From 61cf9b0cfc0765f5a3b405db3424245b0957ad12 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 4 Apr 2026 17:45:14 +0000
Subject: [PATCH 1/4] =?UTF-8?q?feat(github-release)!:=20Update=20release?=
 =?UTF-8?q?=20moghtech/komodo=20(v1.19.5=20=E2=86=92=20v2.1.1)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/komodo-periphery/docker-bake.hcl | 2 +-
 apps/komodo/docker-bake.hcl           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/komodo-periphery/docker-bake.hcl b/apps/komodo-periphery/docker-bake.hcl
index 91ded1f4e..103fef861 100644
--- a/apps/komodo-periphery/docker-bake.hcl
+++ b/apps/komodo-periphery/docker-bake.hcl
@@ -2,7 +2,7 @@ target "docker-metadata-action" {}
 
 variable "VERSION" {
   // renovate: datasource=github-releases depName=moghtech/komodo versioning=loose
-  default = "1.19.5"
+  default = "2.1.1"
 }
 
 group "default" {
diff --git a/apps/komodo/docker-bake.hcl b/apps/komodo/docker-bake.hcl
index 91ded1f4e..103fef861 100644
--- a/apps/komodo/docker-bake.hcl
+++ b/apps/komodo/docker-bake.hcl
@@ -2,7 +2,7 @@ target "docker-metadata-action" {}
 
 variable "VERSION" {
   // renovate: datasource=github-releases depName=moghtech/komodo versioning=loose
-  default = "1.19.5"
+  default = "2.1.1"
 }
 
 group "default" {

From 2c05c506af931eb601a5fbe6e5637d06162b0e1d Mon Sep 17 00:00:00 2001
From: Dragosh <39906742+0dragosh@users.noreply.github.com>
Date: Sun, 5 Apr 2026 15:36:37 +0300
Subject: [PATCH 2/4] fix(ci): adapt bake-action config for v7 removing
 unsupported workdir

docker/bake-action v7 removed the `workdir` input, causing builds to
fail because `./docker-bake.hcl` was resolved from the repo root.
Use explicit app paths for bake files and set build context instead.
---
 .github/workflows/app-builder.yaml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/app-builder.yaml b/.github/workflows/app-builder.yaml
index 3bcbfd00d..0f84153b6 100644
--- a/.github/workflows/app-builder.yaml
+++ b/.github/workflows/app-builder.yaml
@@ -113,10 +113,11 @@ jobs:
         id: bake
         with:
           files: |
-            ./docker-bake.hcl
+            ./apps/${{ inputs.app }}/docker-bake.hcl
             cwd://${{ runner.temp }}/docker-metadata-action-bake.json
           set: |
             *.args.VENDOR=${{ github.repository_owner }}
+            *.context=./apps/${{ inputs.app }}
             *.cache-from=${{ format('type=registry,ref=ghcr.io/{0}/build_cache:{1}-{2},mode=max', github.repository_owner, inputs.app, steps.target.outputs.arch) }}
             *.cache-to=${{ inputs.release && format('type=registry,ref=ghcr.io/{0}/build_cache:{1}-{2},mode=max,compression=zstd,force-compression=true', github.repository_owner, inputs.app, steps.target.outputs.arch) || '' }}
             *.labels.org.opencontainers.image.title=${{ inputs.app }}
@@ -127,9 +128,7 @@ jobs:
             ${{ inputs.release && format('*.output=type=image,name=ghcr.io/{0}/{1},push-by-digest=true,name-canonical=true,push=true', github.repository_owner, inputs.app) || '*.output=type=docker' }}
             *.platform=${{ matrix.platform }}
             *.tags=
-          source: .
           targets: image
-          workdir: ./apps/${{ inputs.app }}
 
       - if: ${{ ! inputs.release }}
         name: Run Application Tests

From 4bcf27d962d897cbd405e1ebfcf5081b84ba955b Mon Sep 17 00:00:00 2001
From: Dragosh <39906742+0dragosh@users.noreply.github.com>
Date: Sun, 5 Apr 2026 15:41:38 +0300
Subject: [PATCH 3/4] fix(komodo): fix container permissions and replace
 incorrect tests

- chown /config for non-root user so komodo can write keys/config
- Replace bogus EmbyServer goss tests with container-structure-tests
  that validate the custom image layers (op CLI, fnox binary)
---
 apps/komodo-periphery/Dockerfile |  2 +-
 apps/komodo-periphery/tests.yaml | 30 ++++++++++++++++++++----------
 apps/komodo/Dockerfile           |  2 +-
 apps/komodo/tests.yaml           | 24 ++++++++++++++----------
 4 files changed, 36 insertions(+), 22 deletions(-)

diff --git a/apps/komodo-periphery/Dockerfile b/apps/komodo-periphery/Dockerfile
index 7915a7bee..5e6a83230 100644
--- a/apps/komodo-periphery/Dockerfile
+++ b/apps/komodo-periphery/Dockerfile
@@ -15,6 +15,6 @@ RUN apk add --no-cache curl unzip tar \
 
 FROM ghcr.io/moghtech/komodo-periphery:${VERSION}
 USER root
-RUN addgroup --system --gid 2000 komodo && adduser --system --uid 2000 --home /app --ingroup komodo komodo && chown -R 2000:2000 /app
+RUN addgroup --system --gid 2000 komodo && adduser --system --uid 2000 --home /app --ingroup komodo komodo && chown -R 2000:2000 /app /config
 COPY --from=builder --chown=2000:2000 --chmod=755 /op /usr/local/bin/op
 COPY --from=builder --chown=2000:2000 --chmod=755 /fnox /usr/local/bin/fnox
diff --git a/apps/komodo-periphery/tests.yaml b/apps/komodo-periphery/tests.yaml
index 410f4a287..a5eb77474 100644
--- a/apps/komodo-periphery/tests.yaml
+++ b/apps/komodo-periphery/tests.yaml
@@ -1,11 +1,21 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
-process:
-  EmbyServer:
-    running: true
-port:
-  tcp6:8096:
-    listening: true
-http:
-  http://localhost:8096:
-    status: 200
+# yaml-language-server: $schema=https://raw.githubusercontent.com/GoogleContainerTools/container-structure-test/master/schema.json
+schemaVersion: "2.0.0"
+fileExistenceTests:
+  - name: 1Password CLI
+    path: /usr/local/bin/op
+    shouldExist: true
+    permissions: "-rwxr-xr-x"
+    uid: 2000
+    gid: 2000
+  - name: fnox
+    path: /usr/local/bin/fnox
+    shouldExist: true
+    permissions: "-rwxr-xr-x"
+    uid: 2000
+    gid: 2000
+commandTests:
+  - name: op version
+    command: op
+    args: ["--version"]
+    exitCode: 0
diff --git a/apps/komodo/Dockerfile b/apps/komodo/Dockerfile
index a88b6d512..48513ebd0 100644
--- a/apps/komodo/Dockerfile
+++ b/apps/komodo/Dockerfile
@@ -13,6 +13,6 @@ RUN apk add --no-cache curl \
 
 FROM ghcr.io/moghtech/komodo-core:${VERSION}
 USER root
-RUN addgroup --system --gid 2000 komodo && adduser --system --uid 2000 --home /app --ingroup komodo komodo && chown -R 2000:2000 /app
+RUN addgroup --system --gid 2000 komodo && adduser --system --uid 2000 --home /app --ingroup komodo komodo && chown -R 2000:2000 /app /config
 COPY --from=builder --chown=2000:2000 --chmod=755 /op /usr/local/bin/op
 USER 2000:2000
diff --git a/apps/komodo/tests.yaml b/apps/komodo/tests.yaml
index 410f4a287..6608ffb6c 100644
--- a/apps/komodo/tests.yaml
+++ b/apps/komodo/tests.yaml
@@ -1,11 +1,15 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
-process:
-  EmbyServer:
-    running: true
-port:
-  tcp6:8096:
-    listening: true
-http:
-  http://localhost:8096:
-    status: 200
+# yaml-language-server: $schema=https://raw.githubusercontent.com/GoogleContainerTools/container-structure-test/master/schema.json
+schemaVersion: "2.0.0"
+fileExistenceTests:
+  - name: 1Password CLI
+    path: /usr/local/bin/op
+    shouldExist: true
+    permissions: "-rwxr-xr-x"
+    uid: 2000
+    gid: 2000
+commandTests:
+  - name: op version
+    command: op
+    args: ["--version"]
+    exitCode: 0

From 2a77a99b20c965e57943c6c1f2741c38c18dc4b3 Mon Sep 17 00:00:00 2001
From: Dragosh <39906742+0dragosh@users.noreply.github.com>
Date: Sun, 5 Apr 2026 16:06:26 +0300
Subject: [PATCH 4/4] fix(komodo): create /config before chown in case base
 image lacks it

---
 apps/komodo-periphery/Dockerfile | 2 +-
 apps/komodo/Dockerfile           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/komodo-periphery/Dockerfile b/apps/komodo-periphery/Dockerfile
index 5e6a83230..3c91514ba 100644
--- a/apps/komodo-periphery/Dockerfile
+++ b/apps/komodo-periphery/Dockerfile
@@ -15,6 +15,6 @@ RUN apk add --no-cache curl unzip tar \
 
 FROM ghcr.io/moghtech/komodo-periphery:${VERSION}
 USER root
-RUN addgroup --system --gid 2000 komodo && adduser --system --uid 2000 --home /app --ingroup komodo komodo && chown -R 2000:2000 /app /config
+RUN addgroup --system --gid 2000 komodo && adduser --system --uid 2000 --home /app --ingroup komodo komodo && mkdir -p /config && chown -R 2000:2000 /app /config
 COPY --from=builder --chown=2000:2000 --chmod=755 /op /usr/local/bin/op
 COPY --from=builder --chown=2000:2000 --chmod=755 /fnox /usr/local/bin/fnox
diff --git a/apps/komodo/Dockerfile b/apps/komodo/Dockerfile
index 48513ebd0..9a6f53858 100644
--- a/apps/komodo/Dockerfile
+++ b/apps/komodo/Dockerfile
@@ -13,6 +13,6 @@ RUN apk add --no-cache curl \
 
 FROM ghcr.io/moghtech/komodo-core:${VERSION}
 USER root
-RUN addgroup --system --gid 2000 komodo && adduser --system --uid 2000 --home /app --ingroup komodo komodo && chown -R 2000:2000 /app /config
+RUN addgroup --system --gid 2000 komodo && adduser --system --uid 2000 --home /app --ingroup komodo komodo && mkdir -p /config && chown -R 2000:2000 /app /config
 COPY --from=builder --chown=2000:2000 --chmod=755 /op /usr/local/bin/op
 USER 2000:2000