Bot Updating Package Versions

Add categories to readme-vars.yml

.github/CONTRIBUTING.md

@@ -6,7 +6,7 @@
 * Read, and fill the Pull Request template
   * If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR
   * If the PR is addressing an existing issue include, closes #\<issue number>, in the body of the PR commit message
-* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://discord.gg/YWrKVTn)
+* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://linuxserver.io/discord)
 
 ## Common files
 
@@ -105,10 +105,10 @@ docker build \
   -t linuxserver/phpmyadmin:latest .
 ```
 
-The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static`
+The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static`
 
 ```bash
-docker run --rm --privileged multiarch/qemu-user-static:register --reset
+docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset
 ```
 
 Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`.

.github/ISSUE_TEMPLATE/config.yml

@@ -1,7 +1,7 @@
 blank_issues_enabled: false
 contact_links:
   - name: Discord chat support
-    url: https://discord.gg/YWrKVTn
+    url: https://linuxserver.io/discord
     about: Realtime support / chat with the community and the team.
 
   - name: Discourse discussion forum

.github/ISSUE_TEMPLATE/issue.bug.yml

@@ -67,10 +67,10 @@ body:
   - type: textarea
     attributes:
       description: |
-        Provide a full docker log, output of "docker logs linuxserver.io"
+        Provide a full docker log, output of "docker logs phpmyadmin"
       label: Container logs
       placeholder: |
-        Output of `docker logs linuxserver.io`
+        Output of `docker logs phpmyadmin`
       render: bash
     validations:
       required: true

.github/workflows/call_issue_pr_tracker.yml

@@ -8,6 +8,9 @@ on:
   pull_request_review:
     types: [submitted,edited,dismissed]
 
+permissions:
+  contents: read
+
 jobs:
   manage-project:
     permissions:

.github/workflows/call_issues_cron.yml

@@ -4,6 +4,9 @@ on:
     - cron:  '11 3 * * *'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   stale:
     permissions:

.github/workflows/external_trigger.yml

@@ -3,26 +3,42 @@ name: External Trigger Main
 on:
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   external-trigger-main:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.1.0
+      - uses: actions/checkout@v4.1.1
 
       - name: External Trigger
         if: github.ref == 'refs/heads/main'
+        env:
+          SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }}
         run: |
-          if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_PHPMYADMIN_MAIN }}" ]; then
-            echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_PHPMYADMIN_MAIN is set; skipping trigger. ****"
-            echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_PHPMYADMIN_MAIN\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
+          printf "# External trigger for docker-phpmyadmin\n\n" >> $GITHUB_STEP_SUMMARY
+          if grep -q "^phpmyadmin_main_" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
+            echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
+            echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`phpmyadmin_main_\`; will skip trigger if version matches." >> $GITHUB_STEP_SUMMARY
+          elif grep -q "^phpmyadmin_main" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`phpmyadmin_main\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
             exit 0
           fi
-          echo "**** External trigger running off of main branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_PHPMYADMIN_MAIN\". ****"
-          echo "External trigger running off of main branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_PHPMYADMIN_MAIN\`" >> $GITHUB_STEP_SUMMARY
-          echo "**** Retrieving external version ****"
+          echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
+          echo "> External trigger running off of main branch. To disable this trigger, add \`phpmyadmin_main\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY
+          printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY
           EXT_RELEASE=$(curl -sL 'https://www.phpmyadmin.net/home_page/version.txt' | head -n 1 | cut -d ' ' -f 1)
+          echo "Type is \`custom_version_command\`" >> $GITHUB_STEP_SUMMARY
+          if grep -q "^phpmyadmin_main_${EXT_RELEASE}" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` matches current external release; skipping trigger." >> $GITHUB_STEP_SUMMARY
+            exit 0
+          fi
           if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
-            echo "**** Can't retrieve external version, exiting ****"
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY
             FAILURE_REASON="Can't retrieve external version for phpmyadmin branch main"
             GHA_TRIGGER_URL="https://github.com/linuxserver/docker-phpmyadmin/actions/runs/${{ github.run_id }}"
             curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
@@ -30,25 +46,43 @@ jobs:
               "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
             exit 1
           fi
-          EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
-          echo "**** External version: ${EXT_RELEASE} ****"
-          echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY
-          echo "**** Retrieving last pushed version ****"
+          EXT_RELEASE_SANITIZED=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
+          echo "Sanitized external version: \`${EXT_RELEASE_SANITIZED}\`" >> $GITHUB_STEP_SUMMARY
+          echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY
           image="linuxserver/phpmyadmin"
           tag="latest"
           token=$(curl -sX GET \
             "https://ghcr.io/token?scope=repository%3Alinuxserver%2Fphpmyadmin%3Apull" \
             | jq -r '.token')
-            multidigest=$(curl -s \
+          multidigest=$(curl -s \
+            --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+            --header "Accept: application/vnd.oci.image.index.v1+json" \
+            --header "Authorization: Bearer ${token}" \
+            "https://ghcr.io/v2/${image}/manifests/${tag}")
+          if jq -e '.layers // empty' <<< "${multidigest}" >/dev/null 2>&1; then
+            # If there's a layer element it's a single-arch manifest so just get that digest
+            digest=$(jq -r '.config.digest' <<< "${multidigest}")
+          else
+            # Otherwise it's multi-arch or has manifest annotations
+            if jq -e '.manifests[]?.annotations // empty' <<< "${multidigest}" >/dev/null 2>&1; then
+              # Check for manifest annotations and delete if found
+              multidigest=$(jq 'del(.manifests[] | select(.annotations))' <<< "${multidigest}")
+            fi
+            if [[ $(jq '.manifests | length' <<< "${multidigest}") -gt 1 ]]; then
+              # If there's still more than one digest, it's multi-arch
+              multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}")
+            else
+              # Otherwise it's single arch
+              multidigest=$(jq -r ".manifests[].digest?" <<< "${multidigest}")
+            fi
+            if digest=$(curl -s \
               --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+              --header "Accept: application/vnd.oci.image.manifest.v1+json" \
               --header "Authorization: Bearer ${token}" \
-              "https://ghcr.io/v2/${image}/manifests/${tag}" \
-              | jq -r 'first(.manifests[].digest)')
-            digest=$(curl -s \
-              --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-              --header "Authorization: Bearer ${token}" \
-              "https://ghcr.io/v2/${image}/manifests/${multidigest}" \
-              | jq -r '.config.digest')
+              "https://ghcr.io/v2/${image}/manifests/${multidigest}"); then
+              digest=$(jq -r '.config.digest' <<< "${digest}");
+            fi
+          fi
           image_info=$(curl -sL \
             --header "Authorization: Bearer ${token}" \
             "https://ghcr.io/v2/${image}/blobs/${digest}")
@@ -60,45 +94,54 @@ jobs:
           IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
           IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
           if [ -z "${IMAGE_VERSION}" ]; then
-            echo "**** Can't retrieve last pushed version, exiting ****"
+            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+            echo "Can't retrieve last pushed version, exiting" >> $GITHUB_STEP_SUMMARY
             FAILURE_REASON="Can't retrieve last pushed version for phpmyadmin tag latest"
             curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
               "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
               "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
             exit 1
           fi
-          echo "**** Last pushed version: ${IMAGE_VERSION} ****"
-          echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY
-          if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
-            echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
-            echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY
+          echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY
+          if [ "${EXT_RELEASE_SANITIZED}" == "${IMAGE_VERSION}" ]; then
+            echo "Sanitized version \`${EXT_RELEASE_SANITIZED}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY
             exit 0
           elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-phpmyadmin/job/main/lastBuild/api/json | jq -r '.building') == "true" ]; then
-            echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
-            echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
+            echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
             exit 0
           else
-            echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
-            echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY
-            response=$(curl -iX POST \
-              https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-phpmyadmin/job/main/buildWithParameters?PACKAGE_CHECK=false \
-              --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
-            echo "**** Jenkins job queue url: ${response%$'\r'} ****"
-            echo "**** Sleeping 10 seconds until job starts ****"
-            sleep 10
-            buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
-            buildurl="${buildurl%$'\r'}"
-            echo "**** Jenkins job build url: ${buildurl} ****"
-            echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
-            echo "**** Attempting to change the Jenkins job description ****"
-            curl -iX POST \
-              "${buildurl}submitDescription" \
-              --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
-              --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
-              --data-urlencode "Submit=Submit"
-            echo "**** Notifying Discord ****"
-            TRIGGER_REASON="A version change was detected for phpmyadmin tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}"
-            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
-              "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
-              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            if [[ "${artifacts_found}" == "false" ]]; then
+              echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+              echo "> New version detected, but not all artifacts are published yet; skipping trigger" >> $GITHUB_STEP_SUMMARY
+              FAILURE_REASON="New version ${EXT_RELEASE} for phpmyadmin tag latest is detected, however not all artifacts are uploaded to upstream release yet. Will try again later."
+              curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
+                "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
+                "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            else
+              printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY
+              echo "New sanitized version \`${EXT_RELEASE_SANITIZED}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY
+              if [[ "${artifacts_found}" == "true" ]]; then
+                echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY
+              fi
+              response=$(curl -iX POST \
+                https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-phpmyadmin/job/main/buildWithParameters?PACKAGE_CHECK=false \
+                --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
+              echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
+              echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
+              sleep 10
+              buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
+              buildurl="${buildurl%$'\r'}"
+              echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
+              echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
+              curl -iX POST \
+                "${buildurl}submitDescription" \
+                --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
+                --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+                --data-urlencode "Submit=Submit"
+              echo "**** Notifying Discord ****"
+              TRIGGER_REASON="A version change was detected for phpmyadmin tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE_SANITIZED}"
+              curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
+                "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
+                "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            fi
           fi

.github/workflows/external_trigger_scheduler.yml

@@ -5,41 +5,44 @@ on:
     - cron:  '43 * * * *'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   external-trigger-scheduler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.1.0
+      - uses: actions/checkout@v4.1.1
         with:
           fetch-depth: '0'
 
       - name: External Trigger Scheduler
         run: |
-          echo "**** Branches found: ****"
-          git for-each-ref --format='%(refname:short)' refs/remotes
-          for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
+          printf "# External trigger scheduler for docker-phpmyadmin\n\n" >> $GITHUB_STEP_SUMMARY
+          printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
+          for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
           do
-            br=$(echo "$br" | sed 's|origin/||g')
-            echo "**** Evaluating branch ${br} ****"
+            if [[ "${br}" == "HEAD" ]]; then
+              printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
+              continue
+            fi
+            printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
             ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-phpmyadmin/${br}/jenkins-vars.yml)
             ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch')
             ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type')
             if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then
-              echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****"
+              echo "Branch appears to be live and trigger is not os; checking workflow." >> $GITHUB_STEP_SUMMARY
               if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-phpmyadmin/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
-                echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
-                echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
+                echo "Triggering external trigger workflow for branch." >> $GITHUB_STEP_SUMMARY
                 curl -iX POST \
                   -H "Authorization: token ${{ secrets.CR_PAT }}" \
                   -H "Accept: application/vnd.github.v3+json" \
                   -d "{\"ref\":\"refs/heads/${br}\"}" \
                   https://api.github.com/repos/linuxserver/docker-phpmyadmin/actions/workflows/external_trigger.yml/dispatches
               else
-                echo "**** Workflow doesn't exist; skipping trigger. ****"
-                echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
+                echo "Skipping branch due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
               fi
             else
-              echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****"
-              echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
+              echo "Skipping branch due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
             fi
           done

.github/workflows/greetings.yml

@@ -2,8 +2,14 @@ name: Greetings
 
 on: [pull_request_target, issues]
 
+permissions:
+  contents: read
+
 jobs:
   greeting:
+    permissions:
+      issues: write
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
     - uses: actions/first-interaction@v1

.github/workflows/package_trigger.yml

@@ -1,42 +0,0 @@
-name: Package Trigger Main
-
-on:
-  workflow_dispatch:
-
-jobs:
-  package-trigger-main:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3.1.0
-
-      - name: Package Trigger
-        if: github.ref == 'refs/heads/main'
-        run: |
-          if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_PHPMYADMIN_MAIN }}" ]; then
-            echo "**** Github secret PAUSE_PACKAGE_TRIGGER_PHPMYADMIN_MAIN is set; skipping trigger. ****"
-            echo "Github secret \`PAUSE_PACKAGE_TRIGGER_PHPMYADMIN_MAIN\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
-            exit 0
-          fi
-          if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-phpmyadmin/job/main/lastBuild/api/json | jq -r '.building') == "true" ]; then
-            echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
-            echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY
-            exit 0
-          fi
-          echo "**** Package trigger running off of main branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_PHPMYADMIN_MAIN\". ****"
-          echo "Package trigger running off of main branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_PHPMYADMIN_MAIN\`" >> $GITHUB_STEP_SUMMARY
-          response=$(curl -iX POST \
-            https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-phpmyadmin/job/main/buildWithParameters?PACKAGE_CHECK=true \
-            --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
-          echo "**** Jenkins job queue url: ${response%$'\r'} ****"
-          echo "**** Sleeping 10 seconds until job starts ****"
-          sleep 10
-          buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
-          buildurl="${buildurl%$'\r'}"
-          echo "**** Jenkins job build url: ${buildurl} ****"
-          echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
-          echo "**** Attempting to change the Jenkins job description ****"
-          curl -iX POST \
-            "${buildurl}submitDescription" \
-            --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
-            --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
-            --data-urlencode "Submit=Submit"

.github/workflows/package_trigger_scheduler.yml

@@ -5,46 +5,99 @@ on:
     - cron:  '24 21 * * 5'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   package-trigger-scheduler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.1.0
+      - uses: actions/checkout@v4.1.1
         with:
           fetch-depth: '0'
 
       - name: Package Trigger Scheduler
+        env:
+          SKIP_PACKAGE_TRIGGER: ${{ vars.SKIP_PACKAGE_TRIGGER }}
         run: |
-          echo "**** Branches found: ****"
-          git for-each-ref --format='%(refname:short)' refs/remotes
-          for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
+          printf "# Package trigger scheduler for docker-phpmyadmin\n\n" >> $GITHUB_STEP_SUMMARY
+          printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
+          for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
           do
-            br=$(echo "$br" | sed 's|origin/||g')
-            echo "**** Evaluating branch ${br} ****"
-            ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-phpmyadmin/${br}/jenkins-vars.yml | yq -r '.ls_branch')
-            if [ "${br}" == "${ls_branch}" ]; then
-              echo "**** Branch ${br} appears to be live; checking workflow. ****"
-              if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-phpmyadmin/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
-                echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
-                echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
-                triggered_branches="${triggered_branches}${br} "
-                curl -iX POST \
-                  -H "Authorization: token ${{ secrets.CR_PAT }}" \
-                  -H "Accept: application/vnd.github.v3+json" \
-                  -d "{\"ref\":\"refs/heads/${br}\"}" \
-                  https://api.github.com/repos/linuxserver/docker-phpmyadmin/actions/workflows/package_trigger.yml/dispatches
-                sleep 30
+            if [[ "${br}" == "HEAD" ]]; then
+              printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
+              continue
+            fi
+            printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
+            JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-phpmyadmin/${br}/jenkins-vars.yml)
+            if ! curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-phpmyadmin/${br}/Jenkinsfile >/dev/null 2>&1; then
+              echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+              echo "> No Jenkinsfile found. Branch is either deprecated or is an early dev branch." >> $GITHUB_STEP_SUMMARY
+              skipped_branches="${skipped_branches}${br} "
+            elif [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then
+              echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY
+              README_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-phpmyadmin/${br}/readme-vars.yml)
+              if [[ $(yq -r '.project_deprecation_status' <<< "${README_VARS}") == "true" ]]; then
+                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                echo "> Branch appears to be deprecated; skipping trigger." >> $GITHUB_STEP_SUMMARY
+                skipped_branches="${skipped_branches}${br} "
+              elif [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then
+                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY
+                skipped_branches="${skipped_branches}${br} "
+              elif grep -q "^phpmyadmin_${br}" <<< "${SKIP_PACKAGE_TRIGGER}"; then
+                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`phpmyadmin_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
+                skipped_branches="${skipped_branches}${br} "
+              elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-phpmyadmin/job/${br}/lastBuild/api/json | jq -r '.building' 2>/dev/null) == "true" ]; then
+                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY
+                skipped_branches="${skipped_branches}${br} "
               else
-                echo "**** Workflow doesn't exist; skipping trigger. ****"
-                echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY
+                echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
+                echo "> Triggering package trigger for branch ${br}" >> $GITHUB_STEP_SUMMARY
+                printf "> To disable, add \`phpmyadmin_%s\` into the Github organizational variable \`SKIP_PACKAGE_TRIGGER\`.\n\n" "${br}" >> $GITHUB_STEP_SUMMARY
+                triggered_branches="${triggered_branches}${br} "
+                response=$(curl -iX POST \
+                  https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-phpmyadmin/job/${br}/buildWithParameters?PACKAGE_CHECK=true \
+                  --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
+                if [[ -z "${response}" ]]; then
+                  echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                  echo "> Jenkins build could not be triggered. Skipping branch."
+                  continue
+                fi
+                echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
+                echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
+                sleep 10
+                buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
+                buildurl="${buildurl%$'\r'}"
+                echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
+                echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
+                if ! curl -ifX POST \
+                  "${buildurl}submitDescription" \
+                  --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
+                  --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+                  --data-urlencode "Submit=Submit"; then
+                  echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
+                  echo "> Unable to change the Jenkins job description."
+                fi
+                sleep 20
               fi
             else
-              echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
               echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY
             fi
           done
-          echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"
-          echo "**** Notifying Discord ****"
-          curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
-            "description": "**Package Check Build(s) Triggered for phpmyadmin** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-phpmyadmin/activity/"' \n"}],
-            "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+          if [[ -n "${triggered_branches}" ]] || [[ -n "${skipped_branches}" ]]; then
+            if [[ -n "${triggered_branches}" ]]; then
+              NOTIFY_BRANCHES="**Triggered:** ${triggered_branches} \n"
+              NOTIFY_BUILD_URL="**Build URL:** https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-phpmyadmin/activity/ \n"
+              echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"
+            fi
+            if [[ -n "${skipped_branches}" ]]; then
+              NOTIFY_BRANCHES="${NOTIFY_BRANCHES}**Skipped:** ${skipped_branches} \n"
+            fi
+            echo "**** Notifying Discord ****"
+            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
+              "description": "**Package Check Build(s) for phpmyadmin** \n'"${NOTIFY_BRANCHES}"''"${NOTIFY_BUILD_URL}"'"}],
+              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+          fi

.github/workflows/permissions.yml

@@ -5,6 +5,8 @@ on:
       - '**/run'
       - '**/finish'
       - '**/check'
+      - 'root/migrations/*'
+
 jobs:
   permission_check:
     uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1

Dockerfile

@@ -1,19 +1,19 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.19
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.23
 
 # set version label
 ARG BUILD_DATE
 ARG VERSION
 ARG PHPMYADMIN_VERSION
 LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
-LABEL maintainer="TheSpad"
+LABEL maintainer="thespad"
 
 # environment settings
 ARG PHPMYADMIN_RELEASE_GPG_KEY="3D06A59ECE730EB71B511C17CE752F178259BD92"
-ENV MAX_EXECUTION_TIME 600
-ENV MEMORY_LIMIT 512M
-ENV UPLOAD_LIMIT 8192K
+ENV MAX_EXECUTION_TIME=600
+ENV MEMORY_LIMIT=512M
+ENV UPLOAD_LIMIT=8192K
 
 RUN \
   apk add --no-cache --virtual=build-dependencies \
@@ -21,30 +21,29 @@ RUN \
     gpg-agent \
     gnupg-dirmngr && \
   apk add --no-cache \
-    php83-bz2 \
-    php83-dom \
-    php83-gd \
-    php83-mysqli \
-    php83-opcache \
-    php83-pecl-uploadprogress \
-    php83-tokenizer && \
+    php85-bz2 \
+    php85-dom \
+    php85-gd \
+    php85-mysqli \
+    php85-pecl-uploadprogress \
+    php85-tokenizer && \
   echo "**** configure php-fpm to pass env vars ****" && \
-  sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php83/php-fpm.d/www.conf && \
-  grep -qxF 'clear_env = no' /etc/php83/php-fpm.d/www.conf || echo 'clear_env = no' >> /etc/php83/php-fpm.d/www.conf && \
-  echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php83/php-fpm.conf && \
-  echo "**** setup php opcache ****" && \  
+  sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php85/php-fpm.d/www.conf && \
+  if ! grep -qxF 'clear_env = no' /etc/php85/php-fpm.d/www.conf; then echo 'clear_env = no' >> /etc/php85/php-fpm.d/www.conf; fi && \
+  echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php85/php-fpm.conf && \
+  echo "**** setup php opcache ****" && \
   { \
       echo 'opcache.memory_consumption=128'; \
       echo 'opcache.interned_strings_buffer=8'; \
       echo 'opcache.max_accelerated_files=4000'; \
       echo 'opcache.revalidate_freq=2'; \
       echo 'opcache.fast_shutdown=1'; \
-  } > /etc/php83/conf.d/opcache-recommended.ini; \
+  } > /etc/php85/conf.d/opcache-recommended.ini; \
   \
   { \
       echo 'session.cookie_httponly=1'; \
       echo 'session.use_strict_mode=1'; \
-  } > /etc/php83/conf.d/session-strict.ini; \
+  } > /etc/php85/conf.d/session-strict.ini; \
   \
   { \
       echo 'allow_url_fopen=Off'; \
@@ -53,7 +52,7 @@ RUN \
       echo 'memory_limit=${MEMORY_LIMIT}'; \
       echo 'post_max_size=${UPLOAD_LIMIT}'; \
       echo 'upload_max_filesize=${UPLOAD_LIMIT}'; \
-  } > /etc/php83/conf.d/phpmyadmin-misc.ini && \
+  } > /etc/php85/conf.d/phpmyadmin-misc.ini && \
   echo "**** install phpmyadmin ****" && \
   mkdir -p /app/www/public && \
   if [ -z ${PHPMYADMIN_VERSION+x} ]; then \
@@ -78,7 +77,8 @@ RUN \
   tar xf \
     /tmp/phpmyadmin.tar.xz -C \
     /app/www/public/ --strip-components=1 && \
-  sed -i "s@'configFile' =>.*@'configFile' => '/config/phpmyadmin/config.inc.php',@" "/app/www/public/libraries/vendor_config.php" && \    
+  sed -i "s@'configFile' =>.*@'configFile' => '/config/phpmyadmin/config.inc.php',@" "/app/www/public/libraries/vendor_config.php" && \
+  printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \

Dockerfile.aarch64

@@ -1,19 +1,19 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.19
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.23
 
 # set version label
 ARG BUILD_DATE
 ARG VERSION
 ARG PHPMYADMIN_VERSION
 LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
-LABEL maintainer="TheSpad"
+LABEL maintainer="thespad"
 
 # environment settings
 ARG PHPMYADMIN_RELEASE_GPG_KEY="3D06A59ECE730EB71B511C17CE752F178259BD92"
-ENV MAX_EXECUTION_TIME 600
-ENV MEMORY_LIMIT 512M
-ENV UPLOAD_LIMIT 8192K
+ENV MAX_EXECUTION_TIME=600
+ENV MEMORY_LIMIT=512M
+ENV UPLOAD_LIMIT=8192K
 
 RUN \
   apk add --no-cache --virtual=build-dependencies \
@@ -21,30 +21,29 @@ RUN \
     gpg-agent \
     gnupg-dirmngr && \
   apk add --no-cache \
-    php83-bz2 \
-    php83-dom \
-    php83-gd \
-    php83-mysqli \
-    php83-opcache \
-    php83-pecl-uploadprogress \
-    php83-tokenizer && \
+    php85-bz2 \
+    php85-dom \
+    php85-gd \
+    php85-mysqli \
+    php85-pecl-uploadprogress \
+    php85-tokenizer && \
   echo "**** configure php-fpm to pass env vars ****" && \
-  sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php83/php-fpm.d/www.conf && \
-  grep -qxF 'clear_env = no' /etc/php83/php-fpm.d/www.conf || echo 'clear_env = no' >> /etc/php83/php-fpm.d/www.conf && \
-  echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php83/php-fpm.conf && \
-  echo "**** setup php opcache ****" && \  
+  sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php85/php-fpm.d/www.conf && \
+  if ! grep -qxF 'clear_env = no' /etc/php85/php-fpm.d/www.conf; then echo 'clear_env = no' >> /etc/php85/php-fpm.d/www.conf; fi && \
+  echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php85/php-fpm.conf && \
+  echo "**** setup php opcache ****" && \
   { \
       echo 'opcache.memory_consumption=128'; \
       echo 'opcache.interned_strings_buffer=8'; \
       echo 'opcache.max_accelerated_files=4000'; \
       echo 'opcache.revalidate_freq=2'; \
       echo 'opcache.fast_shutdown=1'; \
-  } > /etc/php83/conf.d/opcache-recommended.ini; \
+  } > /etc/php85/conf.d/opcache-recommended.ini; \
   \
   { \
       echo 'session.cookie_httponly=1'; \
       echo 'session.use_strict_mode=1'; \
-  } > /etc/php83/conf.d/session-strict.ini; \
+  } > /etc/php85/conf.d/session-strict.ini; \
   \
   { \
       echo 'allow_url_fopen=Off'; \
@@ -53,7 +52,7 @@ RUN \
       echo 'memory_limit=${MEMORY_LIMIT}'; \
       echo 'post_max_size=${UPLOAD_LIMIT}'; \
       echo 'upload_max_filesize=${UPLOAD_LIMIT}'; \
-  } > /etc/php83/conf.d/phpmyadmin-misc.ini && \
+  } > /etc/php85/conf.d/phpmyadmin-misc.ini && \
   echo "**** install phpmyadmin ****" && \
   mkdir -p /app/www/public && \
   if [ -z ${PHPMYADMIN_VERSION+x} ]; then \
@@ -78,8 +77,9 @@ RUN \
   tar xf \
     /tmp/phpmyadmin.tar.xz -C \
     /app/www/public/ --strip-components=1 && \
-  sed -i "s@'configFile' =>.*@'configFile' => '/config/phpmyadmin/config.inc.php',@" "/app/www/public/libraries/vendor_config.php" && \    
-  echo "**** cleanup ****" && \  
+  sed -i "s@'configFile' =>.*@'configFile' => '/config/phpmyadmin/config.inc.php',@" "/app/www/public/libraries/vendor_config.php" && \
+  printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
+  echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \
   rm -rf \

Jenkinsfile

@@ -8,7 +8,7 @@ pipeline {
   }
   // Input to determine if this is a package check
   parameters {
-     string(defaultValue: 'false', description: 'package check run', name: 'PACKAGE_CHECK')
+    string(defaultValue: 'false', description: 'package check run', name: 'PACKAGE_CHECK')
   }
   // Configuration for the variables used for this specific repo
   environment {
@@ -16,6 +16,9 @@ pipeline {
     GITHUB_TOKEN=credentials('498b4638-2d02-4ce5-832d-8a57d01d97ab')
     GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0')
     GITLAB_NAMESPACE=credentials('gitlab-namespace-id')
+    DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat')
+    QUAYIO_API_TOKEN=credentials('quayio-repo-api-token')
+    GIT_SIGNING_KEY=credentials('484fbca6-9a4f-455e-b9e3-97ac98785f5f')
     EXT_GIT_BRANCH = 'master'
     EXT_USER = 'phpmyadmin'
     EXT_REPO = 'phpmyadmin'
@@ -32,21 +35,47 @@ pipeline {
     CI_WEB='true'
     CI_PORT='80'
     CI_SSL='false'
-    CI_DELAY='120'
-    CI_DOCKERENV='TZ=US/Pacific'
+    CI_DELAY='60'
+    CI_DOCKERENV=''
     CI_AUTH=''
     CI_WEBPATH=''
   }
   stages {
+    stage("Set git config"){
+      steps{
+        sh '''#!/bin/bash
+              cat ${GIT_SIGNING_KEY} > /config/.ssh/id_sign
+              chmod 600 /config/.ssh/id_sign
+              ssh-keygen -y -f /config/.ssh/id_sign > /config/.ssh/id_sign.pub
+              echo "Using $(ssh-keygen -lf /config/.ssh/id_sign) to sign commits"
+              git config --global gpg.format ssh
+              git config --global user.signingkey /config/.ssh/id_sign
+              git config --global commit.gpgsign true
+        '''
+      }
+    }
     // Setup all the basic environment variables needed for the build
     stage("Set ENV Variables base"){
       steps{
+        echo "Running on node: ${NODE_NAME}"
         sh '''#! /bin/bash
-              containers=$(docker ps -aq)
+              echo "Pruning builder"
+              docker builder prune -f --builder container || :
+              containers=$(docker ps -q)
               if [[ -n "${containers}" ]]; then
-                docker stop ${containers}
+                BUILDX_CONTAINER_ID=$(docker ps -qf 'name=buildx_buildkit')
+                for container in ${containers}; do
+                  if [[ "${container}" == "${BUILDX_CONTAINER_ID}" ]]; then
+                    echo "skipping buildx container in docker stop"
+                  else
+                    echo "Stopping container ${container}"
+                    docker stop ${container}
+                  fi
+                done
               fi
-              docker system prune -af --volumes || : '''
+              docker system prune -f --volumes || :
+              docker image prune -af || :
+           '''
         script{
           env.EXIT_STATUS = ''
           env.LS_RELEASE = sh(
@@ -61,11 +90,20 @@ pipeline {
           env.COMMIT_SHA = sh(
             script: '''git rev-parse HEAD''',
             returnStdout: true).trim()
+          env.GH_DEFAULT_BRANCH = sh(
+            script: '''git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||' ''',
+            returnStdout: true).trim()
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
           env.PULL_REQUEST = env.CHANGE_ID
-          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml'
+          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml'
+          if ( env.SYFT_IMAGE_TAG == null ) {
+            env.SYFT_IMAGE_TAG = 'latest'
+          }
         }
+        echo "Using syft image tag ${SYFT_IMAGE_TAG}"
+        sh '''#! /bin/bash
+              echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" '''
         script{
           env.LS_RELEASE_NUMBER = sh(
             script: '''echo ${LS_RELEASE} |sed 's/^.*-ls//g' ''',
@@ -123,7 +161,7 @@ pipeline {
       steps{
         script{
           env.EXT_RELEASE_CLEAN = sh(
-            script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g' ''',
+            script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/ ]//g' ''',
             returnStdout: true).trim()
 
           def semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)\.(\d+)/
@@ -141,7 +179,7 @@ pipeline {
           }
 
           if (env.SEMVER != null) {
-            if (BRANCH_NAME != "master" && BRANCH_NAME != "main") {
+            if (BRANCH_NAME != "${env.GH_DEFAULT_BRANCH}") {
               env.SEMVER = "${env.SEMVER}-${BRANCH_NAME}"
             }
             println("SEMVER: ${env.SEMVER}")
@@ -172,6 +210,8 @@ pipeline {
           env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
           env.META_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
           env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN
+          env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
+          env.CITEST_IMAGETAG = 'latest'
         }
       }
     }
@@ -196,6 +236,8 @@ pipeline {
           env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA
           env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DEV_DOCKERHUB_IMAGE + '/tags/'
+          env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
+          env.CITEST_IMAGETAG = 'develop'
         }
       }
     }
@@ -220,6 +262,8 @@ pipeline {
           env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/'
+          env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
+          env.CITEST_IMAGETAG = 'develop'
         }
       }
     }
@@ -242,9 +286,11 @@ pipeline {
                   -v ${WORKSPACE}:/mnt \
                   -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
                   -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
-                  ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
-                    apk add --no-cache py3-pip && \
-                    pip install s3cmd && \
+                  ghcr.io/linuxserver/baseimage-alpine:3.23 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
+                    apk add --no-cache python3 && \
+                    python3 -m venv /lsiopy && \
+                    pip install --no-cache-dir -U pip && \
+                    pip install --no-cache-dir s3cmd && \
                     s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :'''
         }
       }
@@ -263,8 +309,15 @@ pipeline {
               set -e
               TEMPDIR=$(mktemp -d)
               docker pull ghcr.io/linuxserver/jenkins-builder:latest
-              docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=main -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest 
-              # Stage 1 - Jenkinsfile update
+              # Cloned repo paths for templating:
+              # ${TEMPDIR}/docker-${CONTAINER_NAME}: Cloned branch main of ${LS_USER}/${LS_REPO} for running the jenkins builder on
+              # ${TEMPDIR}/repo/${LS_REPO}: Cloned branch main of ${LS_USER}/${LS_REPO} for commiting various templated file changes and pushing back to Github
+              # ${TEMPDIR}/docs/docker-documentation: Cloned docs repo for pushing docs updates to Github
+              # ${TEMPDIR}/unraid/docker-templates: Cloned docker-templates repo to check for logos
+              # ${TEMPDIR}/unraid/templates: Cloned templates repo for commiting unraid template changes and pushing back to Github
+              git clone --branch main --depth 1 https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/docker-${CONTAINER_NAME}
+              docker run --rm -v ${TEMPDIR}/docker-${CONTAINER_NAME}:/tmp -e LOCAL=true -e PUID=$(id -u) -e PGID=$(id -g) ghcr.io/linuxserver/jenkins-builder:latest 
+              echo "Starting Stage 1 - Jenkinsfile update"
               if [[ "$(md5sum Jenkinsfile | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile | awk '{ print $1 }')" ]]; then
                 mkdir -p ${TEMPDIR}/repo
                 git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
@@ -273,16 +326,17 @@ pipeline {
                 cp ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile ${TEMPDIR}/repo/${LS_REPO}/
                 git add Jenkinsfile
                 git commit -m 'Bot Updating Templated Files'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git main
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git main
                 echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
-                echo "Updating Jenkinsfile"
+                echo "Updating Jenkinsfile and exiting build, new one will trigger based on commit"
                 rm -Rf ${TEMPDIR}
                 exit 0
               else
                 echo "Jenkinsfile is up to date."
               fi
-              # Stage 2 - Delete old templates
-              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml Dockerfile.armhf"
+              echo "Starting Stage 2 - Delete old templates"
+              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml .github/workflows/package_trigger.yml"
               for i in ${OLD_TEMPLATES}; do
                 if [[ -f "${i}" ]]; then
                   TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
@@ -297,15 +351,45 @@ pipeline {
                   git rm "${i}"
                 done
                 git commit -m 'Bot Updating Templated Files'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git main
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git main
                 echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
-                echo "Deleting old and deprecated templates"
+                echo "Deleting old/deprecated templates and exiting build, new one will trigger based on commit"
                 rm -Rf ${TEMPDIR}
                 exit 0
               else
                 echo "No templates to delete"
               fi
-              # Stage 3 - Update templates
+              echo "Starting Stage 2.5 - Update init diagram"
+              if ! grep -q 'init_diagram:' readme-vars.yml; then
+                echo "Adding the key 'init_diagram' to readme-vars.yml"
+                sed -i '\\|^#.*changelog.*$|d' readme-vars.yml
+                sed -i 's|^changelogs:|# init diagram\\ninit_diagram:\\n\\n# changelog\\nchangelogs:|' readme-vars.yml
+              fi
+              mkdir -p ${TEMPDIR}/d2
+              docker run --rm -v ${TEMPDIR}/d2:/output -e PUID=$(id -u) -e PGID=$(id -g) -e RAW="true" ghcr.io/linuxserver/d2-builder:latest ${CONTAINER_NAME}:latest
+              ls -al ${TEMPDIR}/d2
+              yq -ei ".init_diagram |= load_str(\\"${TEMPDIR}/d2/${CONTAINER_NAME}-latest.d2\\")" readme-vars.yml
+              if [[ $(md5sum readme-vars.yml | cut -c1-8) != $(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/readme-vars.yml | cut -c1-8) ]]; then
+                echo "'init_diagram' has been updated. Updating repo and exiting build, new one will trigger based on commit."
+                mkdir -p ${TEMPDIR}/repo
+                git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
+                cd ${TEMPDIR}/repo/${LS_REPO}
+                git checkout -f main
+                cp ${WORKSPACE}/readme-vars.yml ${TEMPDIR}/repo/${LS_REPO}/readme-vars.yml
+                git add readme-vars.yml
+                git commit -m 'Bot Updating Templated Files'
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git main
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git main
+                echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                echo "Updating templates and exiting build, new one will trigger based on commit"
+                rm -Rf ${TEMPDIR}
+                exit 0
+              else
+                echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                echo "Init diagram is unchanged"
+              fi
+              echo "Starting Stage 3 - Update templates"
               CURRENTHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
               cd ${TEMPDIR}/docker-${CONTAINER_NAME}
               NEWHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
@@ -326,31 +410,50 @@ pipeline {
                 fi
                 git add readme-vars.yml ${TEMPLATED_FILES}
                 git commit -m 'Bot Updating Templated Files'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git main
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git main
                 echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                echo "Updating templates and exiting build, new one will trigger based on commit"
+                rm -Rf ${TEMPDIR}
+                exit 0
               else
                 echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                echo "No templates to update"
               fi
+              echo "Starting Stage 4 - External repo updates: Docs, Unraid Template and Readme Sync to Docker Hub"
               mkdir -p ${TEMPDIR}/docs
-              git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation
-              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
+              git clone --depth=1 https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation
+              if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}"  ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
                 cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/
                 cd ${TEMPDIR}/docs/docker-documentation
+                GH_DOCS_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||')
                 git add docs/images/docker-${CONTAINER_NAME}.md
+                echo "Updating docs repo"
                 git commit -m 'Bot Updating Documentation'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} --rebase
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} || \
+                  (MAXWAIT="10" && echo "Push to docs failed, trying again in ${MAXWAIT} seconds" && \
+                  sleep $((RANDOM % MAXWAIT)) && \
+                  git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH} --rebase && \
+                  git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH})
+              else
+                echo "Docs update not needed, skipping"
               fi
               mkdir -p ${TEMPDIR}/unraid
-              git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
-              git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
+              git clone --depth=1 https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
+              git clone --depth=1 https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
               if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then
                 sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
               elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then
                 sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
               fi
-              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
+              if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
+                echo "Updating Unraid template"
                 cd ${TEMPDIR}/unraid/templates/
-                if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
+                GH_TEMPLATES_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||')
+                if grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list && [[ -f ${TEMPDIR}/unraid/templates/unraid/deprecated/${CONTAINER_NAME}.xml ]]; then
+                  echo "Image is on the ignore list, and already in the deprecation folder."
+                elif grep -wq "^${CONTAINER_NAME}$" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
                   echo "Image is on the ignore list, marking Unraid template as deprecated"
                   cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
                   git add -u unraid/${CONTAINER_NAME}.xml
@@ -361,7 +464,42 @@ pipeline {
                   git add unraid/${CONTAINER_NAME}.xml
                   git commit -m 'Bot Updating Unraid Template'
                 fi
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} --rebase
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} || \
+                  (MAXWAIT="10" && echo "Push to unraid templates failed, trying again in ${MAXWAIT} seconds" && \
+                  sleep $((RANDOM % MAXWAIT)) && \
+                  git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH} --rebase && \
+                  git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH})
+              else
+                echo "No updates to Unraid template needed, skipping"
+              fi
+              if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]]; then
+                if [[ $(cat ${TEMPDIR}/docker-${CONTAINER_NAME}/README.md | wc -m) -gt 25000 ]]; then
+                  echo "Readme is longer than 25,000 characters. Syncing the lite version to Docker Hub"
+                  DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/README.lite"
+                else
+                  echo "Syncing readme to Docker Hub"
+                  DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/README.md"
+                fi
+                if curl -s https://hub.docker.com/v2/namespaces/${DOCKERHUB_IMAGE%%/*}/repositories/${DOCKERHUB_IMAGE##*/}/tags | jq -r '.message' | grep -q 404; then
+                  echo "Docker Hub endpoint doesn't exist. Creating endpoint first."
+                  DH_TOKEN=$(curl -d '{"username":"linuxserverci", "password":"'${DOCKERHUB_TOKEN}'"}' -H "Content-Type: application/json" -X POST https://hub.docker.com/v2/users/login | jq -r '.token')
+                  curl -s \
+                    -H "Authorization: JWT ${DH_TOKEN}" \
+                    -H "Content-Type: application/json" \
+                    -X POST \
+                    -d '{"name":"'${DOCKERHUB_IMAGE##*/}'", "namespace":"'${DOCKERHUB_IMAGE%%/*}'"}' \
+                    https://hub.docker.com/v2/repositories/ || :
+                fi
+                DH_TOKEN=$(curl -d '{"username":"linuxserverci", "password":"'${DOCKERHUB_TOKEN}'"}' -H "Content-Type: application/json" -X POST https://hub.docker.com/v2/users/login | jq -r '.token')
+                curl -s \
+                  -H "Authorization: JWT ${DH_TOKEN}" \
+                  -H "Content-Type: application/json" \
+                  -X PATCH \
+                  -d "{\\"full_description\\":$(jq -Rsa . ${DH_README_SYNC_PATH})}" \
+                  https://hub.docker.com/v2/repositories/${DOCKERHUB_IMAGE} || :
+              else
+                echo "Not the default Github branch. Skipping readme sync to Docker Hub."
               fi
               rm -Rf ${TEMPDIR}'''
         script{
@@ -408,23 +546,27 @@ pipeline {
       }
     }
     /* #######################
-           GitLab Mirroring
+       GitLab Mirroring and Quay.io Repo Visibility
        ####################### */
-    // Ping into Gitlab to mirror this repo and have a registry endpoint
-    stage("GitLab Mirror"){
+    // Ping into Gitlab to mirror this repo and have a registry endpoint & mark this repo on Quay.io as public
+    stage("GitLab Mirror and Quay.io Visibility"){
       when {
         environment name: 'EXIT_STATUS', value: ''
       }
       steps{
         sh '''curl -H "Content-Type: application/json" -H "Private-Token: ${GITLAB_TOKEN}" -X POST https://gitlab.com/api/v4/projects \
-        -d '{"namespace_id":'${GITLAB_NAMESPACE}',\
-             "name":"'${LS_REPO}'",
-             "mirror":true,\
-             "import_url":"https://github.com/linuxserver/'${LS_REPO}'.git",\
-             "issues_access_level":"disabled",\
-             "merge_requests_access_level":"disabled",\
-             "repository_access_level":"enabled",\
-             "visibility":"public"}' '''
+          -d '{"namespace_id":'${GITLAB_NAMESPACE}',\
+            "name":"'${LS_REPO}'",
+            "mirror":true,\
+            "import_url":"https://github.com/linuxserver/'${LS_REPO}'.git",\
+            "issues_access_level":"disabled",\
+            "merge_requests_access_level":"disabled",\
+            "repository_access_level":"enabled",\
+            "visibility":"public"}' '''
+        sh '''curl -H "Private-Token: ${GITLAB_TOKEN}" -X PUT "https://gitlab.com/api/v4/projects/Linuxserver.io%2F${LS_REPO}" \
+          -d "mirror=true&import_url=https://github.com/linuxserver/${LS_REPO}.git" '''
+        sh '''curl -H "Content-Type: application/json" -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" -X POST "https://quay.io/api/v1/repository${QUAYIMAGE/quay.io/}/changevisibility" \
+          -d '{"visibility":"public"}' ||: '''
       } 
     }
     /* ###############
@@ -455,7 +597,45 @@ pipeline {
           --label \"org.opencontainers.image.title=Phpmyadmin\" \
           --label \"org.opencontainers.image.description=[Phpmyadmin](https://github.com/phpmyadmin/phpmyadmin/) is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB.  \" \
           --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
+          --provenance=true --sbom=true --builder=container --load \
           --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
+        sh '''#! /bin/bash
+              set -e
+              IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+              for i in "${CACHE[@]}"; do
+                docker tag ${IMAGE}:${META_TAG} ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER}
+              done
+           '''
+        withCredentials([
+          [
+            $class: 'UsernamePasswordMultiBinding',
+            credentialsId: 'Quay.io-Robot',
+            usernameVariable: 'QUAYUSER',
+            passwordVariable: 'QUAYPASS'
+          ]
+        ]) {
+          retry_backoff(5,5) {
+              sh '''#! /bin/bash
+                    set -e
+                    echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
+                    echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
+                    echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
+                    echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
+
+                    if [[ "${PACKAGE_CHECK}" != "true" ]]; then
+                      declare -A pids
+                      IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                      for i in "${CACHE[@]}"; do
+                        docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} &
+                        pids[$!]="$i"
+                      done
+                      for p in "${!pids[@]}"; do
+                        wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
+                      done
+                    fi
+                '''
+          }
+        }
       }
     }
     // Build MultiArch Docker containers for push to LS Repo
@@ -486,7 +666,45 @@ pipeline {
               --label \"org.opencontainers.image.title=Phpmyadmin\" \
               --label \"org.opencontainers.image.description=[Phpmyadmin](https://github.com/phpmyadmin/phpmyadmin/) is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB.  \" \
               --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
+              --provenance=true --sbom=true --builder=container --load \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
+            sh '''#! /bin/bash
+                  set -e
+                  IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                  for i in "${CACHE[@]}"; do
+                    docker tag ${IMAGE}:amd64-${META_TAG} ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER}
+                  done
+               '''
+            withCredentials([
+              [
+                $class: 'UsernamePasswordMultiBinding',
+                credentialsId: 'Quay.io-Robot',
+                usernameVariable: 'QUAYUSER',
+                passwordVariable: 'QUAYPASS'
+              ]
+            ]) {
+              retry_backoff(5,5) {
+                  sh '''#! /bin/bash
+                        set -e
+                        echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
+                        echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
+                        echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
+                        echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
+
+                        if [[ "${PACKAGE_CHECK}" != "true" ]]; then
+                          declare -A pids
+                          IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                          for i in "${CACHE[@]}"; do
+                            docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} &
+                            pids[$!]="$i"
+                          done
+                          for p in "${!pids[@]}"; do
+                            wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
+                          done
+                        fi
+                    '''
+              }
+            }
           }
         }
         stage('Build ARM64') {
@@ -495,10 +713,6 @@ pipeline {
           }
           steps {
             echo "Running on node: ${NODE_NAME}"
-            echo 'Logging into Github'
-            sh '''#! /bin/bash
-                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
-               '''
             sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.aarch64"
             sh "docker buildx build \
               --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
@@ -514,17 +728,52 @@ pipeline {
               --label \"org.opencontainers.image.title=Phpmyadmin\" \
               --label \"org.opencontainers.image.description=[Phpmyadmin](https://github.com/phpmyadmin/phpmyadmin/) is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB.  \" \
               --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
+              --provenance=true --sbom=true --builder=container --load \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
-            sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
-            retry(5) {
-              sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
+            sh '''#! /bin/bash
+                  set -e
+                  IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                  for i in "${CACHE[@]}"; do
+                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
+                  done
+               '''
+            withCredentials([
+              [
+                $class: 'UsernamePasswordMultiBinding',
+                credentialsId: 'Quay.io-Robot',
+                usernameVariable: 'QUAYUSER',
+                passwordVariable: 'QUAYPASS'
+              ]
+            ]) {
+              retry_backoff(5,5) {
+                  sh '''#! /bin/bash
+                        set -e
+                        echo $DOCKERHUB_TOKEN | docker login -u linuxserverci --password-stdin
+                        echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
+                        echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
+                        echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
+                        if [[ "${PACKAGE_CHECK}" != "true" ]]; then
+                          declare -A pids
+                          IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                          for i in "${CACHE[@]}"; do
+                            docker push ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} &
+                            pids[$!]="$i"
+                          done
+                          for p in "${!pids[@]}"; do
+                            wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
+                          done
+                        fi
+                    '''
+              }
             }
             sh '''#! /bin/bash
                   containers=$(docker ps -aq)
                   if [[ -n "${containers}" ]]; then
                     docker stop ${containers}
                   fi
-                  docker system prune -af --volumes || : '''
+                  docker system prune -f --volumes || :
+                  docker image prune -af || :
+               '''
           }
         }
       }
@@ -540,7 +789,7 @@ pipeline {
         sh '''#! /bin/bash
               set -e
               TEMPDIR=$(mktemp -d)
-              if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then
+              if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" != "true" ]; then
                 LOCAL_CONTAINER=${IMAGE}:amd64-${META_TAG}
               else
                 LOCAL_CONTAINER=${IMAGE}:${META_TAG}
@@ -549,7 +798,7 @@ pipeline {
               docker run --rm \
                 -v /var/run/docker.sock:/var/run/docker.sock:ro \
                 -v ${TEMPDIR}:/tmp \
-                ghcr.io/anchore/syft:latest \
+                ghcr.io/anchore/syft:${SYFT_IMAGE_TAG} \
                 ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt
               NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 )
               echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github"
@@ -561,7 +810,8 @@ pipeline {
                 wait
                 git add package_versions.txt
                 git commit -m 'Bot Updating Package Versions'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git main
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git main
                 echo "true" > /tmp/packages-${COMMIT_SHA}-${BUILD_NUMBER}
                 echo "Package tag updated, stopping build process"
               else
@@ -627,18 +877,27 @@ pipeline {
           }
           sh '''#! /bin/bash
                 set -e
-                docker pull ghcr.io/linuxserver/ci:latest
+                if grep -q 'docker-baseimage' <<< "${LS_REPO}"; then
+                  echo "Detected baseimage, setting LSIO_FIRST_PARTY=true"
+                  if [ -n "${CI_DOCKERENV}" ]; then
+                    CI_DOCKERENV="LSIO_FIRST_PARTY=true|${CI_DOCKERENV}"
+                  else
+                    CI_DOCKERENV="LSIO_FIRST_PARTY=true"
+                  fi
+                fi
+                docker pull ghcr.io/linuxserver/ci:${CITEST_IMAGETAG}
                 if [ "${MULTIARCH}" == "true" ]; then
-                  docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
+                  docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64
                   docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
                 fi
                 docker run --rm \
                 --shm-size=1gb \
                 -v /var/run/docker.sock:/var/run/docker.sock \
                 -e IMAGE=\"${IMAGE}\" \
-                -e DELAY_START=\"${CI_DELAY}\" \
+                -e DOCKER_LOGS_TIMEOUT=\"${CI_DELAY}\" \
                 -e TAGS=\"${CI_TAGS}\" \
                 -e META_TAG=\"${META_TAG}\" \
+                -e RELEASE_TAG=\"latest\" \
                 -e PORT=\"${CI_PORT}\" \
                 -e SSL=\"${CI_SSL}\" \
                 -e BASE=\"${DIST_IMAGE}\" \
@@ -648,7 +907,11 @@ pipeline {
                 -e WEB_SCREENSHOT=\"${CI_WEB}\" \
                 -e WEB_AUTH=\"${CI_AUTH}\" \
                 -e WEB_PATH=\"${CI_WEBPATH}\" \
-                -t ghcr.io/linuxserver/ci:latest \
+                -e NODE_NAME=\"${NODE_NAME}\" \
+                -e SYFT_IMAGE_TAG=\"${CI_SYFT_IMAGE_TAG:-${SYFT_IMAGE_TAG}}\" \
+                -e COMMIT_SHA=\"${COMMIT_SHA}\" \
+                -e BUILD_NUMBER=\"${BUILD_NUMBER}\" \
+                -t ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} \
                 python3 test_build.py'''
         }
       }
@@ -663,43 +926,25 @@ pipeline {
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
-        withCredentials([
-          [
-            $class: 'UsernamePasswordMultiBinding',
-            credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
-            usernameVariable: 'DOCKERUSER',
-            passwordVariable: 'DOCKERPASS'
-          ],
-          [
-            $class: 'UsernamePasswordMultiBinding',
-            credentialsId: 'Quay.io-Robot',
-            usernameVariable: 'QUAYUSER',
-            passwordVariable: 'QUAYPASS'
-          ]
-        ]) {
-          retry(5) {
-            sh '''#! /bin/bash
-                  set -e
-                  echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
-                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
-                  echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
-                  echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
-                  for PUSHIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do
-                    docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG}
-                    docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:latest
-                    docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${EXT_RELEASE_TAG}
-                    if [ -n "${SEMVER}" ]; then
-                      docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${SEMVER}
-                    fi
-                    docker push ${PUSHIMAGE}:latest
-                    docker push ${PUSHIMAGE}:${META_TAG}
-                    docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG}
-                    if [ -n "${SEMVER}" ]; then
-                     docker push ${PUSHIMAGE}:${SEMVER}
-                    fi
+        retry_backoff(5,5) {
+          sh '''#! /bin/bash
+                set -e
+                for PUSHIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
+                  [[ ${PUSHIMAGE%%/*} =~ \\. ]] && PUSHIMAGEPLUS="${PUSHIMAGE}" || PUSHIMAGEPLUS="docker.io/${PUSHIMAGE}"
+                  IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                  for i in "${CACHE[@]}"; do
+                      if [[ "${PUSHIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then
+                          CACHEIMAGE=${i}
+                      fi
                   done
-               '''
-          }
+                  docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${META_TAG} -t ${PUSHIMAGE}:latest -t ${PUSHIMAGE}:${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
+                    { if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
+                  if [ -n "${SEMVER}" ]; then
+                    docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
+                      { if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
+                  fi
+                done
+              '''
         }
       }
     }
@@ -710,85 +955,41 @@ pipeline {
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
-        withCredentials([
-          [
-            $class: 'UsernamePasswordMultiBinding',
-            credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
-            usernameVariable: 'DOCKERUSER',
-            passwordVariable: 'DOCKERPASS'
-          ],
-          [
-            $class: 'UsernamePasswordMultiBinding',
-            credentialsId: 'Quay.io-Robot',
-            usernameVariable: 'QUAYUSER',
-            passwordVariable: 'QUAYPASS'
-          ]
-        ]) {
-          retry(5) {
-            sh '''#! /bin/bash
-                  set -e
-                  echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
-                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
-                  echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
-                  echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
-                  if [ "${CI}" == "false" ]; then
-                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
-                    docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
-                  fi
-                  for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
-                    docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
-                    docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
-                    docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
-                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
-                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
-                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
-                    if [ -n "${SEMVER}" ]; then
-                      docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
-                      docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
-                    fi
-                    docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
-                    docker push ${MANIFESTIMAGE}:amd64-latest
-                    docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:arm64v8-latest
-                    docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
-                    if [ -n "${SEMVER}" ]; then
-                      docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
-                      docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER}
-                    fi
-                    docker manifest push --purge ${MANIFESTIMAGE}:latest || :
-                    docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest
-                    docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8
-                    docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || :
-                    docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
-                    docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8
-                    docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} || :
-                    docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
-                    docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8
-                    if [ -n "${SEMVER}" ]; then
-                      docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || :
-                      docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
-                      docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8
-                    fi
-                    token=$(curl -sX GET "https://ghcr.io/token?scope=repository%3Alinuxserver%2F${CONTAINER_NAME}%3Apull" | jq -r '.token')
-                    digest=$(curl -s \
-                      --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-                      --header "Authorization: Bearer ${token}" \
-                      "https://ghcr.io/v2/linuxserver/${CONTAINER_NAME}/manifests/arm32v7-latest")
-                    if [[ $(echo "$digest" | jq -r '.layers') != "null" ]]; then
-                      docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest || :
-                      docker manifest create ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:amd64-latest
-                      docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest
-                    fi
-                    docker manifest push --purge ${MANIFESTIMAGE}:latest
-                    docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} 
-                    docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} 
-                    if [ -n "${SEMVER}" ]; then
-                      docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} 
-                    fi
+        retry_backoff(5,5) {
+          sh '''#! /bin/bash
+                set -e
+                for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
+                  [[ ${MANIFESTIMAGE%%/*} =~ \\. ]] && MANIFESTIMAGEPLUS="${MANIFESTIMAGE}" || MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}"
+                  IFS=',' read -ra CACHE <<< "$BUILDCACHE"
+                  for i in "${CACHE[@]}"; do
+                      if [[ "${MANIFESTIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then
+                          CACHEIMAGE=${i}
+                      fi
                   done
-               '''
-          }
+                  docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${META_TAG} -t ${MANIFESTIMAGE}:amd64-latest -t ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
+                    { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
+                  docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${META_TAG} -t ${MANIFESTIMAGE}:arm64v8-latest -t ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \
+                    { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
+                  if [ -n "${SEMVER}" ]; then
+                    docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
+                      { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
+                    docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${SEMVER} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \
+                      { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
+                  fi
+                done
+                for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
+                  docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest || \
+                    { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
+                  docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} || \
+                    { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
+                  docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} || \
+                    { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
+                  if [ -n "${SEMVER}" ]; then
+                    docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} || \
+                      { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
+                  fi
+                done
+              '''
         }
       }
     }
@@ -803,23 +1004,41 @@ pipeline {
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
-        echo "Pushing New tag for current commit ${META_TAG}"
-        sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \
-        -d '{"tag":"'${META_TAG}'",\
-             "object": "'${COMMIT_SHA}'",\
-             "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to main",\
-             "type": "commit",\
-             "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
-        echo "Pushing New release for Tag"
         sh '''#! /bin/bash
+              echo "Auto-generating release notes"
+              if [ "$(git tag --points-at HEAD)" != "" ]; then
+                echo "Existing tag points to current commit, suggesting no new LS changes"
+                AUTO_RELEASE_NOTES="No changes"
+              else
+                AUTO_RELEASE_NOTES=$(curl -fsL -H "Authorization: token ${GITHUB_TOKEN}" -H "Accept: application/vnd.github+json" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases/generate-notes  \
+                  -d '{"tag_name":"'${META_TAG}'",\
+                      "target_commitish": "main"}' \
+                  | jq -r '.body' | sed 's|## What.s Changed||')
+              fi
+              echo "Pushing New tag for current commit ${META_TAG}"
+              curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \
+                -d '{"tag":"'${META_TAG}'",\
+                  "object": "'${COMMIT_SHA}'",\
+                  "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to main",\
+                  "type": "commit",\
+                  "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}'
+              echo "Pushing New release for Tag"
               echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json
-              echo '{"tag_name":"'${META_TAG}'",\
-                     "target_commitish": "main",\
-                     "name": "'${META_TAG}'",\
-                     "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start
-              printf '","draft": false,"prerelease": false}' >> releasebody.json
-              paste -d'\\0' start releasebody.json > releasebody.json.done
-              curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''
+              jq -n \
+                --arg tag_name "$META_TAG" \
+                --arg target_commitish "main" \
+                --arg ci_url "${CI_URL:-N/A}" \
+                --arg ls_notes "$AUTO_RELEASE_NOTES" \
+                --arg remote_notes "$(cat releasebody.json)" \
+                '{
+                  "tag_name": $tag_name,
+                  "target_commitish": $target_commitish,
+                  "name": $tag_name,
+                  "body": ("**CI Report:**\\n\\n" + $ci_url + "\\n\\n**LinuxServer Changes:**\\n\\n" + $ls_notes + "\\n\\n**Remote Changes:**\\n\\n" + $remote_notes),
+                  "draft": false,
+                  "prerelease": false                }' > releasebody.json.done
+              curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done
+        '''
       }
     }
     // Add protection to the release branch
@@ -857,39 +1076,6 @@ EOF
           ) '''
       }
     }
-    // Use helper container to sync the current README on master to the dockerhub endpoint
-    stage('Sync-README') {
-      when {
-        environment name: 'CHANGE_ID', value: ''
-        environment name: 'EXIT_STATUS', value: ''
-      }
-      steps {
-        withCredentials([
-          [
-            $class: 'UsernamePasswordMultiBinding',
-            credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
-            usernameVariable: 'DOCKERUSER',
-            passwordVariable: 'DOCKERPASS'
-          ]
-        ]) {
-          sh '''#! /bin/bash
-                set -e
-                TEMPDIR=$(mktemp -d)
-                docker pull ghcr.io/linuxserver/jenkins-builder:latest
-                docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest
-                docker pull ghcr.io/linuxserver/readme-sync
-                docker run --rm=true \
-                  -e DOCKERHUB_USERNAME=$DOCKERUSER \
-                  -e DOCKERHUB_PASSWORD=$DOCKERPASS \
-                  -e GIT_REPOSITORY=${LS_USER}/${LS_REPO} \
-                  -e DOCKER_REPOSITORY=${IMAGE} \
-                  -e GIT_BRANCH=master \
-                  -v ${TEMPDIR}/docker-${CONTAINER_NAME}:/mnt \
-                  ghcr.io/linuxserver/readme-sync bash -c 'node sync'
-                rm -Rf ${TEMPDIR} '''
-        }
-      }
-    }
     // If this is a Pull request send the CI link as a comment on it
     stage('Pull Request Comment') {
       when {
@@ -974,32 +1160,94 @@ EOF
      ###################### */
   post {
     always {
+      sh '''#!/bin/bash
+            rm -rf /config/.ssh/id_sign
+            rm -rf /config/.ssh/id_sign.pub
+            git config --global --unset gpg.format
+            git config --global --unset user.signingkey
+            git config --global --unset commit.gpgsign
+        '''
       script{
+        env.JOB_DATE = sh(
+            script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''',
+            returnStdout: true).trim()
         if (env.EXIT_STATUS == "ABORTED"){
           sh 'echo "build aborted"'
-        }
-        else if (currentBuild.currentResult == "SUCCESS"){
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\
-                 "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
-                 "username": "Jenkins"}' ${BUILDS_DISCORD} '''
-        }
-        else {
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\
-                 "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
+        }else{
+          if (currentBuild.currentResult == "SUCCESS"){
+            if (env.GITHUBIMAGE =~ /lspipepr/){
+              env.JOB_WEBHOOK_STATUS='Success'
+              env.JOB_WEBHOOK_COLOUR=3957028
+              env.JOB_WEBHOOK_FOOTER='PR Build'
+            }else if (env.GITHUBIMAGE =~ /lsiodev/){
+              env.JOB_WEBHOOK_STATUS='Success'
+              env.JOB_WEBHOOK_COLOUR=3957028
+              env.JOB_WEBHOOK_FOOTER='Dev Build'
+            }else{
+              env.JOB_WEBHOOK_STATUS='Success'
+              env.JOB_WEBHOOK_COLOUR=1681177
+              env.JOB_WEBHOOK_FOOTER='Live Build'
+            }
+          }else{
+            if (env.GITHUBIMAGE =~ /lspipepr/){
+              env.JOB_WEBHOOK_STATUS='Failure'
+              env.JOB_WEBHOOK_COLOUR=12669523
+              env.JOB_WEBHOOK_FOOTER='PR Build'
+            }else if (env.GITHUBIMAGE =~ /lsiodev/){
+              env.JOB_WEBHOOK_STATUS='Failure'
+              env.JOB_WEBHOOK_COLOUR=12669523
+              env.JOB_WEBHOOK_FOOTER='Dev Build'
+            }else{
+              env.JOB_WEBHOOK_STATUS='Failure'
+              env.JOB_WEBHOOK_COLOUR=16711680
+              env.JOB_WEBHOOK_FOOTER='Live Build'
+            }
+          }
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"'color'": '${JOB_WEBHOOK_COLOUR}',\
+                 "footer": {"text" : "'"${JOB_WEBHOOK_FOOTER}"'"},\
+                 "timestamp": "'${JOB_DATE}'",\
+                 "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  '${JOB_WEBHOOK_STATUS}'\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                  "username": "Jenkins"}' ${BUILDS_DISCORD} '''
         }
       }
     }
     cleanup {
       sh '''#! /bin/bash
-            echo "Performing docker system prune!!"
-            containers=$(docker ps -aq)
+            echo "Pruning builder!!"
+            docker builder prune -f --builder container || :
+            containers=$(docker ps -q)
             if [[ -n "${containers}" ]]; then
-              docker stop ${containers}
+              BUILDX_CONTAINER_ID=$(docker ps -qf 'name=buildx_buildkit')
+              for container in ${containers}; do
+                if [[ "${container}" == "${BUILDX_CONTAINER_ID}" ]]; then
+                  echo "skipping buildx container in docker stop"
+                else
+                  echo "Stopping container ${container}"
+                  docker stop ${container}
+                fi
+              done
             fi
-            docker system prune -af --volumes || :
+            docker system prune -f --volumes || :
+            docker image prune -af || :
          '''
       cleanWs()
     }
   }
 }
+
+def retry_backoff(int max_attempts, int power_base, Closure c) {
+  int n = 0
+  while (n < max_attempts) {
+    try {
+      c()
+      return
+    } catch (err) {
+      if ((n + 1) >= max_attempts) {
+        throw err
+      }
+      sleep(power_base ** n)
+      n++
+    }
+  }
+  return
+}

README.md

@@ -3,9 +3,8 @@
 [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io)
 
 [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!")
-[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://discord.gg/YWrKVTn "realtime support / chat with the community and the team.")
+[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://linuxserver.io/discord "realtime support / chat with the community and the team.")
 [![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.")
-[![Fleet](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Fleet)](https://fleet.linuxserver.io "an online web interface which displays all of our maintained images.")
 [![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.")
 [![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget")
 
@@ -20,15 +19,14 @@ The [LinuxServer.io](https://linuxserver.io) team brings you another container r
 Find us at:
 
 * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more!
-* [Discord](https://discord.gg/YWrKVTn) - realtime support / chat with the community and the team.
+* [Discord](https://linuxserver.io/discord) - realtime support / chat with the community and the team.
 * [Discourse](https://discourse.linuxserver.io) - post on our community forum.
-* [Fleet](https://fleet.linuxserver.io) - an online web interface which displays all of our maintained images.
 * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories.
 * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget
 
 # [linuxserver/phpmyadmin](https://github.com/linuxserver/docker-phpmyadmin)
 
-[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fphpmyadmin?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh/gateway/linuxserver-ci/docker/linuxserver%2Fphpmyadmin)
+[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fphpmyadmin?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh)
 [![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-phpmyadmin.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-phpmyadmin)
 [![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-phpmyadmin.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-phpmyadmin/releases)
 [![GitHub Package Repository](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub%20Package&logo=github)](https://github.com/linuxserver/docker-phpmyadmin/packages)
@@ -55,7 +53,6 @@ The architectures supported by this image are:
 | :----: | :----: | ---- |
 | x86-64 | ✅ | amd64-\<version tag\> |
 | arm64 | ✅ | arm64v8-\<version tag\> |
-| armhf | ❌ | |
 
 ## Application Setup
 
@@ -65,15 +62,34 @@ We support all of the official [environment variables](https://docs.phpmyadmin.n
 
 For more information check out the [phpmyadmin documentation](https://www.phpmyadmin.net/docs/).
 
+## Read-Only Operation
+
+This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/).
+
+### Caveats
+
+* `/tmp` must be mounted to tmpfs
+* Custom themes are not supported
+
+## Non-Root Operation
+
+This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/).
+
+### Caveats
+
+* Custom themes are not supported
+
 ## Usage
 
 To help you get started creating a container from this image you can either use docker-compose or the docker cli.
 
+>[!NOTE]
+>Unless a parameter is flagged as 'optional', it is *mandatory* and a value must be provided.
+
 ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
 
 ```yaml
 ---
-version: "2.1"
 services:
   phpmyadmin:
     image: lscr.io/linuxserver/phpmyadmin:latest
@@ -113,13 +129,15 @@ Containers are configured using parameters passed at runtime (such as those abov
 
 | Parameter | Function |
 | :----: | --- |
-| `-p 80` | Port for web frontend |
+| `-p 80:80` | Port for web frontend |
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
 | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
 | `-e PMA_ARBITRARY=1` | Set to `1` to allow you to connect to any server. Setting to `0` will only allow you to connect to specified hosts (See Application Setup) |
 | `-e PMA_ABSOLUTE_URI=https://phpmyadmin.example.com` | Set the URL you will use to access the web frontend |
 | `-v /config` | Persistent config files |
+| `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). |
+| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). |
 
 ## Environment variables from files (Docker secrets)
 
@@ -190,7 +208,7 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to
 
 ## Updating Info
 
-Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (ie. nextcloud, plex), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image.
+Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (noted in the relevant readme.md), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image.
 
 Below are the instructions for updating containers:
 
@@ -255,24 +273,10 @@ Below are the instructions for updating containers:
     docker image prune
     ```
 
-### Via Watchtower auto-updater (only use if you don't remember the original parameters)
-
-* Pull the latest image at its tag and replace it with the same env variables in one run:
-
-    ```bash
-    docker run --rm \
-      -v /var/run/docker.sock:/var/run/docker.sock \
-      containrrr/watchtower \
-      --run-once phpmyadmin
-    ```
-
-* You can also remove the old dangling images: `docker image prune`
-
-**warning**: We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose).
-
 ### Image Update Notifications - Diun (Docker Image Update Notifier)
 
-**tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
+>[!TIP]
+>We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
 
 ## Building locally
 
@@ -287,16 +291,22 @@ docker build \
   -t lscr.io/linuxserver/phpmyadmin:latest .
 ```
 
-The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static`
+The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static`
 
 ```bash
-docker run --rm --privileged multiarch/qemu-user-static:register --reset
+docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset
 ```
 
 Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`.
 
 ## Versions
 
+* **28.12.25:** - Rebase to Alpine 3.23.
+* **23.08.25:** - Add support for mTLS. Existing users will need to delete their config.inc.php and restart the container.
+* **05.07.25:** - Rebase to Alpine 3.22.
+* **19.12.24:** - Rebase to Alpine 3.21.
+* **27.05.24:** - Existing users should update their nginx confs to avoid http2 deprecation warnings.
+* **24.05.24:** - Rebase to Alpine 3.20.
 * **28.12.23:** - Rebase to Alpine 3.19 with php 8.3.
 * **25.12.23:** - Existing users should update: site-confs/default.conf - Cleanup default site conf.
 * **06.09.23:** - Add support for custom themes.

jenkins-vars.yml

@@ -7,7 +7,6 @@ custom_version_command: "curl -sL 'https://www.phpmyadmin.net/home_page/version.
 release_type: stable
 release_tag: latest
 ls_branch: main
-build_armhf: false
 repo_vars:
   - EXT_GIT_BRANCH = 'master'
   - EXT_USER = 'phpmyadmin'
@@ -25,8 +24,7 @@ repo_vars:
   - CI_WEB='true'
   - CI_PORT='80'
   - CI_SSL='false'
-  - CI_DELAY='120'
-  - CI_DOCKERENV='TZ=US/Pacific'
+  - CI_DELAY='60'
+  - CI_DOCKERENV=''
   - CI_AUTH=''
   - CI_WEBPATH=''
-  

package_versions.txt

@@ -1,168 +1,174 @@
-NAME                              VERSION                TYPE         
-alpine-baselayout                 3.4.3-r2               apk           
-alpine-baselayout-data            3.4.3-r2               apk           
-alpine-keys                       2.4-r1                 apk           
-alpine-release                    3.19.0-r0              apk           
-aom-libs                          3.7.1-r0               apk           
-apache2-utils                     2.4.58-r1              apk           
-apk-tools                         2.14.0-r5              apk           
-apr                               1.7.4-r0               apk           
-apr-util                          1.6.3-r1               apk           
-argon2-libs                       20190702-r5            apk           
-bacon/bacon-qr-code               2.0.8                  php-composer  
-bash                              5.2.21-r0              apk           
-beberlei/assert                   v3.3.2                 php-composer  
-brick/math                        0.8.17                 php-composer  
-brotli-libs                       1.1.0-r1               apk           
-busybox                           1.36.1-r15             apk           
-busybox-binsh                     1.36.1-r15             apk           
-c-ares                            1.22.1-r0              apk           
-ca-certificates                   20230506-r0            apk           
-ca-certificates-bundle            20230506-r0            apk           
-code-lts/u2f-php-server           v1.2.1                 php-composer  
-composer                          2.6.6                  binary        
-composer/ca-bundle                1.3.5                  php-composer  
-coreutils                         9.4-r1                 apk           
-coreutils-env                     9.4-r1                 apk           
-coreutils-fmt                     9.4-r1                 apk           
-coreutils-sha512sum               9.4-r1                 apk           
-curl                              8.5.0-r0               apk           
-dasprid/enum                      1.0.3                  php-composer  
-fgrosse/phpasn1                   v2.5.0                 php-composer  
-fig/http-message-util             1.1.5                  php-composer  
-freetype                          2.13.2-r0              apk           
-git                               2.43.0-r0              apk           
-google/recaptcha                  1.2.4                  php-composer  
-hiredis                           1.2.0-r0               apk           
-jq                                1.7.1-r0               apk           
-league/uri                        6.4.0                  php-composer  
-league/uri-interfaces             2.3.0                  php-composer  
-libacl                            2.3.1-r4               apk           
-libattr                           2.5.1-r5               apk           
-libavif                           1.0.3-r0               apk           
-libbsd                            0.11.7-r3              apk           
-libbz2                            1.0.8-r6               apk           
-libc-utils                        0.7.2-r5               apk           
-libcrypto3                        3.1.4-r2               apk           
-libcurl                           8.5.0-r0               apk           
-libdav1d                          1.3.0-r0               apk           
-libedit                           20230828.3.1-r3        apk           
-libexpat                          2.5.0-r2               apk           
-libgcc                            13.2.1_git20231014-r0  apk           
-libice                            1.1.1-r5               apk           
-libidn2                           2.3.4-r4               apk           
-libintl                           0.22.3-r0              apk           
-libjpeg-turbo                     3.0.1-r0               apk           
-libmd                             1.1.0-r0               apk           
-libncursesw                       6.4_p20231125-r0       apk           
-libpng                            1.6.40-r0              apk           
-libproc2                          4.0.4-r0               apk           
-libsharpyuv                       1.3.2-r0               apk           
-libsm                             1.2.4-r3               apk           
-libssl3                           3.1.4-r2               apk           
-libunistring                      1.1-r2                 apk           
-libuuid                           2.39.3-r0              apk           
-libwebp                           1.3.2-r0               apk           
-libx11                            1.8.7-r0               apk           
-libxau                            1.0.11-r3              apk           
-libxcb                            1.16-r0                apk           
-libxdmcp                          1.1.4-r3               apk           
-libxext                           1.3.5-r3               apk           
-libxml2                           2.11.6-r0              apk           
-libxpm                            3.5.17-r0              apk           
-libxt                             1.3.0-r4               apk           
-libzip                            1.10.1-r0              apk           
-linux-pam                         1.5.3-r7               apk           
-logrotate                         3.21.0-r1              apk           
-musl                              1.2.4_git20230717-r4   apk           
-musl-utils                        1.2.4_git20230717-r4   apk           
-nano                              7.2-r1                 apk           
-ncurses-terminfo-base             6.4_p20231125-r0       apk           
-netcat-openbsd                    1.226-r0               apk           
-nghttp2-libs                      1.58.0-r0              apk           
-nginx                             1.24.0-r14             apk           
-nikic/fast-route                  v1.3.0                 php-composer  
-oniguruma                         6.9.9-r0               apk           
-openssl                           3.1.4-r2               apk           
-paragonie/constant_time_encoding  v2.6.3                 php-composer  
-paragonie/random_compat           v9.99.100              php-composer  
-paragonie/sodium_compat           v1.19.0                php-composer  
-pcre                              8.45-r3                apk           
-pcre2                             10.42-r2               apk           
-php83                             8.3.1-r0               apk           
-php83-bz2                         8.3.1-r0               apk           
-php83-common                      8.3.1-r0               apk           
-php83-ctype                       8.3.1-r0               apk           
-php83-curl                        8.3.1-r0               apk           
-php83-dom                         8.3.1-r0               apk           
-php83-fileinfo                    8.3.1-r0               apk           
-php83-fpm                         8.3.1-r0               apk           
-php83-gd                          8.3.1-r0               apk           
-php83-iconv                       8.3.1-r0               apk           
-php83-mbstring                    8.3.1-r0               apk           
-php83-mysqli                      8.3.1-r0               apk           
-php83-mysqlnd                     8.3.1-r0               apk           
-php83-opcache                     8.3.1-r0               apk           
-php83-openssl                     8.3.1-r0               apk           
-php83-pecl-uploadprogress         2.0.2-r1               apk           
-php83-phar                        8.3.1-r0               apk           
-php83-session                     8.3.1-r0               apk           
-php83-simplexml                   8.3.1-r0               apk           
-php83-tokenizer                   8.3.1-r0               apk           
-php83-xml                         8.3.1-r0               apk           
-php83-xmlwriter                   8.3.1-r0               apk           
-php83-zip                         8.3.1-r0               apk           
-phpmyadmin                        5.2.1                  npm           
-phpmyadmin/motranslator           5.3.0                  php-composer  
-phpmyadmin/shapefile              3.0.1                  php-composer  
-phpmyadmin/sql-parser             5.7.0                  php-composer  
-phpmyadmin/twig-i18n-extension    v4.0.1                 php-composer  
-popt                              1.19-r3                apk           
-pragmarx/google2fa                v8.0.1                 php-composer  
-pragmarx/google2fa-qrcode         v2.1.1                 php-composer  
-procps-ng                         4.0.4-r0               apk           
-psr/cache                         1.0.1                  php-composer  
-psr/container                     1.1.1                  php-composer  
-psr/http-client                   1.0.1                  php-composer  
-psr/http-factory                  1.0.1                  php-composer  
-psr/http-message                  1.0.1                  php-composer  
-psr/log                           1.1.4                  php-composer  
-ralouphie/getallheaders           3.0.3                  php-composer  
-ramsey/collection                 1.1.4                  php-composer  
-ramsey/uuid                       4.2.3                  php-composer  
-readline                          8.2.1-r2               apk           
-scanelf                           1.3.7-r2               apk           
-shadow                            4.14.2-r0              apk           
-skalibs                           2.14.0.1-r0            apk           
-slim/psr7                         1.4                    php-composer  
-spomky-labs/base64url             v2.0.4                 php-composer  
-spomky-labs/cbor-php              v1.1.1                 php-composer  
-ssl_client                        1.36.1-r15             apk           
-symfony/cache                     v5.4.19                php-composer  
-symfony/cache-contracts           v2.5.2                 php-composer  
-symfony/config                    v5.4.19                php-composer  
-symfony/dependency-injection      v5.4.20                php-composer  
-symfony/deprecation-contracts     v2.5.2                 php-composer  
-symfony/expression-language       v5.4.19                php-composer  
-symfony/filesystem                v5.4.19                php-composer  
-symfony/polyfill-ctype            v1.27.0                php-composer  
-symfony/polyfill-mbstring         v1.27.0                php-composer  
-symfony/polyfill-php73            v1.27.0                php-composer  
-symfony/polyfill-php80            v1.27.0                php-composer  
-symfony/polyfill-php81            v1.27.0                php-composer  
-symfony/process                   v5.4.19                php-composer  
-symfony/service-contracts         v2.5.2                 php-composer  
-symfony/var-exporter              v5.4.19                php-composer  
-tecnickcom/tcpdf                  6.6.2                  php-composer  
-thecodingmachine/safe             v1.3.3                 php-composer  
-twig/twig                         v3.5.0                 php-composer  
-tzdata                            2023d-r0               apk           
-utmps-libs                        0.1.2.2-r0             apk           
-web-auth/cose-lib                 v3.3.12                php-composer  
-web-auth/metadata-service         v3.3.12                php-composer  
-web-auth/webauthn-lib             v3.3.12                php-composer  
-webmozart/assert                  1.11.0                 php-composer  
-williamdes/mariadb-mysql-kbs      v1.2.14                php-composer  
-xz-libs                           5.4.5-r0               apk           
-zlib                              1.3-r2                 apk           
-zstd-libs                         1.5.5-r8               apk           
+NAME                              VERSION               TYPE           
+acl-libs                          2.3.2-r1              apk             
+alpine-baselayout                 3.7.1-r8              apk             
+alpine-baselayout-data            3.7.1-r8              apk             
+alpine-keys                       2.6-r0                apk             
+alpine-release                    3.23.3-r0             apk             
+aom-libs                          3.13.1-r1             apk             
+apache2-utils                     2.4.66-r0             apk             
+apk-tools                         3.0.4-r0              apk             
+apr                               1.7.6-r0              apk             
+apr-util                          1.6.3-r2              apk             
+argon2-libs                       20190702-r5           apk             
+bacon/bacon-qr-code               2.0.8                 php-composer    
+bash                              5.3.3-r1              apk             
+beberlei/assert                   v3.3.3                php-composer    
+brick/math                        0.8.17                php-composer    
+brotli-libs                       1.2.0-r0              apk             
+busybox                           1.37.0-r30            apk             
+busybox-binsh                     1.37.0-r30            apk             
+c-ares                            1.34.6-r0             apk             
+ca-certificates                   20251003-r0           apk             
+ca-certificates-bundle            20251003-r0           apk             
+catatonit                         0.2.1-r0              apk             
+code-lts/u2f-php-server           v1.2.2                php-composer    
+composer                          2.9.5                 binary          
+composer/ca-bundle                1.5.8                 php-composer    
+coreutils                         9.8-r1                apk             
+coreutils-env                     9.8-r1                apk             
+coreutils-fmt                     9.8-r1                apk             
+coreutils-sha512sum               9.8-r1                apk             
+curl                              8.17.0-r1             apk             
+dasprid/enum                      1.0.7                 php-composer    
+fgrosse/phpasn1                   v2.5.0                php-composer    
+fig/http-message-util             1.1.5                 php-composer    
+findutils                         4.10.0-r0             apk             
+freetype                          2.14.1-r0             apk             
+git                               2.52.0-r0             apk             
+git-init-template                 2.52.0-r0             apk             
+google/recaptcha                  1.2.4                 php-composer    
+jq                                1.8.1-r0              apk             
+league/uri                        6.4.0                 php-composer    
+league/uri-interfaces             2.3.0                 php-composer    
+libapk                            3.0.4-r0              apk             
+libattr                           2.5.2-r2              apk             
+libavif                           1.3.0-r0              apk             
+libbsd                            0.12.2-r0             apk             
+libbz2                            1.0.8-r6              apk             
+libcrypto3                        3.5.5-r0              apk             
+libcurl                           8.17.0-r1             apk             
+libdav1d                          1.5.2-r0              apk             
+libedit                           20251016.3.1-r0       apk             
+libexpat                          2.7.4-r0              apk             
+libgcc                            15.2.0-r2             apk             
+libice                            1.1.2-r0              apk             
+libidn2                           2.3.8-r0              apk             
+libintl                           0.24.1-r1             apk             
+libjpeg-turbo                     3.1.2-r0              apk             
+libmd                             1.1.0-r0              apk             
+libncursesw                       6.5_p20251123-r0      apk             
+libpng                            1.6.54-r0             apk             
+libproc2                          4.0.5-r0              apk             
+libpsl                            0.21.5-r3             apk             
+libsharpyuv                       1.6.0-r0              apk             
+libsm                             1.2.6-r0              apk             
+libssl3                           3.5.5-r0              apk             
+libstdc++                         15.2.0-r2             apk             
+libunistring                      1.4.1-r0              apk             
+libuuid                           2.41.2-r0             apk             
+libwebp                           1.6.0-r0              apk             
+libx11                            1.8.12-r1             apk             
+libxau                            1.0.12-r0             apk             
+libxcb                            1.17.0-r1             apk             
+libxdmcp                          1.1.5-r1              apk             
+libxext                           1.3.6-r2              apk             
+libxml2                           2.13.9-r0             apk             
+libxpm                            3.5.17-r0             apk             
+libxt                             1.3.1-r0              apk             
+libyuv                            0.0.1887.20251502-r1  apk             
+libzip                            1.11.4-r1             apk             
+linux-pam                         1.7.1-r2              apk             
+logrotate                         3.22.0-r0             apk             
+musl                              1.2.5-r21             apk             
+musl-utils                        1.2.5-r21             apk             
+nano                              8.7-r0                apk             
+ncurses-terminfo-base             6.5_p20251123-r0      apk             
+netcat-openbsd                    1.234.1-r0            apk             
+nghttp2-libs                      1.68.0-r0             apk             
+nghttp3                           1.13.1-r0             apk             
+nginx                             1.28.2-r0             apk             
+nikic/fast-route                  v1.3.0                php-composer    
+oniguruma                         6.9.10-r0             apk             
+openssl                           3.5.5-r0              apk             
+paragonie/constant_time_encoding  v2.8.2                php-composer    
+paragonie/random_compat           v9.99.100             php-composer    
+paragonie/sodium_compat           v1.23.0               php-composer    
+pcre2                             10.47-r0              apk             
+php85                             8.5.2-r0              apk             
+php85-bz2                         8.5.2-r0              apk             
+php85-common                      8.5.2-r0              apk             
+php85-ctype                       8.5.2-r0              apk             
+php85-curl                        8.5.2-r0              apk             
+php85-dom                         8.5.2-r0              apk             
+php85-fileinfo                    8.5.2-r0              apk             
+php85-fpm                         8.5.2-r0              apk             
+php85-gd                          8.5.2-r0              apk             
+php85-iconv                       8.5.2-r0              apk             
+php85-mbstring                    8.5.2-r0              apk             
+php85-mysqli                      8.5.2-r0              apk             
+php85-mysqlnd                     8.5.2-r0              apk             
+php85-openssl                     8.5.2-r0              apk             
+php85-pecl-uploadprogress         2.0.2-r1              apk             
+php85-phar                        8.5.2-r0              apk             
+php85-session                     8.5.2-r0              apk             
+php85-simplexml                   8.5.2-r0              apk             
+php85-tokenizer                   8.5.2-r0              apk             
+php85-xml                         8.5.2-r0              apk             
+php85-xmlwriter                   8.5.2-r0              apk             
+php85-zip                         8.5.2-r0              apk             
+phpmyadmin                        5.2.3                 npm             
+phpmyadmin/motranslator           5.4.0                 php-composer    
+phpmyadmin/shapefile              3.0.2                 php-composer    
+phpmyadmin/sql-parser             5.11.1                php-composer    
+phpmyadmin/twig-i18n-extension    4.1.5                 php-composer    
+popt                              1.19-r4               apk             
+pragmarx/google2fa                v9.0.0                php-composer    
+pragmarx/google2fa-qrcode         v2.1.1                php-composer    
+procps-ng                         4.0.5-r0              apk             
+psr/cache                         1.0.1                 php-composer    
+psr/container                     1.1.1                 php-composer    
+psr/http-client                   1.0.3                 php-composer    
+psr/http-factory                  1.1.0                 php-composer    
+psr/http-message                  1.1                   php-composer    
+psr/log                           1.1.4                 php-composer    
+ralouphie/getallheaders           3.0.3                 php-composer    
+ramsey/collection                 1.1.4                 php-composer    
+ramsey/uuid                       4.2.3                 php-composer    
+readline                          8.3.1-r0              apk             
+scanelf                           1.3.8-r2              apk             
+shadow                            4.18.0-r0             apk             
+skalibs-libs                      2.14.4.0-r0           apk             
+slim/psr7                         1.4.2                 php-composer    
+spomky-labs/base64url             v2.0.4                php-composer    
+spomky-labs/cbor-php              v1.1.1                php-composer    
+ssl_client                        1.37.0-r30            apk             
+symfony/cache                     v5.4.46               php-composer    
+symfony/cache-contracts           v2.5.4                php-composer    
+symfony/config                    v5.4.46               php-composer    
+symfony/dependency-injection      v5.4.48               php-composer    
+symfony/deprecation-contracts     v2.5.4                php-composer    
+symfony/expression-language       v5.4.45               php-composer    
+symfony/filesystem                v5.4.45               php-composer    
+symfony/polyfill-ctype            v1.33.0               php-composer    
+symfony/polyfill-iconv            v1.33.0               php-composer    
+symfony/polyfill-mbstring         v1.33.0               php-composer    
+symfony/polyfill-php73            v1.33.0               php-composer    
+symfony/polyfill-php80            v1.33.0               php-composer    
+symfony/polyfill-php81            v1.33.0               php-composer    
+symfony/polyfill-php84            v1.33.0               php-composer    
+symfony/process                   v5.4.47               php-composer    
+symfony/service-contracts         v2.5.4                php-composer    
+symfony/var-exporter              v5.4.45               php-composer    
+tecnickcom/tcpdf                  6.10.0                php-composer    
+thecodingmachine/safe             v1.3.3.1              php-composer    
+twig/twig                         v3.11.3               php-composer    
+tzdata                            2025c-r0              apk             
+utmps-libs                        0.1.3.1-r0            apk             
+web-auth/cose-lib                 v3.3.12               php-composer    
+web-auth/metadata-service         v3.3.12               php-composer    
+web-auth/webauthn-lib             v3.3.12               php-composer    
+webmozart/assert                  1.11.0                php-composer    
+williamdes/mariadb-mysql-kbs      v1.3.0                php-composer    
+xz-libs                           5.8.2-r0              apk             
+zlib                              1.3.1-r2              apk             
+zstd-libs                         1.5.7-r2              apk             

readme-vars.yml

@@ -6,36 +6,34 @@ project_url: "https://github.com/phpmyadmin/phpmyadmin/"
 project_logo: "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/phpmyadmin-logo.png"
 project_blurb: |
   [{{ project_name|capitalize }}]({{ project_url }}) is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB.
-
 project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}"
-
+project_categories: "Databases"
 # supported architectures
 available_architectures:
-  - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
-  - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
-
+  - {arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
+  - {arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
 # container parameters
 common_param_env_vars_enabled: true
 param_container_name: "{{ project_name }}"
-
-param_usage_include_env: true
-param_env_vars:
-  - { env_var: "TZ", env_value: "America/New_York", desc: "Specify a timezone to use EG America/New_York"}
-
+param_usage_include_env: false
 opt_param_usage_include_env: true
 opt_param_env_vars:
-  - { env_var: "PMA_ARBITRARY", env_value: "1", desc: "Set to `1` to allow you to connect to any server. Setting to `0` will only allow you to connect to specified hosts (See Application Setup)"}
-  - { env_var: "PMA_ABSOLUTE_URI", env_value: "https://phpmyadmin.example.com", desc: "Set the URL you will use to access the web frontend"}
-
+  - {env_var: "PMA_ARBITRARY", env_value: "1", desc: "Set to `1` to allow you to connect to any server. Setting to `0` will only allow you to connect to specified hosts (See Application Setup)"}
+  - {env_var: "PMA_ABSOLUTE_URI", env_value: "https://phpmyadmin.example.com", desc: "Set the URL you will use to access the web frontend"}
 param_usage_include_ports: true
 param_ports:
-  - { external_port: "80", internal_port: "80", port_desc: "Port for web frontend" }
-
+  - {external_port: "80", internal_port: "80", port_desc: "Port for web frontend"}
 param_usage_include_vols: true
 param_volumes:
-  - { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files" }
-
+  - {vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files"}
 # application setup block
+readonly_supported: true
+readonly_message: |
+  * `/tmp` must be mounted to tmpfs
+  * Custom themes are not supported
+nonroot_supported: true
+nonroot_message: |
+  * Custom themes are not supported
 app_setup_block_enabled: true
 app_setup_block: |
   This image uses nginx, in contrast to the official images which offer fpm-only or Apache variants.
@@ -43,16 +41,73 @@ app_setup_block: |
   We support all of the official [environment variables](https://docs.phpmyadmin.net/en/latest/setup.html#docker-environment-variables) for configuration as well as directly editing the config files.
 
   For more information check out the [phpmyadmin documentation](https://www.phpmyadmin.net/docs/).
-
+# init diagram
+init_diagram: |
+  "phpmyadmin:latest": {
+    docker-mods
+    base {
+      fix-attr +\nlegacy cont-init
+    }
+    docker-mods -> base
+    legacy-services
+    custom services
+    init-services -> legacy-services
+    init-services -> custom services
+    custom services -> legacy-services
+    legacy-services -> ci-service-check
+    init-migrations -> init-adduser
+    init-nginx-end -> init-config
+    init-os-end -> init-config
+    init-config -> init-config-end
+    init-crontab-config -> init-config-end
+    init-phpmyadmin-config -> init-config-end
+    init-config -> init-crontab-config
+    init-mods-end -> init-custom-files
+    init-adduser -> init-device-perms
+    base -> init-envfile
+    init-os-end -> init-folders
+    init-php -> init-keygen
+    base -> init-migrations
+    init-config-end -> init-mods
+    init-mods-package-install -> init-mods-end
+    init-mods -> init-mods-package-install
+    init-samples -> init-nginx
+    init-version-checks -> init-nginx-end
+    init-adduser -> init-os-end
+    init-device-perms -> init-os-end
+    init-envfile -> init-os-end
+    init-keygen -> init-permissions
+    init-nginx -> init-php
+    init-nginx-end -> init-phpmyadmin-config
+    init-folders -> init-samples
+    init-custom-files -> init-services
+    init-permissions -> init-version-checks
+    init-services -> svc-cron
+    svc-cron -> legacy-services
+    init-services -> svc-nginx
+    svc-nginx -> legacy-services
+    init-services -> svc-php-fpm
+    svc-php-fpm -> legacy-services
+  }
+  Base Images: {
+    "baseimage-alpine-nginx:3.23" <- "baseimage-alpine:3.23"
+  }
+  "phpmyadmin:latest" <- Base Images
 # changelog
 changelogs:
-  - { date: "28.12.23:", desc: "Rebase to Alpine 3.19 with php 8.3." }
-  - { date: "25.12.23:", desc: "Existing users should update: site-confs/default.conf - Cleanup default site conf." }
-  - { date: "06.09.23:", desc: "Add support for custom themes." }
-  - { date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf." }
-  - { date: "13.04.23:", desc: "Move ssl.conf include to default.conf." }
-  - { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." }
-  - { date: "18.11.22:", desc: "Rebasing to Alpine 3.16, migrate to s6v3." }
-  - { date: "20.08.22:", desc: "Rebasing to Alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base))." }
-  - { date: "23.01.22:", desc: "Pin versions to 5.x.x." }
-  - { date: "14.06.21:", desc: "Initial Release." }
+  - {date: "28.12.25:", desc: "Rebase to Alpine 3.23."}
+  - {date: "23.08.25:", desc: "Add support for mTLS. Existing users will need to delete their config.inc.php and restart the container."}
+  - {date: "05.07.25:", desc: "Rebase to Alpine 3.22."}
+  - {date: "19.12.24:", desc: "Rebase to Alpine 3.21."}
+  - {date: "27.05.24:", desc: "Existing users should update their nginx confs to avoid http2 deprecation warnings."}
+  - {date: "24.05.24:", desc: "Rebase to Alpine 3.20."}
+  - {date: "28.12.23:", desc: "Rebase to Alpine 3.19 with php 8.3."}
+  - {date: "25.12.23:", desc: "Existing users should update: site-confs/default.conf - Cleanup default site conf."}
+  - {date: "06.09.23:", desc: "Add support for custom themes."}
+  - {date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf."}
+  - {date: "13.04.23:", desc: "Move ssl.conf include to default.conf."}
+  - {date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1."}
+  - {date: "18.11.22:", desc: "Rebasing to Alpine 3.16, migrate to s6v3."}
+  - {date: "20.08.22:", desc: "Rebasing to Alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base))."}
+  - {date: "23.01.22:", desc: "Pin versions to 5.x.x."}
+  - {date: "14.06.21:", desc: "Initial Release."}

root/defaults/config.inc.php

@@ -2,10 +2,11 @@
 
 // Sourced from https://github.com/phpmyadmin/docker/blob/master/config.inc.php
 
-require('/config/phpmyadmin/config.secret.inc.php');
+require_once '/config/phpmyadmin/config.secret.inc.php';
+require_once '/config/phpmyadmin/helpers.php';
 
 /* Ensure we got the environment */
-$vars = array(
+$vars = [
     'PMA_ARBITRARY',
     'PMA_HOST',
     'PMA_HOSTS',
@@ -26,20 +27,45 @@ $vars = array(
     'PMA_QUERYHISTORYDB',
     'PMA_QUERYHISTORYMAX',
     'MAX_EXECUTION_TIME',
-    'MEMORY_LIMIT'
-);
+    'MEMORY_LIMIT',
+    'PMA_UPLOADDIR',
+    'PMA_SAVEDIR',
+    'PMA_SSL',
+    'PMA_SSLS',
+    'PMA_SSL_DIR',
+    'PMA_SSL_VERIFY',
+    'PMA_SSL_VERIFIES',
+    'PMA_SSL_CA',
+    'PMA_SSL_CAS',
+    'PMA_SSL_CA_BASE64',
+    'PMA_SSL_CAS_BASE64',
+    'PMA_SSL_KEY',
+    'PMA_SSL_KEYS',
+    'PMA_SSL_KEY_BASE64',
+    'PMA_SSL_KEYS_BASE64',
+    'PMA_SSL_CERT',
+    'PMA_SSL_CERTS',
+    'PMA_SSL_CERT_BASE64',
+    'PMA_SSL_CERTS_BASE64',
+];
+
 foreach ($vars as $var) {
     $env = getenv($var);
     if (!isset($_ENV[$var]) && $env !== false) {
         $_ENV[$var] = $env;
     }
 }
+
+if (! defined('PMA_SSL_DIR')) {
+    define('PMA_SSL_DIR', $_ENV['PMA_SSL_DIR'] ?? '/config/phpmyadmin/ssl');
+}
+
 if (isset($_ENV['PMA_QUERYHISTORYDB'])) {
-    $cfg['QueryHistoryDB'] = boolval($_ENV['PMA_QUERYHISTORYDB']);
+    $cfg['QueryHistoryDB'] = (bool) $_ENV['PMA_QUERYHISTORYDB'];
 }
 
 if (isset($_ENV['PMA_QUERYHISTORYMAX'])) {
-    $cfg['QueryHistoryMax'] = intval($_ENV['PMA_QUERYHISTORYMAX']);
+    $cfg['QueryHistoryMax'] = (int) $_ENV['PMA_QUERYHISTORYMAX'];
 }
 
 /* Arbitrary server connection */
@@ -52,29 +78,84 @@ if (isset($_ENV['PMA_ABSOLUTE_URI'])) {
     $cfg['PmaAbsoluteUri'] = trim($_ENV['PMA_ABSOLUTE_URI']);
 }
 
+if (isset($_ENV['PMA_SSL_CA_BASE64'])) {
+    $_ENV['PMA_SSL_CA'] = decodeBase64AndSaveFiles($_ENV['PMA_SSL_CA_BASE64'], 'phpmyadmin-ssl-CA', 'pem', PMA_SSL_DIR);
+}
+
+/* Decode and save the SSL key from base64 */
+if (isset($_ENV['PMA_SSL_KEY_BASE64'])) {
+    $_ENV['PMA_SSL_KEY'] = decodeBase64AndSaveFiles($_ENV['PMA_SSL_KEY_BASE64'], 'phpmyadmin-ssl-CERT', 'cert', PMA_SSL_DIR);
+}
+
+/* Decode and save the SSL certificate from base64 */
+if (isset($_ENV['PMA_SSL_CERT_BASE64'])) {
+    $_ENV['PMA_SSL_CERT'] = decodeBase64AndSaveFiles($_ENV['PMA_SSL_CERT_BASE64'], 'phpmyadmin-ssl-CERT', 'cert', PMA_SSL_DIR);
+}
+
+/* Decode and save multiple SSL CA certificates from base64 */
+if (isset($_ENV['PMA_SSL_CAS_BASE64'])) {
+    $_ENV['PMA_SSL_CAS'] = decodeBase64AndSaveFiles($_ENV['PMA_SSL_CAS_BASE64'], 'phpmyadmin-ssl-CA', 'pem', PMA_SSL_DIR);
+}
+
+/* Decode and save multiple SSL keys from base64 */
+if (isset($_ENV['PMA_SSL_KEYS_BASE64'])) {
+    $_ENV['PMA_SSL_KEYS'] = decodeBase64AndSaveFiles($_ENV['PMA_SSL_KEYS_BASE64'], 'phpmyadmin-ssl-CERT', 'cert', PMA_SSL_DIR);
+}
+
+/* Decode and save multiple SSL certificates from base64 */
+if (isset($_ENV['PMA_SSL_CERTS_BASE64'])) {
+    $_ENV['PMA_SSL_CERTS'] = decodeBase64AndSaveFiles($_ENV['PMA_SSL_CERTS_BASE64'], 'phpmyadmin-ssl-KEY', 'key', PMA_SSL_DIR);
+}
+
 /* Figure out hosts */
 
 /* Fallback to default linked */
-$hosts = array('db');
+$hosts = ['db'];
 
 /* Set by environment */
-if (!empty($_ENV['PMA_HOST'])) {
-    $hosts = array($_ENV['PMA_HOST']);
-    $verbose = array($_ENV['PMA_VERBOSE']);
-    $ports = array($_ENV['PMA_PORT']);
-} elseif (!empty($_ENV['PMA_HOSTS'])) {
+if (! empty($_ENV['PMA_HOST'])) {
+    $hosts = [$_ENV['PMA_HOST']];
+    $verbose = [$_ENV['PMA_VERBOSE']];
+    $ports = [$_ENV['PMA_PORT']];
+    $ssls = [$_ENV['PMA_SSL']];
+    $ssl_verifies = [$_ENV['PMA_SSL_VERIFY']];
+    $ssl_cas = [$_ENV['PMA_SSL_CA']];
+    $ssl_keys = [$_ENV['PMA_SSL_KEY']];
+    $ssl_certs = [$_ENV['PMA_SSL_CERT']];
+} elseif (! empty($_ENV['PMA_HOSTS'])) {
     $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS']));
     $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES']));
     $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS']));
+    $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS']));
+    $ssl_verifies = array_map('trim', explode(',', $_ENV['PMA_SSL_VERIFIES']));
+    $ssl_cas = array_map('trim', explode(',', $_ENV['PMA_SSL_CAS']));
+    $ssl_keys = array_map('trim', explode(',', $_ENV['PMA_SSL_KEYS']));
+    $ssl_certs = array_map('trim', explode(',', $_ENV['PMA_SSL_CERTS']));
 }
-if (!empty($_ENV['PMA_SOCKET'])) {
-    $sockets = array($_ENV['PMA_SOCKET']);
-} elseif (!empty($_ENV['PMA_SOCKETS'])) {
+
+if (! empty($_ENV['PMA_SOCKET'])) {
+    $sockets = [$_ENV['PMA_SOCKET']];
+} elseif (! empty($_ENV['PMA_SOCKETS'])) {
     $sockets = explode(',', $_ENV['PMA_SOCKETS']);
 }
 
 /* Server settings */
 for ($i = 1; isset($hosts[$i - 1]); $i++) {
+    if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') {
+        $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1];
+    }
+    if (isset($ssl_verifies[$i - 1]) && $ssl_verifies[$i - 1] === '1') {
+        $cfg['Servers'][$i]['ssl_verify'] = $ssl_verifies[$i - 1];
+    }
+    if (isset($ssl_cas[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_ca'] = $ssl_cas[$i - 1];
+    }
+    if (isset($ssl_keys[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_key'] = $ssl_keys[$i - 1];
+    }
+    if (isset($ssl_certs[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_cert'] = $ssl_certs[$i - 1];
+    }
     $cfg['Servers'][$i]['host'] = $hosts[$i - 1];
     if (isset($verbose[$i - 1])) {
         $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1];
@@ -126,9 +207,10 @@ for ($i = 1; isset($hosts[$i - 1]); $i++) {
     $cfg['Servers'][$i]['compress'] = false;
     $cfg['Servers'][$i]['AllowNoPassword'] = true;
 }
-for ($i = 1; isset($sockets[$i - 1]); $i++) {
-    $cfg['Servers'][$i]['socket'] = $sockets[$i - 1];
-    $cfg['Servers'][$i]['host'] = 'localhost';
+// Avoid overwriting the last server id $i, use another variable name
+for ($socketHostId = 1; isset($sockets[$socketHostId - 1]); $socketHostId++) {
+    $cfg['Servers'][$socketHostId]['socket'] = $sockets[$socketHostId - 1];
+    $cfg['Servers'][$socketHostId]['host'] = 'localhost';
 }
 /*
  * Revert back to last configured server to make
@@ -137,8 +219,13 @@ for ($i = 1; isset($sockets[$i - 1]); $i++) {
 $i--;
 
 /* Uploads setup */
-$cfg['UploadDir'] = '';
-$cfg['SaveDir'] = '';
+if (isset($_ENV['PMA_UPLOADDIR'])) {
+    $cfg['UploadDir'] = $_ENV['PMA_UPLOADDIR'];
+}
+
+if (isset($_ENV['PMA_SAVEDIR'])) {
+    $cfg['SaveDir'] = $_ENV['PMA_SAVEDIR'];
+}
 
 if (isset($_ENV['MAX_EXECUTION_TIME'])) {
     $cfg['ExecTimeLimit'] = $_ENV['MAX_EXECUTION_TIME'];
@@ -150,5 +237,12 @@ if (isset($_ENV['MEMORY_LIMIT'])) {
 
 /* Include User Defined Settings Hook */
 if (file_exists('/config/phpmyadmin/config.user.inc.php')) {
-    include('/config/phpmyadmin/config.user.inc.php');
+    include '/config/phpmyadmin/config.user.inc.php';
+}
+
+/* Support additional configurations */
+if (is_dir('/config/phpmyadmin/conf.d/')) {
+    foreach (glob('/config/phpmyadmin/conf.d/*.php') as $filename) {
+        include $filename;
+    }
 }

root/defaults/helpers.php

@@ -0,0 +1,53 @@
+<?php
+
+// Sourced from https://github.com/phpmyadmin/docker/blob/master/helpers.php
+
+declare(strict_types=1);
+
+/**
+ * Helper function to decode and save multiple SSL files from base64.
+ *
+ * @param string $base64FilesContents The base64 encoded string containing multiple files separated by commas.
+ *                                    If no commas are present, the entire string is treated as a single file.
+ * @param string $prefix              The prefix to use for the generated file names.
+ * @param string $extension           The file extension to use for the generated files.
+ * @param string $storageFolder       The folder where to store the generated files.
+ *
+ * @return string A comma-separated list of paths to the generated files.
+ */
+function decodeBase64AndSaveFiles(string $base64FilesContents, string $prefix, string $extension, string $storageFolder): string
+{
+    // Ensure the output directory exists
+    if (! is_dir($storageFolder)) {
+        mkdir($storageFolder, 0755, true);
+    }
+
+    // Split the base64 string into an array of files
+    $base64FilesContents = explode(',', trim($base64FilesContents));
+    $counter = 1;
+    $outputFiles = [];
+
+    // Process each file
+    foreach ($base64FilesContents as $base64FileContent) {
+        $outputFile = $storageFolder . '/' . $prefix . '-' . $counter . '.' . $extension;
+
+        $fileContent = base64_decode($base64FileContent, true);
+        if ($fileContent === false) {
+            echo 'Failed to decode: ' . $base64FileContent;
+            exit(1);
+        }
+
+        // Write the decoded file to the output directory
+        if (file_put_contents($outputFile, $fileContent) === false) {
+            echo 'Failed to write to ' . $outputFile;
+            exit(1);
+        }
+
+        // Add the output file path to the list
+        $outputFiles[] = $outputFile;
+        $counter++;
+    }
+
+    // Return a comma-separated list of the generated file paths
+    return implode(',', $outputFiles);
+}

root/defaults/nginx/site-confs/default.conf.sample

@@ -1,4 +1,4 @@
-## Version 2023/12/25 - Changelog: https://github.com/linuxserver/docker-phpmyadmin/commits/main/root/defaults/nginx/site-confs/default.conf.sample
+## Version 2024/07/16 - Changelog: https://github.com/linuxserver/docker-phpmyadmin/commits/main/root/defaults/nginx/site-confs/default.conf.sample
 
 map $sent_http_content_type $expires {
     default         off;
@@ -10,9 +10,8 @@ map $sent_http_content_type $expires {
 server {
     listen 80 default_server;
     listen [::]:80 default_server;
-
-    listen 443 ssl http2 default_server;
-    listen [::]:443 ssl http2 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
 
     server_name _;
 

root/etc/s6-overlay/s6-rc.d/init-phpmyadmin-config/run

@@ -2,37 +2,50 @@
 # shellcheck shell=bash
 
 mkdir -p \
-    /config/phpmyadmin \
-    /app/www/public/tmp
+    /config/phpmyadmin
 
-if [ ! -f /config/phpmyadmin/config.secret.inc.php ]; then
+if [[ ! -f /config/phpmyadmin/config.secret.inc.php ]]; then
     cat >/config/phpmyadmin/config.secret.inc.php <<EOT
 <?php
 \$cfg['blowfish_secret'] = '$(tr -dc 'a-zA-Z0-9~!@#$%^&*_()+}{?></";.,[]=-' </dev/urandom | fold -w 32 | head -n 1)';
 EOT
 fi
 
-if [ ! -f /config/phpmyadmin/config.user.inc.php ]; then
+if [[ -n "${PMA_CONFIG_BASE64}" ]]; then
+    echo "${PMA_CONFIG_BASE64}" | base64 -d > /config/phpmyadmin/config.inc.php
+fi
+
+if [[ -n "${PMA_USER_CONFIG_BASE64}" ]]; then
+    echo "${PMA_USER_CONFIG_BASE64}" | base64 -d > /config/phpmyadmin/config.user.inc.php
+fi
+
+if [[ ! -f /config/phpmyadmin/config.user.inc.php ]]; then
     touch /config/phpmyadmin/config.user.inc.php
 fi
 
-if [ ! -f /config/phpmyadmin/config.inc.php ]; then
+if [[ ! -f /config/phpmyadmin/config.inc.php ]]; then
     cp /defaults/config.inc.php /config/phpmyadmin/config.inc.php
 fi
 
-# Set up themes
-if [[ -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
-    cp -R /app/www/public/themes/* /config/themes
-    rm -rf "/app/www/public/themes"
-fi
-if [[ ! -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
-    mv "/app/www/public/themes" /config/themes
-fi
-if [[ -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
-    ln -s "/config/themes" "/app/www/public/themes"
+if [[ ! -f /config/phpmyadmin/helpers.php ]]; then
+    cp /defaults/helpers.php /config/phpmyadmin/helpers.php
 fi
 
-# permissions
-lsiown -R abc:abc \
-    /config \
-    /app/www/public/tmp
+if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]]; then
+    # Set up themes
+    if [[ -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
+        cp -R /app/www/public/themes/* /config/themes
+        rm -rf "/app/www/public/themes"
+    fi
+    if [[ ! -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
+        mv "/app/www/public/themes" /config/themes
+    fi
+    if [[ -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
+        ln -s "/config/themes" "/app/www/public/themes"
+    fi
+fi
+
+if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
+    lsiown -R abc:abc \
+        /config
+fi