Updating to 4.0.20

.dockerignore

@@ -0,0 +1,13 @@
+.git
+.github
+.gitignore
+__pycache__
+*.pyc
+*.pyo
+*.egg-info
+.env
+.venv
+docs/
+tests/
+*.md
+!README.md

.github/workflows/docker-build.yaml

@@ -26,7 +26,7 @@ jobs:
           file: docker/Dockerfile
           platforms: linux/amd64,linux/arm64
           push: true
-          tags: ${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:latest,${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:${{github.ref_name}}
+          tags: ${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:latest,${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:unstable
           cache-from: type=gha
           cache-to: type=gha,mode=max
 

VERSION.txt

@@ -1 +1 @@
-4.0.18
+4.0.20

debian/changelog

@@ -1,3 +1,58 @@
+patchman (4.0.20-1) stable; urgency=medium
+
+  * django 5.2 compatibility updates
+  * fix zstd decompression for python 3.13+ stdlib compression.zstd
+  * skip decompression when content is already text
+  * change erratum synopsis from CharField(255) to TextField
+  * rename functions to match codebase style
+  * handle non-http(s) mirror urls gracefully
+  * escape filterlist values
+  * auto-commit to update version skip-checks: true
+
+ -- Marcus Furlong <furlongm@gmail.com>  Thu, 07 May 2026 01:05:41 +0000
+
+patchman (4.0.19-1) stable; urgency=medium
+
+  [ dependabot[bot] ]
+  * Bump requests from 2.32.4 to 2.33.0
+
+  [ Marcus Furlong ]
+  * use sets instead of lists for update tracking
+  * merge duplicate update-finding methods into find_repo_updates
+  * remove underscore prefix from kernel helper methods
+  * don't rename repos from client reports
+  * filter deb kernel updates by major.minor series
+  * add package updates list view with table, filters, and nav entry
+  * add sortable columns to package list and name detail views
+
+  [ dependabot[bot] ]
+  * Bump django from 4.2.29 to 4.2.30
+  * add celery worker resilience for database connection timeouts
+  * auto-enable wal mode for sqlite backend
+  * fix duplicate verbose_name_plural in report model meta
+  * sanitize filter_params in bulk action views
+  * add null guard for missing references element in updateinfo xml
+  * return early on yaml parse error in extract_module_metadata
+  * fix null url handling in osv.dev cve references
+  * send info messages to stdout instead of stderr
+  * move function-level import to top-level
+  * bulk db optimizations for errata processing
+  * add concurrent processing with deadlock workaround and progress bar fixes
+  * add fetch_concurrently helper function
+
+  [ Aman Maharjan ]
+  * fix: deb kernel meta-packages bypass series check causing false HWE updates
+  * fix: skip meta-packages in deb kernel series check instead of falling back to running kernel
+
+  [ Marcus Furlong ]
+  * add ubuntu 26.04 resolute codename
+
+  [ dependabot[bot] ]
+  * Bump gitpython from 3.1.44 to 3.1.47
+  * auto-commit to update version skip-checks: true
+
+ -- Marcus Furlong <furlongm@gmail.com>  Wed, 29 Apr 2026 01:25:17 +0000
+
 patchman (4.0.18-1) stable; urgency=medium
 
   * handle malformed repos better

docker/Dockerfile

@@ -1,26 +1,85 @@
-FROM debian:bookworm-slim
+FROM debian:trixie-slim AS builder
 
-RUN apt -y update && apt -y upgrade
-RUN apt install -y apache2 git libapache2-mod-wsgi-py3 mariadb-client python-celery-common python3-celery python3-debian python3-defusedxml python3-lxml python3-mysqldb python3-pip python3-progressbar python3-psycopg2 python3-redis python3-rpm sendmail sharutils uuid-runtime vim weasyprint 
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PATCHMAN_HOME=/srv/patchman
 
-WORKDIR /srv/patchman
+RUN apt-get -y update && apt-get -y upgrade && \
+    apt-get install -y --no-install-recommends \
+        python3-pip \
+    && rm -rf /var/lib/apt/lists/*
 
-COPY . /srv/patchman/
-COPY ./etc/patchman/apache.conf.example /etc/apache2/sites-available/patchman.conf
+WORKDIR ${PATCHMAN_HOME}
 
-RUN /srv/patchman/setup.py install
+COPY requirements.txt .
+RUN pip install --no-cache-dir --break-system-packages setuptools -r requirements.txt
 
-COPY ./email/patchman-email /usr/bin/patchman-email
-COPY ./etc/patchman/patchman-email.conf /etc/patchman/patchman-email.conf
-RUN chmod u+x /usr/bin/patchman-email
+COPY . ${PATCHMAN_HOME}/
+
+RUN ${PATCHMAN_HOME}/setup.py install --no-compile && \
+    rm -rf build/ dist/ *.egg-info/ .eggs/ /root/.cache/
+
+
+FROM debian:trixie-slim AS runtime
+
+LABEL maintainer="4950815+RicardoJeronimo@users.noreply.github.com" \
+      org.opencontainers.image.title="Patchman" \
+      org.opencontainers.image.base.name="debian:trixie-slim" \
+      org.opencontainers.image.source="https://github.com/RicardoJeronimo/patchman"
+
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PATCHMAN_HOME=/srv/patchman
 
-RUN a2enmod wsgi
-RUN a2ensite patchman
+RUN apt-get -y update && apt-get -y upgrade && \
+    apt-get install -y --no-install-recommends \
+        apache2 \
+        curl \
+        git \
+        gosu \
+        libapache2-mod-wsgi-py3 \
+        libmagic1 \
+        mariadb-client \
+        python3-debian \
+        python3-defusedxml \
+        python3-lxml \
+        python3-mysqldb \
+        python3-packaging \
+        python3-psycopg2 \
+        sendmail \
+        sharutils \
+        uuid-runtime \
+        weasyprint \
+    && rm -rf /var/lib/apt/lists/*
 
-RUN mkdir -p /var/lib/patchman/db
-RUN chown :www-data /var/lib/patchman/db && chmod 2770 /var/lib/patchman/db
+WORKDIR ${PATCHMAN_HOME}
+
+COPY --from=builder /usr/local/lib/ /usr/local/lib/
+COPY --from=builder /usr/local/bin/patchman* /usr/local/bin/
+COPY --from=builder /usr/local/bin/celery /usr/local/bin/
+COPY --from=builder /etc/patchman/ /etc/patchman/
+COPY --from=builder ${PATCHMAN_HOME}/ ${PATCHMAN_HOME}/
+
+RUN cp ${PATCHMAN_HOME}/etc/patchman/apache.conf.example /etc/apache2/sites-available/patchman.conf && \
+    echo "ServerName localhost" >> /etc/apache2/apache2.conf && \
+    a2enmod wsgi && \
+    a2ensite patchman && \
+    a2dissite 000-default && \
+    groupadd --system patchman && \
+    useradd --system --gid patchman --no-create-home patchman && \
+    mkdir -p /var/lib/patchman/db && \
+    chown patchman:www-data /var/lib/patchman/db && \
+    chmod 2770 /var/lib/patchman/db
+
+COPY ./docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+COPY ./email/patchman-email /usr/bin/patchman-email
+COPY ./etc/patchman/patchman-email.conf /etc/patchman/patchman-email.conf
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh && \
+    chmod +x /usr/bin/patchman-email
 
 EXPOSE 80
 
-COPY ./docker/docker-entrypoint.sh docker-entrypoint.sh
-ENTRYPOINT ["./docker-entrypoint.sh"]
+HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
+    CMD curl -f http://localhost/patchman/ || exit 1
+
+ENTRYPOINT ["docker-entrypoint.sh"]