Stage 2: Runner ---
 FROM alpine:3.23
 WORKDIR /app
-RUN apk add --no-cache ca-certificates && apk upgrade --no-cache
-RUN addgroup -g 1000 -S uptop && adduser -u 1000 -S uptop -G uptop
-RUN mkdir -p /data/.ssh && chown -R uptop:uptop /data
+RUN apk add --no-cache ca-certificates openssh-client
+RUN mkdir /data
 
 COPY --from=builder /app/uptop .
-COPY --chmod=755 docker-entrypoint.sh /usr/local/bin/
 
+# Set Default Configuration via ENV
+# Docker users can override these in docker-compose.yml
 ENV LIPGLOSS_RENDERER_HAS_DARK_BACKGROUND=true
 ENV UPTOP_DB_TYPE=sqlite
 ENV UPTOP_DB_DSN=/data/uptop.db
 ENV UPTOP_KEYS=/data/authorized_keys
-ENV UPTOP_SSH_HOST_KEY=/data/.ssh/id_ed25519
 ENV UPTOP_PORT=23234
 
 EXPOSE 23234
-USER uptop
-ENTRYPOINT ["docker-entrypoint.sh"]
 CMD ["./uptop"]

docker-entrypoint.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-set -e
-
-if [ ! -w /data ]; then
-    echo "ERROR: /data is not writable by uptop user (UID $(id -u))." >&2
-    echo "" >&2
-    echo "If upgrading from a previous version that ran as root:" >&2
-    echo "  docker run --rm -v <your_volume>:/data alpine chown -R 1000:1000 /data" >&2
-    exit 1
-fi
-
-mkdir -p /data/.ssh
-
-exec "$@"

go.mod

@@ -53,7 +53,7 @@ require (
 	golang.org/x/crypto v0.52.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
 	golang.org/x/mod v0.35.0 // indirect
-	golang.org/x/net v0.55.0 // indirect
+	golang.org/x/net v0.54.0 // indirect
 	golang.org/x/sync v0.20.0 // indirect
 	golang.org/x/sys v0.45.0 // indirect
 	golang.org/x/text v0.37.0 // indirect

go.sum

@@ -107,8 +107,8 @@ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM=
 golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU=
-golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8=
-golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww=
+golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w=
+golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ=
 golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
 golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=