v4.1.93

Update dependency balena-io/balena-cli to v19.0.2

.github/actionlint.yaml

@@ -0,0 +1,8 @@
+self-hosted-runner:
+  # Labels of self-hosted runner in array of strings.
+  labels:
+  - "distro:jammy"
+# Configuration variables in array of strings defined in your repository or
+# organization. `null` means disabling configuration variables check.
+# Empty array means no configuration variable is allowed.
+config-variables: null

.github/workflows/flowzone.yml

@@ -25,15 +25,6 @@ jobs:
     with:
       jobs_timeout_minutes: 60
       cloudflare_website: open-balena
-      custom_runs_on: |
-        [
-          [
-            "self-hosted",
-            "Linux",
-            "X64"
-          ]
-        ]
-
       balena_slugs: |
         balena/open-balena
 

.github/workflows/tests.yml

@@ -73,13 +73,13 @@ jobs:
       name: ${{ matrix.target }}
 
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+    - uses: actions/checkout@2d7d9f7ff5b310f983d059b68785b3c74d8b8edd
 
     # https://github.com/unfor19/install-aws-cli-action
     - name: Setup awscli
       uses: unfor19/install-aws-cli-action@e8b481e524a99f37fbd39fdc1dcb3341ab091367 # v1
 
-    - uses: aws-actions/configure-aws-credentials@af7e7d4f5cd9d70c88a15b7a1332764a801f90d2
+    - uses: aws-actions/configure-aws-credentials@e26e19042832fb823bebedbd411b82b685244c69
       with:
         aws-region: ${{ vars.AWS_REGION || 'us-east-1' }}
         role-session-name: github-${{ github.job }}-${{ github.run_id }}-${{ github.run_attempt }}
@@ -90,15 +90,19 @@ jobs:
     - name: install session-manager-plugin
       if: matrix.target == 'compose-private-pki'
       run: |
+        # shellcheck disable=SC2153
         runner_arch="$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]' | sed 's/x64/64bit/g')"
 
-        session-manager-plugin || (curl -sSfo session-manager-plugin.deb https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_${runner_arch}/session-manager-plugin.deb \
+        session-manager-plugin || (curl -sSfo session-manager-plugin.deb "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_${runner_arch}/session-manager-plugin.deb" \
           && sudo dpkg -i session-manager-plugin.deb \
           && rm -f session-manager-plugin.deb)
 
     # https://github.com/balena-io-examples/setup-balena-action
     - name: Setup balena CLI
       uses: balena-io-examples/setup-balena-action@main
+      with:
+        # renovate: datasource=github-releases depName=balena-io/balena-cli
+        cli-version: v18.2.17
 
     # https://github.com/pdcastro/ssh-uuid#why
     # https://github.com/pdcastro/ssh-uuid#linux-debian-ubuntu-others
@@ -144,7 +148,7 @@ jobs:
         set ${verbose}
 
         key_name="${{ matrix.target }}-${GITHUB_RUN_ID}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ATTEMPT}"
-        echo "key_name=${key_name}" >> $GITHUB_OUTPUT
+        echo "key_name=${key_name}" >>"${GITHUB_OUTPUT}"
 
         set +x
         private_key_material="$(aws ec2 create-key-pair \
@@ -160,14 +164,13 @@ jobs:
         done <<< "${private_key_material}"
 
         ssh_private_key="$(cat << EOF
-        $(echo "${private_key_material}")
+        ${private_key_material}
         EOF
         )"
-        echo "ssh_private_key<<EOF" >> $GITHUB_OUTPUT
+        echo "ssh_private_key<<EOF" >>"${GITHUB_OUTPUT}"
         set ${verbose}
 
-        echo "${ssh_private_key}" >> $GITHUB_OUTPUT
+        { echo "${ssh_private_key}"; echo "EOF"; } >>"${GITHUB_OUTPUT}"
-        echo "EOF" >> $GITHUB_OUTPUT
 
         echo "ssh_public_key=${public_key}" >> "${GITHUB_OUTPUT}"
 
@@ -201,6 +204,7 @@ jobs:
         # the actual version deployed depends on the AWS EC2/AMI, defined in AWS_EC2_LAUNCH_TEMPLATE
         os_version="$(balena os versions ${{ vars.DEVICE_TYPE || 'generic-amd64' }} | head -n 1)"
 
+        # shellcheck disable=SC2046
         balena config generate \
           --version "${os_version}" \
           --device "${balena_device_uuid}" \
@@ -217,7 +221,7 @@ jobs:
           GITHUB_SHA GITHUB_WORKFLOW RUNNER_ARCH RUNNER_NAME RUNNER_OS)
 
         for github_var in "${github_vars[@]}"; do
-            balena tag set ${github_var} "${!github_var}" --device "${balena_device_uuid}"
+            balena tag set "${github_var}" "${!github_var}" --device "${balena_device_uuid}"
         done
 
         echo "balena_device_uuid=${balena_device_uuid}" >> "${GITHUB_OUTPUT}"
@@ -391,6 +395,7 @@ jobs:
 
         source src/balena-tests/functions
 
+        # shellcheck disable=SC2046,SC2043
         for subnet_id in ${{ env.AWS_VPC_SUBNET_IDS }}; do
             # spot, on-demand
             for market_type in ${{ vars.MARKET_TYPES || 'spot' }}; do
@@ -456,7 +461,7 @@ jobs:
 
         match=''
         for key in $(balena keys | grep -v ID | awk '{print $1}'); do
-            fp=$(balena key ${key} | tail -n 1 | ssh-keygen -E md5 -lf /dev/stdin | awk '{print $2}')
+            fp=$(balena key "${key}" | tail -n 1 | ssh-keygen -E md5 -lf /dev/stdin | awk '{print $2}')
             if [[ $fp =~ $(ssh-keygen -E md5 -lf "${HOME}/.ssh/id_rsa" | awk '{print $2}') ]]; then
                 match="${key}"
                 break
@@ -793,6 +798,14 @@ jobs:
                 && rm -f "\${tmphosts}" \
                 && getent hosts api.${{ matrix.subdomain }}.${{ matrix.dns_tld }} | grep 127.0.1.1
 
+              sshd -T
+              service ssh restart
+
+          # https://forums.docker.com/t/docker-compose-through-ssh-failing-and-referring-to-docker-example-com/115165/18
+          - path: /etc/ssh/sshd_config.d/00-cloud-init
+            content: |
+              MaxStartups 100:0:100
+
         # cloud-init runs as root
         # (e.g.) https://cloudinit.readthedocs.io/en/latest/reference/merging.html#example-cloud-config
         runcmd:
@@ -801,6 +814,7 @@ jobs:
 
         cloud-init schema -c user-data.yml
 
+        # shellcheck disable=SC2046,SC2043
         for subnet_id in ${{ env.AWS_VPC_SUBNET_IDS }}; do
             # spot, on-demand
             for market_type in ${{ vars.MARKET_TYPES || 'spot' }}; do
@@ -810,7 +824,7 @@ jobs:
                       $([[ -n '${{ matrix.ami }}' ]] && echo '--image-id ${{ matrix.ami }}') \
                       --launch-template 'LaunchTemplateId=${{ env.AWS_EC2_LAUNCH_TEMPLATE }},Version=${{ matrix.launch_template_version }}' \
                       --instance-type "${instance_type}" \
-                      $([[ $market_type =~ spot ]] && echo '--instance-market-options MarketType=spot') \
+                      $([[ "$market_type" =~ spot ]] && echo '--instance-market-options MarketType=spot') \
                       --security-group-ids '${{ env.AWS_VPC_SECURITY_GROUP_IDS }}' \
                       --subnet-id "${subnet_id}" \
                       --key-name '${{ steps.generate-key-pair.outputs.key_name }}' \
@@ -828,11 +842,15 @@ jobs:
         [[ -z $response ]] && exit 1
 
         instance_id="$(echo "${response}" | jq -r '.Instances[].InstanceId')"
-        echo "instance_id=${instance_id}" >> $GITHUB_OUTPUT
+        echo "instance_id=${instance_id}" >>"${GITHUB_OUTPUT}"
 
         aws ec2 wait instance-running --instance-ids "${instance_id}"
         with_backoff aws ec2 wait instance-status-ok --instance-ids "${instance_id}"
 
+        private_ip="$(aws ec2 describe-instances --instance-id "${instance_id}" \
+          | jq -r .Reservations[].Instances[].PrivateIpAddress)"
+        echo "private_ip=${private_ip}" >>"${GITHUB_OUTPUT}"
+
       env:
         ATTEMPTS: 2
         AWS_DEFAULT_REGION: ${{ vars.AWS_REGION || 'us-east-1' }}
@@ -870,10 +888,20 @@ jobs:
         trap 'log_output' EXIT
 
         # https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html
+        mkdir -p "${HOME}/.ssh/controlmasters"
         cat << EOF > "${HOME}/.ssh/config"
+        host *
+            StrictHostKeyChecking no
+            UserKnownHostsFile /dev/null
+
         host i-*
             StrictHostKeyChecking no
             UserKnownHostsFile /dev/null
+            TCPKeepAlive yes
+            ServerAliveInterval 5
+            ControlPath "${HOME}/.ssh/controlmasters/%r@%h:%p"
+            ControlMaster auto
+            ControlPersist 5m
             ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
         EOF
 
@@ -906,7 +934,7 @@ jobs:
         echo "${result}" | jq -re
         cid="$(echo "${result}" | jq -r .Command.CommandId)"
         iid="$(echo "${result}" | jq -r .Command.InstanceIds[0])"
-        ([[ -n "$cid" ]] && [[ -n "$iid" ]]) || false
+        { [[ -n "$cid" ]] && [[ -n "$iid" ]]; } || false
 
         # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#grouping-log-lines
         CYAN='\033[0;36m'; NC='\033[0m'; echo -e "::group::${CYAN}open-balena-tests${NC}"
@@ -937,7 +965,7 @@ jobs:
 
         touch .env
         for service in sut dut; do
-        until [[ "$(docker compose ps --services "${service}" --status running)" =~ "${service}" ]]; do
+        until [[ "$(docker compose ps --services "${service}" --status running)" =~ ${service} ]]; do
             echo "::info::waiting for ${service}..."
             with_backoff docker compose ps
             sleep $(((RANDOM%5) + 5))s
@@ -949,7 +977,7 @@ jobs:
         done
 
         echo '::info::settling down...'
-        sleep $(((RANDOM%30) + 15))s
+        sleep $(((RANDOM%15) + 15))s
 
         while [[ "$(aws ssm list-command-invocations --command-id "${cid}" \
           | jq -re '.CommandInvocations[].Status')" =~ InProgress ]]; do
@@ -992,6 +1020,16 @@ jobs:
         with_backoff balena keys | grep ${{ steps.provision-ssh-key.outputs.key_id }} \
           | awk '{print $1}' | xargs --no-run-if-empty balena key rm --yes
 
+    - name: remove AWS/EC2 key-pair
+      if: always() && matrix.target == 'compose-private-pki'
+      continue-on-error: true
+      run: |
+        set -ue
+
+        [[ '${{ vars.VERBOSE }}' =~ on|On|Yes|yes|true|True ]] && set -x
+
+        aws ec2 delete-key-pair --key-name ${{ steps.generate-key-pair.outputs.key_name }}
+
     - name: delete balenaOS test device
       if: always() && matrix.target == 'balena-public-pki'
       continue-on-error: true
@@ -1059,20 +1097,20 @@ jobs:
         aws ec2 describe-instances --filters \
           Name=tag:Name,Values=open-balena-tests \
           Name=instance-state-name,Values=running \
-          | jq -re '.Reservations[].Instances[].InstanceId + " " + .Reservations[].Instances[].LaunchTime' > ${stale_instances} || true
+          | jq -re '.Reservations[].Instances[].InstanceId + " " + .Reservations[].Instances[].LaunchTime' > "${stale_instances}" || true
 
         if test -s "${stale_instances}"; then
             while IFS= read -r line; do
-                instance_id=$(echo ${line} | awk '{print $1}')
+                instance_id="$(echo "${line}" | awk '{print $1}')"
-                launch_time=$(echo ${line} | awk '{print $2}')
+                launch_time="$(echo "${line}" | awk '{print $2}')"
-                now=$(date +%s)
+                now="$(date +%s)"
-                then=$(date --date ${launch_time} +%s)
+                then="$(date --date "${launch_time}" +%s)"
-                days_since_launch=$(( (now - then) / 86400 ))
+                days_since_launch="$(( (now - then) / 86400 ))"
-                if [[ -n $days_since_launch ]] && [[ $days_since_launch -ge 1 ]]; then
+                if [[ -n "$days_since_launch" ]] && [[ $days_since_launch -ge 1 ]]; then
-                    with_backoff aws ec2 terminate-instances --instance-ids ${instance_id}
+                    with_backoff aws ec2 terminate-instances --instance-ids "${instance_id}"
                 fi
-            done <${stale_instances}
+            done <"${stale_instances}"
-            rm -f ${stale_instances}
+            rm -f "${stale_instances}"
         fi
 
       env:
@@ -1096,11 +1134,11 @@ jobs:
               "https://api.cloudflare.com/client/v4/zones?name=${{ matrix.dns_tld }}" \
               -H 'Authorization: Bearer ${{ secrets.CLOUDFLARE_API_TOKEN }}' | jq -r '.result[].id')"
 
-            for record in "$(curl --silent --retry ${{ env.RETRY }} \
+            for record in $(curl --silent --retry ${{ env.RETRY }} \
               "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records" \
               -H 'Authorization: Bearer ${{ secrets.CLOUDFLARE_API_TOKEN }}' \
               | jq -r --arg match "${match}" '.result[] | select(((.type=="TXT") and (.name | contains($match))))' \
-              | base64)"; do
+              | base64); do
 
                 json="$(echo "${record}" | base64 -d | jq -r)"
                 id="$(echo "${json}" | jq -r .id)"

CHANGELOG.md

@@ -4,6 +4,407 @@ All notable changes to this project will be documented in this file
 automatically by Versionist. DO NOT EDIT THIS FILE MANUALLY!
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+# v4.1.93
+## (2024-09-03)
+
+* Update dependency balena-io/balena-cli to v19.0.2 [Self-hosted Renovate Bot]
+
+# v4.1.92
+## (2024-09-03)
+
+* Update balena/open-balena-vpn Docker tag to v11.30.33 [Self-hosted Renovate Bot]
+
+# v4.1.91
+## (2024-09-03)
+
+* Update balena/open-balena-registry Docker tag to v2.41.6 [Self-hosted Renovate Bot]
+
+# v4.1.90
+## (2024-09-03)
+
+* Update balena/open-balena-s3 Docker tag to v2.28.55 [Self-hosted Renovate Bot]
+
+# v4.1.89
+## (2024-09-03)
+
+* Update balena/open-balena-api Docker tag to v26.4.8 [Self-hosted Renovate Bot]
+
+# v4.1.88
+## (2024-09-03)
+
+* Update aws-actions/configure-aws-credentials digest to e26e190 [Self-hosted Renovate Bot]
+
+# v4.1.87
+## (2024-09-03)
+
+* Update balena/open-balena-api Docker tag to v26.4.7 [Self-hosted Renovate Bot]
+
+# v4.1.86
+## (2024-09-03)
+
+* Update balena/open-balena-api Docker tag to v26.4.6 [Self-hosted Renovate Bot]
+
+# v4.1.85
+## (2024-09-02)
+
+* Update dependency balena-io/balena-cli to v19.0.1 [Self-hosted Renovate Bot]
+
+# v4.1.84
+## (2024-09-02)
+
+* Update balena/open-balena-api Docker tag to v26.4.5 [Self-hosted Renovate Bot]
+
+# v4.1.83
+## (2024-09-02)
+
+* Update actions/checkout digest to 2d7d9f7 [Self-hosted Renovate Bot]
+
+# v4.1.82
+## (2024-08-30)
+
+* Update balena/open-balena-api Docker tag to v26.4.3 [Self-hosted Renovate Bot]
+
+# v4.1.81
+## (2024-08-30)
+
+* Update balena/open-balena-api Docker tag to v26.4.2 [Self-hosted Renovate Bot]
+
+# v4.1.80
+## (2024-08-29)
+
+* Update balena/open-balena-registry Docker tag to v2.41.4 [Self-hosted Renovate Bot]
+
+# v4.1.79
+## (2024-08-28)
+
+* Update balena/open-balena-s3 Docker tag to v2.28.54 [Self-hosted Renovate Bot]
+
+# v4.1.78
+## (2024-08-27)
+
+* Update balena/open-balena-api Docker tag to v26.4.0 [Self-hosted Renovate Bot]
+
+# v4.1.77
+## (2024-08-27)
+
+* Update aws-actions/configure-aws-credentials digest to 0fc95ed [Self-hosted Renovate Bot]
+
+# v4.1.76
+## (2024-08-26)
+
+* Update balena/open-balena-api Docker tag to v26.3.5 [Self-hosted Renovate Bot]
+
+# v4.1.75
+## (2024-08-23)
+
+* Update balena/open-balena-api Docker tag to v26.3.3 [Self-hosted Renovate Bot]
+
+# v4.1.74
+## (2024-08-22)
+
+* Update dependency balena-io/balena-cli to v19 [Self-hosted Renovate Bot]
+
+# v4.1.73
+## (2024-08-22)
+
+* Update balena/open-balena-registry Docker tag to v2.41.3 [Self-hosted Renovate Bot]
+
+# v4.1.72
+## (2024-08-22)
+
+* Update balena/open-balena-s3 Docker tag to v2.28.53 [Self-hosted Renovate Bot]
+
+# v4.1.71
+## (2024-08-22)
+
+* Update balena/open-balena-registry Docker tag to v2.41.2 [Self-hosted Renovate Bot]
+
+# v4.1.70
+## (2024-08-21)
+
+* Update balena/open-balena-api Docker tag to v26.3.1 [Self-hosted Renovate Bot]
+
+# v4.1.69
+## (2024-08-20)
+
+* Update aws-actions/configure-aws-credentials digest to ead1e6a [Self-hosted Renovate Bot]
+
+# v4.1.68
+## (2024-08-19)
+
+* Update balena/open-balena-api Docker tag to v26.3.0 [Self-hosted Renovate Bot]
+
+# v4.1.67
+## (2024-08-19)
+
+* Update qemux/qemu-docker Docker tag to v5.18 [Self-hosted Renovate Bot]
+
+# v4.1.66
+## (2024-08-19)
+
+* SSH reliability settings [Anton Belodedenko]
+* SSH reliability settings [Anton Belodedenko]
+
+# v4.1.65
+## (2024-08-15)
+
+* patch: Add Table of Contents [Vipul Gupta (@vipulgupta2048)]
+
+# v4.1.64
+## (2024-08-13)
+
+* Update aws-actions/configure-aws-credentials digest to 55f725f [Self-hosted Renovate Bot]
+
+# v4.1.63
+## (2024-08-12)
+
+* Cleanup AWS/EC2 key pairs [Anton Belodedenko]
+
+# v4.1.62
+## (2024-08-12)
+
+* Update balena/open-balena-registry Docker tag to v2.41.1 [Self-hosted Renovate Bot]
+
+# v4.1.61
+## (2024-08-12)
+
+* Update balena/open-balena-api Docker tag to v26.2.2 [Self-hosted Renovate Bot]
+
+# v4.1.60
+## (2024-08-10)
+
+* Update redis Docker tag to v7.4 [Self-hosted Renovate Bot]
+
+# v4.1.59
+## (2024-08-10)
+
+* Update balena/open-balena-s3 Docker tag to v2.28.52 [Self-hosted Renovate Bot]
+
+# v4.1.58
+## (2024-08-10)
+
+* Update dependency balena-io/balena-cli to v18.2.34 [Self-hosted Renovate Bot]
+
+# v4.1.57
+## (2024-08-10)
+
+* Update balena/open-balena-api Docker tag to v26.1.6 [Self-hosted Renovate Bot]
+
+# v4.1.56
+## (2024-08-10)
+
+* Update aws-actions/configure-aws-credentials digest to 39228ca [Self-hosted Renovate Bot]
+
+# v4.1.55
+## (2024-08-06)
+
+* Update balena/open-balena-vpn Docker tag to v11.30.31 [Self-hosted Renovate Bot]
+
+# v4.1.54
+## (2024-08-05)
+
+* Update balena/open-balena-api Docker tag to v26.1.5 [Self-hosted Renovate Bot]
+
+# v4.1.53
+## (2024-08-05)
+
+* Update actions/checkout digest to 9a9194f [Self-hosted Renovate Bot]
+
+# v4.1.52
+## (2024-08-01)
+
+* Update balena/open-balena-registry Docker tag to v2.39.65 [Self-hosted Renovate Bot]
+
+# v4.1.51
+## (2024-07-23)
+
+* Update balena/open-balena-api Docker tag to v26.1.3 [Self-hosted Renovate Bot]
+
+# v4.1.50
+## (2024-07-23)
+
+* Update aws-actions/configure-aws-credentials digest to 12e3392 [Self-hosted Renovate Bot]
+
+# v4.1.49
+## (2024-07-22)
+
+* Update balena/open-balena-api Docker tag to v26 [Self-hosted Renovate Bot]
+
+# v4.1.48
+## (2024-07-19)
+
+* Update balena/open-balena-registry Docker tag to v2.39.63 [Self-hosted Renovate Bot]
+
+# v4.1.47
+## (2024-07-19)
+
+* Update balena/open-balena-s3 Docker tag to v2.28.50 [Self-hosted Renovate Bot]
+
+# v4.1.46
+## (2024-07-17)
+
+* Update balena/open-balena-vpn Docker tag to v11.30.27 [Self-hosted Renovate Bot]
+
+# v4.1.45
+## (2024-07-17)
+
+* Update aws-actions/configure-aws-credentials digest to 6116f2b [Self-hosted Renovate Bot]
+
+# v4.1.44
+## (2024-07-17)
+
+* Update dependency balena-io/balena-cli to v18.2.33 [Self-hosted Renovate Bot]
+
+# v4.1.43
+## (2024-07-16)
+
+* Remove custom_runs_on instruction from flowzone.yml [Kyle Harding]
+
+# v4.1.42
+## (2024-07-16)
+
+* Update dependency balena-io/balena-cli to v18.2.32 [Self-hosted Renovate Bot]
+
+# v4.1.41
+## (2024-07-16)
+
+* Update balena/open-balena-api Docker tag to v25.2.8 [Self-hosted Renovate Bot]
+
+# v4.1.40
+## (2024-07-15)
+
+* Update dependency balena-io/balena-cli to v18.2.31 [Self-hosted Renovate Bot]
+
+# v4.1.39
+## (2024-07-15)
+
+* Update dependency balena-io/balena-cli to v18.2.30 [Self-hosted Renovate Bot]
+
+# v4.1.38
+## (2024-07-15)
+
+* Update balena/open-balena-api Docker tag to v25.2.7 [Self-hosted Renovate Bot]
+
+# v4.1.37
+## (2024-07-12)
+
+* Update dependency balena-io/balena-cli to v18.2.29 [Self-hosted Renovate Bot]
+
+# v4.1.36
+## (2024-07-12)
+
+* Update dependency balena-io/balena-cli to v18.2.28 [Self-hosted Renovate Bot]
+
+# v4.1.35
+## (2024-07-12)
+
+* Update balena/open-balena-vpn Docker tag to v11.30.26 [Self-hosted Renovate Bot]
+
+# v4.1.34
+## (2024-07-11)
+
+* Update balena/open-balena-registry Docker tag to v2.39.62 [Self-hosted Renovate Bot]
+
+# v4.1.33
+## (2024-07-11)
+
+* Update aws-actions/configure-aws-credentials digest to 96589f5 [Self-hosted Renovate Bot]
+
+# v4.1.32
+## (2024-07-11)
+
+* Update balena/open-balena-s3 Docker tag to v2.28.49 [Self-hosted Renovate Bot]
+
+# v4.1.31
+## (2024-07-11)
+
+* Update balena/open-balena-api Docker tag to v25.2.5 [Self-hosted Renovate Bot]
+
+# v4.1.30
+## (2024-07-11)
+
+* Update dependency balena-io/balena-cli to v18.2.25 [Self-hosted Renovate Bot]
+
+# v4.1.29
+## (2024-07-10)
+
+* Update dependency balena-io/balena-cli to v18.2.22 [Self-hosted Renovate Bot]
+
+# v4.1.28
+## (2024-07-09)
+
+* Update balena/open-balena-registry Docker tag to v2.39.61 [Self-hosted Renovate Bot]
+
+# v4.1.27
+## (2024-07-09)
+
+* Update balena/open-balena-api Docker tag to v25.2.0 [Self-hosted Renovate Bot]
+
+# v4.1.26
+## (2024-07-09)
+
+* Relax regex to match all Let's Encrypt CNs [Anton Belodedenko]
+
+# v4.1.25
+## (2024-07-09)
+
+* Update balena/open-balena-s3 Docker tag to v2.28.48 [Self-hosted Renovate Bot]
+
+# v4.1.24
+## (2024-07-09)
+
+* Update balena/open-balena-api Docker tag to v25.1.29 [Self-hosted Renovate Bot]
+
+# v4.1.23
+## (2024-07-08)
+
+* Update balena/open-balena-vpn Docker tag to v11.30.23 [Self-hosted Renovate Bot]
+
+# v4.1.22
+## (2024-07-08)
+
+* Update balena/open-balena-api Docker tag to v25.1.27 [Self-hosted Renovate Bot]
+
+# v4.1.21
+## (2024-07-08)
+
+* Make tests more reliable [Anton Belodedenko]
+
+# v4.1.20
+## (2024-07-05)
+
+* Update dependency balena-io/balena-cli to v18.2.20 [Self-hosted Renovate Bot]
+
+# v4.1.19
+## (2024-07-05)
+
+* Update dependency balena-io/balena-cli to v18.2.19 [Self-hosted Renovate Bot]
+
+# v4.1.18
+## (2024-07-05)
+
+* Update balena/open-balena-api Docker tag to v25.1.24 [Self-hosted Renovate Bot]
+
+# v4.1.17
+## (2024-07-04)
+
+* Update balena/open-balena-registry Docker tag to v2.39.60 [Self-hosted Renovate Bot]
+
+# v4.1.16
+## (2024-07-04)
+
+* Update aws-actions/configure-aws-credentials digest to febab93 [Self-hosted Renovate Bot]
+
+# v4.1.15
+## (2024-07-04)
+
+* pin balena-cli version [Anton Belodedenko]
+
+# v4.1.14
+## (2024-07-04)
+
+* shellcheck/lint workflow(s) [Anton Belodedenko]
+
 # v4.1.13
 ## (2024-07-02)
 

Makefile

@@ -145,7 +145,7 @@ auto-pki: config # Start all services using LetsEncrypt and ACME
 	@docker compose up -d
 	@$(MAKE) waitlog SERVICE=cert-manager LOG_STRING="/certs/export/chain.pem Certificate will not expire in [0-9] days"
 	@$(MAKE) waitlog SERVICE=cert-manager LOG_STRING="subject=CN = ${DNS_TLD}"
-	@$(MAKE) waitlog SERVICE=cert-manager LOG_STRING="issuer=C = US, O = Let's Encrypt, CN = R3"
+	@$(MAKE) waitlog SERVICE=cert-manager LOG_STRING="issuer=C = US, O = Let's Encrypt, CN = .*"
 	@$(MAKE) wait SERVICE=haproxy
 	@$(MAKE) showenv
 	@$(MAKE) showpass

README.md

@@ -16,6 +16,23 @@ images to your devices.
 
 To learn more about openBalena, visit [balena.io/open][open-balena-website].
 
+- [Features](#features)
+- [Getting Started](#getting-started)
+- [Compatibility](#compatibility)
+- [Documentation](#documentation)
+- [Getting Help](#getting-help)
+- [Contributing](#contributing)
+- [Roadmap](#roadmap)
+- [Differences between openBalena and balenaCloud](#differences-between-openbalena-and-balenacloud)
+- [License](#license)
+- [FAQ](#faq)
+  - [How do you ensure continuity of openBalena? Are there security patches on openBalena?](#how-do-you-ensure-continuity-of-openbalena-are-there-security-patches-on-openbalena)
+  - [How do you ensure the "Join" command actually works between openBalena and](#how-do-you-ensure-the-join-command-actually-works-between-openbalena-and)
+  - [Is it "production ready"?](#is-it-production-ready)
+  - [Can a new device type be added to openBalena?](#can-a-new-device-type-be-added-to-openbalena)
+  - [Are there open-source UI dashboards from the community for openBalena?](#are-there-open-source-ui-dashboards-from-the-community-for-openbalena)
+
+
 
 ## Features
 
@@ -159,7 +176,7 @@ While we actually have some rather large fleets using openBalena, we consider it
 perpetually in "beta". This means potentially introducing breaking changes between
 releases.
 
-### Can new device type be added to openBalena?
+### Can a new device type be added to openBalena?
 openBalena imports the following public [device-types] "out of the box". You can specify
 your own contracts repository by overriding `CONTRACTS_PUBLIC_REPO_NAME`,
 `CONTRACTS_PUBLIC_REPO_OWNER` and `IMAGE_STORAGE_BUCKET` environment variables on the API

VERSION

@@ -1 +1 @@
-4.1.13
+4.1.93

balena.yml

@@ -23,4 +23,4 @@ data:
     - generic-amd64
     - genericx86-64-ext
     - intel-nuc
-version: 4.1.13
+version: 4.1.93

docker-compose.yml

@@ -79,7 +79,7 @@ services:
       *with-default-privileges,
       *with-default-volumes,
     ]
-    image: balena/open-balena-api:v25.1.19
+    image: balena/open-balena-api:v26.4.8
     depends_on:
       - db
       - redis
@@ -119,7 +119,7 @@ services:
       *with-default-healthcheck,
       *with-default-privileges,
     ]
-    image: balena/open-balena-registry:v2.39.58
+    image: balena/open-balena-registry:v2.41.6
     volumes:
       - certs-data:/certs
       - resin-data:/balena
@@ -146,7 +146,7 @@ services:
       *with-network-privileges,
       *with-default-privileges,
     ]
-    image: balena/open-balena-vpn:v11.30.22
+    image: balena/open-balena-vpn:v11.30.33
     depends_on:
       - api
     environment:
@@ -175,7 +175,7 @@ services:
       *with-default-healthcheck,
       *with-default-privileges,
     ]
-    image: balena/open-balena-s3:v2.28.47
+    image: balena/open-balena-s3:v2.28.55
     volumes:
       - s3-data:/export
       - certs-data:/certs
@@ -189,7 +189,7 @@ services:
   redis:
     <<: *base-service
     # https://redis.io/blog/what-redis-license-change-means-for-our-managed-service-providers/
-    image: redis:7.2-alpine
+    image: redis:7.4-alpine
     volumes:
       - redis-data:/data
     healthcheck:

src/balena-tests/Dockerfile

@@ -1,7 +1,7 @@
 FROM ubuntu:24.04
 
 # renovate: datasource=github-releases depName=balena-io/balena-cli
-ARG BALENA_CLI_VERSION=v18.2.10
+ARG BALENA_CLI_VERSION=v19.0.2
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
 	bash \

src/balena-tests/balena.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 # shellcheck disable=SC2154,SC2034,SC1090
-set -ae
+set -aeu
 
 curl_opts="--retry 3 --fail"
 if [[ $VERBOSE =~ on|On|Yes|yes|true|True ]]; then
@@ -17,7 +17,7 @@ function remove_test_assets() {
     rm -rf /balena/config.json \
       "${GUEST_IMAGE}" \
       "${GUEST_IMAGE%.*}.ready" \
-      "${tmpbuild}" \
+      "${tmpbuild:-}" \
       /tmp/*.img
 }
 
@@ -39,14 +39,16 @@ function shutdown_dut() {
     local balena_device_uuid
     balena_device_uuid="$(cat </balena/config.json | jq -r .uuid)"
 
-    if [[ -n $balena_device_uuid ]]; then
+    if [[ -n "${balena_device_uuid:-}" ]]; then
         with_backoff balena device "${balena_device_uuid}"
-        with_backoff balena device shutdown -f "${balena_device_uuid}"
+        if ! with_backoff balena device shutdown -f "${balena_device_uuid}"; then
+            echo 'DUT failed to shutdown properly'
+        fi
     fi
 }
 
 function set_update_lock {
-    if [[ -n "$BALENA_SUPERVISOR_ADDRESS" ]] && [[ -n "$BALENA_SUPERVISOR_API_KEY" ]]; then
+    if [[ -n "${BALENA_SUPERVISOR_ADDRESS:-}" ]] && [[ -n "${BALENA_SUPERVISOR_API_KEY:-}" ]]; then
         while [[ $(curl ${curl_opts} "${BALENA_SUPERVISOR_ADDRESS}/v1/device?apikey=${BALENA_SUPERVISOR_API_KEY}" \
           -H "Content-Type: application/json" | jq -r '.update_pending') == 'true' ]]; do
 
@@ -88,6 +90,7 @@ function update_ca_certificates() {
 
 function wait_for_api() {
     while ! curl ${curl_opts} "https://api.${DNS_TLD}/ping"; do
+        echo 'waiting for API...'
         sleep "$(( (RANDOM % 5) + 5 ))s"
     done
 }
@@ -96,6 +99,7 @@ function open_balena_login() {
     while ! balena login --credentials \
       --email "${SUPERUSER_EMAIL}" \
       --password "${SUPERUSER_PASSWORD}"; do
+        echo 'waiting for auth...'
         sleep "$(( (RANDOM % 5) + 5 ))s"
     done
 }
@@ -104,6 +108,7 @@ function create_fleet() {
     if ! balena fleet "${TEST_FLEET}"; then
         # wait for API to load DT contracts
         while ! balena fleet create "${TEST_FLEET}" --type "${DEVICE_TYPE}"; do
+            echo 'waiting for device types...'
             sleep "$(( (RANDOM % 5) + 5 ))s"
         done
 
@@ -175,7 +180,7 @@ function wait_for_device() {
 }
 
 function registry_auth() {
-    if [[ -n $REGISTRY_USER ]] && [[ -n $REGISTRY_PASS ]]; then
+    if [[ -n "${REGISTRY_USER:-}" ]] && [[ -n "${REGISTRY_PASS:-}" ]]; then
         with_backoff docker login -u "${REGISTRY_USER}" -p "${REGISTRY_PASS}"
 
         printf '{"https://index.docker.io/v1/": {"username":"%s", "password":"$s"}}' \
@@ -224,7 +229,7 @@ function supervisor_update_target_state() {
     local balena_device_uuid
     balena_device_uuid="$(cat </balena/config.json | jq -r .uuid)"
 
-    if [[ -n $balena_device_uuid ]]; then
+    if [[ -n "${balena_device_uuid:-}" ]]; then
         while ! curl ${curl_opts} "https://api.${DNS_TLD}/supervisor/v1/update" \
           --header "Content-Type: application/json" \
           --header "Authorization: Bearer $(cat <~/.balena/token)" \
@@ -241,9 +246,9 @@ function check_running_release() {
 
     local should_be_running_release
     should_be_running_release="$(get_release_commit)"
-    [[ -z $should_be_running_release ]] && false
+    [[ -z "$should_be_running_release" ]] && false
 
-    if [[ -n $balena_device_uuid ]]; then
+    if [[ -n "${balena_device_uuid:-}" ]]; then
         while ! [[ $(balena device "${balena_device_uuid}" | grep -E ^COMMIT | awk '{print $2}') =~ ${should_be_running_release} ]]; do
             running_release_id="$(balena device "${balena_device_uuid}" | grep -E ^COMMIT | awk '{print $2}')"
             printf 'please wait, device %s should be running %s, but is still running %s...\n' \
@@ -266,7 +271,7 @@ function get_os_version() {
 }
 
 function upload_release_asset() {
-    if [[ "$RELEASE_ASSETS_TEST" =~ true ]]; then
+    if [[ "${RELEASE_ASSETS_T:-}" =~ true ]]; then
         local release_id
         release_id=${1:-1}
         release_asset="$(find / -type f -name '*.png' | head -n 1)"
@@ -282,11 +287,11 @@ function upload_release_asset() {
 }
 
 # --- main
-if [[ "$PRODUCTION_MODE" =~ true ]]; then
+if [[ "${PRODUCTION_MODE:-}" =~ true ]]; then
     exit
 fi
 
-if [[ -n "${BALENA_DEVICE_UUID}" ]]; then
+if [[ -n "${BALENA_DEVICE_UUID:-}" ]]; then
     # prepend the device UUID if running on balenaOS
     TLD="${BALENA_DEVICE_UUID}.${DNS_TLD}"
 else
@@ -303,7 +308,19 @@ GUEST_IMAGE=${GUEST_IMAGE:-/balena/balena.img}
 OS_VERSION="$(get_os_version)"
 TEST_FLEET=${TEST_FLEET:-test-fleet}
 
-[[ -f "$CONF" ]] && source "${CONF}"
+# wait here until global config is ready
+until [[ -s "$CONF" ]]; do
+    echo 'waiting for config...'
+    sleep "$(( (RANDOM % 5) + 5 ))s"
+done
+source "${CONF}"
+
+# wait her until we have valid login credentials
+until [[ -n "${SUPERUSER_EMAIL:-}" ]] && [[ -n "${SUPERUSER_PASSWORD:-}" ]]; do
+    echo 'waiting for credentials...'
+    sleep "$(( (RANDOM % 5) + 5 ))s"
+    source "${CONF}"
+done
 
 update_ca_certificates  # ensure self-signed root CA certificate(s) trust
 

src/test-device/Dockerfile

@@ -1,6 +1,6 @@
 # https://hub.docker.com/r/qemux/qemu-docker
 # https://github.com/qemus/qemu-docker
-FROM qemux/qemu-docker:5.16
+FROM qemux/qemu-docker:5.18
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
 	minicom \